7256e0872bf70a1f77046f96ef1133cc

Sharing

Copy URL Twitter E-mail

General

Target

7256e0872bf70a1f77046f96ef1133cc
Size

40KB
MD5

7256e0872bf70a1f77046f96ef1133cc
SHA1

1725bd1ddfd4b2ceb62526988a76e4e2711a1a5c
SHA256

92047f4afee56e78e598b8e48edd2759afd754cdb5c58d53ab4e361ee2bf9ab6
SHA512

834d14cd74cce0d35110bef6a964a3cc40a8cff3c09cc95e7a8d8d47490fd0f5d01e09cf0628c4a006c2e0fb1df4048d89345eee489ac0dabdfc7c9ed2fd4c0b
SSDEEP

768:dMGsqbhQ/n0cAwZHediOWmd/Fvmo+NCnUgtiw/XZM5DfzJBwjjv5DsXzW+r:1d1QP0cFZ+diON/h/e6tiw/XZkDbzyBk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Crypt It 3.0.exe

Files

7256e0872bf70a1f77046f96ef1133cc
.rar
About.frm
.vbs
About.frx
Crypt It 3.0.exe
.exe windows:4 windows x86 arch:x86

6846ada20fce419e4cd8d86696e273d8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
__vbaVarTstGt
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaFreeVar
__vbaStrVarMove
__vbaLateIdCall
__vbaLenBstr
__vbaVarIdiv
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
ord516
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
__vbaLenVar
_adj_fdiv_m32
ord593
__vbaExitProc
__vbaVarForInit
ord594
__vbaOnError
ord595
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaBoolVarNull
__vbaFpR8
_CIsin
ord631
ord632
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
ord527
__vbaGenerateBoundsError
__vbaStrCmp
__vbaVarTstEq
__vbaI2I4
DllFunctionCall
__vbaVarOr
_adj_fpatan
__vbaR4Var
__vbaLateIdCallLd
EVENT_SINK_Release
__vbaNew
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaVarMul
__vbaExceptHandler
ord712
__vbaStrToUnicode
__vbaPrintFile
__vbaInputFile
_adj_fprem
_adj_fdivr_m64
__vbaVarDiv
ord608
__vbaFPException
__vbaInStrVar
__vbaStrVarVal
__vbaVarCat
__vbaI2Var
ord537
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaInStr
ord648
__vbaNew2
__vbaVarInt
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaVarNot
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaI4Var
__vbaVarCmpEq
__vbaVarAdd
__vbaStrToAnsi
__vbaVarDup
ord614
__vbaFpI2
__vbaVarMod
__vbaFpI4
__vbaVarCopy
_CIatan
__vbaStrMove
__vbaStrVarCopy
_allmul
ord651
__vbaLateIdSt
_CItan
__vbaFPInt
__vbaVarForNext
_CIexp
__vbaI4ErrVar
__vbaFreeObj
__vbaFreeStr
ord581

Sections

.text
Size: 112KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Crypt.ico
CryptIt.PDM
CryptIt.vbp
CryptIt.vbw
Form1.frm
.vbs
Form1.frx
Form2.frm
Form2.frx
Form3.frm
Form3.frx
Form4.frm
Form4.frx
Module1.bas
.vbs
Module2.bas
.vbs
RckEnc.bas
.vbs
Readme First.txt
frmMain.frm
.vbs
frmMain.frx
下载说明.htm
.html .js polyglot

Sharing

General

Malware Config

Signatures

Files

6846ada20fce419e4cd8d86696e273d8

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 112KB - Virtual size: 109KB

.data Size: 4KB - Virtual size: 12KB

.rsrc Size: 8KB - Virtual size: 4KB

.text
Size: 112KB - Virtual size: 109KB

.data
Size: 4KB - Virtual size: 12KB

.rsrc
Size: 8KB - Virtual size: 4KB