f65703e16f85b232c2a88c4cd2ce357c3de77e6c82a619f7702c24b2708a27e5

Sharing

Copy URL

Twitter E-mail

General

Target

f65703e16f85b232c2a88c4cd2ce357c3de77e6c82a619f7702c24b2708a27e5
Size

5.0MB
MD5

fd038842fb9f7aa3ddd96c314966d07c
SHA1

3b2e101f1cdf2296635a703e5898a88fd90d0841
SHA256

f65703e16f85b232c2a88c4cd2ce357c3de77e6c82a619f7702c24b2708a27e5
SHA512

46a37347ecc58d221b2d9dc3d06509374146cae8ecdd92c2dc6ea8f3fd4ef17f9c80092ba5f956800722bb6f3ecaf27c1fc29f6d3189fe0956e36a04d487c86a
SSDEEP

98304:ocwks0AOBstaSxoj/4c2rNp7xPduz0T9Xgxb6n67J3fUu2phfXLf150mXH:ocwks0AOBhwIQb5p7WzCRgw67J3fIppT

Score

10^/10

Malware Config

Signatures

Detects Windows executables referencing non-Windows User-Agents 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_NoneWindowsUA

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f65703e16f85b232c2a88c4cd2ce357c3de77e6c82a619f7702c24b2708a27e5

Files

f65703e16f85b232c2a88c4cd2ce357c3de77e6c82a619f7702c24b2708a27e5
.exe windows:5 windows x86 arch:x86

51e03850fa0492a41d913a4e9942e6cb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarTstGt
__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaVarVargNofree
__vbaAryMove
__vbaFreeVar
__vbaCyMul
__vbaStrVarMove
__vbaLenBstr
__vbaLineInputStr
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
ord698
__vbaPut4
ord513
__vbaRaiseEvent
__vbaFreeObjList
ord516
ord517
__vbaStrErrVarCopy
_adj_fprem1
__vbaRecAnsiToUni
ord519
__vbaCopyBytes
__vbaStrCat
__vbaLsetFixstr
ord660
__vbaRecDestruct
ord661
__vbaSetSystemError
ord662
__vbaHresultCheckObj
ord557
ord558
_adj_fdiv_m32
__vbaAryVar
__vbaVarTstLe
ord666
__vbaAryDestruct
ord669
__vbaExitProc
__vbaObjSet
__vbaOnError
ord595
__vbaCyAdd
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaStrFixstr
__vbaFPFix
__vbaFpR8
__vbaBoolVarNull
_CIsin
ord709
ord631
__vbaErase
__vbaVargVarMove
ord632
ord525
__vbaChkstk
__vbaCyVar
__vbaFileClose
ord526
EVENT_SINK_AddRef
ord527
__vbaGenerateBoundsError
__vbaStrCmp
ord529
__vbaCyI2
__vbaPutOwner3
__vbaVarTstEq
__vbaAryConstruct2
__vbaCyI4
__vbaPrintObj
ord561
__vbaI2I4
DllFunctionCall
__vbaFpUI1
__vbaCySub
__vbaLbound
__vbaRedimPreserve
_adj_fpatan
__vbaFixstrConstruct
__vbaLateIdCallLd
__vbaStrR8
__vbaR8Cy
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
ord600
__vbaUI1I2
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaUI1I4
__vbaVarMul
__vbaStr2Vec
ord710
__vbaFpCmpCy
__vbaExceptHandler
ord711
ord712
__vbaStrToUnicode
__vbaPrintFile
__vbaDateStr
ord606
_adj_fprem
_adj_fdivr_m64
__vbaFailedFriend
__vbaR8ErrVar
ord607
ord608
__vbaFPException
__vbaInStrVar
ord717
__vbaGetOwner3
__vbaUbound
__vbaStrVarVal
__vbaGetOwner4
__vbaVarCat
__vbaDateVar
ord535
__vbaLsetFixstrFree
ord537
ord644
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
ord648
__vbaR8Str
__vbaVar2Vec
__vbaNew2
__vbaInStr
ord570
__vbaCyMulI2
ord571
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
__vbaStrCopy
ord573
ord681
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
__vbaR8Var
__vbaPowerR8
_adj_fdiv_r
ord578
ord685
ord100
__vbaVarTstNe
__vbaI4Var
__vbaVarCmpEq
ord610
__vbaFpCy
__vbaInStrB
__vbaAryLock
__vbaVarAdd
__vbaStrToAnsi
__vbaVarDup
ord612
ord613
__vbaFpI2
__vbaFpI4
ord616
__vbaVarTstGe
__vbaVarSetObjAddref
__vbaRecDestructAnsi
ord617
_CIatan
__vbaAryCopy
__vbaCastObj
__vbaStrMove
ord618
ord619
__vbaStrVarCopy
__vbaVarNeg
ord650
_allmul
__vbaLenVarB
_CItan
ord546
__vbaAryUnlock
_CIexp
__vbaMidStmtBstr
__vbaStrCy
__vbaFreeStr
__vbaFreeObj
ord581

kernel32

GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
LoadLibraryA
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
LocalAlloc
LocalFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
WriteConsoleW
SetStdHandle
IsProcessorFeaturePresent
DecodePointer
GetCommandLineA
RaiseException
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
LCMapStringW
GetStringTypeW
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapSize
WriteFile
RtlUnwind
SetFilePointer
GetConsoleCP
GetConsoleMode
HeapReAlloc
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

CharUpperBuffW

Exports

Exports

��0�^�Em`��n��)v��SP��j��>e��>�I�qV��W�� 8U �W��R�0Q��{"�{?�TK�H��f�l��~Q� �g��Y�V�7O0&��">��Qt�nP˺�Fqf>��&w$�|�\�8��ƨ��\�c�Uŕ��$�X�y5�Ҁ��p��6�IE��*��T�A;��&��r�Fo�b.�6��t݃�-�rPG��5�P�~��^.��rr_��h&� �� @�uV��R��X~�ޡJh��@ �֢le��2�Vu�,?�]��Z��0`>�� k�g�� G x��2u�6��\ѧ?F1o0+I�� Z?�XP�YH��J��Va�;��+��'�:u�pS��˚J$fV��{��J�I�ŭ�i��4?u�KMu��) (�;�2��8��`2W� QMN�5�X��7�"�K�bk~%|6p�#�0��O��9k�p�BfB�-�+�?��~��' V)��8�x}H:{~�/5 ��C4��M�x�L��XNU�2�|#n�-��z?�K�X��B��<��y��q *�� Q9l^��X��W��)BD��v3�5�Z��7� G"�\7)L9eҋ)]+�6��"�8rQ*~O�!ÿ��٠ �u3ԇe뽃��d � ��,C�"�dN�n@0a|M�Fe��B�̂B�Z�_�6?:�P3c��&��W�F�T*��&i�%��:l:e��*�Ж��n+�'s�UuJuZ��雋�xs䘯'�w:�CZ�G��R)@��e��k�4�>-y=ϡ�ؚ� ̓�~~FQ�呒��qE�'[j?��RE@QU�rc��xj��*�9[�ǎe�d��Xzt*�^e��i��v|��O��˱L��r3C�V��#�S��H��C&VYO�iC�\Ա�� >r2��v��W.��zh�32�|�-��$B'Ś��=�3�8��cY.h2З�GNiCT#��Q�>�{�'Eǆ '�E|��]�<W$s��:��M;�f�'O�2�(��i(��B�In$�UPbF��Z��wER9�w��k�Υ`Hz��K�ڕ��9��~>�˾�O&!��X��O��k�+�9�m��Y��Z��ZD��5(��$��2�9I��l��Jp�Q��z!�7�g��i�XQ$��#v�q?�dN�ݾ�H��(�6R��CAu��儼�� 6�P��!ieӄ�Y-��D�3p��g5�`��{�(KǶ@]��24H�U�b��?{��o$x�-��o��p��eq�(AX��]��;��''w�TbdG�Ժ��A�}�Y�cμ��̇,�Xk�9��P�.��}Gn�/#��6�ҹuѱy_�e� �'cz�U��v)"xa��$��f��7��7L�'��IԌ��ZV=��A��X*-8D�/GcE'��w��q�ˡ�n+�{=;_=)�fʌ�U\)W�>/��]�>��uC��,ӿ��泗�&�@EfS�/�� ē_š��`%L�P��f� ��Ԣ��8��ם��,՜�R��'��X* /�r ��c�8/F��g_��ʇZ�2%��`��EB��XH3��nq��Fڭ��:ʽ�:�<=<��V_��q�:�)>�g�{��pT�FJR�)ܵ��Y�/��Ca��^cRu��ހz �v�!Sx�^��s��( ��$c �m�zr-M NF�#�pC[��n�@,�tJ�x6s��M�@��=�u��>��TA�O��T1}q@��0�(ʡ�nFY$�,�+��W:�sw�,b";0� ��I�ǘ�c�P�O�@�s� i��tԼZy��:ƾ|jqPm�XJL��aa��ΐ�0�B��z��P�`��Ң��S�,��X4&��E�4�oK�s��;#�Bm�5�#��/h�F�\^En�V�+�: �g��о%`��!��r*I�I?\��^a�(|頌.�H͝]]��I�@`�_4��y ~h^��Ґ��з�rK�vԼ��1n��J엤�"�ą�o�?�j��ݺ�u� k��!�tI�_��N`檁k��:`�7csz��p��xJ`��2vx��Tt:�[��O�>P<` ��) ��&��+�,�� S��]�5_k&��|�T� �B��l�/ڀ�̪�3��%=Sz$m�7��X�%�X��HS�h2�H��.��Y� ļ�#�� o��q^e�Ij��XV͔�q�oF'r�=�+v�9}P|;�a�RE�u~L�m�,��S�Y�W�# r}*80t-�μ �Ԇ��,��oH�v`�E*c��Od3��CcP�n#��o�.؉�v{��؊�J8,q��RB2��h9�_��}�4��r��[/�B��$��u5� 8�aӱ�죲�bϬ,��L9��̤;{��#�+�wx��9��6~�.�J6-�K�kfl��+��ע��.>��iR��_��Kh5�{�&v��\��lt��ҝ�0�WD2(�sn}ʾ5g�!��]䬴�s�m��a5��j�W��/��u(c��Wnq��"�3��r�ډ!uY"nۇ��f�/(x�;ȁԷ%G�"ae�x?��T�p�R�\�<�ѭi�VC�V��4��dOR��a��I5<!׍�<z*�ڑ�b?7\S�E��Q��w�L!q�D��/��*�鲞��v��q�[i��.v?�l��O��E ��.��^��J�ڴ��u,��J��'��R?�C��01��3��Ջ��u��'�6K�9n;��s��m"�M:��*��sh]9��0�ąJE- �D�� `��p�2��S�~Hc �:��x`�q�@��"{��

Sections

.text
Size: 384KB - Virtual size: 383KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.$/_
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.cnY
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.r1o
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

51e03850fa0492a41d913a4e9942e6cb

Headers

File Characteristics

Imports

msvbvm60

kernel32

user32

Exports

Exports

Sections

.text Size: 384KB - Virtual size: 383KB

.data Size: 4KB - Virtual size: 12KB

.$/_ Size: 2.4MB - Virtual size: 2.4MB

.cnY Size: 4KB - Virtual size: 1KB

.r1o Size: 2.2MB - Virtual size: 2.2MB

.rsrc Size: 16KB - Virtual size: 15KB

.text
Size: 384KB - Virtual size: 383KB

.data
Size: 4KB - Virtual size: 12KB

.$/_
Size: 2.4MB - Virtual size: 2.4MB

.cnY
Size: 4KB - Virtual size: 1KB

.r1o
Size: 2.2MB - Virtual size: 2.2MB

.rsrc
Size: 16KB - Virtual size: 15KB