ab9ef5776f80317e138fb51a01d0e40797ad5f9913925b3a9e199cb6d5f0565a

Sharing

Copy URL Twitter E-mail

General

Target

ab9ef5776f80317e138fb51a01d0e40797ad5f9913925b3a9e199cb6d5f0565a
Size

120KB
MD5

65b1d12e0b0656ba6195e6eac9f79a80
SHA1

33b4a2aac2b17451360e160b4f660ea4f0e2585f
SHA256

ab9ef5776f80317e138fb51a01d0e40797ad5f9913925b3a9e199cb6d5f0565a
SHA512

e583d40ba06435342ed045f0718fb526273f1fce249b4e8f3d240bf3708eba9f3e4355726b8542d5b6aafb81eee27a09502fcd4a645b3fc32cc5c2c0c9d9351e
SSDEEP

1536:NQHIb8BeK/6V1Jp2eKayGSgeyxqBeEj9W3yYLl+BIbL:yW0x/6V1/ehBeEE37b

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ab9ef5776f80317e138fb51a01d0e40797ad5f9913925b3a9e199cb6d5f0565a

Files

ab9ef5776f80317e138fb51a01d0e40797ad5f9913925b3a9e199cb6d5f0565a
.exe windows:4 windows x86 arch:x86

840a8fd8e0e8512a1c68eb0c44fd992c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
__vbaVarSub
__vbaVarTstGt
ord690
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaVarVargNofree
__vbaFreeVar
__vbaLenBstr
__vbaStrVarMove
__vbaLateIdCall
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
EVENT_SINK_Invoke
__vbaFreeObjList
__vbaStrErrVarCopy
_adj_fprem1
__vbaStrCat
__vbaVarCmpNe
ord553
ord660
__vbaWriteFile
__vbaSetSystemError
__vbaStrDate
__vbaHresultCheckObj
ord662
ord557
__vbaLenVar
_adj_fdiv_m32
__vbaVarTstLe
Zombie_GetTypeInfo
__vbaAryDestruct
__vbaLateMemSt
__vbaBoolStr
__vbaExitProc
ord595
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaFpR4
ord520
__vbaBoolVarNull
__vbaVarTstLt
_CIsin
ord632
__vbaVargVarMove
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
__vbaVarTstEq
__vbaAryConstruct2
__vbaDateR8
__vbaR4Str
ord561
__vbaI2I4
DllFunctionCall
__vbaVarLateMemSt
__vbaFpUI1
__vbaCastObjVar
__vbaStrR4
_adj_fpatan
__vbaR4Var
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
EVENT_SINK_Release
__vbaUI1I2
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaStrUI1
__vbaExceptHandler
__vbaStrToUnicode
ord606
__vbaDateStr
__vbaR4ErrVar
_adj_fprem
_adj_fdivr_m64
__vbaI2Str
ord608
__vbaFPException
ord717
__vbaStrVarVal
__vbaVarCat
__vbaDateVar
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaInStr
__vbaNew2
__vbaR8Str
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaVarCmpEq
ord689
ord610
__vbaVarDup
__vbaStrToAnsi
ord616
__vbaFpI4
__vbaVarLateMemCallLd
ord617
__vbaLateMemCallLd
_CIatan
__vbaUI1Str
__vbaStrMove
__vbaCastObj
ord540
ord619
_allmul
__vbaLateIdSt
_CItan
ord546
__vbaUI1Var
_CIexp
__vbaI4ErrVar
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

840a8fd8e0e8512a1c68eb0c44fd992c

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 108KB - Virtual size: 107KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 4KB - Virtual size: 2KB

.text
Size: 108KB - Virtual size: 107KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 2KB