PowerOfficeold[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

PowerOfficeold.exe
Size

6.5MB
MD5

5e3463547c5e0d365313cd82a5f531d8
SHA1

38ce946dc442a1511dfeca4416b9321cf5bc36c6
SHA256

5d7eb7387e2bbce8e64023efd6225ba40c726dd6b80fa718bc854e02341ccaca
SHA512

37f82eec4c982235c2c9d03ebe8d37cbb8b266b6de27717dcf61adf3f1e1ccc2e623ac97e5e4633adbdabc33d30121c2d9a8ea942af0fb385c1ce8cb642fe404
SSDEEP

98304:zsDC1UYrBeBXaFf888aE7+4IFOtzUdlYCYAr22oyD0:AOmYrBeBh88T7mFOtzUdlYCYAr22oyI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
PowerOfficeold.exe

Files

PowerOfficeold.exe
.exe windows:4 windows x86 arch:x86

9b87af7cdd8ea863e49b270a66435bf5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord582
__vbaVarTstGt
__vbaVarSub
ord583
__vbaStrI2
ord690
_CIcos
_adj_fptan
ord585
__vbaStrI4
__vbaVarMove
__vbaVarVargNofree
__vbaAryMove
__vbaFpCDblR4
__vbaFreeVar
ord588
__vbaLineInputStr
__vbaStrVarMove
__vbaLateIdCall
__vbaLenBstr
__vbaPut3
__vbaEnd
__vbaFreeVarList
__vbaVarIdiv
_adj_fdiv_m64
__vbaPut4
__vbaVarIndexStore
ord621
__vbaNextEachVar
__vbaFreeObjList
__vbaLineInputVar
__vbaGetFxStr4
ord516
__vbaStrErrVarCopy
_adj_fprem1
__vbaRecAnsiToUni
ord519
__vbaResume
__vbaVarCmpNe
__vbaStrCat
ord552
ord553
__vbaCyInt
__vbaLsetFixstr
ord660
ord661
__vbaStrDate
__vbaRecDestruct
__vbaSetSystemError
ord662
__vbaHresultCheckObj
__vbaNameFile
ord557
__vbaLenVar
ord558
_adj_fdiv_m32
__vbaVarTstLe
ord666
ord667
__vbaAryDestruct
ord591
__vbaVarIndexLoadRefLock
ord592
__vbaBoolStr
__vbaStrBool
ord593
__vbaForEachCollObj
__vbaExitProc
__vbaVarForInit
ord300
__vbaFileCloseAll
ord594
ord301
__vbaCyAdd
__vbaOnError
__vbaObjSet
ord595
__vbaStrLike
ord596
_adj_fdiv_m16i
ord303
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
ord703
__vbaVarIndexLoad
ord305
__vbaCyStr
ord599
ord306
ord705
__vbaForEachCollVar
__vbaStrFixstr
__vbaBoolVar
ord520
ord307
ord706
ord309
__vbaVarTstLt
__vbaRefVarAry
__vbaFpR8
__vbaBoolVarNull
_CIsin
ord631
__vbaVargVarMove
ord525
__vbaVarZero
__vbaNextEachCollObj
__vbaVarCmpGt
ord632
__vbaChkstk
ord526
__vbaFileClose
EVENT_SINK_AddRef
__vbaVarAbs
ord528
__vbaGenerateBoundsError
__vbaExitEachColl
__vbaCyI2
__vbaStrCmp
ord529
__vbaAryConstruct2
__vbaVarTstEq
__vbaGet4
__vbaDateR8
__vbaCyI4
__vbaR4Str
ord560
__vbaPutOwner4
__vbaNextEachCollVar
__vbaPrintObj
__vbaI2I4
__vbaObjVar
ord561
ord562
DllFunctionCall
__vbaVarOr
__vbaVarLateMemSt
__vbaCySub
__vbaCastObjVar
__vbaStrR4
_adj_fpatan
__vbaR4Var
__vbaFixstrConstruct
__vbaLateIdCallLd
__vbaRedim
__vbaR8Cy
__vbaStrR8
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
ord600
_CIsqrt
__vbaObjIs
__vbaVarAnd
__vbaRedimVar
__vbaLateIdCallSt
ord311
EVENT_SINK_QueryInterface
ord710
__vbaVarMul
__vbaExceptHandler
ord711
ord313
ord712
__vbaPrintFile
__vbaStrToUnicode
ord314
__vbaDateStr
ord606
ord713
_adj_fprem
_adj_fdivr_m64
ord315
__vbaR8ErrVar
__vbaI2Str
__vbaVarDiv
ord714
__vbaLateIdStAd
ord316
ord608
ord531
ord716
__vbaFPException
__vbaInStrVar
ord717
ord319
__vbaUbound
__vbaStrVarVal
__vbaGetOwner4
ord534
__vbaVarCat
__vbaDateVar
__vbaLsetFixstrFree
__vbaI2Var
ord537
ord645
_CIlog
ord539
__vbaErrorOverflow
__vbaFileOpen
__vbaVar2Vec
__vbaInStr
__vbaNew2
__vbaVarLateMemCallLdRf
__vbaR8Str
ord648
ord570
__vbaVarInt
__vbaCyMulI2
ord571
_adj_fdiv_m32i
_adj_fdivr_m32i
ord573
__vbaStrCopy
__vbaVarSetObj
__vbaI4Str
ord681
__vbaVarNot
__vbaLateMemNamedCall
__vbaFreeStrList
ord576
_adj_fdivr_m32
_adj_fdiv_r
ord578
ord685
ord100
__vbaVarTstNe
__vbaVarSetVar
__vbaI4Var
__vbaVarCmpEq
ord689
__vbaFpCy
ord610
__vbaVarAdd
__vbaLateMemCall
ord320
__vbaFreeVarg
ord612
__vbaStrToAnsi
__vbaVarDup
ord321
ord613
__vbaFpI2
ord616
__vbaFpI4
__vbaVarTstGe
__vbaVarLateMemCallLd
__vbaVarCopy
__vbaVarSetObjAddref
__vbaRecDestructAnsi
__vbaR8IntI2
__vbaLateMemCallLd
ord617
_CIatan
ord618
ord540
__vbaStrMove
__vbaCastObj
ord541
__vbaForEachVar
__vbaR8IntI4
ord619
__vbaStrVarCopy
ord542
__vbaPutFxStr4
ord543
ord650
_allmul
ord651
ord544
__vbaLateIdSt
__vbaVarLateMemCallSt
ord545
_CItan
ord546
ord547
__vbaFPInt
__vbaAryUnlock
__vbaVarForNext
_CIexp
__vbaMidStmtBstr
__vbaRecAssign
__vbaFreeObj
__vbaFreeStr
ord581

Sections

.text
Size: 6.5MB - Virtual size: 6.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9b87af7cdd8ea863e49b270a66435bf5

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 6.5MB - Virtual size: 6.5MB

.data Size: 4KB - Virtual size: 161KB

.rsrc Size: 16KB - Virtual size: 15KB

.text
Size: 6.5MB - Virtual size: 6.5MB

.data
Size: 4KB - Virtual size: 161KB

.rsrc
Size: 16KB - Virtual size: 15KB