05064e2f1850a27005bca102a3d7f3a7f617a629dc76e99be3a795c8d65e1c7f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

05064e2f1850a27005bca102a3d7f3a7f617a629dc76e99be3a795c8d65e1c7f
Size

127KB
MD5

4252628afbf6a4123f9f6aeb7837070e
SHA1

8a361149f3ab40c296cc12a777cdd243c2e505eb
SHA256

05064e2f1850a27005bca102a3d7f3a7f617a629dc76e99be3a795c8d65e1c7f
SHA512

9cb6e10d446c18a20979ec6656f35b3b0a5c14a91ccc9e87cbf7c4455862a25c1215cecf577aca0c503b8c8d2570f7574d63ca78156995ec76b8259199648808
SSDEEP

1536:gamlu3hbBGy3G8nhMpD7MUYU6U5jUdPQc+n35KZg8/nouy8Iu:greMPd/MYjUtQl78vout

Score

10^/10

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
05064e2f1850a27005bca102a3d7f3a7f617a629dc76e99be3a795c8d65e1c7f

Files

05064e2f1850a27005bca102a3d7f3a7f617a629dc76e99be3a795c8d65e1c7f
.exe windows:4 windows x86 arch:x86

8767f78a3f29bbe05ebe31e0976cc66c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

MethCallEngine
ord516
ord517
ord518
ord553
ord669
ord593
ord598
ord631
ord525
ord632
ord526
EVENT_SINK_AddRef
ord528
ord529
DllFunctionCall
EVENT_SINK_Release
ord600
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord713
ord607
ord608
ord531
ord717
ProcCallEngine
ord645
ord685
ord578
ord100
ord579
ord616
ord617
ord619
ord542
ord650
ord544
ord545
ord546
ord547
ord580

Sections

.text
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ