2c9f2529885321584fb749e9ab444975

Sharing

Copy URL Twitter E-mail

General

Target

2c9f2529885321584fb749e9ab444975
Size

395KB
MD5

2c9f2529885321584fb749e9ab444975
SHA1

0238e37f161cdb03d32228a915b7ce4e47473818
SHA256

840331ab3425eab2b066e408ea03d2347225810d174fe082a9035c56cdc83a99
SHA512

73518624a64b8702395f211c5f9dd70da8bde88151c7b660139d40c4b792563f3c872f50acb20b89639106e7ba58bd6c73d1eec4cc443f7defbf024fb228f239
SSDEEP

6144:Dz6AH8VkIrX4lbSjwYKVGqKLmWpfbdyaqE8FSYUSrRDzXj7fbBLi8j2kJHGx57fj:Dz6K8VkcAKzmWpfMaf/KHjzbb2k85LYY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/photocal.exe

Files

2c9f2529885321584fb749e9ab444975
.rar
photocal.exe
.exe windows:4 windows x86 arch:x86

00a105bb46a22eff0f1ae666970ffbc1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
__vbaVarSub
__vbaStrI2
rtcSaveSetting
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
rtcRgb
__vbaLateIdCall
__vbaStrVarMove
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
EVENT_SINK_Invoke
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
rtcGetDayOfWeek
rtcVarFromFormatVar
rtcGetYear
rtcDateAdd
__vbaSetSystemError
rtcDateDiff
__vbaHresultCheckObj
rtcIsDate
_adj_fdiv_m32
Zombie_GetTypeInfo
__vbaVarCmpGe
__vbaExitProc
__vbaObjSet
rtcMsgBox
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
rtcDoEvents
rtcTrimVar
rtcMonthName
__vbaBoolVarNull
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
rtcUpperCaseVar
__vbaStrCmp
__vbaVarTstEq
__vbaPrintObj
__vbaI2I4
DllFunctionCall
__vbaCastObjVar
_adj_fpatan
__vbaR4Var
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
EVENT_SINK_Release
__vbaNew
rtcShell
_CIsqrt
__vbaObjIs
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
__vbaDateStr
_adj_fprem
_adj_fdivr_m64
__vbaVarDiv
__vbaI2Str
__vbaFPException
GetMemEvent
__vbaStrVarVal
__vbaVarCat
__vbaDateVar
__vbaI2Var
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
rtcErrObj
ThunRTMain
__vbaI4Var
rtcGetSetting
__vbaVarCmpEq
__vbaVarAdd
PutMemEvent
__vbaVarDup
__vbaStrToAnsi
SetMemEvent
__vbaFpI2
__vbaVarLateMemCallLd
__vbaVarCopy
__vbaFpI4
__vbaLateMemCallLd
_CIatan
__vbaStrMove
__vbaCastObj
__vbaStrVarCopy
rtcGetDayOfMonth
_allmul
__vbaLateIdSt
rtcGetMonthOfYear
_CItan
rtcGetPresentDate
__vbaFPInt
_CIexp
__vbaFreeObj
__vbaFreeStr
rtcR8ValFromBstr

Sections

.text
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text1
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data1
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 320KB - Virtual size: 320KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mackt
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
下载说明.htm
.html .js polyglot

Sharing

General

Malware Config

Signatures

Files

00a105bb46a22eff0f1ae666970ffbc1

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 98KB - Virtual size: 98KB

.data Size: 5KB - Virtual size: 5KB

.text1 Size: 128KB - Virtual size: 128KB

.data1 Size: 128KB - Virtual size: 128KB

.pdata Size: 320KB - Virtual size: 320KB

.rsrc Size: 4KB - Virtual size: 4KB

.mackt Size: 4KB - Virtual size: 4KB

.text
Size: 98KB - Virtual size: 98KB

.data
Size: 5KB - Virtual size: 5KB

.text1
Size: 128KB - Virtual size: 128KB

.data1
Size: 128KB - Virtual size: 128KB

.pdata
Size: 320KB - Virtual size: 320KB

.rsrc
Size: 4KB - Virtual size: 4KB

.mackt
Size: 4KB - Virtual size: 4KB