vrati[.]exe | Triage

General

Target

vrati.exe
Size

388KB
MD5

dd601ac839304931bcf2005cd0a004d9
SHA1

42b1558c543c8ee5e13ab2583bb4314117e2651d
SHA256

96a00bc1dea1de6b79ddc370043f03dcf9aae2c9e718aae2af32428403e6da96
SHA512

12de5243551e3f58c92806ae7da34c5c578f11f1ac90d93894753211465774d813bc7b07eaa6aa379b9dd497f7c153f3c46f93c8058336308252d837fdbb0775
SSDEEP

6144:e0k9BlxMf7cGdWV/ZB4MG4ccsDYRTVVj0PhpXp32nF9BlxMf7cGdB:zozxMTloVhBzxMTlT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
vrati.exe

Files

vrati.exe
.exe windows:4 windows x86

6213e58ae0c07b87aa6d75a560e2c42c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaFreeVar
ord588
__vbaStrVarMove
__vbaLenBstr
__vbaLateIdCall
__vbaLineInputStr
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaFreeObjList
ord516
_adj_fprem1
ord519
__vbaVarCmpNe
__vbaStrCat
__vbaLsetFixstr
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaOnError
ord595
__vbaObjSet
_adj_fdiv_m16i
_adj_fdivr_m16i
__vbaBoolVar
__vbaBoolVarNull
_CIsin
ord631
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaStrCmp
DllFunctionCall
__vbaVarOr
_adj_fpatan
__vbaFixstrConstruct
EVENT_SINK_Release
ord600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
ord608
__vbaFPException
__vbaStrVarVal
ord536
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaInStr
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaI4Var
__vbaVarCmpEq
__vbaVarAdd
__vbaStrToAnsi
__vbaVarDup
__vbaVarCopy
ord616
__vbaFpI4
ord617
_CIatan
__vbaStrMove
ord619
_allmul
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 208KB - Virtual size: 206KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6213e58ae0c07b87aa6d75a560e2c42c

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 208KB - Virtual size: 206KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 172KB - Virtual size: 171KB

.text
Size: 208KB - Virtual size: 206KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 172KB - Virtual size: 171KB