dffc6d93b4f3a351529334a229b80d6afc4b64cc70d7d7b1add3c0827b238344

General

Target

dffc6d93b4f3a351529334a229b80d6afc4b64cc70d7d7b1add3c0827b238344
Size

88KB
MD5

25c21bb4923ee0bfa68386a46d7d6806
SHA1

bc283c695cc8a751d81c0c8ddad5c0930f1fa62d
SHA256

dffc6d93b4f3a351529334a229b80d6afc4b64cc70d7d7b1add3c0827b238344
SHA512

74e3824babe29b3f545f4cb02ae098062f3912c45db3dbee58f008a38fff541579479b700eac5fe0924d311cba162b99df278c519f68663be003ca520a50e780
SSDEEP

1536:vWV4OkmcBZFnpDQ8clFU5wu9sW5rZpcyU:e1RcB3pE8Viu2W5nVU

Score

10^/10

Malware Config

Signatures

Detects binaries and memory artifacts referencing sandbox product IDs 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_SandboxProductID

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dffc6d93b4f3a351529334a229b80d6afc4b64cc70d7d7b1add3c0827b238344

Files

dffc6d93b4f3a351529334a229b80d6afc4b64cc70d7d7b1add3c0827b238344
.exe windows:4 windows x86 arch:x86

d27bcca3f2d4f1e79e4b1a9e5260afe3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarTstGt
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaVarVargNofree
__vbaFreeVar
__vbaAryMove
__vbaLenBstr
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
ord621
__vbaFreeObjList
ord516
_adj_fprem1
__vbaRecAnsiToUni
ord518
__vbaStrCat
__vbaLsetFixstr
__vbaRecDestruct
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
__vbaOnError
__vbaStrLike
ord595
_adj_fdiv_m16i
_adj_fdivr_m16i
__vbaVarIndexLoad
__vbaStrFixstr
_CIsin
__vbaErase
ord631
__vbaVarZero
ord632
ord525
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
ord528
__vbaStrCmp
__vbaAryConstruct2
DllFunctionCall
_adj_fpatan
__vbaFixstrConstruct
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
ord601
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaInStrVar
ord717
__vbaUbound
ord644
_CIlog
__vbaFileOpen
__vbaNew2
ord570
__vbaInStr
__vbaVar2Vec
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
__vbaPowerR8
_adj_fdiv_r
ord100
__vbaI4Var
__vbaAryLock
__vbaStrToAnsi
__vbaVarDup
__vbaFpI4
ord616
_CIatan
__vbaStrMove
__vbaStrVarCopy
_allmul
_CItan
__vbaAryUnlock
_CIexp
__vbaI4ErrVar
__vbaFreeStr

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d27bcca3f2d4f1e79e4b1a9e5260afe3

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 48KB - Virtual size: 47KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 32KB - Virtual size: 25KB

.text
Size: 48KB - Virtual size: 47KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 32KB - Virtual size: 25KB