9900e8160462e880e5fd9f0a675793b9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9900e8160462e880e5fd9f0a675793b9
Size

119KB
MD5

9900e8160462e880e5fd9f0a675793b9
SHA1

da14b71dd35010bf172aa75e54be7e67c7adc915
SHA256

29a22f04a8e6754120f8edcc0c8190f1b30d1cf247c857d2f86ecab5a5f24f54
SHA512

f2de73aa45e0fab8afd6d1b673efc96ed46382d66c35d95a07997d9897e812bc73e429bf4ad1d8e40f2b261d6be0c5c15edbf2755903b9a8fc5ba77451a309b1
SSDEEP

3072:Qh0Lpk2WOV2Er7ZfCgQhYCVtJlFoCgfAKEp0E19lNz:N2knRQhXVtJnB1319lR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Trojan.Win32.Buzus.adpa

Files

9900e8160462e880e5fd9f0a675793b9
.zip
Trojan.Win32.Buzus.adpa
.exe windows:4 windows x86 arch:x86

e39d037acde6b096f84bdccfceac0cd4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord516
ord666
ord595
ord631
ord526
DllFunctionCall
ord601
__vbaExceptHandler
ord711
ord606
ord717
ProcCallEngine
ord644
ord537
ord578
ord100

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ