9a5dcd67692a164fee8722cc19612f71

Sharing

Copy URL Twitter E-mail

General

Target

9a5dcd67692a164fee8722cc19612f71
Size

143KB
MD5

9a5dcd67692a164fee8722cc19612f71
SHA1

90a43e2102ea0028c0ab0c23827d3e9e0104d149
SHA256

4681a12541c3cd152398719bc522ab20945015e647dcf63e901fc64d77df4c7d
SHA512

193468ae31d85061bc12ed70f5f6bc29ab3821a5d8876fbf6864d58219b39b3c6725c884a552a381807d794ece1b9153d34f151b3360c6507a940ac10afac9b5
SSDEEP

3072:2IpzxagL0fPlfUH9obhcnxevJt2lhEltupWjb:2Ipz8K0Qso8vylhEnupOb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/Discus1.exe

Files

9a5dcd67692a164fee8722cc19612f71
.eml
- http://vdu.lt
- http://adm.uw.edu.pl
- http://www.facebook.com/univerzitet.u.beogradu
- http://twitter.com/#!/Univerzitet_BG
- http://plus.google.com/114595110505851338750/posts
- http://www.linkedin.com/company/university-of-belgrade
- http://www.youtube.com/univerzitetubeogradu
EUI894LT463.zip
.zip
Discus1.exe
.exe windows:4 windows x86 arch:x86

f00c063be3ee9625aa526de886ebc41e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord582
_CIcos
_adj_fptan
__vbaVarMove
ord586
ord587
__vbaFreeVar
__vbaStrVarMove
__vbaFreeVarList
__vbaEnd
ord697
_adj_fdiv_m64
ord698
ord513
__vbaFreeObjList
ord517
_adj_fprem1
__vbaSetSystemError
__vbaHresultCheckObj
ord664
ord558
ord665
_adj_fdiv_m32
__vbaAryVar
ord667
__vbaAryDestruct
ord591
ord593
ord594
ord595
__vbaObjSet
__vbaOnError
ord596
_adj_fdiv_m16i
ord702
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaCyStr
ord704
ord522
__vbaFpR8
ord708
_CIsin
__vbaErase
__vbaChkstk
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
__vbaAryConstruct2
__vbaObjVar
DllFunctionCall
_adj_fpatan
ord569
ord676
__vbaRedim
EVENT_SINK_Release
__vbaUI1I2
_CIsqrt
EVENT_SINK_QueryInterface
__vbaFpCmpCy
__vbaExceptHandler
ord711
ord712
_adj_fprem
_adj_fdivr_m64
ord531
ord716
__vbaFPException
ord532
__vbaStrVarVal
ord536
_CIlog
ord539
__vbaErrorOverflow
__vbaFileOpen
__vbaNew2
ord571
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
ord574
__vbaI4Str
__vbaFreeStrList
ord682
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarTstNe
ord689
ord610
ord611
__vbaVarDup
__vbaStrComp
ord613
ord614
_CIatan
__vbaStrMove
__vbaCastObj
ord540
__vbaAryCopy
ord541
_allmul
__vbaLateIdSt
_CItan
ord546
__vbaFPInt
_CIexp
__vbaFreeObj
__vbaFreeStr
ord580
ord581

Sections

.text
Size: 116KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
attachment-2
.rtf
blocked.gif
.gif
email-html-3.txt
.html
email-plain-1.txt
image001.jpg
.jpg
image002.png
.png

Sharing

General

Malware Config

Signatures

Files

f00c063be3ee9625aa526de886ebc41e

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 116KB - Virtual size: 112KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 72KB - Virtual size: 68KB

.text
Size: 116KB - Virtual size: 112KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 72KB - Virtual size: 68KB