ea8087bd43024ab636560b48c14d308d194f0444b919af4c5563bc8d481a3a7c[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

ea8087bd43024ab636560b48c14d308d194f0444b919af4c5563bc8d481a3a7c.zip
Size

140KB
MD5

b558bd31e6b8a8674ec707cf25457fd6
SHA1

d31d6ad9beac0776af6c8783b521fc1b91699ad9
SHA256

915ea2344790d809108a2b5ba1c3a7420702d27c5acd7e009913f6e37e163c10
SHA512

b3e83d114a51c51c36899eb28d6215af397475f791d00e84d656e03b576f084f20798847ac850a3c76f1176358f0c47db3a12a5426d8c05d5f085a984143ecdc
SSDEEP

3072:nekHYvKGqfngyVlI3DsYko1ic+lWwT4Grhmhw8bnP6y4Kug:nekZGqoyVGDb1XgWwvrhmhrjCNi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ea8087bd43024ab636560b48c14d308d194f0444b919af4c5563bc8d481a3a7c.exe

Files

ea8087bd43024ab636560b48c14d308d194f0444b919af4c5563bc8d481a3a7c.zip
.zip

Password: infected
ea8087bd43024ab636560b48c14d308d194f0444b919af4c5563bc8d481a3a7c.exe
.exe windows:4 windows x86 arch:x86

Password: infected

4ec25b8af4fadf908920023c683ae301

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaVarVargNofree
__vbaAryMove
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
EVENT_SINK_Invoke
__vbaRaiseEvent
__vbaFreeObjList
ord516
__vbaStrErrVarCopy
ord517
_adj_fprem1
__vbaRecAnsiToUni
ord519
__vbaCopyBytes
__vbaResume
__vbaStrCat
__vbaVarCmpNe
__vbaRecDestruct
__vbaSetSystemError
__vbaLenBstrB
__vbaHresultCheckObj
ord662
__vbaLenVar
_adj_fdiv_m32
__vbaAryVar
Zombie_GetTypeInfo
__vbaAryDestruct
__vbaVarForInit
__vbaExitProc
ord593
ord594
__vbaObjSet
ord595
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaFpR4
__vbaStrFixstr
ord520
__vbaVarTstLt
__vbaBoolVarNull
_CIsin
ord631
ord709
__vbaErase
ord525
ord632
__vbaChkstk
ord526
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
ord529
__vbaAryConstruct2
__vbaGet4
__vbaPutOwner3
__vbaVarTstEq
__vbaPutOwner4
__vbaR4Str
__vbaI2I4
DllFunctionCall
ord563
__vbaFpUI1
__vbaRedimPreserve
__vbaLbound
_adj_fpatan
__vbaR4Var
Zombie_GetTypeInfoCount
__vbaStrR8
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
__vbaUI1I2
_CIsqrt
__vbaObjIs
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaUI1I4
__vbaStr2Vec
__vbaExceptHandler
ord711
__vbaPrintFile
__vbaStrToUnicode
ord606
_adj_fprem
_adj_fdivr_m64
__vbaI2Str
ord607
__vbaVarDiv
ord608
ord531
__vbaFPException
__vbaInStrVar
ord717
ord532
ord319
__vbaUbound
__vbaStrVarVal
__vbaVarCat
__vbaGetOwner4
__vbaDateVar
ord536
ord537
ord644
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaNew2
__vbaInStr
ord648
ord570
__vbaVar2Vec
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
ord681
__vbaI4Str
__vbaFreeStrList
ord576
_adj_fdivr_m32
__vbaPowerR8
_adj_fdiv_r
ord578
ord685
ord100
__vbaVarTstNe
ord579
__vbaI4Var
__vbaInStrB
__vbaAryLock
__vbaLateMemCall
ord320
__vbaVarDup
__vbaStrToAnsi
ord321
ord613
__vbaVarCopy
ord616
__vbaFpI4
__vbaRecDestructAnsi
__vbaLateMemCallLd
_CIatan
ord618
__vbaStrMove
__vbaI2ErrVar
__vbaCastObj
__vbaAryCopy
__vbaStrVarCopy
ord619
ord650
_allmul
_CItan
ord546
__vbaUI1Var
__vbaFPInt
__vbaAryUnlock
__vbaVarForNext
_CIexp
__vbaI4ErrVar
__vbaFreeObj
__vbaFreeStr
ord580
ord581

Sections

.text
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

4ec25b8af4fadf908920023c683ae301

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 108KB - Virtual size: 104KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 48KB - Virtual size: 45KB

.text
Size: 108KB - Virtual size: 104KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 48KB - Virtual size: 45KB