994da8b04be480005ff0ce854b3d9853 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

994da8b04be480005ff0ce854b3d9853
Size

644KB
MD5

994da8b04be480005ff0ce854b3d9853
SHA1

da9351ecbc2352cabb8e1f2271ff98bf0638f86c
SHA256

50cb50b0484ac65de76d02afa906eb6c614baae4a7cfce85255779675c153a56
SHA512

4c073a96fca264c9b24e3a296dbf05bb42a6374de7cfd9a82ae7ad461bb958f0644f7661b4d902a82596bc9fb82c6a25f4dccbed7cb22d9db0e2d21b0924d04d
SSDEEP

12288:ewOmgk+iDA/6HraVUCyoTGnIaMwHU26eEKCdhT5XJvru7gAiKpR0nymaQq:khklA/cpCint02FULT5BYLRmnM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/editorcn3/ff3editor.exe

Files

994da8b04be480005ff0ce854b3d9853
.rar
QQ下载吧--最多最全的QQ下载基地.url
.url
editorcn3/NO.wav
editorcn3/OK.wav
editorcn3/ff3editor.exe
.exe windows:4 windows x86 arch:x86

f70e5d2a1002289006c44cc37872aad9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaFreeVar
ord589
_adj_fdiv_m64
_adj_fprem1
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaObjSet
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
ord600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaI4Var
__vbaVarDup
__vbaStrToAnsi
__vbaVarCopy
_CIatan
_allmul
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 256KB - Virtual size: 254KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 200KB - Virtual size: 197KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
使用说明.txt
官方网址.url
.url
注册软件.reg