abe8d6b7c2441de529baba81ec2cc12b

Sharing

Copy URL Twitter E-mail

General

Target

abe8d6b7c2441de529baba81ec2cc12b
Size

143KB
MD5

abe8d6b7c2441de529baba81ec2cc12b
SHA1

3f0911c01b3e2397223d43cacdd00c0dbfe2ea2b
SHA256

a1fd0a2e928580bbb02d15da1eeca96bc45b8a3f5f7fd18b11e1d53864a31ead
SHA512

5321d05996155f744d0f3901b7346ae36a614a1f98b1dacfeaa29314e382cbcbdbee63fa2f60cb4df85cab0fa2dc78a81ca147cfbbe4959224c200d7877251b3
SSDEEP

3072:yGbPrjL/EAGtTH8xMmoIpZ4Ts7H/LReiN8dw1ZrYO:zr9oKvBH/0u8dwvR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/高效软件.exe

Files

abe8d6b7c2441de529baba81ec2cc12b
.rar
JZ5U绿色下载站 - 副本.url
.url
使用必读 - 副本.url
需要更多_百度搜索 - 副本.url
.url
高效软件.exe
.exe windows:4 windows x86 arch:x86

a333c0e47bf07390a961276081581f8a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
ord588
__vbaVarIdiv
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
EVENT_SINK_Invoke
__vbaRaiseEvent
__vbaFreeObjList
_adj_fprem1
__vbaRecAnsiToUni
__vbaCopyBytes
__vbaStrCat
__vbaForEachCollAd
__vbaLsetFixstr
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
Zombie_GetTypeInfo
__vbaLateMemSt
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaBoolVar
__vbaFPFix
__vbaBoolVarNull
__vbaFpR8
_CIsin
__vbaChkstk
__vbaCyVar
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
__vbaVarTstEq
__vbaPrintObj
__vbaI2I4
__vbaObjVar
DllFunctionCall
__vbaVarOr
__vbaCastObjVar
__vbaRedimPreserve
_adj_fpatan
__vbaR4Var
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
__vbaUI1I2
_CIsqrt
__vbaObjIs
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaFPException
ord319
__vbaStrVarVal
__vbaCheckType
__vbaI2Var
ord644
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
ord681
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaI4Var
__vbaVarAdd
ord320
__vbaVarDup
__vbaStrToAnsi
ord321
__vbaFpI2
__vbaVarCopy
__vbaUnkVar
__vbaFpI4
ord617
__vbaLateMemCallLd
_CIatan
__vbaCastObj
__vbaStrMove
__vbaStrVarCopy
_allmul
__vbaLateIdSt
__vbaLateMemCallSt
_CItan
__vbaNextEachCollAd
_CIexp
__vbaFreeObj
__vbaFreeStr
ord581

Sections

.text
Size: 252KB - Virtual size: 250KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 112KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a333c0e47bf07390a961276081581f8a

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 252KB - Virtual size: 250KB

.data Size: 4KB - Virtual size: 20KB

.rsrc Size: 112KB - Virtual size: 110KB

.text
Size: 252KB - Virtual size: 250KB

.data
Size: 4KB - Virtual size: 20KB

.rsrc
Size: 112KB - Virtual size: 110KB