General

Malware Config

Signatures

Files

• f5c9d7e1a4975f9854ffcd690b4ca54dfd4007f48e290300c137c996cdf0f2c7

  .exe windows x86

  083e18989936267c2853592685de471d

  
  

  Code Sign

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  msvbvm60

  ord583

  _CIcos

  _adj_fptan

  __vbaVarMove

  __vbaFreeVar

  __vbaFreeVarList

  ord697

  _adj_fdiv_m64

  ord514

  __vbaFreeObjList

  _adj_fprem1

  __vbaStrCat

  ord554

  __vbaHresultCheckObj

  _adj_fdiv_m32

  __vbaAryVar

  ord666

  __vbaAryDestruct

  __vbaLateMemSt

  ord591

  __vbaObjSet

  _adj_fdiv_m16i

  __vbaObjSetAddref

  _adj_fdivr_m16i

  __vbaFpR8

  _CIsin

  ord631

  ord632

  __vbaChkstk

  EVENT_SINK_AddRef

  ord527

  __vbaStrCmp

  __vbaObjVar

  ord562

  __vbaCastObjVar

  _adj_fpatan

  EVENT_SINK_Release

  ord600

  _CIsqrt

  EVENT_SINK_QueryInterface

  __vbaExceptHandler

  ord711

  _adj_fprem

  _adj_fdivr_m64

  ord608

  __vbaFPException

  ord717

  ord534

  ord536

  _CIlog

  __vbaFileOpen

  __vbaNew2

  _adj_fdiv_m32i

  _adj_fdivr_m32i

  __vbaVarSetObj

  __vbaStrCopy

  __vbaI4Str

  __vbaFreeStrList

  __vbaDerefAry1

  _adj_fdivr_m32

  _adj_fdiv_r

  ord685

  ord100

  __vbaVarTstNe

  __vbaI4Var

  __vbaLateMemCall

  __vbaVarDup

  ord615

  __vbaFpI4

  __vbaVarLateMemCallLd

  ord616

  __vbaLateMemCallLd

  _CIatan

  __vbaCastObj

  __vbaAryCopy

  __vbaStrMove

  _allmul

  _CItan

  ord546

  ord547

  _CIexp

  __vbaFreeObj

  __vbaFreeStr

  Sections

  .text

  Size: 52KB - Virtual size: 50KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 4KB - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 4KB - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ