3dc45ec6db6b7ac3c26ef12c65e98e24

General

Target

3dc45ec6db6b7ac3c26ef12c65e98e24
Size

1.8MB
MD5

3dc45ec6db6b7ac3c26ef12c65e98e24
SHA1

b3de901bc1cb9985f7522d2f26c1faa6891923ce
SHA256

34b8e5f77478ff2d878de37050fed76c491530fda39e854e17596f9e0d2d7d5e
SHA512

15269abfa7ab24fadfe408c405c35bd80ea3c0d94ec25225bc9a9160c708e5f9ba31d2dc2739d9c1d72fec314ed62d8bb515d67a76231d7319bd99e2973d675f
SSDEEP

24576:4CPjKIZJx3CimsF3kFq8JUR2WDAtlIA10f9y4afYdbOjJd+9gl3VN4ZXM/6XWXEl:4CWIlosF3ot+81UtaQdbOjmu3TSciWEl

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Berokyo.exe
unpack001/ppi.exe

Files

3dc45ec6db6b7ac3c26ef12c65e98e24
.cab
Berokyo.exe
.exe windows:5 windows x86 arch:x86

2c8fe4e27868a50e84d2b10403eeaba0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

qtcore4

?number@QString@@SA?AV1@IH@Z

qtgui4

?focusNextPrevChild@QMenu@@MAE_N_N@Z

qtxml4

??1QDomNode@@QAE@XZ

user32

UnregisterHotKey

shell32

SHGetDesktopFolder

msvcr90

_ismbblead

qtnetwork4

?get@QHttp@@QAEHABVQString@@PAVQIODevice@@@Z

gdi32

CreateCompatibleDC

advapi32

RegQueryValueExA

oleaut32

SysAllocStringLen

Sections

TEXTiCLE
Size: 1.7MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 103KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ppi.exe
.exe windows:4 windows x86 arch:x86

b191d962dd93e12eab0c48a6c45c4b23

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
_CIcos
_adj_fptan
__vbaVarMove
__vbaVarVargNofree
__vbaFreeVar
__vbaAryMove
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
ord516
_adj_fprem1
__vbaCopyBytes
__vbaStrCat
__vbaLsetFixstr
__vbaHresultCheckObj
ord665
_adj_fdiv_m32
__vbaAryDestruct
__vbaVarForInit
__vbaStrLike
__vbaOnError
_adj_fdiv_m16i
_adj_fdivr_m16i
ord598
__vbaVarIndexLoad
_CIsin
__vbaErase
__vbaVarZero
ord632
__vbaChkstk
EVENT_SINK_AddRef
ord527
__vbaGenerateBoundsError
__vbaStrCmp
__vbaVarTstEq
__vbaAryConstruct2
__vbaI2I4
DllFunctionCall
__vbaLbound
__vbaRedimPreserve
_adj_fpatan
__vbaFixstrConstruct
__vbaRedim
__vbaUI1ErrVar
EVENT_SINK_Release
__vbaUI1I2
_CIsqrt
EVENT_SINK_QueryInterface
__vbaStr2Vec
__vbaExceptHandler
ord606
_adj_fprem
_adj_fdivr_m64
__vbaVarDiv
ord608
__vbaFPException
ord717
__vbaUbound
__vbaStrVarVal
__vbaVarCat
__vbaLsetFixstrFree
ord644
_CIlog
__vbaErrorOverflow
__vbaNew2
__vbaInStr
__vbaVar2Vec
__vbaR8Str
_adj_fdiv_m32i
_adj_fdivr_m32i
Zombie_AddRef
__vbaStrCopy
__vbaI4Str
__vbaFreeStrList
__vbaDerefAry1
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarTstNe
__vbaVarAdd
__vbaAryLock
__vbaFpI2
__vbaVarCopy
ord616
__vbaFpI4
_CIatan
__vbaStrMove
__vbaAryCopy
__vbaStrVarCopy
_allmul
__vbaLenVarB
_CItan
__vbaAryUnlock
__vbaVarForNext
_CIexp
__vbaMidStmtBstr
__vbaI4ErrVar
__vbaFreeStr
ord581

Sections

.text
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2c8fe4e27868a50e84d2b10403eeaba0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

qtcore4

qtgui4

qtxml4

user32

shell32

msvcr90

qtnetwork4

gdi32

advapi32

oleaut32

Sections

TEXTiCLE Size: 1.7MB - Virtual size: 3.8MB

.rsrc Size: 103KB - Virtual size: 104KB

.reloc Size: 512B - Virtual size: 512B

b191d962dd93e12eab0c48a6c45c4b23

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 196KB - Virtual size: 195KB

.data Size: 4KB - Virtual size: 70KB

.rsrc Size: 52KB - Virtual size: 50KB

TEXTiCLE
Size: 1.7MB - Virtual size: 3.8MB

.rsrc
Size: 103KB - Virtual size: 104KB

.reloc
Size: 512B - Virtual size: 512B

.text
Size: 196KB - Virtual size: 195KB

.data
Size: 4KB - Virtual size: 70KB

.rsrc
Size: 52KB - Virtual size: 50KB