bd0cec5cb96a1e2d1cb3295289a1a639 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bd0cec5cb96a1e2d1cb3295289a1a639
Size

264KB
MD5

bd0cec5cb96a1e2d1cb3295289a1a639
SHA1

6fb8845183f78c1f6820b931abe1501ca9f97b0e
SHA256

6457fcc0a5b75f6a8160b89447d805c63fd7d802eccbebe216c140ff08097af0
SHA512

0e1ca42fdd36f06cc3df16beef91e32af0929d489e97098aa1f9ec1f79c843e83a93984eaa508a0b194741fea6c0de983aa04053c0d77c7f0826428dc2168fce
SSDEEP

3072:b+U0uREvMruaB9oyKoIzySg7NEDZWQnzuakfMTfNJHxsJplhr/XDzhX2c4AhP:b+U0uRMAuo9oyYHRAuJHuhhr/nQLAt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bd0cec5cb96a1e2d1cb3295289a1a639

Files

bd0cec5cb96a1e2d1cb3295289a1a639
.exe windows:4 windows x86 arch:x86

44b123cfc72acb4c5fc87d2126c5f669

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlMoveMemory

msvbvm60

MethCallEngine
ord516
ord632
EVENT_SINK_AddRef
ord527
DllFunctionCall
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord606
ord608
ProcCallEngine
ord644
ord100
ord616
ord581

Sections

.text
Size: 156KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE