73fb7cf582bc8ed285d7ba7f10aa51ee

Sharing

Copy URL Twitter E-mail

General

Target

73fb7cf582bc8ed285d7ba7f10aa51ee
Size

10KB
MD5

73fb7cf582bc8ed285d7ba7f10aa51ee
SHA1

0a38f3ab948758eb61bc8afafb93f9d833f1bb79
SHA256

8fca0b61d73742fddb30bf64c96c47783ce4a2b4a8185c5095b366d6f08db657
SHA512

e2bfda465597f564d7cbed8561b20e391cb9071f4d7ce72d9b0e515b1ed7c4f1cecd25c3d67b3ecadf729f68327d948e15725dd7fbac32cec416ea76de1a7360
SSDEEP

192:JHY76ofwOcU/2nBsX5lPWjEOI4d++1A7Eiyyvv4o:NoftFXeI4AKe/yyH4o

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/dangerouskillwindows(Do not open)/CoolTool.exe

Files

73fb7cf582bc8ed285d7ba7f10aa51ee
.rar
dangerouskillwindows(Do not open)/CoolTool.exe
.exe windows:4 windows x86 arch:x86

a3db164155017927a909c55f5f897e53

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm50

_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaObjSet
ord595
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarDup
__vbaStrToAnsi
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dangerouskillwindows(Do not open)/Form2.frm
dangerouskillwindows(Do not open)/Trojan Finder.vbp
dangerouskillwindows(Do not open)/Trojan Finder.vbw
dangerouskillwindows(Do not open)/form1.frm
dangerouskillwindows(Do not open)/下载说明.htm
.html .js polyglot

Sharing

General

Malware Config

Signatures

Files

a3db164155017927a909c55f5f897e53

Headers

File Characteristics

Imports

msvbvm50

Sections

.text Size: 9KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 4KB

.idata Size: 1KB - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 1024B - Virtual size: 968B

.text
Size: 9KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 4KB

.idata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 968B