14970664194[.]zip

General

Target

14970664194.zip
Size

330KB
MD5

5c2a51013918c02997c91968d33efca4
SHA1

089088a4611e7be378fb76d2a276bd4182a1856e
SHA256

34d6bbf60ce84c916496eb30a13b9fcfc6d216056636c3aba917748a789925ad
SHA512

985587e03e213bd2d462cbe5bec00841ff529e8faf7a25a20ca50de238f7d873229813670b4b30b17a84b1cda39d3bdbf931bb6fcf7feb4d52d82cfdf442eedf
SSDEEP

6144:+IG5XYbPIFKalCSNDk5gBt02D83EiZva5oa9naz30c1qVMhrXMD17RFvREKFjYEt:ntgFFqOs2D83EiKazkc1qV+cD1Rd2KkA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/6e825a6eb4725b82bd534ab62d3f6f37082b7dbc89062541ee1307ecd5a5dd49

Files

14970664194.zip
.zip

Password: infected
6e825a6eb4725b82bd534ab62d3f6f37082b7dbc89062541ee1307ecd5a5dd49
.dll regsvr32 windows:4 windows x86 arch:x86

239523d3891db30be83139868780c70b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ole32

CoInitialize
CoUninitialize

kernel32

VirtualProtect
RtlMoveMemory
HeapFree
GetProcessHeap
TlsSetValue
TlsFree
TlsGetValue
HeapAlloc
TlsAlloc

msvbvm60

_CIcos
_adj_fptan
VBDllGetClassObject
__vbaAryMove
__vbaFreeVar
__vbaLenBstr
__vbaFreeVarList
_adj_fdiv_m64
VBDllCanUnloadNow
__vbaPut4
_adj_fprem1
__vbaResume
__vbaStrCat
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
__vbaOnError
_adj_fdiv_m16i
_adj_fdivr_m16i
__vbaBoolVar
_CIsin
ord631
ord525
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaGet3
__vbaVarTstEq
UserDllMain
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
ord600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord713
_adj_fprem
_adj_fdivr_m64
GetMem1
GetMem2
ord716
__vbaFPException
GetMem4
__vbaVarCat
GetMem8
ord644
ord537
_CIlog
__vbaFileOpen
__vbaNew2
ord648
ord570
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord101
__vbaVarSetVar
ord102
ord103
ord104
ord610
ord105
__vbaVarAdd
__vbaAryLock
__vbaFpI4
__vbaVarLateMemCallLd
_CIatan
__vbaStrMove
_allmul
_CItan
__vbaAryUnlock
_CIexp
__vbaFreeObj
__vbaFreeStr
ord581

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
RunDllEntryPointW

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 228KB - Virtual size: 227KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

239523d3891db30be83139868780c70b

Headers

File Characteristics

Imports

ole32

kernel32

msvbvm60

Exports

Exports

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 228KB - Virtual size: 227KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 228KB - Virtual size: 227KB