�2Ȼ�CB��I&�r%�<��V�Аdz��ܹ1������E�f}��K�E����D��z�����AI�n!��4�� {&1Ұ�/�MǢ�����S��{���qq��R���W�kk��Y���=:*�fv\R0-�"����8?�����<����3`ׅA"��wW�V��N�7�[adz�'t��ʀ�����Ŷ�?%���9=��䅣K5���/f�Yތ˲�]P3�<�U�z����UQ_���\���@���c�����'4���$z�St~� [/�b�t�lw���;yv�i9��GQA�V�XI1!Ơa�igG�M[ �K���Y{�� ����r�1痠SF���C3#�n��s��N����egk�S�-6WZ��4-sl6�S/��;:4�+s�����g�z���HІ�(�R�����c��u���`���s��dش���e���D��ܢR>|��j��%��m��#����$�9g�we�D�҆D��vY��� ���V ��� >(q@���0/��*��ʐ۾���Nr[\˺I����d��2�_�u �F"�}N7+�}�`��7`��'f:���;zj�Տ���|�@1�9i��6��c i��V�[l_�D�������f�I�V���4B̿Jv����yՕW�N�X���B�eE����"�$����儺igڏ��]�~���> k@s�ߘ�8[r5��A3�`�X��L�l�:{�P�� )Rݯ5i�[�+�Ɉ�ւ�@;����%?���T��镎���g����37�I1~!���6�����������s��������G/ �u�����A0�=-|�[���&Ć|8�j�l`k��[���AT���w/��<�v�n.�0�t�O����V�(�������1�?j���(�w�D����LŎ�it� )�Jᰟ菗4נ[՛�^ײr���$�����-ߨ���G��?3��ڒz�H�ȳ�j�8�5J:q3��Vz���ʵH�~�Ս%�( O.����>^4v�'�4͒(�&KGX�˄��d8�'u�x��̫�Ć����xA���p���<�;2r���r9�ih~ק�n^Q##*"C��VM�Yӡ>�4��PIiJ�.���!'��?:P�I������c���EN����l%�J�lӜ}����AiN�|�!V�k�Zĵ*�>����g����A�������cy�n�!��@����T<H����TN�t�a�6m�qP,���r�/<�q��D2��F�N���m@ZVk�XQձ��?p)�z��?(�@���>C$�\YL��BX�#����*$Z��>Q��/���H�{v$�.�",��.L�/�Ci�\X���UЮ -0gW�}���:$�s(\q�5!���N�X�N.�3���G�cc��!~������f-�b����}�=�+�N%}j-��zZU��_��~�K+������s�U2��j�p���cp��YV�+�ͥ�>��d�EL{7G@���r�n6�no�)�g�,���e�WwQ3�����q����,Mx_�����B�g� P���?�^́��"�Ἧ6�8^8��90����/�Le�G\L�H��$W?���hH�q�}|k�p���3�A��)3e��#���86,�4�<�b����86u��⭞�Gт��tx���D�R�im[��&Ai�=?̥��=R�~$d9�.(��wو���G�h���Ǫe��mV�~�� �|Zq�k�݈_��F�͢�ކ�N7��J��'伕�[�Qa <El\����%b�Lt�!��Z�1�������Ay��Q����������W�C0����,��]��[�l����p�M�?��J��L$���ha$l�-��/�-�gV����"{}�Y�; ��"�yu�X+�!x\à�M� KxAh���QAxD�0-Ѷ�����2�>�)�ff�1����E٣�T sץNt����X��W�V��[<�sŌ�p�Lq�S�_�"-�;�<�5���䲙�P���4*P�T��I_$�sz]�9��-n�����(C*o6� ����7������'�e��nl*��j�����n�t���M2�N��� %�Гی��c�r0��К%C��%����� ����|��c�KHF����I�X���'���`#Q�5��CIČ�!��COk�1��IW���F��ᄭNT�vȒ��O�>����*=o������y����}ե��V��r������D{䊥u�_�I�a�Z&��:����0��n����I��H�aV��I�~�Jn8M1�r$ �iF���G����bP;�����1P3Q}��I�����!X�̀^�B� ]ɓ���,�12���2���k�������^m��p_-@����S�tpPX�$ll��7J�� �a�#CӘb����G乜��l<��o;XG��x���@�\ �׀u�{:�v�G���t��r�cǍ B��CVӆ rS��i�>�*в($����.�A�H����s,��P�~�㳽*��b6�e�'��2�m��1d�:���o��2p�O|��?��L��J���I{nK����`ϔ���� �\v}�;L��¼g߾��#�=��Ћ[%�&^��@�S�.�qWxm��@1�\��Ľ�* e�}!x*mB�0gb���gd)��H]����U��A�?�@E�%9Q+��Q o�wi�����T/+���&]ML�k۬� |<[c�O���ls�Ge�S���VGE;>�JB�v~6R� ��!��M����"�_��?�\F�A[���P����ќw\���bq ]�� I2'�s��4F�BG�����f��2s1d:Ͼ�,ȼӎ�<IɅ8��w�.F>��K��&��Jr�8��<(��a�@#�����I4�����&��Ò�ڬ!L�}���W��f\����������W".Z�*���d4��Й����}Τ.kइ6�|�¿��ޤ5��v�X�ȧo���zR���]!2�Ea��}���j5���Y�J��M2����t�O�+#� �T%\x �/Q�nԪ�������Lm{wCQ�Cr��S� ����N�`��K
Behavioral task
behavioral1
Sample
785411ad9556ff57c4384a71952c36db3e22fcc6cb82769ea20a8572545572d6.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
785411ad9556ff57c4384a71952c36db3e22fcc6cb82769ea20a8572545572d6.exe
Resource
win10v2004-20220812-en
General
-
Target
785411ad9556ff57c4384a71952c36db3e22fcc6cb82769ea20a8572545572d6
-
Size
88KB
-
MD5
8f1bccaff3aa16ee5b0b9fd143e7bad6
-
SHA1
070c1a771a6174fc883ee84b7a87e0a80fe7c670
-
SHA256
785411ad9556ff57c4384a71952c36db3e22fcc6cb82769ea20a8572545572d6
-
SHA512
2122e7b19117acef7aee1a0346a02e642516ec81c48748f9e4ca3189a1fe25b469b018be497dec97878c8f30fef4acb52b00e8fb0a51df7ab003148aa3aec1aa
-
SSDEEP
1536:ZDCALshz0lUJyjJM9qV+qTRBkFVMPiQckdTL2qFgFxQ3bs:Z++mwSuPYqfKVMPbc29gP
Malware Config
Signatures
-
Processes:
resource yara_rule sample vmprotect
Files
-
785411ad9556ff57c4384a71952c36db3e22fcc6cb82769ea20a8572545572d6.exe windows x86
4e1f9c837a4ce7a9981d59cb0f398296
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
msvbvm60
__vbaVarTstGt
__vbaVarSub
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaFreeVar
__vbaLineInputStr
__vbaLenBstr
__vbaStrVarMove
__vbaLateIdCall
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
__vbaNextEachVar
__vbaFreeObjList
_adj_fprem1
__vbaRecAnsiToUni
ord518
ord626
__vbaForEachCollAd
__vbaVarCmpNe
__vbaStrCat
__vbaLsetFixstr
__vbaSetSystemError
__vbaHresultCheckObj
__vbaLenVar
_adj_fdiv_m32
ord666
__vbaExitProc
__vbaOnError
ord595
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaStrFixstr
__vbaBoolVar
ord520
__vbaBoolVarNull
_CIsin
ord709
__vbaVarZero
ord632
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
ord528
__vbaStrCmp
__vbaVarTstEq
__vbaI2I4
__vbaObjVar
DllFunctionCall
__vbaVarLateMemSt
_adj_fpatan
__vbaFixstrConstruct
__vbaLateIdCallLd
__vbaRecUniToAnsi
EVENT_SINK_Release
ord600
_CIsqrt
__vbaObjIs
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord712
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
ord608
ord716
__vbaFPException
__vbaInStrVar
__vbaStrVarVal
__vbaVarCat
__vbaI2Var
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaVarLateMemCallLdRf
ord648
__vbaInStr
__vbaNew2
ord571
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
ord576
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarTstNe
__vbaVarSetVar
__vbaI4Var
__vbaLateMemCall
__vbaVarDup
__vbaStrToAnsi
__vbaVarLateMemCallLd
__vbaUnkVar
__vbaVarCopy
__vbaVarSetObjAddref
__vbaLateMemCallLd
ord617
_CIatan
__vbaStrMove
__vbaForEachVar
_allmul
__vbaLateIdSt
_CItan
__vbaNextEachCollAd
__vbaAryUnlock
_CIexp
__vbaFreeObj
__vbaFreeStr
user32
MessageBoxW
kernel32
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess
Exports
Exports
Sections
.text Size: - Virtual size: 60KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.vmp0 Size: - Virtual size: 12KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
.tls Size: 4KB - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp1 Size: 76KB - Virtual size: 72KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE