24c1ddbf10ba676240d351ec9a26fc26

General

Target

24c1ddbf10ba676240d351ec9a26fc26
Size

66KB
MD5

24c1ddbf10ba676240d351ec9a26fc26
SHA1

baf811005b0890bbec69eccf13aa15b5db2764a8
SHA256

f0651175e6ef95fc30ca9ded0f18f0a5e1244d2312a55dc85260b815d5451b33
SHA512

c123c1e7e98a2d20033302d7dfbd2f1a27addc5db479fa67cd2045209915695268f2af957f7f585eefa0591282964143406d7d22eb255c5ae27368e332757060
SSDEEP

1536:RhHfrh/zumdDLeBGUCrvk4aA2XYqAPEKpT8Bw/Bzapg2WR:3/rxqct9daFgdZr9gS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/coldstar.exe

Files

24c1ddbf10ba676240d351ec9a26fc26
.rar
coldstar.exe
.exe windows:4 windows x86 arch:x86

d397b8ff286f60be357e5240db544641

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaStrI2
_CIcos
_adj_fptan
__vbaFreeVar
__vbaLateIdCall
__vbaLenBstr
__vbaLineInputStr
__vbaStrVarMove
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaFreeObjList
ord516
_adj_fprem1
__vbaRecAnsiToUni
__vbaStrCat
__vbaLsetFixstr
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaExitProc
__vbaOnError
ord595
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaStrFixstr
ord520
_CIsin
ord632
__vbaChkstk
ord526
__vbaFileClose
EVENT_SINK_AddRef
__vbaStrCmp
__vbaI2I4
DllFunctionCall
_adj_fpatan
__vbaRecUniToAnsi
EVENT_SINK_Release
ord600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
ord606
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaStrVarVal
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaNew2
ord571
_adj_fdiv_m32i
_adj_fdivr_m32i
ord573
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarAdd
__vbaLateMemCall
__vbaVarDup
__vbaStrToAnsi
__vbaFpI2
ord617
__vbaLateMemCallLd
_CIatan
__vbaStrMove
__vbaCastObj
ord650
_allmul
__vbaLateMemCallSt
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr
ord581

Sections

.text
Size: 100KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

d397b8ff286f60be357e5240db544641

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 100KB - Virtual size: 97KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 68KB - Virtual size: 66KB

.text
Size: 100KB - Virtual size: 97KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 68KB - Virtual size: 66KB