Hmei7[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Hmei7.zip
Size

182KB
MD5

c9a9a841b9167fdf262830ec43fa0b7e
SHA1

b90ebe5445cef8bf2979ccfacb6340e79fc8cb59
SHA256

a6246a6b2ecf77821c2a2de7e0693aa85f6c72c282c6a9ec8d8932b61f353b2e
SHA512

1b642cb86197b3c7481ff2b87186ef189b45f7924c05294415a8fcbe44089a37ffb7d6fbea5960b20b95b1298c81b57f75aeb0cfba628b6743bfd11e861c6d30
SSDEEP

3072:yUbRllXTI6Gu03khJUQsnqOC6S04X3X9hOf9nwwiy+urWLAkjqsBMOza4fL5Smwj:Z5TI3vAJ+nqOnF8WFnliPuHCxg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/brute/Brute v.2.exe

Files

Hmei7.zip
.zip
brute/Brute v.2.exe
.exe windows:4 windows x86 arch:x86

32c55f660c352e3f9b8f211660abc10b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarTstGt
__vbaStrI2
_CIcos
_adj_fptan
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
ord588
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaFreeObjList
ord516
_adj_fprem1
__vbaRecAnsiToUni
ord518
ord519
__vbaResume
__vbaStrCat
ord660
__vbaSetSystemError
__vbaRecDestruct
__vbaHresultCheckObj
ord662
_adj_fdiv_m32
__vbaVarForInit
ord593
__vbaExitProc
ord594
ord595
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaVarIndexLoad
ord520
__vbaVarTstLt
_CIsin
ord525
ord632
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaStrCmp
__vbaVarTstEq
__vbaI2I4
DllFunctionCall
_adj_fpatan
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
__vbaStrToUnicode
ord712
__vbaPrintFile
__vbaInputFile
ord713
_adj_fprem
_adj_fdivr_m64
ord607
__vbaI2Str
ord608
__vbaFPException
__vbaGetOwner3
__vbaStrVarVal
__vbaVarCat
ord535
__vbaDateVar
__vbaFileSeek
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaNew2
__vbaInStr
ord571
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord578
ord685
ord100
__vbaVarTstNe
__vbaI4Var
__vbaStrToAnsi
__vbaVarDup
__vbaFpI2
__vbaRecDestructAnsi
ord617
_CIatan
__vbaStrMove
__vbaCastObj
ord619
_allmul
_CItan
ord546
__vbaFPInt
__vbaVarForNext
_CIexp
__vbaFreeStr
__vbaFreeObj

Sections

.text
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
brute/listsite.txt
brute/pass.txt
brute/setting.ini

Sharing

General

Malware Config

Signatures

Files

32c55f660c352e3f9b8f211660abc10b

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 48KB - Virtual size: 45KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 4KB - Virtual size: 2KB

.text
Size: 48KB - Virtual size: 45KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 2KB