ap-file-msgrms[.]exe-1506937118[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

ap-file-msgrms.exe-1506937118.zip
Size

220KB
MD5

a6c49764c37a05e6b13dc928f549b9d9
SHA1

af690ea211a38f401aba05d7b65c2d7ab859cb8a
SHA256

00a40d88bfe0aa8e5943efa965371384e656d91726db084cf6720fa12c15114b
SHA512

57961688b5cb1c492d4623d5c6898982d3e260bedbe210e5c39d2b8d40da30b354ef46f098515b073e314f05e92a62a1dcf088591a42ecc37804a19ac218184f
SSDEEP

6144:KqzBF1CNf1nK97a6G6FJ8NFFu2c2NUFAdcgvR745TFk:510fY9W8KFu2jUGCWe5TFk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/msgrms.exe

Files

ap-file-msgrms.exe-1506937118.zip
.zip

Password: cautionhandlewithcare
msgrms.exe
.exe windows:4 windows x86 arch:x86

Password: cautionhandlewithcare

4ee9c2664b06dc70f91898b482cdffce

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
ord582
__vbaVarSub
ord583
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaVarVargNofree
__vbaAryMove
__vbaFreeVar
__vbaLateIdCall
__vbaLineInputStr
__vbaStrVarMove
__vbaLenBstr
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
EVENT_SINK_Invoke
__vbaVarIndexStore
__vbaRaiseEvent
__vbaNextEachVar
__vbaFreeObjList
ord516
__vbaGetFxStr4
__vbaStrErrVarCopy
__vbaVarFix
ord517
_adj_fprem1
ord518
__vbaRecAnsiToUni
ord626
ord519
__vbaResume
__vbaCopyBytes
__vbaForEachCollAd
__vbaVarCmpNe
__vbaFileLock
__vbaStrCat
ord552
ord553
ord660
__vbaLsetFixstr
__vbaStrDate
__vbaSetSystemError
__vbaRecDestruct
ord662
__vbaHresultCheckObj
__vbaLenVar
_adj_fdiv_m32
__vbaAryVar
Zombie_GetTypeInfo
__vbaAryDestruct
ord669
__vbaVarIndexLoadRefLock
__vbaLateMemSt
ord592
ord593
__vbaForEachCollObj
__vbaBoolStr
__vbaExitProc
ord300
ord594
__vbaFileCloseAll
ord595
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
ord303
ord597
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarIndexLoad
ord598
__vbaFpR4
__vbaCyStr
ord306
ord520
__vbaBoolVar
__vbaStrFixstr
ord521
ord309
__vbaRefVarAry
__vbaVargVar
__vbaVarTstLt
__vbaFpR8
ord523
__vbaBoolVarNull
_CIsin
__vbaErase
ord709
ord631
ord524
__vbaVargVarMove
__vbaNextEachCollObj
__vbaVarZero
__vbaVarCmpGt
ord525
ord632
__vbaChkstk
ord526
__vbaFileClose
EVENT_SINK_AddRef
ord527
ord528
__vbaVarAbs
__vbaGenerateBoundsError
__vbaCyI2
__vbaStrCmp
__vbaAryConstruct2
__vbaVarTstEq
ord561
__vbaObjVar
__vbaI2I4
DllFunctionCall
ord670
__vbaVarOr
__vbaVarLateMemSt
__vbaFpUI1
__vbaCastObjVar
__vbaLbound
_adj_fpatan
__vbaFixstrConstruct
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
__vbaStrR8
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
ord600
__vbaUI1I2
_CIsqrt
__vbaLateIdCallSt
__vbaObjIs
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaStr2Vec
__vbaUI1I4
__vbaStrUI1
__vbaVarMul
__vbaExceptHandler
ord711
__vbaInputFile
__vbaPrintFile
__vbaStrToUnicode
ord712
__vbaDateStr
ord606
_adj_fprem
_adj_fdivr_m64
__vbaI2Str
__vbaR8ErrVar
__vbaVarDiv
ord607
ord530
ord608
ord716
__vbaFPException
ord717
__vbaStrCompVar
__vbaInStrVar
ord319
__vbaUbound
ord533
__vbaStrVarVal
__vbaVarCat
__vbaGetOwner4
__vbaCheckType
__vbaDateVar
__vbaI2Var
ord536
ord644
ord537
ord645
__vbaExitEachVar
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaNew2
ord648
__vbaInStr
ord571
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
__vbaVarSetObj
ord573
__vbaStrCopy
ord681
__vbaVarCmpLt
__vbaFreeStrList
ord576
_adj_fdivr_m32
__vbaPowerR8
__vbaR8Var
ord577
_adj_fdiv_r
ord685
ord578
ord100
__vbaVarTstNe
__vbaI4Var
__vbaVarCmpEq
ord610
ord611
__vbaVarAdd
__vbaLateMemCall
__vbaAryLock
ord320
ord612
__vbaStrToAnsi
__vbaVarDup
ord321
ord613
ord614
__vbaFpI2
__vbaCheckTypeVar
__vbaUnkVar
__vbaVarCopy
__vbaVarLateMemCallLd
ord616
__vbaFpI4
__vbaR8IntI2
__vbaVarSetObjAddref
__vbaLateMemCallLd
ord617
__vbaRecDestructAnsi
_CIatan
__vbaI2ErrVar
__vbaCastObj
__vbaAryCopy
ord618
__vbaStrMove
ord619
__vbaForEachVar
__vbaStrVarCopy
ord542
_allmul
__vbaLateIdSt
__vbaLateMemCallSt
ord545
_CItan
__vbaNextEachCollAd
ord546
__vbaAryUnlock
_CIexp
__vbaMidStmtBstr
__vbaFreeObj
__vbaFreeStr
ord581

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
msgrms.exe.METADATA

Sharing

General

Malware Config

Signatures

Files

Password: cautionhandlewithcare

Password: cautionhandlewithcare

4ee9c2664b06dc70f91898b482cdffce

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.data Size: 4KB - Virtual size: 36KB

.rsrc Size: 36KB - Virtual size: 34KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 4KB - Virtual size: 36KB

.rsrc
Size: 36KB - Virtual size: 34KB