f192fbe60d1fd23ffd9e248bed8597c8ac399578[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

f192fbe60d1fd23ffd9e248bed8597c8ac399578.zip
Size

17.4MB
MD5

af67008ad4a556763b9a3832374e1666
SHA1

f192fbe60d1fd23ffd9e248bed8597c8ac399578
SHA256

77718dd2cacf6d7324f57a7059ab0ae3716e9969c6fcc73b86c80953b0afc2b4
SHA512

ab38810a2841c8a51b422425bb5173562e8ea15dddd5948262a50d284b2d9044a870b73a1bb647e2b555c52f48162713a7161d5707894153230e471ff384eae6
SSDEEP

393216:G1Bay8m64evz2JytPHNdaUCxOekuzrpAMuE:uB1Wvz7Pva4ekcL

Score

3^/10

Malware Config

Signatures

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack001/CapturaBancario/Actualiza Ver.23/Actualiza.exe
unpack002/Actualiza.exe
unpack001/CapturaBancario/Actualiza Ver.23/Capturabancario.exe
unpack001/CapturaBancario/Controles Adicionales/THREED32.OCX
unpack001/CapturaBancario/Source/Capturabancario.exe
unpack001/CapturaBancario/Updates/DBEmpty.exe
unpack001/CapturaBancario/Updates/Reportes v.22.exe

Files

f192fbe60d1fd23ffd9e248bed8597c8ac399578.zip
.zip
CapturaBancario/Actualiza Ver.23/Actualiza.exe
.exe windows:4 windows x86 arch:x86

718866814c1102b24764b0720cc30b9e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaFreeVar
__vbaStrVarMove
__vbaLineInputStr
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaResume
__vbaStrCat
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaExitProc
ord595
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarIndexLoad
__vbaBoolVarNull
_CIsin
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaStrCmp
__vbaVarTstEq
__vbaVarOr
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaStrVarVal
__vbaVarCat
ord645
_CIlog
__vbaFileOpen
__vbaNew2
ord648
ord571
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaVarCmpEq
__vbaVarDup
__vbaVarCopy
_CIatan
__vbaStrMove
__vbaCastObj
ord619
_allmul
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
CapturaBancario/Actualiza Ver.23/Actualiza.zip
.zip
Actualiza.exe
.exe windows:4 windows x86 arch:x86

718866814c1102b24764b0720cc30b9e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaFreeVar
__vbaStrVarMove
__vbaLineInputStr
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaResume
__vbaStrCat
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaExitProc
ord595
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarIndexLoad
__vbaBoolVarNull
_CIsin
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaStrCmp
__vbaVarTstEq
__vbaVarOr
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaStrVarVal
__vbaVarCat
ord645
_CIlog
__vbaFileOpen
__vbaNew2
ord648
ord571
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaVarCmpEq
__vbaVarDup
__vbaVarCopy
_CIatan
__vbaStrMove
__vbaCastObj
ord619
_allmul
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
CapturaBancario/Actualiza Ver.23/Capturabancario.exe
.exe windows:4 windows x86 arch:x86

fa672b383a38621451ca645f6c177032

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarTstGt
__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaVarVargNofree
__vbaFreeVar
__vbaLineInputStr
__vbaLateIdCall
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaFreeObjList
ord516
_adj_fprem1
__vbaRecAnsiToUni
ord519
__vbaResume
__vbaVarCmpNe
__vbaStrCat
ord553
ord660
ord661
__vbaStrDate
__vbaRecDestruct
__vbaSetSystemError
__vbaHresultCheckObj
ord557
__vbaLenVar
_adj_fdiv_m32
__vbaVarTstLe
__vbaAryDestruct
__vbaVarIndexLoadRefLock
__vbaLateMemSt
__vbaStrBool
__vbaBoolStr
__vbaVarForInit
__vbaExitProc
__vbaFileCloseAll
__vbaOnError
__vbaObjSet
ord595
_adj_fdiv_m16i
ord303
__vbaObjSetAddref
_adj_fdivr_m16i
ord304
ord598
__vbaVarIndexLoad
__vbaBoolVar
ord520
ord309
__vbaFpR8
__vbaVarTstLt
__vbaBoolVarNull
_CIsin
ord631
__vbaVarCmpGt
ord632
ord525
__vbaChkstk
ord526
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
ord528
ord529
__vbaStrCmp
__vbaVarTstEq
__vbaDateR8
ord560
ord561
__vbaI2I4
__vbaObjVar
DllFunctionCall
__vbaVarOr
__vbaVarLateMemSt
__vbaCastObjVar
__vbaLbound
__vbaRedimPreserve
__vbaStrR4
_adj_fpatan
__vbaR4Var
__vbaLateIdCallLd
__vbaRedim
__vbaStrR8
__vbaRecUniToAnsi
EVENT_SINK_Release
ord600
_CIsqrt
ord310
__vbaLateIdCallSt
__vbaVarAnd
__vbaObjIs
EVENT_SINK_QueryInterface
__vbaVarMul
__vbaUI1I4
__vbaExceptHandler
ord312
__vbaPrintFile
__vbaStrToUnicode
__vbaDateStr
ord606
_adj_fprem
_adj_fdivr_m64
__vbaR8ErrVar
__vbaVarDiv
ord607
ord608
ord531
__vbaVarCmpLe
__vbaFPException
__vbaUbound
__vbaStrVarVal
__vbaVarCat
__vbaDateVar
__vbaI2Var
ord537
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaR8Str
ord648
__vbaNew2
__vbaInStr
__vbaVarLateMemCallLdRf
ord571
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaVarSetObj
ord681
__vbaVarCmpLt
__vbaVarNot
__vbaFreeStrList
_adj_fdivr_m32
__vbaR8Var
_adj_fdiv_r
ord685
ord100
__vbaVarTstNe
__vbaVarSetVar
__vbaI4Var
__vbaVarCmpEq
ord610
__vbaAryLock
__vbaVarAdd
__vbaLateMemCall
ord612
__vbaStrToAnsi
__vbaVarDup
ord613
__vbaFpI2
__vbaVarCopy
ord616
__vbaVarLateMemCallLd
__vbaFpI4
__vbaVarSetObjAddref
__vbaLateMemCallLd
__vbaRecDestructAnsi
ord617
_CIatan
__vbaStrMove
__vbaCastObj
__vbaStrVarCopy
ord619
ord650
_allmul
__vbaLateIdSt
_CItan
__vbaAryUnlock
__vbaFPInt
__vbaVarForNext
_CIexp
__vbaFreeStr
__vbaFreeObj
ord581

Sections

.text
Size: 5.2MB - Virtual size: 5.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
CapturaBancario/Actualiza Ver.23/Data.kbt
CapturaBancario/Actualiza Ver.23/event.log
CapturaBancario/Actualiza Ver.23/rep007.rpt
CapturaBancario/Controles Adicionales/Readme.txt
CapturaBancario/Controles Adicionales/THREED32.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

d5f09a42b36ef8ed87b0317650ba47a4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc40

ord2815
ord5279
ord2728
ord5461
ord3320
ord5352
ord5301
ord2801
ord5299
ord2792
ord4863
ord2183
ord1633
ord3738
ord2176
ord2358
ord1043
ord1071
ord974
ord2135
ord1464
ord4973
ord881
ord3827
ord4154
ord4113
ord5023
ord1873
ord4314
ord4375
ord5001
ord3611
ord4133
ord4132
ord4360
ord4024
ord3997
ord4070
ord4441
ord4380
ord4385
ord4390
ord4122
ord4156
ord4473
ord4127
ord4117
ord4111
ord4110
ord4060
ord3854
ord3844
ord3840
ord4202
ord4204
ord4201
ord4079
ord4459
ord3898
ord4432
ord2177
ord2963
ord5363
ord1540
ord5643
ord4704
ord3922
ord2618
ord2755
ord2844
ord3946
ord2851
ord2621
ord2695
ord3581
ord4098
ord5160
ord632
ord665
ord3452
ord426
ord381
ord3530
ord1394
ord1868
ord4737
ord267
ord4740
ord4724
ord3523
ord2223
ord2378
ord1359
ord706
ord1391
ord4403
ord2227
ord3185
ord3110
ord3158
ord569
ord2106
ord2115
ord5121
ord1426
ord1425
ord2635
ord314
ord3010
ord1400
ord5341
ord1456
ord3049
ord3919
ord1539
ord4296
ord4685
ord570
ord4444
ord2004
ord421
ord760
ord3524
ord4505
ord486
ord4123
ord4241
ord2451
ord2510
ord5129
ord2536
ord3873
ord4203
ord4198
ord4228
ord4999
ord3098
ord2795
ord5241
ord4465
ord4124
ord4435
ord762
ord2007
ord1975
ord2072
ord1995
ord5200
ord2548
ord3892
ord4735
ord2747
ord3862
ord2515
ord4219
ord4223
ord729
ord5568
ord2081
ord2312
ord2317
ord4736
ord5416
ord1366
ord4728
ord4742
ord483
ord5647
ord4694
ord2845
ord4101
ord3134
ord315
ord3724
ord2707
ord3630
ord3784
ord5139
ord3786
ord4173
ord2001
ord4448
ord4206
ord5296
ord1014
ord5648
ord3963
ord2234
ord2197
ord5070
ord3431
ord965
ord4627
ord2097
ord2909
ord4713
ord4715
ord2389
ord3579
ord4165
ord4719
ord4703
ord5053
ord3458
ord2960
ord3192
ord721
ord504
ord5630
ord1075
ord1085
ord1097
ord1647
ord406
ord3714
ord5370
ord3656
ord3028
ord4462
ord615
ord362
ord810
ord4952
ord3684
ord5550
ord978
ord979
ord5638
ord2894
ord5637
ord265
ord3314
ord4700
ord3837
ord5644
ord4608
ord2086
ord4657
ord3890
ord1989
ord2064
ord1986
ord654
ord3907
ord4099
ord2861
ord4691
ord1850
ord2140
ord4677
ord1494
ord4510
ord3268
ord5649
ord1785
ord2323
ord1786
ord2557
ord2199
ord3578
ord5360
ord4312
ord4176
ord4450
ord4302
ord3859
ord4681
ord1035
ord4046
ord1084
ord403
ord1073
ord731
ord3906
ord651
ord3202
ord2694
ord4096
ord3580
ord3345
ord3340
ord3346
ord2620
ord2916
ord2696
ord3945
ord2860
ord2744
ord2617
ord2843
ord2754
ord5389
ord3952
ord4649
ord3335
ord4248
ord711
ord671
ord733
ord269
ord1370
ord988
ord5681
ord1367
ord1046
ord328
ord1042
ord1369
ord1105
ord1000
ord999

msvcrt40

__dllonexit
__CxxFrameHandler
wcslen
_mbsrev
_EH_prolog
_onexit
??1type_info@@UAE@XZ
free
_initterm
malloc
_adjust_fdiv

kernel32

GetVersion
Sleep
LocalAlloc
LocalFree
MulDiv
FindResourceA
LoadResource
LockResource
SizeofResource
GetModuleFileNameA
GetPrivateProfileStringA
lstrcpyA
GlobalUnlock
GlobalAlloc
GlobalLock
GlobalFree
lstrcmpiA
lstrcmpA
lstrlenA

user32

DrawFocusRect
SetRectEmpty
GetClientRect
PtInRect
InvertRect
CreateAcceleratorTableA
ShowWindow
IsWindowVisible
CopyRect
EnableWindow
SetPropA
OffsetRect
DrawTextA
GetCapture
GetPropA
GetWindow
wsprintfA
GetParent
ScreenToClient
GetWindowRect
PostMessageA
ClientToScreen
GetDlgItem
MoveWindow
GrayStringA
GetSysColor
GetCursorPos
DestroyCursor
SetCursor
LoadCursorA
UpdateWindow
ReleaseCapture
VkKeyScanA
CharNextA
CharUpperA
GetDC
ReleaseDC
WinHelpA
GetTabbedTextExtentA
LoadBitmapA
GetSystemMetrics
SetWindowTextA
FillRect
SendMessageA
IsWindow

gdi32

DeleteObject
CreateRectRgn
SaveDC
SelectClipRgn
GetDeviceCaps
CreateCompatibleDC
CreateBitmap
SelectObject
ExcludeClipRect
CreateDCA
SelectPalette
RealizePalette
GetTextMetricsA
SetTextColor
GetStockObject
SetBkMode
DeleteDC
CreateCompatibleBitmap
CreateSolidBrush
FillRgn
CombineRgn
CreateRectRgnIndirect
Ellipse
CreatePen
CreateEllipticRgnIndirect
GetTextExtentPointA
LPtoDP
GetPixel
SetBkColor
LineTo
GetTextColor
GetNearestColor
SetPixel
MoveToEx
BitBlt
CreateFontIndirectA
StretchBlt
StretchDIBits
GetDIBits
GetSystemPaletteEntries
RestoreDC
CreateICA
EnumFontFamiliesA
GetObjectA

advapi32

RegCloseKey
RegQueryValueA
RegOpenKeyA

ole32

CoTaskMemFree

oleaut32

LoadTypeLi
SysStringLen
SysReAllocStringLen
SysFreeString
VariantChangeType
VariantInit
SysAllocString
LoadRegTypeLi

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GrayStringCallback

Sections

.text
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CapturaBancario/Controles Adicionales/VBCTRLS.REG
CapturaBancario/Diagramas/Diseos.vsd
CapturaBancario/Docs/Instalacin CB.doc
.doc windows office2003
CapturaBancario/Docs/Manual de Operacin Ante Errores de Carga.doc
.doc windows office2003
CapturaBancario/Docs/Manual de Usuario-SAT.doc
.doc windows office2003
CapturaBancario/Installer/DISK1.ID
CapturaBancario/Installer/DISK2.ID
CapturaBancario/Installer/DISK3.ID
CapturaBancario/Installer/DISK4.ID
CapturaBancario/Installer/DISK5.ID
CapturaBancario/Installer/DISK6.ID
CapturaBancario/Installer/DISK7.ID
CapturaBancario/Installer/DISK8.ID
CapturaBancario/Installer/SETUP.EXE
CapturaBancario/Installer/SETUP.INI
CapturaBancario/Installer/SETUP.INS
CapturaBancario/Installer/SETUP.ISS
CapturaBancario/Installer/SETUP.PKG
CapturaBancario/Installer/_INST32I.EX_
CapturaBancario/Installer/_ISDEL.EXE
CapturaBancario/Installer/_SETUP.1
CapturaBancario/Installer/_SETUP.2
CapturaBancario/Installer/_SETUP.3
CapturaBancario/Installer/_SETUP.4
CapturaBancario/Installer/_SETUP.5
CapturaBancario/Installer/_SETUP.6
CapturaBancario/Installer/_SETUP.7
CapturaBancario/Installer/_SETUP.8
CapturaBancario/Installer/_SETUP.DLL
CapturaBancario/Installer/_SETUP.LIB
CapturaBancario/Manual de Usuario-SAT.zip
.zip
Manual de Usuario-SAT.doc
.doc windows office2003
CapturaBancario/Source/AyudaAjusteFormularios.frm
.vbs
CapturaBancario/Source/AyudaAjusteFormularios.frx
CapturaBancario/Source/CambioMarcaCaja.frm
.vbs
CapturaBancario/Source/CambioMarcaCaja.frx
CapturaBancario/Source/Capturabancario.PDM
CapturaBancario/Source/Capturabancario.exe
.exe windows:4 windows x86 arch:x86

fa672b383a38621451ca645f6c177032

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarTstGt
__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaVarVargNofree
__vbaFreeVar
__vbaLineInputStr
__vbaLateIdCall
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaFreeObjList
ord516
_adj_fprem1
__vbaRecAnsiToUni
ord519
__vbaResume
__vbaVarCmpNe
__vbaStrCat
ord553
ord660
ord661
__vbaStrDate
__vbaRecDestruct
__vbaSetSystemError
__vbaHresultCheckObj
ord557
__vbaLenVar
_adj_fdiv_m32
__vbaVarTstLe
__vbaAryDestruct
__vbaVarIndexLoadRefLock
__vbaLateMemSt
__vbaStrBool
__vbaBoolStr
__vbaVarForInit
__vbaExitProc
__vbaFileCloseAll
__vbaOnError
__vbaObjSet
ord595
_adj_fdiv_m16i
ord303
__vbaObjSetAddref
_adj_fdivr_m16i
ord304
ord598
__vbaVarIndexLoad
__vbaBoolVar
ord520
ord309
__vbaFpR8
__vbaVarTstLt
__vbaBoolVarNull
_CIsin
ord631
__vbaVarCmpGt
ord632
ord525
__vbaChkstk
ord526
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
ord528
ord529
__vbaStrCmp
__vbaVarTstEq
__vbaDateR8
ord560
ord561
__vbaI2I4
__vbaObjVar
DllFunctionCall
__vbaVarOr
__vbaVarLateMemSt
__vbaCastObjVar
__vbaLbound
__vbaRedimPreserve
__vbaStrR4
_adj_fpatan
__vbaR4Var
__vbaLateIdCallLd
__vbaRedim
__vbaStrR8
__vbaRecUniToAnsi
EVENT_SINK_Release
ord600
_CIsqrt
ord310
__vbaLateIdCallSt
__vbaVarAnd
__vbaObjIs
EVENT_SINK_QueryInterface
__vbaVarMul
__vbaUI1I4
__vbaExceptHandler
ord312
__vbaPrintFile
__vbaStrToUnicode
__vbaDateStr
ord606
_adj_fprem
_adj_fdivr_m64
__vbaR8ErrVar
__vbaVarDiv
ord607
ord608
ord531
__vbaVarCmpLe
__vbaFPException
__vbaUbound
__vbaStrVarVal
__vbaVarCat
__vbaDateVar
__vbaI2Var
ord537
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaR8Str
ord648
__vbaNew2
__vbaInStr
__vbaVarLateMemCallLdRf
ord571
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaVarSetObj
ord681
__vbaVarCmpLt
__vbaVarNot
__vbaFreeStrList
_adj_fdivr_m32
__vbaR8Var
_adj_fdiv_r
ord685
ord100
__vbaVarTstNe
__vbaVarSetVar
__vbaI4Var
__vbaVarCmpEq
ord610
__vbaAryLock
__vbaVarAdd
__vbaLateMemCall
ord612
__vbaStrToAnsi
__vbaVarDup
ord613
__vbaFpI2
__vbaVarCopy
ord616
__vbaVarLateMemCallLd
__vbaFpI4
__vbaVarSetObjAddref
__vbaLateMemCallLd
__vbaRecDestructAnsi
ord617
_CIatan
__vbaStrMove
__vbaCastObj
__vbaStrVarCopy
ord619
ord650
_allmul
__vbaLateIdSt
_CItan
__vbaAryUnlock
__vbaFPInt
__vbaVarForNext
_CIexp
__vbaFreeStr
__vbaFreeObj
ord581

Sections

.text
Size: 5.2MB - Virtual size: 5.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
CapturaBancario/Source/Capturabancario.vbp
CapturaBancario/Source/Capturabancario.vbw
CapturaBancario/Source/DoctosExtraviados.frm
.vbs
CapturaBancario/Source/DoctosExtraviados.frx
CapturaBancario/Source/DocumentosExtraviados.frm
.vbs
CapturaBancario/Source/DocumentosExtraviados.frx
CapturaBancario/Source/EnvioDeclaracionesIndiv.frm
.vbs
CapturaBancario/Source/EnvioDeclaracionesIndiv.frx
CapturaBancario/Source/EnvioRapido.frm
.vbs
CapturaBancario/Source/EnvioRapido.frx
CapturaBancario/Source/EnviosAdicionales.frm
.vbs
CapturaBancario/Source/EnviosAdicionales.frx
CapturaBancario/Source/ExportacionPrimariosRapido.frm
.vbs
CapturaBancario/Source/ExportacionPrimariosRapido.frx
CapturaBancario/Source/FrmAyudaDocumentoscomplmentario.frm
.vbs
CapturaBancario/Source/FrmAyudaDocumentoscomplmentario.frx
CapturaBancario/Source/FrmAyudaLoteDeTrabajo.frm
CapturaBancario/Source/FrmAyudaLoteDeTrabajo.frx
CapturaBancario/Source/FrmConsultaFormularios.frm
.vbs
CapturaBancario/Source/FrmConsultaFormularios.frx
CapturaBancario/Source/FrmConsultaImpuestos.frm
.vbs
CapturaBancario/Source/FrmConsultaImpuestos.frx
CapturaBancario/Source/FrmGenerarPlanilla.frm
.vbs
CapturaBancario/Source/FrmGenerarPlanilla.frx
CapturaBancario/Source/FrmImpresionNotaCredito.frm
.vbs
CapturaBancario/Source/FrmImpresionNotaCredito.frx
CapturaBancario/Source/ImportacionRapida.frm
.vbs
CapturaBancario/Source/ImportacionRapida.frx
CapturaBancario/Source/ImpresionCaratula.frm
.vbs
CapturaBancario/Source/ImpresionCaratula.frx
CapturaBancario/Source/IngresoDatosComplementarios.frm
.vbs
CapturaBancario/Source/IngresoDatosComplementarios.frx
CapturaBancario/Source/LimpiadorLotes.frm
.vbs
CapturaBancario/Source/LimpiadorLotes.frx
CapturaBancario/Source/LotesNoEnviados.frm
.vbs
CapturaBancario/Source/LotesNoEnviados.frx
CapturaBancario/Source/MSSCCPRJ.SCC
CapturaBancario/Source/NuevoAjusteFormularios.frm
.vbs
CapturaBancario/Source/NuevoAjusteFormularios.frx
CapturaBancario/Source/Public.bas
.vbs
CapturaBancario/Source/ReporteDeFormularios.frm
CapturaBancario/Source/ReporteDeFormularios.frx
CapturaBancario/Source/ReporteLotesFormulario.frm
.vbs
CapturaBancario/Source/ReporteLotesFormulario.frx
CapturaBancario/Source/ReportePlanillaRec.frm
.vbs
CapturaBancario/Source/ReportePlanillaRec.frx
CapturaBancario/Source/Reporte_Declaraciones.frm
.vbs
CapturaBancario/Source/Reporte_Declaraciones.frx
CapturaBancario/Source/ReportedeBitacora.frm
.vbs
CapturaBancario/Source/ReportedeBitacora.frx
CapturaBancario/Source/SeleccionLoteDeTrabajo.frm
.vbs
CapturaBancario/Source/SeleccionLoteDeTrabajo.frx
CapturaBancario/Source/VariablesPublicas.bas
CapturaBancario/Source/caratulalote.rpt
CapturaBancario/Source/declaraporlote.rpt
CapturaBancario/Source/documentosextraviados.rpt
CapturaBancario/Source/frmAcceso.frm
.vbs
CapturaBancario/Source/frmAcceso.frx
CapturaBancario/Source/frmAgencias.frm
.vbs
CapturaBancario/Source/frmAgencias.frx
CapturaBancario/Source/frmCalendar.frm
.vbs
CapturaBancario/Source/frmDatosPrimarios.frm
.vbs
CapturaBancario/Source/frmDatosPrimarios.frx
CapturaBancario/Source/frmGeneracionNotaCredito.frm
.vbs
CapturaBancario/Source/frmGeneracionNotaCredito.frx
CapturaBancario/Source/frmImportaActualiza.frm
.vbs
CapturaBancario/Source/frmImportaActualiza.frx
CapturaBancario/Source/frmMain.frm
CapturaBancario/Source/frmMain.frx
CapturaBancario/Source/frmParametros.frm
.vbs
CapturaBancario/Source/frmParametros.frx
CapturaBancario/Source/frmRegeneracion.frm
.vbs
CapturaBancario/Source/frmRegeneracion.frx
CapturaBancario/Source/frmRepEnvioL.frm
.vbs
CapturaBancario/Source/frmRepEnvioL.frx
CapturaBancario/Source/frmSmartL.frm
.vbs
CapturaBancario/Source/frmSmartL.frx
CapturaBancario/Source/frmUsers.frm
.vbs
CapturaBancario/Source/frmUsers.frx
CapturaBancario/Source/frmchgpassword.frm
.vbs
CapturaBancario/Source/frmchgpassword.frx
CapturaBancario/Source/lotesnoenviados.rpt
CapturaBancario/Source/moImportacion.bas
CapturaBancario/Source/moMainRun.bas
.vbs
CapturaBancario/Source/newplanillarecaudacion.rpt
CapturaBancario/Source/nota de credito.rpt
CapturaBancario/Source/rep001.rpt
CapturaBancario/Source/rep002.rpt
CapturaBancario/Source/rep003.rpt
CapturaBancario/Source/rep004.rpt
CapturaBancario/Source/rep005.rpt
CapturaBancario/Source/rep006.rpt
CapturaBancario/Source/rep007.rpt
CapturaBancario/Source/reportedebitacora.rpt
CapturaBancario/Source/reporteprimarios.rpt
CapturaBancario/Source/reporteprimarios1.rpt
CapturaBancario/Source/reportesecundarios.rpt
CapturaBancario/Updates/DBEmpty.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 644B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
CapturaBancario/Updates/Reportes v.22.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 644B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

718866814c1102b24764b0720cc30b9e

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 32KB - Virtual size: 29KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 24KB - Virtual size: 24KB

718866814c1102b24764b0720cc30b9e

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 32KB - Virtual size: 29KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 1KB

fa672b383a38621451ca645f6c177032

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 5.2MB - Virtual size: 5.2MB

.data Size: 4KB - Virtual size: 73KB

.rsrc Size: 24KB - Virtual size: 24KB

d5f09a42b36ef8ed87b0317650ba47a4

Headers

File Characteristics

Imports

mfc40

msvcrt40

kernel32

user32

gdi32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 91KB - Virtual size: 91KB

.rdata Size: 26KB - Virtual size: 26KB

.data Size: 6KB - Virtual size: 11KB

.idata Size: 6KB - Virtual size: 5KB

.rsrc Size: 52KB - Virtual size: 52KB

.reloc Size: 12KB - Virtual size: 12KB

fa672b383a38621451ca645f6c177032

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 5.2MB - Virtual size: 5.2MB

.data Size: 4KB - Virtual size: 73KB

.rsrc Size: 24KB - Virtual size: 24KB

Headers

File Characteristics

Sections

CODE Size: 29KB - Virtual size: 28KB

DATA Size: 1024B - Virtual size: 644B

BSS Size: - Virtual size: 2KB

.idata Size: 2KB - Virtual size: 2KB

.tls Size: - Virtual size: 8B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 2KB - Virtual size: 1KB

.rsrc Size: 3KB - Virtual size: 3KB

Headers

File Characteristics

Sections

CODE Size: 29KB - Virtual size: 28KB

DATA Size: 1024B - Virtual size: 644B

BSS Size: - Virtual size: 2KB

.idata Size: 2KB - Virtual size: 2KB

.text
Size: 32KB - Virtual size: 29KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 24KB - Virtual size: 24KB

.text
Size: 32KB - Virtual size: 29KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 1KB

.text
Size: 5.2MB - Virtual size: 5.2MB

.data
Size: 4KB - Virtual size: 73KB

.rsrc
Size: 24KB - Virtual size: 24KB

.text
Size: 91KB - Virtual size: 91KB

.rdata
Size: 26KB - Virtual size: 26KB

.data
Size: 6KB - Virtual size: 11KB

.idata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 52KB - Virtual size: 52KB

.reloc
Size: 12KB - Virtual size: 12KB

.text
Size: 5.2MB - Virtual size: 5.2MB

.data
Size: 4KB - Virtual size: 73KB

.rsrc
Size: 24KB - Virtual size: 24KB

CODE
Size: 29KB - Virtual size: 28KB

DATA
Size: 1024B - Virtual size: 644B

BSS
Size: - Virtual size: 2KB

.idata
Size: 2KB - Virtual size: 2KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 3KB - Virtual size: 3KB

CODE
Size: 29KB - Virtual size: 28KB

DATA
Size: 1024B - Virtual size: 644B

BSS
Size: - Virtual size: 2KB

.idata
Size: 2KB - Virtual size: 2KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 3KB - Virtual size: 3KB