71eccdef5c3b939459c46eff369ad290

Sharing

Copy URL Twitter E-mail

General

Target

71eccdef5c3b939459c46eff369ad290
Size

14KB
MD5

71eccdef5c3b939459c46eff369ad290
SHA1

52c94b25cc61e806cfedec3686c3441f4b8d35cc
SHA256

565d99bd167b6b5ee9a0a488db738559fcd17bf55e2ee16cbf09dbbee286efa1
SHA512

795c00221947477f8dfcc49b5f7825ea9fa1eae66ae2a0db2d2ba881f878660c903c6866354d5e9e4be20e05b1d3a94e2710d6718b5ea3bfb5e0697ad6f5db81
SSDEEP

384:IECtIp/SlzIBRWOxD14GYsvxAl35H7zcvzMwSN:IECa8lzmRDxIsvKVGnSN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/LoginWelcome/Welcome.exe

Files

71eccdef5c3b939459c46eff369ad290
.rar
LoginWelcome/FrmMain.frm
LoginWelcome/FrmMain.frx
LoginWelcome/Registry.bas
.vbs
LoginWelcome/Welcome.exe
.exe windows:4 windows x86 arch:x86

22230906bab79bd4667551e7f110afa2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaLenBstr
__vbaStrVarMove
__vbaLateIdCall
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaFreeObjList
ord516
_adj_fprem1
__vbaVarCmpNe
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaVarForInit
ord595
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
_adj_fdivr_m16i
ord520
__vbaBoolVarNull
_CIsin
ord631
__vbaChkstk
ord526
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
DllFunctionCall
__vbaVarOr
_adj_fpatan
__vbaRedim
EVENT_SINK_Release
__vbaUI1I2
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
ord608
__vbaFPException
ord536
_CIlog
__vbaErrorOverflow
__vbaInStr
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaI4Var
__vbaVarCmpEq
__vbaAryLock
__vbaVarAdd
__vbaStrToAnsi
__vbaVarCopy
ord617
_CIatan
__vbaStrMove
ord619
_allmul
_CItan
__vbaAryUnlock
__vbaVarForNext
_CIexp
__vbaFreeStr
__vbaFreeObj

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
LoginWelcome/Welcome.vbp
LoginWelcome/Welcome.vbw
LoginWelcome/下载说明.htm
.html .js polyglot

Sharing

General

Malware Config

Signatures

Files

22230906bab79bd4667551e7f110afa2

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 24KB - Virtual size: 21KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 12KB - Virtual size: 11KB

.text
Size: 24KB - Virtual size: 21KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 12KB - Virtual size: 11KB