03a70fb9d40dfeaee52d0e9187d9e4816e3d683c88c979d01e4ca0dbcb235968 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

03a70fb9d40dfeaee52d0e9187d9e4816e3d683c88c979d01e4ca0dbcb235968
Size

296KB
MD5

637bd8171354bff8405b3ab18b3cc7c7
SHA1

5bb1d14caf1d54a3fff3e00fa9edaab20a983175
SHA256

03a70fb9d40dfeaee52d0e9187d9e4816e3d683c88c979d01e4ca0dbcb235968
SHA512

4f2e399a4e5bbf138cf2a94e48dd241d8ec64688a360fc77b5915c44d9b9628450a3f54a8f552ec2e7a0858e5f6c9bcd471d0e25c76693098fbb686dc0b03a99
SSDEEP

6144:tbGziIAVS75KqmzlNhWza6cmdJ6XRB8T5MJ8b6NHBRC:twIS75KqmzL6cmdJ6X78TuJ8byC

Score

10^/10

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
03a70fb9d40dfeaee52d0e9187d9e4816e3d683c88c979d01e4ca0dbcb235968

Files

03a70fb9d40dfeaee52d0e9187d9e4816e3d683c88c979d01e4ca0dbcb235968
.exe windows:4 windows x86 arch:x86

b4740eb32331045733c6ef7e2bdbae6d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord690
ord696
MethCallEngine
ord516
ord518
ord626
ord553
ord660
ord666
ord667
ord669
ord593
ord594
ord301
ord595
ord598
ord599
ord307
ord522
ord631
ord709
ord525
ord632
ord526
EVENT_SINK_AddRef
ord528
ord529
DllFunctionCall
ord563
EVENT_SINK_Release
ord600
ord601
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
ord606
ord607
ord608
ord531
ord716
ord717
ProcCallEngine
ord535
ord644
ord537
ord645
ord570
ord648
ord681
ord576
ord685
ord578
ord100
ord689
ord612
ord616
ord617
ord541
ord619
ord542
ord543
ord650
ord544
ord545
ord546
ord547
ord580

Sections

.text
Size: 156KB - Virtual size: 153KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 136KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ