387fb39b1e45d8e23fb0c9b84f3550df

Sharing

Copy URL

Twitter E-mail

General

Target

387fb39b1e45d8e23fb0c9b84f3550df
Size

505KB
MD5

387fb39b1e45d8e23fb0c9b84f3550df
SHA1

029a77ff2776be153ea1bb9aae4b02b60f203c45
SHA256

9cf1fac3b70c572fa6c3edbfe16561bef310e94cd8381df18853c2a8ac9eacab
SHA512

2e9ccbf64cf7695c0aa02f6d275e061d2b83773496206370ef31a9980ddf2630c0c49e67b291f95f915a07c8a09bb0f6524a630b5738654bf127bcbadbc31bb5
SSDEEP

12288:KobvC4sI+7XdsuoISKvSI2wS7Ww6ox4BsHHoPOtkK:TbvCDnhsuozhI2wAWwsB1OtkK

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Auto Update/AutoUpdateKeyCF..exe
unpack001/KEYCF-FIX For CF Russia.exe
unpack001/keycf 7.6.exe
unpack001/keycf.dll

Files

387fb39b1e45d8e23fb0c9b84f3550df
.zip
Auto Update/AutoUpdateKeyCF..exe
.exe windows:4 windows x86 arch:x86

461981f7eb7ff0fafbbec830645c5b1d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaStrI4
__vbaFreeVar
__vbaStrVarMove
__vbaLateIdCall
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
__vbaRaiseEvent
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
ord660
__vbaNameFile
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaOnError
__vbaObjSet
ord595
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
ord529
__vbaStrCmp
__vbaVarTstEq
__vbaI2I4
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaStrVarVal
__vbaVarCat
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarDup
__vbaFpI4
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr

kernel32

GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

Sections

.text
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

vdvd.vmp
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

vdvd.vmp
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Huong Dan.reg
Huong dan su dung KeyCFModz 1096.url
.url
KEYCF-FIX For CF Russia.exe
.exe windows:4 windows x86 arch:x86

73d74b78767100273eefdcbfb400f40a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaLenBstr
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
ord516
ord517
_adj_fprem1
__vbaRecAnsiToUni
ord519
__vbaStrCat
__vbaLsetFixstr
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
ord301
ord595
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
ord303
_adj_fdivr_m16i
__vbaStrFixstr
ord307
ord309
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
DllFunctionCall
_adj_fpatan
__vbaRecUniToAnsi
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
ord608
__vbaFPException
__vbaInStrVar
__vbaI2Var
ord645
_CIlog
__vbaErrorOverflow
__vbaNew2
__vbaR8Str
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaI4Var
__vbaVarDup
__vbaStrComp
__vbaStrToAnsi
ord616
_CIatan
ord618
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr

kernel32

GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

Sections

.text
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmpxaff
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmpxaff
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
TrumGame.Net.url
.url
keycf 7.6.exe
.exe windows:4 windows x86 arch:x86

85af8ce6742f8ce425e31d5f536d68db

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaFreeVar
__vbaAryMove
__vbaLenBstr
__vbaStrVarMove
__vbaLateIdCall
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaVarIndexStore
__vbaFreeObjList
ord516
ord517
_adj_fprem1
__vbaRecAnsiToUni
ord518
__vbaCopyBytes
__vbaStrCat
__vbaVarCmpNe
__vbaLsetFixstr
__vbaRecDestruct
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
ord667
__vbaAryDestruct
__vbaExitProc
__vbaVarForInit
ord301
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
ord303
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarIndexLoad
__vbaFpR4
__vbaStrFixstr
ord307
ord309
__vbaBoolVarNull
_CIsin
ord709
__vbaChkstk
ord526
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
ord529
__vbaStrCmp
__vbaAryConstruct2
__vbaVarTstEq
__vbaPutOwner3
DllFunctionCall
__vbaVarLateMemSt
__vbaRedimPreserve
__vbaStrR4
_adj_fpatan
__vbaLateIdCallLd
__vbaRecUniToAnsi
EVENT_SINK_Release
ord600
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
ord608
__vbaFPException
__vbaInStrVar
__vbaUbound
__vbaStrVarVal
__vbaVarCat
__vbaI2Var
ord644
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaVarLateMemCallLdRf
__vbaVar2Vec
__vbaNew2
ord648
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
ord576
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarTstNe
__vbaI4Var
__vbaAryLock
__vbaStrToAnsi
__vbaVarDup
ord616
__vbaVarLateMemCallLd
ord617
_CIatan
ord618
__vbaStrMove
_allmul
_CItan
__vbaAryUnlock
__vbaFPInt
__vbaVarForNext
_CIexp
__vbaRecAssign
__vbaFreeStr
__vbaFreeObj
ord580

kernel32

GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

Sections

.text
Size: - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmpxsxf
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmpxsxf
Size: 208KB - Virtual size: 207KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
keycf.dll
.dll windows:4 windows x86 arch:x86

3cc6c050677a881df76259c797af3bff

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

MessageBeep

advapi32

RegOpenKeyA

Exports

Exports

b��̦�T(R.E��;�.F*Gr 2\��)�Ti��b4�:E��R�tD�2`�L�%D�ɒ0!�� ޵�.1�܂�5�� Y됥�R��$k�A��r�[4�U�D +\6,��?Xp�|�� r/+g��ܡ��l�À�噤?A�?Cþ@�`��|��OM��1ߟl@��C�)��skB�7�no�b��M�d�+w�^��n�[I2iec�z�s��j�5��#��IB� �I�R�[�E��@��.:��N;>%O�yzIs��_�X��U8��C��y�i�3�]Bs��<UԔ�T��N vW�J�)��z]�TU��u�$�{I�*�y�nM��S{�� d��ߥp��mk�<d�d6ǡ)��Pm��#�-0��w��j�l�;vy��J@ᶷ��H��m�"��6�Eq�o��J��>돤U�7s"��-7 ��!��W<�W<T?K'<��te0n��l��󺌺-eON��p��T'jNQ�׳��ov�͡f��,��Cs�:ernW��#�'��f��<y��r�k��F��\|�1�{�߫eoT�=�s9GC׬z�?�Nt<��~�J�-�u��6�Q8"��V$��o�h��,^e�\t\G8�� {��Y*W:�a!��}�hSn�HV�OD��(m��o��qp��.�x�r�^�t,�,B�(�}��\gD� e��@��ݐ2�� #l�.�F��'[��j�0��]�@�ϗ��,YO� |��B��-��a�̏P��D�s��X��W=�)�9rĂ�l�)�}d,ۅe�#��e�\7� ��2�N7��Y�怐E$_T�Xڕ��ӨA�Ib�Y��&K�Fo�� M��߇��l^}�#�u��h��k�zf��@Z��˧Yk��T2�dv��K��{�?n?�2��n.kM��<��+ � ig~�� ^�ג�D~:��\��O�;|'��péT��r�|��b�Ӥڲ�AP�!��qLj{�Gdm'*��gM��El��D�C:�&��#�Y4j\vH��5%9&��ڧ�p2��9��yPt:��15��.o��w��ՍҝB`��ɒ��ϋ��$�T͠��&�6�@m��S��L��溒ӾJ�< ȭ��"�F�K�Å^�� y�){��+$z�� ngo��t�a� T��k��׹o�xZr��-I�J��=�t��#߽vJ�G��z��Ϲ1��8��5�G�\I��Z��št �� f.S�&��U�qq2��R�s"d��GDU&*�EN�s!8�6 �m��Ħ��G�U9]�pG�w&(��D�\eyd4m��"*��G�LQ��)证T�W�pNt2r�s�v�!D�:rT��6C�:�sS��Ӎf��D��o}ރ��\�g�f(�npB��z��8}��pn,'$S*"R_]7z��t�#��,�Yk�� }��^�e:#��&8 (��5-�PS�R�I@��{2��Y�;��.�_8oG��i�f�A}��F�-J{0�ަ��7�$|��S&�,��ee|72`�j�+9��dsj�B��cR�y4�� 1;��y��E��V̮��~J}�ٯ� �8�b�'$�(Af[Ev��.ej�a �^'�Ο�4��>�j�ܥ�w�#|Z0~U{��l�X��#�g �\h+�h��^��Q�`�z�T�n�DaeqBE�"��V�\n_b�Wz��W��GE^��q��lЬ �|��o��kQb��9]�KpL�:��i�.Fs/�p�23<틘�g?�ߛ�� d�6�!��[y��Z��W��ބ��<�Y��2U�"�$Hx�WuC�Q�+��(u��(�5d��p��q�>�+�5qK�ĺ�G�H�׵|ƃ0#�oۺ�g��SK��i��j��M�6�D� �1�os��Yi��*P}�"w�=�X�F�x;ǃ_ʐF�$)�F�'��I��A��.��H��g՝:E�ο�ŏ��G�W�J�L��פ�V��k��S=v��H9,Q��ѭn`RĖ#��$�c��Q}��Ш|��\]ve��ׯ�u��M��.q�/��5?`}�g�g�vk��`d�A��ؽS��Q��C��P<��mN��5ΟU ��H�K�,XFctS̍�S��Q`}~�fzF98�]�6-,fl-?��P�=O�"a�@e僢@�ّy��?3f��ף\�[��Pt��=�F_|+��=��q��I� h��[�%��4>��4+R�(�ז�r5g�u�p�Dܕ$=�oq�7^Ӽ7�6ao�RC�J��6,��1u�tp�f��e��c��aÆrKx�S�B�/��p!��/a�wLb+��mM��g�<�}v��$��M�U��.��f��_�"mJ��h��:��B8��F�J��Y��w�ڴ=f�N�+�֖��X�F��S�Z�D�y�㞁z&^ߑ�+|\ϊ9��u��:��{��3��>��Rޭ�8C�8tچ1�Y�(�))��L%�r(�t��u;p�U'XD��0��/Ҩ�|�u)v��kodo�� !N�k�}�A��V��G��'�x��Ǭ��fߋh{��4��}G��isZ�X��E��\NC��@��_��T��y�� }� �2վs�봿��(o��%Io�9|a&� ��ܣa�&�P5��ؿ�Ԃ��H��Oz�Q�f?S�*�3��X�f�q��G�r��MU�b�q;��]��=�I:|+��/��E ��k��K��W��W�.t�Ă�-� y��oWv��+'��ם򨧳�h�,�)��*��Һ�JQyT�O��O`EҝOcȣ

Sections

.text
Size: - Virtual size: 150KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmpxsad
Size: - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmpxsad
Size: 192KB - Virtual size: 191KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

461981f7eb7ff0fafbbec830645c5b1d

Headers

File Characteristics

Imports

msvbvm60

kernel32

Sections

.text Size: - Virtual size: 44KB

.data Size: - Virtual size: 6KB

vdvd.vmp Size: - Virtual size: 12KB

vdvd.vmp Size: 68KB - Virtual size: 67KB

.rsrc Size: 4KB - Virtual size: 2KB

73d74b78767100273eefdcbfb400f40a

Headers

File Characteristics

Imports

msvbvm60

kernel32

Sections

.text Size: - Virtual size: 11KB

.data Size: - Virtual size: 3KB

.vmpxaff Size: - Virtual size: 10KB

.vmpxaff Size: 56KB - Virtual size: 54KB

.rsrc Size: 4KB - Virtual size: 2KB

85af8ce6742f8ce425e31d5f536d68db

Headers

File Characteristics

Imports

msvbvm60

kernel32

Sections

.text Size: - Virtual size: 42KB

.data Size: - Virtual size: 3KB

.vmpxsxf Size: - Virtual size: 11KB

.vmpxsxf Size: 208KB - Virtual size: 207KB

.rsrc Size: 8KB - Virtual size: 193KB

3cc6c050677a881df76259c797af3bff

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: - Virtual size: 150KB

.rdata Size: - Virtual size: 18KB

.data Size: - Virtual size: 19KB

.sxdata Size: - Virtual size: 8B

.vmpxsad Size: - Virtual size: 63KB

.tls Size: 4KB - Virtual size: 24B

.vmpxsad Size: 192KB - Virtual size: 191KB

.reloc Size: 4KB - Virtual size: 240B

.text
Size: - Virtual size: 44KB

.data
Size: - Virtual size: 6KB

vdvd.vmp
Size: - Virtual size: 12KB

vdvd.vmp
Size: 68KB - Virtual size: 67KB

.rsrc
Size: 4KB - Virtual size: 2KB

.text
Size: - Virtual size: 11KB

.data
Size: - Virtual size: 3KB

.vmpxaff
Size: - Virtual size: 10KB

.vmpxaff
Size: 56KB - Virtual size: 54KB

.rsrc
Size: 4KB - Virtual size: 2KB

.text
Size: - Virtual size: 42KB

.data
Size: - Virtual size: 3KB

.vmpxsxf
Size: - Virtual size: 11KB

.vmpxsxf
Size: 208KB - Virtual size: 207KB

.rsrc
Size: 8KB - Virtual size: 193KB

.text
Size: - Virtual size: 150KB

.rdata
Size: - Virtual size: 18KB

.data
Size: - Virtual size: 19KB

.sxdata
Size: - Virtual size: 8B

.vmpxsad
Size: - Virtual size: 63KB

.tls
Size: 4KB - Virtual size: 24B

.vmpxsad
Size: 192KB - Virtual size: 191KB

.reloc
Size: 4KB - Virtual size: 240B