Static task
static1
Behavioral task
behavioral1
Sample
Applied/APBATCH/75BB/WAAUINIT.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
Applied/APBATCH/75BB/WAAUINIT.exe
Resource
win10v2004-20230703-en
General
-
Target
9bf3688e-fd9e-4253-9ef8-c7d2b67ef3d6.zip
-
Size
187KB
-
MD5
6ccaae347ad1558b0f049b42cc73b868
-
SHA1
18f1ba9a9b1da2733ee811999d9fa8c15ac2669d
-
SHA256
b643e996576e085c65165e28dcb62c639a730c96a2cfea53757ef87ecfa856ce
-
SHA512
6de8ea1130ad809d9987211105774d15a906ca1c3c0a62cb3645ceaa90cb4f78e936c72ec36187b3e32bf3f60bc558514e90f415c3203f8b2a93bad3512f075c
-
SSDEEP
3072:GSWOkY6AyeIeBWH+tKzQNfhq8XBVXoZRDKIAZolCuJixRSMsJFO7n5lBHqSTMr54:GSWNyyt2K+o8pq8RVoZyZoYQsJsJkJHN
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/Applied/APBATCH/75BB/WAAUINIT.EXE
Files
-
9bf3688e-fd9e-4253-9ef8-c7d2b67ef3d6.zip.zip
Password: infected
-
Applied/APBATCH/75BB/WAAUINIT.EXE.exe windows x86
29c157c0ca6fd8e39fd0d273396aff54
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
msvbvm60
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
ord620
__vbaFreeObjList
ord517
_adj_fprem1
ord518
ord519
__vbaVarCmpNe
__vbaStrCat
ord660
__vbaSetSystemError
__vbaLenBstrB
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
__vbaExitProc
ord595
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord520
ord523
__vbaBoolVarNull
__vbaFpR8
_CIsin
ord631
ord632
ord525
__vbaChkstk
ord526
__vbaFileClose
EVENT_SINK_AddRef
ord527
__vbaGenerateBoundsError
ord529
__vbaStrCmp
__vbaAryConstruct2
__vbaVarTstEq
__vbaObjVar
__vbaI2I4
DllFunctionCall
ord670
__vbaVarOr
_adj_fpatan
__vbaStrR8
EVENT_SINK_Release
__vbaNew
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord712
__vbaPrintFile
ord606
_adj_fprem
_adj_fdivr_m64
ord607
__vbaI2Str
ord716
ord531
__vbaFPException
__vbaInStrVar
__vbaStrVarVal
__vbaVarCat
__vbaI2Var
__vbaFileSeek
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaR8Str
ord648
__vbaInStr
__vbaNew2
ord571
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaVarTstNe
__vbaI4Var
__vbaVarCmpEq
__vbaLateMemCall
__vbaVarAdd
__vbaVarDup
__vbaFpI2
ord616
_CIatan
ord618
__vbaStrMove
__vbaCastObj
ord650
_allmul
_CItan
_CIexp
__vbaMidStmtBstr
__vbaFreeStr
__vbaFreeObj
ord581
Sections
.text Size: 1.2MB - Virtual size: 1.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
ProgramData/McAfee/QuarMeta/9bf3688e-fd9e-4253-9ef8-c7d2b67ef3d6.xml