Static task
static1
General
-
Target
DT_DUCT.zip
-
Size
122KB
-
MD5
a7c9fe460a97709a3e1eab81cc5a544c
-
SHA1
0b5bcd72c5c53fd3e188ba1e40e47cf9e33784bd
-
SHA256
ffe4d67558dc4228e7f594539edf967d78ac14861e75edc4be8fad7915847608
-
SHA512
4b02e31897524223d44cec531c30d1710922193bfe608db75850d4416bd1e02011059cace054665210c1b00fdd513bc1233ee54221984000b0a523058e141435
-
SSDEEP
3072:T00Actoaag0QCjxFDJt0E/vf+5V6YobzioMZmHTTJrxJ0Nxld:ptodgyzO63vYmLMZmzNrP0/
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/ductsizer 1.exe
Files
-
DT_DUCT.zip.zip
-
DT_DUCT.DLL
-
ductsizer 1.exe.exe windows:4 windows x86 arch:x86
91fd98c5479fd1e42445a696b4b18b99
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
msvbvm60
__vbaVarTstGt
__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaVarVargNofree
ord587
__vbaFreeVar
__vbaLateIdCall
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
ord519
__vbaResume
__vbaStrCat
ord660
ord553
__vbaHresultCheckObj
__vbaLenVar
_adj_fdiv_m32
__vbaExitProc
__vbaObjSet
ord595
__vbaOnError
_adj_fdiv_m16i
_adj_fdivr_m16i
__vbaFpR4
__vbaFpR8
__vbaBoolVarNull
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
__vbaVarTstEq
__vbaR4Str
ord561
__vbaStrR4
_adj_fpatan
__vbaStrR8
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaStrVarVal
__vbaVarCat
ord537
_CIlog
__vbaErrorOverflow
__vbaNew2
__vbaR8Str
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
__vbaR8Var
__vbaPowerR8
_adj_fdiv_r
ord685
ord578
ord100
__vbaVarTstNe
__vbaVarDup
__vbaR4Sgn
ord614
__vbaFpI2
__vbaVarCopy
_CIatan
ord618
__vbaStrMove
_allmul
ord652
_CItan
ord546
_CIexp
__vbaFreeStr
__vbaFreeObj
Sections
.text Size: 76KB - Virtual size: 72KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ