Malicious
Malicious
Print
Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
fb7a0795cb78244f1bf3dca74dd54022
Sha1
49f8fd5564751f4666f788b1792df0b903a8fef6
Sha256
6f561ab384d65db9ee11a49b2f9d0a1e6758f9d0c6082f1e65821f6984fa2c71
Sha384
00483ef87fbf52f00bdeaf674020b490ee8400cdbab3aa59c723a4a8b604cc5948b8991043b1a1e4c66dbe87d7aee184
Sha512
eead9403340c98fc743c6b3001c562f2ea08e7a15a0e2fdb14a0c6b86fb0b731be1ca1ba91cf86d923527a1eacff36642c1d4b7fc257df8b374f9bac38e1b931
SSDeep
196608:nLIm4FXJv9lvJiYiH7WGSGiYyXD1Jw09vcj6YWgHqJpcdGTTpgq3edU8Fd62tp3c:nsrFVvJiY670HD/9/d2dGCq3mUedD3dq
TLSH
C3C63322F2D19437D1325A7DDC2BA2A45429FF103E24B94F7BE42E8C5F7968239641E3

PeID

BobSoft Mini Delphi -> BoB / BobSoft
Borland Delphi 4.0
Borland Delphi v3.0
Borland Delphi v6.0 - v7.0
Borland Delphi v6.0 - v7.0
D1S1G v1.1 beta --> D1N
D1S1G v1.1 beta --> D1N
Microsoft Visual C++ v6.0 DLL
Pe123 v2006.4.4-4.12
File Structure
fb7a0795cb78244f1bf3dca74dd54022
Malicious
[Repaired @0x00AF49B8]
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
CODE
DATA
BSS
.idata
.tls
.rdata
.reloc
.rsrc
Resources
Malicious
RT_CURSOR
ID:0001
ID:0
ID:0002
ID:0
ID:0003
ID:0
ID:0004
ID:0
ID:0005
ID:0
ID:0006
ID:0
ID:0007
ID:0
RT_BITMAP
ID:0000
ID:0
RT_ICON
ID:0001
ID:0
ID:1055
RT_DIALOG
ID:0000
ID:0
RT_STRING
ID:0FE9
ID:0
ID:0FEA
ID:0
ID:0FEB
ID:0
ID:0FEC
ID:0
ID:0FED
ID:0
ID:0FEE
ID:0
ID:0FEF
ID:0
ID:0FF0
ID:0
ID:0FF1
ID:0
ID:0FF2
ID:0
ID:0FF3
ID:0
ID:0FF4
ID:0
ID:0FF5
ID:0
ID:0FF6
ID:0
ID:0FF7
ID:0
ID:0FF8
ID:0
ID:0FF9
ID:0
ID:0FFA
ID:0
ID:0FFB
ID:0
ID:0FFC
ID:0
ID:0FFD
ID:0
ID:0FFE
ID:0
ID:0FFF
ID:0
ID:1000
ID:0
RT_RCDATA
Malicious
ID:0000
Malicious
ID:0
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
twltzozlhomgn.Resources
11.exe
Client.exe
New Client.exe
dllhost.exe
fivemch.exe
ID:1055
Malicious
[Content_Types].xml
_rels
.rels
xl
_rels
workbook.xml.rels
workbook.xml
vbaProject.bin
Root Entry
PROJECT
PROJECTwm
VBA
dir
__SRP_0
__SRP_1
__SRP_2
__SRP_3
ThisWorkbook

ThisWorkbook

[Stored VBA]
Malicious
[PCode]
[Decompiled VBA]
Malicious
_VBA_PROJECT
theme
theme1.xml
styles.xml
worksheets
sheet1.xml
docProps
core.xml
app.xml
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
CODE
DATA
BSS
.idata
.edata
.reloc
.rsrc
Resources
RT_RCDATA
ID:0000
ID:0
RT_GROUP_CURSOR2
ID:7FF9
ID:0
ID:7FFA
ID:0
ID:7FFB
ID:0
ID:7FFC
ID:0
ID:7FFD
ID:0
ID:7FFE
ID:0
ID:7FFF
ID:0
RT_GROUP_CURSOR4
ID:0000
ID:1055
RT_VERSION
ID:0001
ID:1055
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Artefacts
Name
 Value
URLs in VB Code - #1

https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download
URLs in VB Code - #2

https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1
URLs in VB Code - #1

https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download
URLs in VB Code - #2

https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1
fb7a0795cb78244f1bf3dca74dd54022 (11.51 MB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙