c72d27c88f2a864bb40bf8eef92cead3[.]bin

General

Target

c72d27c88f2a864bb40bf8eef92cead3.bin
Size

79KB
MD5

474b5a6870fa8ddd2870fe095b39b8a6
SHA1

c27442efa4600907b29e8bfde288e8b537aa274f
SHA256

e1a430a2ff0971d8f1e3075183c15a5ab69958376615b1346b9041785e5d856f
SHA512

f6afa30ddc0514f73b809281caca91da33c88f84e1a4ac24a1dfdd6056cb759ae5e4ec2e65a73f1906c5481495dfdfd07fb952dbf9439782d06e494f1316b4d6
SSDEEP

1536:l9dWPFXFSmGSZpiIFfQ9E6ZyzcfyGZn4XPwkTul54nuL2tq1D:l9dgXF7GSZyj+TuDauLth

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/a300588eb18168829fd1eec57a71af47d0de7be48fdb460f943d1a0d9e1cabb9.exe

Files

c72d27c88f2a864bb40bf8eef92cead3.bin
.zip

Password: infected
a300588eb18168829fd1eec57a71af47d0de7be48fdb460f943d1a0d9e1cabb9.exe
.exe windows:4 windows x86 arch:x86

Password: infected

3b58002d1465bb08d2c6b38c8a578d81

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
__vbaVarTstGt
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
ord693
__vbaVarVargNofree
__vbaFreeVar
__vbaLenBstr
__vbaStrVarMove
__vbaLateIdCall
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
ord620
ord621
__vbaFreeObjList
ord516
_adj_fprem1
__vbaStrCat
ord660
ord554
__vbaSetSystemError
__vbaHresultCheckObj
__vbaLenVar
_adj_fdiv_m32
__vbaVarTstLe
__vbaAryDestruct
__vbaVarIndexLoadRefLock
__vbaExitProc
ord300
__vbaObjSet
__vbaOnError
ord595
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
ord306
__vbaBoolVar
__vbaBoolVarNull
__vbaFpR8
_CIsin
__vbaErase
ord632
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
__vbaAryConstruct2
__vbaVarTstEq
__vbaObjVar
__vbaI2I4
DllFunctionCall
__vbaVarOr
__vbaVarLateMemSt
__vbaCastObjVar
_adj_fpatan
__vbaR4Var
__vbaLateIdCallLd
__vbaRedim
EVENT_SINK_Release
ord601
_CIsqrt
__vbaVarAnd
__vbaLateIdCallSt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
__vbaPrintFile
_adj_fprem
_adj_fdivr_m64
ord607
__vbaI2Str
__vbaR8ErrVar
ord608
__vbaFPException
__vbaInStrVar
__vbaStrVarVal
__vbaVarCat
__vbaI2Var
ord537
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaInStr
__vbaNew2
__vbaR8Str
ord570
_adj_fdiv_m32i
_adj_fdivr_m32i
ord573
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
__vbaPowerR8
_adj_fdiv_r
ord685
ord578
ord100
__vbaVarTstNe
__vbaI4Var
__vbaVarCmpEq
__vbaVarAdd
__vbaVarDup
__vbaStrToAnsi
__vbaFpI2
__vbaFpI4
__vbaVarLateMemCallLd
__vbaVarCopy
ord617
__vbaLateMemCallLd
_CIatan
__vbaI2ErrVar
__vbaStrMove
__vbaStrVarCopy
ord619
__vbaMidStmtVar
_allmul
__vbaLateIdSt
ord651
_CItan
__vbaAryUnlock
_CIexp
__vbaMidStmtBstr
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 396KB - Virtual size: 392KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

3b58002d1465bb08d2c6b38c8a578d81

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 396KB - Virtual size: 392KB

.data Size: 4KB - Virtual size: 10KB

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 396KB - Virtual size: 392KB

.data
Size: 4KB - Virtual size: 10KB

.rsrc
Size: 4KB - Virtual size: 1KB