6ba6d17e1ee80f9da4725e021f0533c9b8d516e34107d7a9277f5a238fb91834

Sharing

Copy URL Twitter E-mail

General

Target

6ba6d17e1ee80f9da4725e021f0533c9b8d516e34107d7a9277f5a238fb91834
Size

456KB
MD5

78eee9bdac68db5a4b9fcab045b90831
SHA1

e236cc5d395f63bb89e7f831789c26c5a766582a
SHA256

6ba6d17e1ee80f9da4725e021f0533c9b8d516e34107d7a9277f5a238fb91834
SHA512

77229dfe7cbc3936af4c9316442e22e3648b0b61ca1728bc2a48c3c27f81a307a4b40ada84a6f470e6add0fe7b56afade77dbd8f8ed8ef271da31c3d2658353c
SSDEEP

12288:38d8VxSqZ6KI62Ojga4FD553H4fQ3zLB5alQFwkQYiO4:3P3SqIOsa41558QZolQFLtir

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/_MSWORD/office/cache.bak

Files

6ba6d17e1ee80f9da4725e021f0533c9b8d516e34107d7a9277f5a238fb91834
.zip
_MSWORD/office/O365.vbs
.vbs
_MSWORD/office/cache.bak
.exe windows:10 windows x86 arch:x86

b6df92b17f27e1708240ec29f2498c77

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

ImeBroker.pdb

Imports

user32

PeekMessageW
PostQuitMessage
MsgWaitForMultipleObjects
AllowSetForegroundWindow
GetMessageW
TranslateMessage
DispatchMessageW
GetSystemMetrics
CharNextW
WaitForInputIdle

msvcrt

wcsncat_s
_initterm
swscanf_s
__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
_wcmdln
_amsg_exit
__p__commode
_XcptFilter
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@ABQBDH@Z
??0exception@@QAE@ABQBD@Z
tolower
wcsnlen
wcsrchr
wcsncpy_s
_lock
_unlock
__dllonexit
_onexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_controlfp
_except_handler4_common
_vsnwprintf
free
malloc
memcpy
vswprintf_s
wcsncmp
_wcsnicmp
_vsnwprintf_s
??_V@YAXPAX@Z
_wtoi
__wgetmainargs
memcmp
_CIlog
__CxxFrameHandler3
_CxxThrowException
_purecall
memmove
_CIexp
memset

api-ms-win-core-com-l1-1-1

CoReleaseServerProcess
CoAddRefServerProcess
CreateStreamOnHGlobal
CoInitializeSecurity
CoInitializeEx
CoRegisterClassObject
CoResumeClassObjects
CoTaskMemFree
CoRevokeClassObject
CoUninitialize
CoCreateInstance
CoTaskMemAlloc

api-ms-win-core-synch-l1-2-0

OpenEventW
Sleep
InitializeCriticalSectionEx
AcquireSRWLockExclusive
SetEvent
ReleaseMutex
OpenMutexW
CreateMutexW
InitOnceComplete
CreateEventW
ReleaseSRWLockExclusive
WaitForSingleObject
InitOnceBeginInitialize
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-0

LoadResource
FreeLibrary
GetModuleHandleA
LoadLibraryExW
GetProcAddress
GetModuleHandleExW
FindResourceExW
FreeLibraryAndExitThread
GetModuleFileNameA
GetModuleHandleW
LockResource
SizeofResource

api-ms-win-core-heap-l1-2-0

HeapSetInformation
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-1

SetErrorMode
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-processthreads-l1-1-2

ResumeThread
GetCurrentProcessId
GetCurrentProcess
CreateThread
OpenProcessToken
CreateProcessW
GetStartupInfoW
GetExitCodeProcess
GetCurrentThreadId
TerminateProcess
SetPriorityClass

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventWrite
EventActivityIdControl
EventUnregister
EventRegister
EventSetInformation

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-2-1

GetSystemDirectoryW
GetSystemTime
GetTickCount64
GetTickCount
GetSystemTimeAsFileTime
GetVersionExW

api-ms-win-security-base-l1-2-0

AllocateAndInitializeSid
IsValidSid
GetSidSubAuthority
GetTokenInformation
GetSidSubAuthorityCount

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegGetValueW
RegQueryValueExW

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-heap-l2-1-0

LocalFree
GlobalAlloc
GlobalFree

oleaut32

SysFreeString
SysAllocStringLen
SysStringLen
SysAllocString

api-ms-win-core-localization-l1-2-1

LCMapStringW
FormatMessageW

api-ms-win-core-debug-l1-1-1

OutputDebugStringW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-file-l1-2-1

SetFileTime
GetFileSize
CreateFileW
GetTempPathW
CreateDirectoryW
GetTempFileNameW
FindFirstFileW
FindNextFileW
FindClose
DeleteFileW
WriteFile
SetEndOfFile
GetFileAttributesW
SetFilePointer

api-ms-win-core-memory-l1-1-2

OpenFileMappingW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
FlushViewOfFile

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-string-l1-1-0

CompareStringW

advapi32

SetEntriesInAclW
GetNamedSecurityInfoW
SetNamedSecurityInfoW

shell32

ord165
SHGetFolderPathW
SHCreateDirectoryExW
ShellExecuteW

shlwapi

ord12
PathFileExistsW

api-ms-win-appmodel-runtime-l1-1-1

GetCurrentPackageFullName
GetPackageFullName

api-ms-win-core-processenvironment-l1-2-0

ExpandEnvironmentStringsW

api-ms-win-security-trustee-l1-1-1

BuildExplicitAccessWithNameW

profapi

ord104

Sections

.text
Size: 214KB - Virtual size: 213KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
_MSWORD/office/subscription.db
.pdf

Sharing

General

Malware Config

Signatures

Files

b6df92b17f27e1708240ec29f2498c77

Headers

File Characteristics

PDB Paths

Imports

user32

msvcrt

api-ms-win-core-com-l1-1-1

api-ms-win-core-synch-l1-2-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-heap-l1-2-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-processthreads-l1-1-2

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-security-base-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-heap-l2-1-0

oleaut32

api-ms-win-core-localization-l1-2-1

api-ms-win-core-debug-l1-1-1

api-ms-win-core-registry-l1-1-1

api-ms-win-core-file-l1-2-1

api-ms-win-core-memory-l1-1-2

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-string-l1-1-0

advapi32

shell32

shlwapi

api-ms-win-appmodel-runtime-l1-1-1

api-ms-win-core-processenvironment-l1-2-0

api-ms-win-security-trustee-l1-1-1

profapi

Sections

.text Size: 214KB - Virtual size: 213KB

.data Size: 1024B - Virtual size: 3KB

.idata Size: 7KB - Virtual size: 6KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 11KB - Virtual size: 11KB

.text
Size: 214KB - Virtual size: 213KB

.data
Size: 1024B - Virtual size: 3KB

.idata
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 11KB - Virtual size: 11KB