cbcc8be9e0a45de25a937df338a44c55 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cbcc8be9e0a45de25a937df338a44c55
Size

209KB
MD5

cbcc8be9e0a45de25a937df338a44c55
SHA1

0a8d7b569fddb4d54c0eaa62778539b08e8c40cd
SHA256

fc5ade915aeafe13f6abb79a5ae68d14ac58cd4fdfa904da1a6deea88547af89
SHA512

e7893e8f2b946a9fe006e9cc49e84104b784a01bd4d63768a81686704db866877f5e734c9121827cb1202d2530a2e098d66f99a0a717338c1e97e10615743717
SSDEEP

6144:FjkhVWmjciDUVGMpl1/ycVSpWsTHkRvEcs+N0:NkifXGulRycspWqkR8csR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/RiGaGav7.exe

Files

cbcc8be9e0a45de25a937df338a44c55
.rar
RiGaGav7.exe
.exe windows:4 windows x86 arch:x86

e70f10d49815b1a2366f5157027a2bb9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

MethCallEngine
ord516
ord660
ord595
ord303
ord304
ord309
ord631
ord632
ord525
ord526
EVENT_SINK_AddRef
ord528
ord529
DllFunctionCall
ord670
EVENT_SINK_Release
ord600
ord310
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord312
ord711
ord712
ord607
ord608
ord531
ord716
ord717
ProcCallEngine
ord537
ord645
ord648
ord571
ord681
ord576
ord578
ord685
ord100
ord610
ord612
ord616
ord617
ord618
ord619
ord650
ord546

Sections

.text
Size: 252KB - Virtual size: 249KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 364KB - Virtual size: 361KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
新云软件.url
.url