085c3e1f65c607c2ab705df43379769f

Sharing

Copy URL Twitter E-mail

General

Target

085c3e1f65c607c2ab705df43379769f
Size

1001KB
MD5

085c3e1f65c607c2ab705df43379769f
SHA1

a0f6a86267e7a2330c54c326bfe6e116ee3ca0d4
SHA256

e889078f79b31379ba7aac63fa2f80d0d52988dd593e80df8a08777118b86465
SHA512

9f156c7cddf779595380bc3ca24a7c7387e19d8947dedc4eda7427fcfab3aa46b6a99d2e60bf1dda0ccce67447abdd68e5456e0c5711fff2c1e69604d5c34c24
SSDEEP

24576:GDfxaBEkpcPQ8BaDETKYGI5ItMPSs/3eevnw0HrPtRR44BYG:GDfx4EqcPQjDE2YGI5ugPhnw0Hbt74sN

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/MSVBVM50.DLL
unpack001/PRoBot Pointer Finder v7.exe
unpack001/msnmsgr.exe

Files

085c3e1f65c607c2ab705df43379769f
.zip
1-) Beni OKU!!!.txt
Bilisim Sulari Sube Mdrlg.url
CodedByAlcazer.stl
Koxp Forum.url
.url
MSVBVM50.DLL
.dll regsvr32 windows:4 windows x86 arch:x86

0615e9c25da62e90a31fe72638c8f4fb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MoveFileA
ReadFile
LockFile
RemoveDirectoryA
CreateDirectoryA
UnlockFile
HeapSize
GetStringTypeW
FlushFileBuffers
TerminateProcess
HeapFree
GetACP
GetOEMCP
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetStdHandle
GetTimeZoneInformation
LockResource
ExitThread
RaiseException
GetTempFileNameA
lstrcpynA
GetLastError
_lclose
_llseek
FreeLibrary
GetLocaleInfoA
lstrcpyA
GetModuleHandleA
GetSystemDefaultLangID
FormatMessageA
TlsGetValue
HeapCreate
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
IsDBCSLeadByte
IsBadReadPtr
MulDiv
lstrcmpiA
GetTickCount
GetCurrentThreadId
lstrcmpA
lstrlenA
HeapAlloc
CreateThread
SetEnvironmentVariableA
LCMapStringW
GetStringTypeA
CompareStringW
FileTimeToLocalFileTime
SetLocalTime
SetFileAttributesA
SetFileTime
FileTimeToSystemTime
GetFileTime
GetUserDefaultLangID
GetModuleFileNameW
GetLocalTime
CreateProcessW
RtlUnwind
GetDateFormatA
UnhandledExceptionFilter
FormatMessageW
GetStartupInfoA
SetCurrentDirectoryA
ExitProcess
GetShortPathNameA
GetVolumeInformationA
GetStringTypeExA
GetDriveTypeA
FindClose
FindFirstFileA
FindNextFileA
VirtualAlloc
VirtualFree
GetSystemInfo
WinExec
VirtualProtect
FlushInstructionCache
SetFilePointer
WriteFile
SetEndOfFile
ResumeThread
GetCurrentProcess
DuplicateHandle
TlsFree
GetCommandLineA
TlsSetValue
lstrcmpiW
TlsAlloc
GetVersion
LoadLibraryExA
CreateProcessA
GetExitCodeProcess
MultiByteToWideChar
GetSystemTime
SystemTimeToFileTime
SetEvent
WaitForSingleObject
ResetEvent
GetCurrentProcessId
CloseHandle
CreateEventA
IsBadCodePtr
FreeResource
GetSystemDefaultLCID
LoadLibraryA
GetUserDefaultLCID
GetSystemDirectoryA
Sleep
GetProcAddress
GetVersionExA
SetErrorMode
GlobalDeleteAtom
HeapDestroy
LCMapStringA
GlobalAddAtomA
ReleaseSemaphore
GetProfileStringA
CreateSemaphoreA
VirtualQuery
CompareStringA
WideCharToMultiByte
HeapReAlloc
GetCurrentDirectoryA
lstrcatA
GetFileAttributesA
GetFullPathNameA
GetModuleFileNameA
SearchPathA
GetFileType
SetLastError
CreateFileA
GlobalFree
DeleteFileA
GlobalUnlock
SizeofResource
FindResourceA
LoadResource
GlobalHandle
GlobalAlloc
GlobalSize
_lwrite
GlobalReAlloc
GlobalLock
GetTempPathA
_lread
GetWindowsDirectoryA
SetHandleCount
GetStdHandle
GetCPInfo

user32

DdeConnect
DdePostAdvise
DdeClientTransaction
DdeAbandonTransaction
DdeGetData
DdeGetLastError
DdeCreateDataHandle
DdeCmpStringHandles
SetCursorPos
EnumClipboardFormats
DestroyCursor
GetAsyncKeyState
WaitForInputIdle
GetForegroundWindow
keybd_event
VkKeyScanW
SetWindowsHookExW
CharUpperBuffW
CharUpperBuffA
CharLowerBuffW
FindWindowW
FindWindowA
GetLastActivePopup
GetClassInfoExA
LoadIconA
RegisterClassExA
FrameRect
CreateDialogParamA
IsRectEmpty
IsDialogMessageA
ShowCursor
OemToCharA
CharToOemBuffA
LoadAcceleratorsA
BringWindowToTop
GetClipboardFormatNameA
DrawTextA
SetWindowTextA
SendDlgItemMessageA
SetDlgItemTextA
GetWindowTextA
EndDialog
LoadBitmapA
CallNextHookEx
DispatchMessageA
MsgWaitForMultipleObjects
WaitMessage
PostQuitMessage
GetKeyboardLayout
UnhookWindowsHookEx
RegisterClipboardFormatA
CreateCursor
CreateIcon
PostMessageW
PeekMessageW
GetPropA
RemovePropA
SetPropA
CharUpperA
ClipCursor
GetKeyState
DefFrameProcA
GetDlgItem
IsWindow
UnregisterClassA
RegisterClassA
DestroyWindow
AdjustWindowRect
GetTabbedTextExtentA
TabbedTextOutA
GetUpdateRect
FillRect
CharToOemA
LoadStringA
MessageBoxA
wsprintfA
WinHelpA
GetSysColor
GetWindowDC
GetSystemMetrics
SetActiveWindow
DdeSetUserHandle
DdeDisconnect
EqualRect
CopyRect
AdjustWindowRectEx
TranslateMDISysAccel
GetMenuItemCount
GetMenuStringA
GetMenuState
AppendMenuA
IsCharAlphaA
GetCaretPos
CharPrevA
CharNextA
ReleaseDC
GetDC
IntersectRect
GetUpdateRgn
BeginPaint
EndPaint
PtInRect
WindowFromPoint
ReleaseCapture
SetCapture
InflateRect
GetWindowRect
ScreenToClient
MoveWindow
IsWindowEnabled
GetActiveWindow
IsChild
SetParent
ClientToScreen
DrawFocusRect
GetMessageTime
GetMessagePos
CopyAcceleratorTableA
GetWindowRgn
GetMenuItemInfoA
SetMenuItemInfoA
GetKeyboardState
TranslateMessage
SetKeyboardState
GetQueueStatus
RemoveMenu
EnableMenuItem
MapWindowPoints
GetCursorPos
CallWindowProcA
GetDoubleClickTime
CreateMenu
GetClientRect
CreateWindowExA
SetWindowContextHelpId
InvalidateRect
DefWindowProcA
GetDesktopWindow
GetWindowThreadProcessId
SetForegroundWindow
MessageBeep
DefMDIChildProcA
IsZoomed
DestroyMenu
PeekMessageA
PostMessageA
IsIconic
UpdateWindow
SetWindowLongA
DrawMenuBar
GetWindowLongA
IsWindowVisible
EnableWindow
SetFocus
SendMessageA
ShowWindow
GetCapture
GetClassNameA
SetWindowsHookExA
LoadCursorA
SetCursor
GetWindow
GetParent
GetFocus
OffsetRect
SetWindowPos
GetSystemMenu
DdeUninitialize
DdeCreateStringHandleA
DdeNameService
DdeQueryConvInfo
DdeInitializeA
DdeFreeStringHandle
SetScrollRange
DdeQueryStringA
DdeFreeDataHandle
LockWindowUpdate
SetScrollPos
DrawFrameControl
SetClipboardData
CharLowerBuffA
IsClipboardFormatAvailable
EmptyClipboard
GetClipboardData
OpenClipboard
SetCaretPos
CloseClipboard
GetCaretBlinkTime
DestroyCaret
GetWindowTextLengthA
HideCaret
GetScrollPos
CreateCaret
ShowCaret
ToAscii
SetRect
SetWindowRgn
ShowScrollBar
CreateAcceleratorTableA
DestroyAcceleratorTable
SubtractRect
EnumThreadWindows
SetScrollInfo
AttachThreadInput
InvalidateRgn
GetDCEx
DeleteMenu
TrackPopupMenu
SetMenuDefaultItem
GetSubMenu
CreatePopupMenu
InsertMenuA
SetMenu
GetMenuItemID
GetMenu
SetTimer
CheckMenuItem
ModifyMenuA
GetIconInfo
KillTimer
GetCursor
DeferWindowPos
BeginDeferWindowPos
EndDeferWindowPos
CharLowerA
PostThreadMessageA
VkKeyScanA
DrawIcon
MessageBoxIndirectA
SystemParametersInfoA
DestroyIcon
DialogBoxParamA
GetClassInfoA
LoadImageA
GetScrollInfo

gdi32

CreateSolidBrush
CreatePen
SetBkColor
CreateHatchBrush
CreatePatternBrush
CreateBitmap
SetTextColor
OffsetRgn
CreateRectRgn
OffsetWindowOrgEx
PatBlt
SetBrushOrgEx
SelectObject
IntersectClipRect
SaveDC
RestoreDC
CombineRgn
SetRectRgn
Rectangle
SelectPalette
GetClipBox
RealizePalette
SetWindowOrgEx
ExcludeClipRect
SetROP2
GetTextMetricsA
EnumFontsA
CreateHalftonePalette
SetBkMode
GetROP2
TranslateCharsetInfo
BitBlt
CreateCompatibleDC
DeleteDC
GetObjectA
GetDeviceCaps
CreateCompatibleBitmap
CreateBrushIndirect
GetStockObject
CreatePenIndirect
MoveToEx
Arc
LineTo
Ellipse
SetStretchBltMode
Pie
ExtTextOutA
GetTextExtentPoint32A
GetPixel
CreateRectRgnIndirect
GetBitmapBits
SetPixelV
GetCurrentObject
GetTextExtentPointA
StretchDIBits
GetBkColor
StretchBlt
TextOutA
CreatePalette
EndDoc
CreateDIBitmap
StartPage
EndPage
AbortDoc
CreateDCA
ResetDCA
StartDocA
ScaleViewportExtEx
SetViewportExtEx
Escape
SetWindowExtEx
SetMapMode
SetViewportOrgEx
CloseMetaFile
CreateMetaFileA
DeleteMetaFile
SelectClipRgn
SetAbortProc
PlayMetaFile
PtInRegion
DeleteEnhMetaFile
CreateFontIndirectA
GetEnhMetaFileHeader
ScaleWindowExtEx
PlayEnhMetaFile
GetPaletteEntries
CloseEnhMetaFile
GetWindowOrgEx
CreateICA
ExtCreateRegion
CreateEnhMetaFileA
GetWindowExtEx
GetViewportExtEx
GetDIBits
CopyMetaFileA
PathToRegion
CopyEnhMetaFileA
BeginPath
WidenPath
EndPath
GetMapMode
SetDIBColorTable
GetTextColor
RoundRect
CreateRoundRectRgn
CreateDIBSection
GetObjectType
GetSystemPaletteEntries
CreateEllipticRgnIndirect
DeleteObject
UnrealizeObject
GetNearestColor

advapi32

ReportEventA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryValueA
RegSetValueA
RegSetValueExA
RegCreateKeyA
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyA
RegisterEventSourceA
DeregisterEventSource
RegQueryInfoKeyA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegSetValueExW
RegOpenKeyW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyW
RegEnumValueW
RegEnumValueA
RegQueryValueExW
RegCreateKeyW

ole32

OleLoad
BindMoniker
RegisterDragDrop
RevokeDragDrop
CoLockObjectExternal
DoDragDrop
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
CreateDataAdviseHolder
CreateOleAdviseHolder
OleLoadFromStream
CoMarshalInterface
CoUnmarshalInterface
CreateStreamOnHGlobal
StringFromCLSID
StringFromGUID2
CLSIDFromProgID
ProgIDFromCLSID
CoGetClassObject
CoCreateInstance
CoRegisterClassObject
CoRevokeClassObject
CLSIDFromString
MkParseDisplayName
OleLockRunning
CreateILockBytesOnHGlobal
OleFlushClipboard
ReleaseStgMedium
OleQueryLinkFromData
OleQueryCreateFromData
OleIsCurrentClipboard
OleSetMenuDescriptor
OleSave
StgOpenStorage
OleDoAutoConvert
OleDuplicateData
OleRegGetUserType
CoIsOle1Class
OleSaveToStream
ReadClassStm
ReadClassStg
OleConvertIStorageToOLESTREAM
OleConvertOLESTREAMToIStorage
StgCreateDocfile
StgIsStorageILockBytes
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
OleCreateFromData
OleCreateLinkFromData
OleGetIconOfClass
OleGetClipboard
OleSetClipboard
OleIsRunning
CreateBindCtx
OleCreateLink
OleCreateLinkToFile
GetClassFile
OleGetAutoConvert
OleRun
OleCreateFromFile
WriteClassStg
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CoGetMalloc
IIDFromString
CoDisconnectObject
IsAccelerator

oleaut32

VariantClear
OleTranslateColor
SysFreeString
OleCreateFontIndirect
VariantInit
SysStringLen
SysAllocStringByteLen
OleCreatePictureIndirect
SysAllocStringLen
VariantChangeType
OaBuildVersion
CreateErrorInfo
GetErrorInfo
SetErrorInfo
SysStringByteLen
CreateDispTypeInfo
DispGetParam
DispGetIDsOfNames
DispInvoke
OleCreatePropertyFrame
LoadTypeLibEx
UnRegisterTypeLi
RegisterTypeLi
LoadTypeLi
SafeArrayUnaccessData
SysAllocString
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayAccessData
VariantCopy
SafeArrayDestroy
SafeArrayCreate
VariantCopyInd
SafeArrayGetUBound
OleLoadPicture
SafeArrayGetElement
SafeArrayPutElement
SafeArrayGetLBound
SafeArrayCopy
OleIconToCursor
SafeArrayRedim
SafeArrayDestroyDescriptor
SafeArrayAllocData
RevokeActiveObject
SafeArrayDestroyData
SafeArrayLock
SafeArrayAllocDescriptor
VariantChangeTypeEx
GetActiveObject
SafeArrayUnlock
VarR8FromStr
SysReAllocStringLen
VarDateFromStr
VarBstrFromI2
VarCyFromI4
VarBstrFromR4
VarBstrFromR8
VarBstrFromI4
VarBstrFromCy
VarI2FromStr
VarBstrFromDate
VarI4FromR8
VarR4FromStr
VarI4FromStr
SysReAllocString
VarCyFromStr
LoadRegTypeLi
LHashValOfNameSysA

Exports

Exports

BASIC_CLASS_AddRef
BASIC_CLASS_GetIDsOfNames
BASIC_CLASS_Invoke
BASIC_CLASS_QueryInterface
BASIC_CLASS_Release
BASIC_DISPINTERFACE_GetTICount
BASIC_DISPINTERFACE_GetTypeInfo
CopyRecord
CreateIExprSrvObj
DLLGetDocumentation
DllFunctionCall
DllRegisterServer
DllUnregisterServer
EVENT_SINK2_AddRef
EVENT_SINK2_Release
EVENT_SINK_AddRef
EVENT_SINK_GetIDsOfNames
EVENT_SINK_Invoke
EVENT_SINK_QueryInterface
EVENT_SINK_Release
EbCreateContext
EbDestroyContext
EbGetHandleOfExecutingProject
EbGetObjConnectionCounts
EbGetVBAObject
EbIsProjectOnStack
EbLibraryLoad
EbLibraryUnload
EbLoadRunTime
EbResetProject
EbResetProjectNormal
EbSetContextWorkerThread
GetMem1
GetMem2
GetMem4
GetMem8
GetMemEvent
GetMemNewObj
GetMemObj
GetMemStr
GetMemVar
IID_IVbaHost
MethCallEngine
ProcCallEngine
PutMem1
PutMem2
PutMem4
PutMem8
PutMemEvent
PutMemNewObj
PutMemObj
PutMemStr
PutMemVar
SetMemEvent
SetMemNewObj
SetMemObj
SetMemVar
ThunRTMain
TipCreateInstanceEx
TipCreateInstanceProject
TipGetAddressOfPredeclaredInstance
TipInvokeMethod
TipInvokeMethod2
TipSetOption
TipUnloadInstance
TipUnloadProject
UserDllMain
VBDllCanUnloadNow
VBDllGetClassObject
VBDllRegisterServer
VBDllUnRegisterServer
VarPtr
Zombie_AddRef
Zombie_GetIDsOfNames
Zombie_GetTypeInfo
Zombie_GetTypeInfoCount
Zombie_Invoke
Zombie_QueryInterface
Zombie_Release
_CIatan
_CIcos
_CIexp
_CIlog
_CIsin
_CIsqrt
_CItan
__vbaAptOffset
__vbaAryConstruct
__vbaAryCopy
__vbaAryDestruct
__vbaAryLock
__vbaAryMove
__vbaAryRebase1Var
__vbaAryUnlock
__vbaAryVarVarg
__vbaBoolErrVar
__vbaBoolStr
__vbaBoolVar
__vbaBoolVarNull
__vbaCastObj
__vbaCastObjVar
__vbaCheckType
__vbaCheckTypeVar
__vbaChkstk
__vbaCopyBytes
__vbaCyAbs
__vbaCyAdd
__vbaCyErrVar
__vbaCyFix
__vbaCyForInit
__vbaCyForNext
__vbaCyI2
__vbaCyI4
__vbaCyInt
__vbaCyMul
__vbaCyMulI2
__vbaCySgn
__vbaCyStr
__vbaCySub
__vbaCyUI1
__vbaCyVar
__vbaDateR4
__vbaDateR8
__vbaDateStr
__vbaDateVar
__vbaDerefAry
__vbaDerefAry1
__vbaEnd
__vbaErase
__vbaEraseKeepData
__vbaEraseNoPop
__vbaError
__vbaErrorOverflow
__vbaExceptHandler
__vbaExitEachAry
__vbaExitEachColl
__vbaExitEachVar
__vbaExitProc
__vbaFPException
__vbaFPFix
__vbaFPInt
__vbaFailedFriend
__vbaFileClose
__vbaFileCloseAll
__vbaFileLock
__vbaFileOpen
__vbaFileSeek
__vbaFixstrConstruct
__vbaForEachAry
__vbaForEachCollAd
__vbaForEachCollObj
__vbaForEachCollVar
__vbaForEachVar
__vbaFpCDblR4
__vbaFpCDblR8
__vbaFpCSngR4
__vbaFpCSngR8
__vbaFpCmpCy
__vbaFpCy
__vbaFpI2
__vbaFpI4
__vbaFpR4
__vbaFpR8
__vbaFpUI1
__vbaFreeObj
__vbaFreeObjList
__vbaFreeStr
__vbaFreeStrList
__vbaFreeVar
__vbaFreeVarList
__vbaFreeVarg
__vbaGenerateBoundsError
__vbaGet3
__vbaGet4
__vbaGetFxStr3
__vbaGetFxStr4
__vbaGetOwner3
__vbaGetOwner4
__vbaGosub
__vbaGosubFree
__vbaGosubReturn
__vbaHresultCheck
__vbaHresultCheckNonvirt
__vbaHresultCheckObj
__vbaI2Abs
__vbaI2Cy
__vbaI2ErrVar
__vbaI2ForNextCheck
__vbaI2I4
__vbaI2Sgn
__vbaI2Str
__vbaI2Var
__vbaI4Abs
__vbaI4Cy
__vbaI4ErrVar
__vbaI4ForNextCheck
__vbaI4Sgn
__vbaI4Str
__vbaI4Var
__vbaInStr
__vbaInStrB
__vbaInStrVar
__vbaInStrVarB
__vbaInputFile
__vbaLateIdCall
__vbaLateIdCallLd
__vbaLateIdCallSt
__vbaLateIdNamedCall
__vbaLateIdNamedCallLd
__vbaLateIdNamedCallSt
__vbaLateIdNamedStAd
__vbaLateIdSt
__vbaLateIdStAd
__vbaLateMemCall
__vbaLateMemCallLd
__vbaLateMemCallSt
__vbaLateMemNamedCall
__vbaLateMemNamedCallLd
__vbaLateMemNamedCallSt
__vbaLateMemNamedStAd
__vbaLateMemSt
__vbaLateMemStAd
__vbaLbound
__vbaLenBstr
__vbaLenBstrB
__vbaLenVar
__vbaLenVarB
__vbaLineInputStr
__vbaLineInputVar
__vbaLsetFixstr
__vbaLsetFixstrFree
__vbaMidStmtBstr
__vbaMidStmtBstrB
__vbaMidStmtVar
__vbaMidStmtVarB
__vbaNameFile
__vbaNew
__vbaNew2
__vbaNextEachAry
__vbaNextEachCollAd
__vbaNextEachCollObj
__vbaNextEachCollVar
__vbaNextEachVar
__vbaObjAddref
__vbaObjIs
__vbaObjSet
__vbaObjSetAddref
__vbaObjVar
__vbaOnError
__vbaOnGoCheck
__vbaPowerR8
__vbaPrintFile
__vbaPrintObj
__vbaPut3
__vbaPut4
__vbaPutFxStr3
__vbaPutFxStr4
__vbaPutOwner3
__vbaPutOwner4
__vbaR4Cy
__vbaR4ErrVar
__vbaR4ForNextCheck
__vbaR4Sgn
__vbaR4Str
__vbaR4Var
__vbaR8Cy
__vbaR8ErrVar
__vbaR8FixI2
__vbaR8FixI4
__vbaR8ForNextCheck
__vbaR8IntI2
__vbaR8IntI4
__vbaR8Sgn
__vbaR8Str
__vbaR8Var
__vbaRaiseEvent
__vbaRecAnsiToUni
__vbaRecAssign
__vbaRecDestruct
__vbaRecDestructAnsi
__vbaRecUniToAnsi
__vbaRedim
__vbaRedimPreserve
__vbaRedimPreserveVar
__vbaRedimVar
__vbaRefVarAry
__vbaResume
__vbaRsetFixstr
__vbaRsetFixstrFree
__vbaSetSystemError
__vbaStopExe
__vbaStr2Vec
__vbaStrAryToAnsi
__vbaStrAryToUnicode
__vbaStrBool
__vbaStrCat
__vbaStrCmp
__vbaStrComp
__vbaStrCompVar
__vbaStrCopy
__vbaStrCy
__vbaStrDate
__vbaStrErrVarCopy
__vbaStrFixstr
__vbaStrI2
__vbaStrI4
__vbaStrLike
__vbaStrMove
__vbaStrR4
__vbaStrR8
__vbaStrTextCmp
__vbaStrTextLike
__vbaStrToAnsi
__vbaStrToUnicode
__vbaStrUI1
__vbaStrVarCopy
__vbaStrVarMove
__vbaStrVarVal
__vbaUI1Cy
__vbaUI1ErrVar
__vbaUI1I2
__vbaUI1I4
__vbaUI1Sgn
__vbaUI1Str
__vbaUI1Var
__vbaUbound
__vbaUnkVar
__vbaVar2Vec
__vbaVarAbs
__vbaVarAdd
__vbaVarAnd
__vbaVarCat
__vbaVarCmpEq
__vbaVarCmpGe
__vbaVarCmpGt
__vbaVarCmpLe
__vbaVarCmpLt
__vbaVarCmpNe
__vbaVarCopy
__vbaVarDateVar
__vbaVarDiv
__vbaVarDup
__vbaVarEqv
__vbaVarErrI4
__vbaVarFix
__vbaVarForInit
__vbaVarForNext
__vbaVarIdiv
__vbaVarImp
__vbaVarIndexLoad
__vbaVarIndexLoadRef
__vbaVarIndexLoadRefLock
__vbaVarIndexStore
__vbaVarIndexStoreObj
__vbaVarInt
__vbaVarLike
__vbaVarLikeVar
__vbaVarMod
__vbaVarMove
__vbaVarMul
__vbaVarNeg
__vbaVarNot
__vbaVarOr
__vbaVarPow
__vbaVarSetObj
__vbaVarSetObjAddref
__vbaVarSetUnk
__vbaVarSetUnkAddref
__vbaVarSetVar
__vbaVarSetVarAddref
__vbaVarSub
__vbaVarTextCmpEq
__vbaVarTextCmpGe
__vbaVarTextCmpGt
__vbaVarTextCmpLe
__vbaVarTextCmpLt
__vbaVarTextCmpNe
__vbaVarTextLike
__vbaVarTextLikeVar
__vbaVarTextTstEq
__vbaVarTextTstGe
__vbaVarTextTstGt
__vbaVarTextTstLe
__vbaVarTextTstLt
__vbaVarTextTstNe
__vbaVarTstEq
__vbaVarTstGe
__vbaVarTstGt
__vbaVarTstLe
__vbaVarTstLt
__vbaVarTstNe
__vbaVarVargNofree
__vbaVarXor
__vbaVargObj
__vbaVargObjAddref
__vbaVargParmRef
__vbaVargUnk
__vbaVargUnkAddref
__vbaVargVar
__vbaVargVarCopy
__vbaVargVarMove
__vbaVargVarRef
__vbaVerifyVarObj
__vbaWriteFile
_adj_fdiv_m16i
_adj_fdiv_m32
_adj_fdiv_m32i
_adj_fdiv_m64
_adj_fdiv_r
_adj_fdivr_m16i
_adj_fdivr_m32
_adj_fdivr_m32i
_adj_fdivr_m64
_adj_fpatan
_adj_fprem
_adj_fprem1
_adj_fptan
_allmul
rtBoolFromErrVar
rtBstrFromErrVar
rtCyFromErrVar
rtDecFromVar
rtI2FromErrVar
rtI4FromErrVar
rtR4FromErrVar
rtR8FromErrVar
rtUI1FromErrVar
rtcAbsVar
rtcAnsiValueBstr
rtcAppActivate
rtcAppleScript
rtcArray
rtcAtn
rtcBeep
rtcBstrFromAnsi
rtcBstrFromByte
rtcBstrFromChar
rtcBstrFromError
rtcBstrFromFormatVar
rtcByteValueBstr
rtcCVErrFromVar
rtcChangeDir
rtcChangeDrive
rtcCharValueBstr
rtcChoose
rtcCommandBstr
rtcCommandVar
rtcCompareBstr
rtcCos
rtcCreateObject
rtcCurrentDir
rtcCurrentDirBstr
rtcDDB
rtcDateAdd
rtcDateDiff
rtcDateFromVar
rtcDatePart
rtcDeleteSetting
rtcDir
rtcDoEvents
rtcEndOfFile
rtcEnvironBstr
rtcEnvironVar
rtcErrObj
rtcExp
rtcFV
rtcFileAttributes
rtcFileCopy
rtcFileDateTime
rtcFileLen
rtcFileLength
rtcFileLocation
rtcFileReset
rtcFileSeek
rtcFileWidth
rtcFixVar
rtcFreeFile
rtcGetAllSettings
rtcGetCurrentCalendar
rtcGetDateBstr
rtcGetDateValue
rtcGetDateVar
rtcGetDayOfMonth
rtcGetDayOfWeek
rtcGetErl
rtcGetFileAttr
rtcGetHostLCID
rtcGetHourOfDay
rtcGetMinuteOfHour
rtcGetMonthOfYear
rtcGetObject
rtcGetPresentDate
rtcGetSecondOfMinute
rtcGetSetting
rtcGetTimeBstr
rtcGetTimeValue
rtcGetTimeVar
rtcGetTimer
rtcGetYear
rtcHexBstrFromVar

Sections

.text
Size: 1008KB - Virtual size: 1007KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

ENGINE
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 164KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PRoBot Pointer Finder v7.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.rsrc
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PRoBot.ini
msnmsgr.exe
.exe windows:4 windows x86 arch:x86

66a039791c8a25fdeaacc4934d3fde34

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm50

ord690
MethCallEngine
ord622
ord516
ord518
ord660
ord661
ord662
ord666
ord593
ord300
ord594
ord301
ord595
ord598
ord306
ord520
ord307
ord631
ord632
ord526
EVENT_SINK_AddRef
ord528
ord529
DllFunctionCall
EVENT_SINK_Release
ord600
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord606
ord607
ord608
ProcCallEngine
ord536
ord537
ord572
ord573
ord681
ord576
ord685
ord100
ord579
ord689
ord612
ord613
ord616
ord617
ord618
ord619
ord542
ord543
ord544
ord546
ord547
ord581

Sections

.text
Size: 803KB - Virtual size: 803KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tabctl32.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

e0cb36c66e5c120ef20ebc4f30366345

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/12/2000, 08:00

Not After

12/11/2005, 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:0e:7d:a7:00:00:00:00:00:48
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/10/2003, 05:59

Not After

25/01/2005, 06:09

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

07:16:79:f2:31:8b:3f:8a:bf:35:d8:e9:f0:71:c6:c1:69:48:39:b7
Signer

Actual PE Digest

07:16:79:f2:31:8b:3f:8a:bf:35:d8:e9:f0:71:c6:c1:69:48:39:b7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

GetStringTypeW
GetStringTypeA
VirtualAlloc
LCMapStringW
LCMapStringA
WriteFile
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
VirtualFree
HeapCreate
HeapDestroy
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetCurrentProcess
TerminateProcess
ExitProcess
RaiseException
GetOEMCP
GetACP
GetCPInfo
GetModuleHandleA
GetCommandLineA
lstrcpynA
GetFileAttributesA
GetVersion
DisableThreadLibraryCalls
FindResourceA
LoadResource
LockResource
GetLastError
InterlockedDecrement
InterlockedIncrement
GetProcAddress
GetLocaleInfoA
LoadLibraryA
GetWindowsDirectoryA
GetModuleFileNameA
MultiByteToWideChar
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
lstrcmpiA
lstrlenA
GlobalSize
IsDBCSLeadByte
LeaveCriticalSection
DeleteCriticalSection
FreeLibrary
HeapFree
WideCharToMultiByte
lstrlenW
HeapAlloc
lstrcpyA
EnterCriticalSection
GetProcessHeap
HeapReAlloc
lstrcmpA
InitializeCriticalSection
lstrcatA

user32

BeginPaint
GetClientRect
MoveWindow
IntersectRect
PtInRect
CreateWindowExA
SetWindowPos
SetFocus
SetWindowRgn
FillRect
CopyRect
DrawFocusRect
GetSysColor
IsWindowEnabled
GetWindowRect
GetWindowDC
DestroyWindow
GetWindowLongA
SetWindowLongA
CallWindowProcA
CharNextA
OffsetRect
SetRectEmpty
ShowWindow
IsDialogMessageA
ScreenToClient
GetClipboardFormatNameA
RegisterClipboardFormatA
MapWindowPoints
SetCursorPos
InvalidateRect
UnregisterClassA
ReleaseCapture
GetNextDlgTabItem
CreateDialogIndirectParamA
IsChild
SetParent
IsWindowVisible
WinHelpA
InflateRect
EndDialog
GetActiveWindow
DialogBoxParamA
GetCursorPos
IsIconic
GetParent
LockWindowUpdate
EqualRect
IsWindow
MessageBeep
MessageBoxA
GetDlgItemInt
GetDlgItemTextA
IsDlgButtonChecked
SendDlgItemMessageA
SetDlgItemTextA
SetDlgItemInt
CheckDlgButton
GetDlgItem
wsprintfA
GetKeyState
DefWindowProcA
SetCursor
PeekMessageA
SendMessageA
GetFocus
GetDC
ReleaseDC
SetRect
IsCharAlphaNumericA
VkKeyScanA
CreateAcceleratorTableA
EnableWindow
LoadCursorA
RegisterClassA
DestroyAcceleratorTable
LoadStringA
GetWindow
GetSystemMetrics
EndPaint
ClientToScreen

ole32

ReleaseStgMedium
DoDragDrop
RegisterDragDrop
RevokeDragDrop
CreateOleAdviseHolder
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
OleSaveToStream
OleLoadFromStream

advapi32

RegEnumKeyExA
RegQueryValueA
RegOpenKeyA
RegQueryValueExA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

oleaut32

SysAllocStringLen
OleCreatePropertyFrame
LoadTypeLi
SafeArrayCopy
SafeArrayRedim
SafeArrayGetElement
SafeArrayCreate
SafeArrayPutElement
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayDestroy
SafeArrayUnaccessData
VariantCopyInd
SafeArrayAccessData
LoadTypeLibEx
UnRegisterTypeLi
VariantCopy
CreateErrorInfo
SetErrorInfo
RegisterTypeLi
VariantInit
SysStringLen
VariantChangeType
GetErrorInfo
OleLoadPicture
OleTranslateColor
LoadRegTypeLi
SysAllocStringByteLen
SysStringByteLen
OleCreatePictureIndirect
OleCreateFontIndirect
VariantClear
SysFreeString
SysAllocString

gdi32

SetMapMode
GetWindowExtEx
GetViewportExtEx
LPtoDP
GetNearestColor
CreatePalette
GetBitmapBits
CreateDIBitmap
GetDIBits
CopyEnhMetaFileA
CopyMetaFileA
CreateDCA
SetWindowOrgEx
SetViewportOrgEx
SetWindowExtEx
SetViewportExtEx
GetDeviceCaps
DeleteDC
DeleteObject
StretchBlt
SelectObject
CreateBitmap
CreateCompatibleDC
RealizePalette
SelectPalette
GetOutlineTextMetricsA
BitBlt
CreateCompatibleBitmap
SetTextColor
SetBkColor
CreateRectRgn
CreateFontIndirectA
GetObjectA
SelectClipRgn
CombineRgn
CreatePolygonRgn
SetBkMode
CreatePen
TextOutA
GetTextColor
LineTo
MoveToEx
GetTextExtentPoint32A
GetCharWidthA
GetCurrentPositionEx
SetTextAlign
GetStockObject
CreateSolidBrush
OffsetRgn
SetBrushOrgEx
UnrealizeObject
GetPaletteEntries
CreateRectRgnIndirect
CreateICA

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 140KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0615e9c25da62e90a31fe72638c8f4fb

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 1008KB - Virtual size: 1007KB

ENGINE Size: 68KB - Virtual size: 67KB

.data Size: 16KB - Virtual size: 22KB

.rsrc Size: 164KB - Virtual size: 160KB

.reloc Size: 64KB - Virtual size: 63KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.rsrc Size: 100KB - Virtual size: 99KB

.text Size: 16KB - Virtual size: 16KB

.reloc Size: 512B - Virtual size: 12B

66a039791c8a25fdeaacc4934d3fde34

Headers

File Characteristics

Imports

msvbvm50

Sections

.text Size: 803KB - Virtual size: 803KB

.data Size: - Virtual size: 26KB

.idata Size: 1024B - Virtual size: 648B

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 28KB - Virtual size: 27KB

e0cb36c66e5c120ef20ebc4f30366345

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6Certificate

Extended Key Usages

Key Usages

61:0e:7d:a7:00:00:00:00:00:48Certificate

Extended Key Usages

Key Usages

07:16:79:f2:31:8b:3f:8a:bf:35:d8:e9:f0:71:c6:c1:69:48:39:b7Signer

Headers

File Characteristics

Imports

kernel32

user32

ole32

advapi32

oleaut32

gdi32

Exports

Exports

Sections

.text Size: 140KB - Virtual size: 136KB

.data Size: 16KB - Virtual size: 13KB

.rsrc Size: 40KB - Virtual size: 39KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 1008KB - Virtual size: 1007KB

ENGINE
Size: 68KB - Virtual size: 67KB

.data
Size: 16KB - Virtual size: 22KB

.rsrc
Size: 164KB - Virtual size: 160KB

.reloc
Size: 64KB - Virtual size: 63KB

.rsrc
Size: 100KB - Virtual size: 99KB

.text
Size: 16KB - Virtual size: 16KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 803KB - Virtual size: 803KB

.data
Size: - Virtual size: 26KB

.idata
Size: 1024B - Virtual size: 648B

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 28KB - Virtual size: 27KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

61:0e:7d:a7:00:00:00:00:00:48
Certificate

07:16:79:f2:31:8b:3f:8a:bf:35:d8:e9:f0:71:c6:c1:69:48:39:b7
Signer

.text
Size: 140KB - Virtual size: 136KB

.data
Size: 16KB - Virtual size: 13KB

.rsrc
Size: 40KB - Virtual size: 39KB

.reloc
Size: 8KB - Virtual size: 7KB