5889375e1f1ad2c558aee54b006bd2ef[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

5889375e1f1ad2c558aee54b006bd2ef.zip
Size

62KB
MD5

13a86d7cf1469c5a2c98b60ad757de74
SHA1

b8655e0a56a5d0c7824ba1a093e33a130307e561
SHA256

91b3f571f4d51f613846e649e6302bb438e0889fbeb839f9c1a7ee014c954dd0
SHA512

cdca8e695498c3ddb64d6fbf1038c760281ef0183c4cb114619720615fbcd43d0afa54066a21d6cc683e27c4bd12321a39bdb96360b54e2d854161e19cc440cf
SSDEEP

768:0AV+liqG2nvwjvtOWHelltKwTSfujhlKdVveCiZItIOHzEmf6Jm9hI8xjHHcd2al:h4G2geXtKE10Vv7SOzx4dDmFEdntY1A

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack003/factura INVDE21005611.exe

Files

5889375e1f1ad2c558aee54b006bd2ef.zip
.zip

Password: infected
0926165642ba996d4e2025b4a7e2610252745807f9fd958a9b559f3a25849b5b
.eml
Password: infected
- http://www.shimano.com
- http://www.shimano.com/
email-html-2.txt
.html
email-plain-1.txt
factura INVDE21005611.rar
.rar

Password: infected
factura INVDE21005611.exe
.exe windows:4 windows x86 arch:x86

Password: infected

a1f269b3c8d42f1e73f0308c0a1577cf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord583
_CIcos
_adj_fptan
__vbaHresultCheck
__vbaVarMove
__vbaFreeVar
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
ord512
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
ord552
__vbaSetSystemError
ord661
__vbaHresultCheckObj
ord557
_adj_fdiv_m32
__vbaAryDestruct
ord591
ord592
ord593
ord594
__vbaOnError
__vbaObjSet
ord595
ord596
_adj_fdiv_m16i
__vbaObjSetAddref
ord702
_adj_fdivr_m16i
ord598
ord705
ord706
__vbaVarTstLt
__vbaFpR8
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
__vbaAryConstruct2
__vbaI2I4
__vbaObjVar
ord561
DllFunctionCall
ord564
_adj_fpatan
ord569
__vbaRedim
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord712
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
ord531
__vbaFPException
ord532
ord717
ord534
ord535
ord536
ord537
ord538
_CIlog
__vbaNew2
ord571
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaI4Str
__vbaFreeStrList
__vbaDerefAry1
_adj_fdivr_m32
ord684
_adj_fdiv_r
ord100
__vbaVarTstNe
ord610
__vbaVarAdd
__vbaInStrB
__vbaLateMemCall
__vbaVarDup
__vbaStrToAnsi
ord612
ord613
__vbaFpI4
__vbaLateMemCallLd
_CIatan
__vbaStrMove
ord618
__vbaCastObj
ord541
_allmul
ord652
_CItan
ord546
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 124KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
image001.gif
.gif

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

Password: infected

Password: infected

a1f269b3c8d42f1e73f0308c0a1577cf

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 124KB - Virtual size: 120KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 4KB - Virtual size: 3KB

.text
Size: 124KB - Virtual size: 120KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 3KB