9be915c623e1f302ce8336f386e07c44

General

Target

9be915c623e1f302ce8336f386e07c44
Size

311KB
MD5

9be915c623e1f302ce8336f386e07c44
SHA1

b7d99ea188ba47c6503957bb43c5bbe621f191ae
SHA256

18fd4a84fc0afd71a59a8c73ea8c283644d6258031c21e968eff91be3f306c8b
SHA512

04febfb823bf057d815102c59797317e729932f568a143004cedacc4a56cace28091e56c3b1e1533b339e71cbb23743f40292d066cc1651cba635bcd69c099ca
SSDEEP

6144:SgZP1n3JFCiuj+iPAH7mRo7KH5lENZ1pvhO7CS718Hq6wWIC0ln:5L5FCiurAHCRoK5Sbrg1KeC+

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/C0NW0N~1.EXE
unpack001/RUNDLL~1.EXE

Files

9be915c623e1f302ce8336f386e07c44
.cab
C0NW0N~1.EXE
.exe windows:5 windows x86 arch:x86

099d3aca1084faca45ba19e17a4b4fd8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

RegisterClipboardFormatA

gdi32

GetStockObject

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA

advapi32

RegOpenKeyA

comctl32

InitCommonControlsEx

shlwapi

PathFindFileNameA

oledlg

ord8

ole32

CoRevokeClassObject

oleaut32

VariantChangeType

Sections

.text
Size: 176KB - Virtual size: 516KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
RUNDLL~1.EXE
.exe windows:4 windows x86 arch:x86

a39604757b0f7d602998edc71a17f26b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord516
ord593
ord595
ord522
ord631
ord632
ord526
EVENT_SINK_AddRef
ord561
DllFunctionCall
ord563
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord608
ord717
ProcCallEngine
ord644
ord645
ord570
ord648
ord681
ord100
ord617
ord619

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 124KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

099d3aca1084faca45ba19e17a4b4fd8

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

comctl32

shlwapi

oledlg

ole32

oleaut32

Sections

.text Size: 176KB - Virtual size: 516KB

.rsrc Size: 12KB - Virtual size: 12KB

.reloc Size: 512B - Virtual size: 512B

a39604757b0f7d602998edc71a17f26b

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 24KB - Virtual size: 22KB

.data Size: - Virtual size: 3KB

.rsrc Size: 124KB - Virtual size: 121KB

.text
Size: 176KB - Virtual size: 516KB

.rsrc
Size: 12KB - Virtual size: 12KB

.reloc
Size: 512B - Virtual size: 512B

.text
Size: 24KB - Virtual size: 22KB

.data
Size: - Virtual size: 3KB

.rsrc
Size: 124KB - Virtual size: 121KB