bd0b420c38385a946ba34db74160b1d3

Sharing

Copy URL Twitter E-mail

General

Target

bd0b420c38385a946ba34db74160b1d3
Size

44KB
MD5

bd0b420c38385a946ba34db74160b1d3
SHA1

a2b2a54f399af4a823ac9cfd9f07931c45991f3a
SHA256

7f49a69e0d3b473bb95f8c5d17362b95e61ccc14c47e40aa90d4cab2285663cf
SHA512

4d38627d352f7e718f8a4893c9205f797c26e8492107b79f3f8ceece9e9feecfa4d3b497904ab4d8f04a0fceb66fbaa67cf8c0d1c962ce29bb6606bc54b28a7d
SSDEEP

768:t9NoEmaG/oI3eJVMXtbWmoo+/g3C3U7g41IlQYHkS57SUxBkrgNOMjnCrxAvE6qa:tPbzG/X3RXtHU/dWWp57JkQO7O86qBET

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Encryption 1.exe

Files

bd0b420c38385a946ba34db74160b1d3
.rar
Encryption 1.exe
.exe windows:4 windows x86 arch:x86

e3ac40005d11cc1e1660aaac79a6db27

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm50

_CIcos
_adj_fptan
__vbaVarVargNofree
__vbaFreeVar
__vbaLateIdCall
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
__vbaPut3
_adj_fdiv_m64
__vbaPut4
ord621
__vbaFreeObjList
ord516
_adj_fprem1
__vbaStrCat
__vbaHresultCheckObj
_adj_fdiv_m32
ord592
__vbaExitProc
__vbaObjSet
__vbaOnError
ord595
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
_CIsin
ord631
ord525
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaGet3
__vbaStrCmp
ord529
__vbaI2I4
_adj_fpatan
__vbaLateIdCallLd
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaVarMul
__vbaExceptHandler
__vbaPrintFile
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaStrVarVal
ord537
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
ord648
ord570
__vbaInStr
__vbaNew2
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaI4Var
__vbaVarAdd
__vbaVarDup
__vbaVarMod
_CIatan
ord618
__vbaStrMove
_allmul
__vbaLateIdSt
_CItan
_CIexp
__vbaMidStmtBstr
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Encryption 1.vbp
Encryption 1.vbw
Form1.frm
Form1.frx
Form2.frm
Form2.frx
Form3.frm
Form3.frx
Help.htm
.html
Secret.bas
.vbs
frmBrowser.frm
frmBrowser.frx
frmEgg.frm
frmEgg.frx
frmPassword.frm
frmPassword.frx
frmSecret.frm
.vbs
frmSecret.frx
frmView.frm
frmView.frx
下载说明.htm
.html .js polyglot

Sharing

General

Malware Config

Signatures

Files

e3ac40005d11cc1e1660aaac79a6db27

Headers

File Characteristics

Imports

msvbvm50

Sections

.text Size: 112KB - Virtual size: 111KB

.data Size: 512B - Virtual size: 13KB

.idata Size: 2KB - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 112KB - Virtual size: 111KB

.data
Size: 512B - Virtual size: 13KB

.idata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 5KB