siam[.]7z | Triage

Sharing

Copy URL Twitter E-mail

General

Target

siam.7z
Size

120KB
MD5

708f063faf4326fbc889b24bb7ec2923
SHA1

bd5ae0bc69a74c5458b60bf5ab072318064f72c7
SHA256

28fcc47c587a3045997bd820defce3dbe71f8822553a988ce9b7a2126024cccb
SHA512

039a64fdc0ef75675403f507d2732c233eb8495ba6f3a9d27ef07ae5d6f25c593ad5e487277392c052515ebb879d2e73a80da1344f26867434ba80a45479f0cb
SSDEEP

3072:WKnBKrg/qFAoMQ7AlyN6ZvjrxTT8kQaQ40ptU9JEt:BIrlEKk66Zvpck240EEt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/SFX12.exe

Files

siam.7z
.7z

Password: 1nfected
SFX12.exe
.exe windows:4 windows x86 arch:x86

Password: 1nfected

4ec25b8af4fadf908920023c683ae301

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaVarVargNofree
__vbaAryMove
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
EVENT_SINK_Invoke
__vbaRaiseEvent
__vbaFreeObjList
ord516
__vbaStrErrVarCopy
ord517
_adj_fprem1
__vbaRecAnsiToUni
ord519
__vbaCopyBytes
__vbaResume
__vbaStrCat
__vbaVarCmpNe
__vbaRecDestruct
__vbaSetSystemError
__vbaLenBstrB
__vbaHresultCheckObj
ord662
__vbaLenVar
_adj_fdiv_m32
__vbaAryVar
Zombie_GetTypeInfo
__vbaAryDestruct
__vbaVarForInit
__vbaExitProc
ord593
ord594
__vbaObjSet
ord595
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaFpR4
__vbaStrFixstr
ord520
__vbaVarTstLt
__vbaBoolVarNull
_CIsin
ord631
ord709
__vbaErase
ord525
ord632
__vbaChkstk
ord526
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
ord529
__vbaAryConstruct2
__vbaGet4
__vbaPutOwner3
__vbaVarTstEq
__vbaPutOwner4
__vbaR4Str
__vbaI2I4
DllFunctionCall
ord563
__vbaFpUI1
__vbaRedimPreserve
__vbaLbound
_adj_fpatan
__vbaR4Var
Zombie_GetTypeInfoCount
__vbaStrR8
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
__vbaUI1I2
_CIsqrt
__vbaObjIs
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaUI1I4
__vbaStr2Vec
__vbaExceptHandler
ord711
__vbaPrintFile
__vbaStrToUnicode
ord606
_adj_fprem
_adj_fdivr_m64
__vbaI2Str
ord607
__vbaVarDiv
ord608
ord531
__vbaFPException
__vbaInStrVar
ord717
ord532
ord319
__vbaUbound
__vbaStrVarVal
__vbaVarCat
__vbaGetOwner4
__vbaDateVar
ord536
ord537
ord644
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaNew2
__vbaInStr
ord648
ord570
__vbaVar2Vec
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
ord681
__vbaI4Str
__vbaFreeStrList
ord576
_adj_fdivr_m32
__vbaPowerR8
_adj_fdiv_r
ord578
ord685
ord100
__vbaVarTstNe
ord579
__vbaI4Var
__vbaInStrB
__vbaAryLock
__vbaLateMemCall
ord320
__vbaVarDup
__vbaStrToAnsi
ord321
ord613
__vbaVarCopy
ord616
__vbaFpI4
__vbaRecDestructAnsi
__vbaLateMemCallLd
_CIatan
ord618
__vbaStrMove
__vbaI2ErrVar
__vbaCastObj
__vbaAryCopy
__vbaStrVarCopy
ord619
ord650
_allmul
_CItan
ord546
__vbaUI1Var
__vbaFPInt
__vbaAryUnlock
__vbaVarForNext
_CIexp
__vbaI4ErrVar
__vbaFreeObj
__vbaFreeStr
ord580
ord581

Sections

.text
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: 1nfected

Password: 1nfected

4ec25b8af4fadf908920023c683ae301

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 108KB - Virtual size: 104KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 52KB - Virtual size: 49KB

.text
Size: 108KB - Virtual size: 104KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 52KB - Virtual size: 49KB