General

Malware Config

Signatures

Files

• 2c662ccfc6a3a744a54db1eefae43b4250c801de30fee0f9dd8ca15ff85b5e1d

  .exe windows x86

  9f46044ef6f81d51681d90796957f3cf

  
  

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  msvbvm60

  __vbaStrMove

  kernel32

  OpenThread

  GetModuleFileNameW

  GetModuleHandleA

  LoadLibraryA

  LocalAlloc

  LocalFree

  GetModuleFileNameA

  ExitProcess

  user32

  CharUpperBuffW

  Exports

  Exports

  &7j� ������1�+�lٿ��1d��j�� A0��'CD�@��Gp�)� �����W�9�����kY:]%��3r���7�3��>�F�"q���+ՠ���l�L�:x��<3����(��w��f����E2�>|�$u�;�i���z���A0�+���<���Y��L�~� v���>��IF;���|;g�p%[|.����k�zjD�7���G�V��U$L2�Ήε~���/ê��˘g>�.�s�"ϫ�˼x77r��Y��TU�l�&��A�<M[Wo3������Յ�T��6:��JmGO@i*w�He�����EJ��0���K��:�c�2�elQ�k2nP]�t���Q �������z�7��bs�f��w��#��y������W?��`F�lz�n0-�u�s�3^�K:Q�2(�nmpb}צ�U��T�A����Nñ���o��Tb��yp�)SpH� v��y�śI���"@�^����D�R�YT�ӊ��2� ��A�z��a��>Y��G;�8PA�^�CX"-֎r��Fs6\��ډ� ����5 ��/ \�1}�($��]�}��u;[Ԙm��|@�(�� �W��<<��
  D����ϱ���l�K�Pg`M&O�����C� ��߽�����ڔ�퍂E�J�݃9[�ħ�����ĕ���#��^� l��_���>O����:-�l�ؤ�n 1,j`_�X���+G��}>W
  X6�0��8<�Y���@�* z���iz���H�쉫
  �M�b��Ņ���T�U�-q�NHl K�*�#|��W���K���ؠBkF�rj�ӆ�y����
  ;Z玾�>VA�<�5J��[��<P�Buj>�;)����'�?.��՝����B��?�u��G/����ͦ���JU�������<���F.���{�>�U�J���=-�89�G#��(X�O�ڧ�T��U�t�?vX�b<����z������xk�: ��Cz;�:�,&)�A��3���{O�t�]zCCIc���q�o ������4�@=8M�Zbׯd! O�c�e3�n��t_��&.���a��8�;/?�,;h(]
  .���?���c� �P�sU��ME��K�g��(Jk/�ibJ��6���F�az�q諌�Q�}&��(�p,Cv\DZ����a��JJY �m� ���j˷x�t~@���*"p��'V떴t��-
  ��O<Ao �Ih��e{��XA�@��?%��f�c��b�)Y��a3nB)�w�%n�j��ɪEu�*P�A��۠jm�*k�A)br�ZQGg��i�]�f/ƍv�/Ƚ�JI�qv�i�w)��_���K�[��n���ŏQ�-1����%�
  & }����i�\Q�X�p��:�NMh0�f,��ē���
  նj�nH��y\��@����磘���M�s�L�� d���0<��477�aC���8��,�33B��N7�n�-je��K����������mX��iә��վFے����G��NB��CۮBz+��7�D��/L�z�C���W�
  O�} 8�[��dmld6^Vꣿ��|eoQr�6���������%%��tS�ض���t���-��Q�r��i��%Ud��%��a��k/����1r��,�*��ƭ�p�N�5��h�Ã�=��� �/W�̵�`��Eg<Wzư��W �Y I���&ۿ�B��s�.Y�I��$=�̕�����5ϭ��Ra�}�����b�Iqa��b���2K<���3�8jQ���C��8������ v~�n�hh������>/��A¬�O[E#'Ꚓ�ɂ�u�!�IP�&6���/8pK�<G��1\еǙ��0���^\�?��#�f* O�vm��},(w�ˠ�=.a��l����^UR�v
  (��-i�{C4xE�(���������R�lkH���I9�����EKۚ��a@����u%H�?:��W�3��Ƶ[g�m_�GڳOdK��=�o噉k2P�̇��x�5M ������%lBs�Z@L*un��s�6k'�}0�o���'��1C��-&�Sع7���Js�Va�o=Zc��h\����|��oĎ��?��-�»�f�R'y�?Ò�ܲi�-"�)�����כV�!&+s�?��(�_B�:j�T�aoQ�k�$=����氞2$hs� a5�*����6�D�j�G�X�<�N����~]�Dj�d�8��6�������Tb3/��cAoN U��;����n(������ީ�0�G�2�z���D+��j7�v'J͆e�J ��c����}�Q_�6������d(Lr�L��a3c��'r<��)}�$�ď?��-���j�Y����d7�*F��>|rg���ExgvX/�� A�E��=Dޓ� Y�,LW�EU�� 7o�8�w�bM�`X��/t\�u5�ߠa����Lv�� ����VO�z��4�ED�2���9��8
  UФ�C���ѽ�Jn�C{�4p��v� B>�r8�qe7s�T���'=d���o�z��Z��y�8}����f����Ko��u�mK�\���t���?%���C�xG��y6
  h~{{��E��!�;p*a����85�� �|�H��d99q�� -R���R�����6R�����)R��x gi���!VA�:p +��v8jO�U%8]
  j���"M�J?9�',9�ًԔ��vS&ōxTg�G���-�<I� 6�DQ�V��&�}Gm���4@5�Nm���t�c���ٝ큝g$_,; ly�֫����u}�-�Ȑ`�k�+�Ʒ����]"�����d�P��Q��p�u�t�L�iw>��XZ�w{�m���#��,��'�T��u���fvL�XY̍���A�3k]
  I#�a��+�� ��!P�Om���������Ҟi��� ���ǻ?-�\�Y�Ɔ�[!���#���~S��6x� �)�����v�� }���3R؈�����MZWaau��wݿs^5��l�1�@�N��#�D��Z\���,(�22��DѴBRv�^k%5�%3`Z�%*�'��� ?�a�Yԙ�䔈���f�e������#ӵm��`[������4�Vs��

  Sections

  .text

  Size: - Virtual size: 518KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: - Virtual size: 10KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .vmp0

  Size: - Virtual size: 1.2MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .tls

  Size: 4KB - Virtual size: 24B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .vmp1

  Size: 1.4MB - Virtual size: 1.4MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 40KB - Virtual size: 39KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ