c7215b69e5ad18cf6eebf3426682fa7f

Sharing

Copy URL Twitter E-mail

General

Target

c7215b69e5ad18cf6eebf3426682fa7f
Size

69KB
MD5

c7215b69e5ad18cf6eebf3426682fa7f
SHA1

cbbd66814416d3b8489fa93033dc182a65c8a4b1
SHA256

451b6140c71f49fc76cba306876274b0e4d1f1ec076ecc0e69c80d273683c8ea
SHA512

2c13ea0e7b197025881c8245a22656ff2020644bed981f0b1f950513c126a4c78412ddd11b661b46c204b8718277ecdfeca07650faf684b6efcbb154ecaa62e1
SSDEEP

1536:M5Kq5tTVA2VkTmIXafYCYCs6pzFXI1p1IipKZrzWx/FASaO8F+M+q7nQq1:sd51TIHCpFq1vDKZ/MFApAK

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack003/DownloadFile.KMD
unpack003/Downloader.ocx

Files

c7215b69e5ad18cf6eebf3426682fa7f
.rar
190719684/FastTrack.zip
.zip
Form1.frm
.vbs
Form1.frx
Form3.frm
.vbs
Form3.frx
Form4.frm
Form4.frx
Form5.frm
Form5.frx
Form6.frm
Form6.frx
Project1.vbp
Project1.vbw
frmAbout.frm
.vbs
frmAbout.frx
190719684/FastTrackDownloader.zip
.zip
Download.vbp
Download.vbw
DownloadFile.KMD
.exe windows:4 windows x86 arch:x86

43c3a8a68a402731f1b2ab94742632f8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
__vbaVarTstGt
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaLateIdCall
__vbaLenBstr
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
__vbaLineInputVar
_adj_fprem1
__vbaStrCat
__vbaWriteFile
__vbaHresultCheckObj
__vbaLenVar
_adj_fdiv_m32
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord304
__vbaBoolVarNull
_CIsin
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
ord529
__vbaStrCmp
__vbaVarTstEq
_adj_fpatan
__vbaR4Var
__vbaLateIdCallLd
EVENT_SINK_Release
ord600
_CIsqrt
ord310
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord312
ord712
_adj_fprem
_adj_fdivr_m64
ord714
__vbaVarDiv
ord608
ord531
__vbaFPException
__vbaStrVarVal
__vbaVarCat
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaNew2
ord571
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaI4Var
__vbaVarCmpEq
__vbaVarDup
__vbaFpI2
__vbaVarCopy
ord617
_CIatan
__vbaStrMove
ord619
_allmul
__vbaLateIdSt
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr
ord581

Sections

.text
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Downloader.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

8c34e183a22a5ab12fe7b766c7f75ef3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

__vbaStrI2
_CIcos
_adj_fptan
__vbaStrI4
__vbaFreeVar
__vbaAryMove
__vbaStrVarMove
__vbaLateIdCall
__vbaLenBstr
__vbaFreeVarList
_adj_fdiv_m64
__vbaRaiseEvent
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
ord660
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
__vbaLateMemSt
__vbaExitProc
__vbaOnError
__vbaObjSet
ord595
ord596
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaBoolVar
_CIsin
ord631
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
ord529
__vbaVarTstEq
__vbaPutOwner3
__vbaAryConstruct2
DllFunctionCall
_adj_fpatan
__vbaLateIdCallLd
EVENT_SINK_Release
ord600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
ord714
__vbaFPException
__vbaUbound
__vbaStrVarVal
__vbaVarCat
ord535
__vbaFileSeek
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
ord648
__vbaR8Str
__vbaVar2Vec
__vbaInStr
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord578
ord101
ord102
__vbaI4Var
ord103
ord104
ord105
__vbaVarDup
__vbaFpI4
ord616
__vbaLateMemCallLd
_CIatan
__vbaStrMove
ord618
_allmul
__vbaLateIdSt
_CItan
__vbaFPInt
_CIexp
__vbaFreeStr
__vbaFreeObj

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Form2.frm
.vbs
Form2.frx
ReadMe.txt
190719684/下载说明.htm
.html .js polyglot

Sharing

General

Malware Config

Signatures

Files

43c3a8a68a402731f1b2ab94742632f8

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 40KB - Virtual size: 38KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 2KB

8c34e183a22a5ab12fe7b766c7f75ef3

Headers

File Characteristics

Imports

msvbvm60

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 49KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 8KB - Virtual size: 6KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 40KB - Virtual size: 38KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 2KB

.text
Size: 52KB - Virtual size: 49KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 8KB - Virtual size: 6KB

.reloc
Size: 4KB - Virtual size: 3KB