a03a35614e7df86aaf94aafbf1f6386a9c619ed2287dd66bb6773cfb719fb850

Sharing

Copy URL Twitter E-mail

General

Target

a03a35614e7df86aaf94aafbf1f6386a9c619ed2287dd66bb6773cfb719fb850
Size

7.8MB
MD5

e25975c766231f28d01e5ffb4aae7dd3
SHA1

b01943f94866b8881ac1fbc39777de732592cd8d
SHA256

a03a35614e7df86aaf94aafbf1f6386a9c619ed2287dd66bb6773cfb719fb850
SHA512

927b7a147fa8fd80886b879a9a83ce2683dc1cf2a827d6ac6b9ecf722fbc3b6a695befee0fb4ad9a8d1758ded49c8085ab6aeb8d46dcfc61ca59e8c9e79d1bd2
SSDEEP

196608:meWc1YooMz/HFTO13U1xhg47A0OhDAMyjQPDGfW8HOzt50oW+sMapn:7BoO/lC1SxXgdyUPtxmEs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a03a35614e7df86aaf94aafbf1f6386a9c619ed2287dd66bb6773cfb719fb850

Files

a03a35614e7df86aaf94aafbf1f6386a9c619ed2287dd66bb6773cfb719fb850
.exe windows:5 windows x86 arch:x86

4039f65a144c313aacf25d615a72879d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
__vbaVarTstGt
__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaVarVargNofree
__vbaAryMove
__vbaFreeVar
__vbaLenBstr
__vbaStrVarMove
__vbaLineInputStr
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
ord698
EVENT_SINK_Invoke
__vbaRaiseEvent
__vbaNextEachVar
__vbaFreeObjList
ord517
_adj_fprem1
__vbaRecAnsiToUni
ord518
ord626
__vbaResume
__vbaStrCat
ord552
__vbaLsetFixstr
ord660
__vbaSetSystemError
__vbaRecDestruct
__vbaLenBstrB
__vbaHresultCheckObj
__vbaLenVar
_adj_fdiv_m32
__vbaAryVar
__vbaVarTstLe
Zombie_GetTypeInfo
__vbaAryDestruct
EVENT_SINK2_Release
__vbaExitProc
ord593
ord594
__vbaCyAdd
__vbaOnError
ord595
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaStrFixstr
__vbaFPFix
__vbaVargVar
_CIsin
__vbaErase
ord631
ord709
ord632
ord525
__vbaChkstk
__vbaFileClose
ord526
EVENT_SINK_AddRef
__vbaGenerateBoundsError
ord528
__vbaCyI2
__vbaStrCmp
__vbaGet3
ord529
__vbaVarTstEq
__vbaAryConstruct2
__vbaPutOwner3
__vbaCyI4
__vbaI2I4
__vbaObjVar
DllFunctionCall
__vbaVarLateMemSt
ord670
__vbaCySub
__vbaFpUI1
__vbaRedimPreserve
_adj_fpatan
__vbaR4Var
Zombie_GetTypeInfoCount
__vbaR8Cy
__vbaUI1Cy
__vbaCyUI1
__vbaRedim
__vbaUI1ErrVar
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
ord600
ord601
__vbaUI1I2
_CIsqrt
__vbaObjIs
EVENT_SINK_QueryInterface
__vbaFpCmpCy
__vbaStr2Vec
ord710
__vbaUI1I4
__vbaExceptHandler
ord711
__vbaStrToUnicode
ord712
__vbaPrintFile
ord606
_adj_fprem
_adj_fdivr_m64
ord607
ord608
ord716
__vbaFPException
__vbaInStrVar
ord717
ord319
__vbaStrVarVal
__vbaUbound
__vbaGetOwner3
__vbaVarCat
ord535
__vbaDateVar
__vbaI2Var
ord644
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaVar2Vec
__vbaInStr
__vbaNew2
ord648
ord570
__vbaVarLateMemCallLdRf
__vbaCyMulI2
ord571
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
ord573
__vbaStrCopy
EVENT_SINK2_AddRef
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
__vbaPowerR8
_adj_fdiv_r
ord685
ord100
__vbaVarTstNe
__vbaVarSetVar
__vbaI4Var
__vbaVarCmpEq
__vbaFpCy
__vbaVarAdd
__vbaAryLock
__vbaLateMemCall
ord320
__vbaStrToAnsi
__vbaVarDup
ord321
ord616
__vbaVarCopy
__vbaVarTstGe
__vbaFpI4
__vbaVarLateMemCallLd
__vbaUnkVar
ord617
__vbaRecDestructAnsi
__vbaVarSetObjAddref
_CIatan
__vbaUI1Str
__vbaCastObj
ord618
__vbaStrMove
__vbaAryCopy
__vbaI4Cy
__vbaStrVarCopy
ord619
__vbaR8IntI4
__vbaForEachVar
ord650
_allmul
__vbaLenVarB
_CItan
ord546
__vbaAryUnlock
__vbaFPInt
_CIexp
__vbaFreeStr
__vbaFreeObj

kernel32

GetSystemTimeAsFileTime
CreateEventA
GetModuleHandleA
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
LoadLibraryA
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
HeapAlloc
HeapFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
MultiByteToWideChar
GetModuleHandleW
LoadResource
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
GetCommandLineA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
RtlUnwind
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
VirtualQuery

Sections

.text
Size: - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.|s{
Size: - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bFZ
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.k75
Size: 7.8MB - Virtual size: 7.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 623KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4039f65a144c313aacf25d615a72879d

Headers

File Characteristics

Imports

msvbvm60

kernel32

Sections

.text Size: - Virtual size: 80KB

.rdata Size: - Virtual size: 6KB

.data Size: - Virtual size: 4KB

.|s{ Size: - Virtual size: 4.0MB

.bFZ Size: 4KB - Virtual size: 1KB

.k75 Size: 7.8MB - Virtual size: 7.8MB

.rsrc Size: 4KB - Virtual size: 623KB

.text
Size: - Virtual size: 80KB

.rdata
Size: - Virtual size: 6KB

.data
Size: - Virtual size: 4KB

.|s{
Size: - Virtual size: 4.0MB

.bFZ
Size: 4KB - Virtual size: 1KB

.k75
Size: 7.8MB - Virtual size: 7.8MB

.rsrc
Size: 4KB - Virtual size: 623KB