el-capitan-menu-bar-vifind[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

el-capitan-menu-bar-vifind.exe
Size

764KB
MD5

595adb1922776a132186d71b567d2e6b
SHA1

7d9a3480a779e6f2dde32831207858542c59ade6
SHA256

8eb0931efe586fa0ed0e33524a057698429c9c7ca549b74c3c8c0a185aaf8bc5
SHA512

c241326ed4ff3e375cd6aedb46838a056a5bcb61cd6248e8e3235bf142d3c416f2c4ece64f51c2a18cad02461020e05a47a64d7591209b52076dd68ff1007c47
SSDEEP

12288:Puwls0eTRAJtkyqlspgOxQFXBsIGzXnQvYvA+X03llUtbO9xRL9e1l2xsq7/CL:3e0eqJJqlsZxQ8zXnCQta9xRLsltS/o

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
el-capitan-menu-bar-vifind.exe
unpack001/$TEMP/$(LSTR_2)/ViConfig.exe
unpack001/KillMe.exe
unpack001/ViFind.exe

NSIS installer 4 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/KillMe.exe	nsis_installer_1
static1/unpack001/KillMe.exe	nsis_installer_2

Files

el-capitan-menu-bar-vifind.exe
.exe windows:4 windows x86 arch:x86

29b61e5a552b3a9bc00953de1c93be41

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileAttributesA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CompareFileTime
SearchPathA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
CreateDirectoryA
lstrcmpiA
GetCommandLineA
GetVersion
SetErrorMode
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
LoadLibraryA
SetFileTime
CloseHandle
GlobalFree
lstrcmpA
ExpandEnvironmentStringsA
GetExitCodeProcess
GlobalAlloc
WaitForSingleObject
GetWindowsDirectoryA
GetTempPathA
GetProcAddress
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
ReadFile
FindClose
GetPrivateProfileStringA
WritePrivateProfileStringA
WriteFile
MulDiv
LoadLibraryExA
GetModuleHandleA
MultiByteToWideChar
FreeLibrary

user32

GetWindowRect
EnableMenuItem
GetSystemMenu
ScreenToClient
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetForegroundWindow
PostQuitMessage
RegisterClassA
EndDialog
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
DestroyWindow
OpenClipboard
TrackPopupMenu
SendMessageTimeoutA
GetDC
LoadImageA
GetDlgItem
FindWindowExA
IsWindow
SetClipboardData
SetWindowLongA
EmptyClipboard
SetTimer
CreateDialogParamA
wsprintfA
ShowWindow
SetWindowTextA

gdi32

SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA

advapi32

RegDeleteValueA
SetFileSecurityA
RegOpenKeyExA
RegDeleteKeyA
RegEnumValueA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_Create
ImageList_Destroy
ord17
ImageList_AddMasked

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/$(LSTR_2)/ViConfig.exe
.exe windows:4 windows x86 arch:x86

c5d4a9d0d7a222a3e40c09bfc298906d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
__vbaStrErrVarCopy
_adj_fprem1
__vbaRecAnsiToUni
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
ord666
__vbaExitProc
ord595
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
_adj_fdivr_m16i
ord598
__vbaVargVar
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
ord529
__vbaObjVar
DllFunctionCall
ord670
_adj_fpatan
__vbaRecUniToAnsi
EVENT_SINK_Release
ord600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
ord712
_adj_fprem
_adj_fdivr_m64
ord716
__vbaFPException
ord717
__vbaStrVarVal
__vbaVarCat
_CIlog
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaVarSetVar
__vbaLateMemCall
__vbaVarDup
__vbaStrToAnsi
__vbaFpI4
__vbaVarLateMemCallLd
__vbaVarCopy
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 176KB - Virtual size: 175KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
KillMe.exe
.exe windows:4 windows x86 arch:x86

29b61e5a552b3a9bc00953de1c93be41

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileAttributesA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CompareFileTime
SearchPathA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
CreateDirectoryA
lstrcmpiA
GetCommandLineA
GetVersion
SetErrorMode
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
LoadLibraryA
SetFileTime
CloseHandle
GlobalFree
lstrcmpA
ExpandEnvironmentStringsA
GetExitCodeProcess
GlobalAlloc
WaitForSingleObject
GetWindowsDirectoryA
GetTempPathA
GetProcAddress
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
ReadFile
FindClose
GetPrivateProfileStringA
WritePrivateProfileStringA
WriteFile
MulDiv
LoadLibraryExA
GetModuleHandleA
MultiByteToWideChar
FreeLibrary

user32

GetWindowRect
EnableMenuItem
GetSystemMenu
ScreenToClient
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetForegroundWindow
PostQuitMessage
RegisterClassA
EndDialog
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
DestroyWindow
OpenClipboard
TrackPopupMenu
SendMessageTimeoutA
GetDC
LoadImageA
GetDlgItem
FindWindowExA
IsWindow
SetClipboardData
SetWindowLongA
EmptyClipboard
SetTimer
CreateDialogParamA
wsprintfA
ShowWindow
SetWindowTextA

gdi32

SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA

advapi32

RegDeleteValueA
SetFileSecurityA
RegOpenKeyExA
RegDeleteKeyA
RegEnumValueA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_Create
ImageList_Destroy
ord17
ImageList_AddMasked

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Resources/bgfinder.png
.png
Resources/bgfinder.xml
Resources/dock.xml
Resources/dock_arrow.png
.png
Resources/dock_arrow_states.xml
Resources/dock_groupmenu.png
.png
Resources/dock_groupmenu.xml
Resources/dock_groupmenu_clipped.xml
Resources/dock_groupmenu_pointer.xml
Resources/dock_groupmenu_states.png
.png
Resources/dock_groupmenu_states.xml
Resources/dock_groupmenu_states_pointer.xml
Resources/dock_popup.xml
Resources/dock_traypopup.xml
Resources/indicator.png
.png
Resources/indicator_state.xml
Resources/margins.xml
Resources/menu_states.png
.png
Resources/menu_states.xml
Resources/orb.png
.png
Resources/orb.xml
Resources/separator.png
.png
Resources/theme.xml
ViFind.exe
.exe windows:4 windows x86 arch:x86

b49328cd049cd8ced0f78bb4f88c7812

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeW
GetFileVersionInfoW

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

gdi32

SelectObject
DeleteDC
CreateCompatibleDC
CreateDIBSection
GetPixel
CreateDCW
DeleteObject
CreateCompatibleBitmap
SetBkMode

comctl32

ImageList_GetIcon
ImageList_Draw

gdiplus

GdipGetImageHeight
GdipCreatePen1
GdipDrawImageRectI
GdipBitmapUnlockBits
GdipDrawImagePointRectI
GdipGetFontCollectionFamilyCount
GdipDeleteGraphics
GdipGetSmoothingMode
GdipNewPrivateFontCollection
GdipDrawImageI
GdipCreateMatrix2
GdipDrawRectangle
GdipAddPathLine
GdipGetImageVerticalResolution
GdipGetPropertyIdList
GdipSetSmoothingMode
GdipCreatePath
GdipCloneFontFamily
GdipBitmapGetPixel
GdipCloneImage
GdipReleaseDC
GdipGetImageFlags
GdipDrawImage
GdipGetImageType
GdipSetWorldTransform
GdipSetPixelOffsetMode
GdipLoadImageFromFile
GdipDeletePath
GdipLoadImageFromStream
GdipGetCompositingQuality
GdipCreateFromHDC2
GdipCreateCachedBitmap
GdipCreateSolidFill
GdipDeleteFontFamily
GdipStringFormatGetGenericTypographic
GdipDeleteMatrix
GdipGetCompositingMode
GdipDrawPath
GdipCreateBitmapFromResource
GdipAddPathArc
GdipDisposeImage
GdipCreateRegionRect
GdipImageRotateFlip
GdipSetStringFormatMeasurableCharacterRanges
GdipCreateBitmapFromGdiDib
GdipGetTextContrast
GdipGetInterpolationMode
GdipDrawArc
GdipCreatePathGradient
GdipCreateBitmapFromScan0
GdiplusShutdown
GdipLoadImageFromFileICM
GdipGetDC
GdipSetClipRect
GdipSetInterpolationMode
GdipImageGetFrameDimensionsCount
GdiplusStartup
GdipSetPathGradientSurroundColorsWithCount
GdipCreateFont
GdipCreateBitmapFromGraphics
GdipCreateBitmapFromHBITMAP
GdipCreateHICONFromBitmap
GdipGetRenderingOrigin
GdipDeletePrivateFontCollection
GdipDrawImagePointsI
GdipGetImagePixelFormat
GdipAddPathEllipse
GdipDeleteFont
GdipFillEllipse
GdipGetImageDecodersSize
GdipSetImagePalette
GdipSetPropertyItem
GdipMeasureCharacterRanges
GdipAddPathString
GdipSetPathGradientCenterColor
GdipCloneBitmapAreaI
GdipIsStyleAvailable
GdipRemovePropertyItem
GdipDrawImageRectRectI
GdipGetImagePaletteSize
GdipDrawImagePoints
GdipBitmapLockBits
GdipGetImageThumbnail
GdipFlush
GdipDeleteStringFormat
GdipGraphicsClear
GdipCreateFontFamilyFromName
GdipGetImageRawFormat
GdipCloneBitmapArea
GdipMeasureString
GdipGetEncoderParameterListSize
GdipGetPropertyCount
GdipCreateFromHWND
GdipResetClip
GdipGetPixelOffsetMode
GdipFillRectangle
GdipGetStringFormatMeasurableCharacterRangeCount
GdipCreateRegion
GdipDeletePen
GdipGetFontCollectionFamilyList
GdipCreateFromHDC
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromHICON
GdipAddPathRectangleI
GdipGetImageGraphicsContext
GdipCreatePathGradientFromPath
GdipSetCompositingMode
GdipDrawImageRectRect
GdipGetImageDimension
GdipGetRegionBounds
GdipGetTextRenderingHint
GdipDeleteBrush
GdipDrawImageRect
GdipGetPropertyItemSize
GdipSetCompositingQuality
GdipGetImageWidth
GdipSetTextRenderingHint
GdipSetTextContrast
GdipDrawCachedBitmap
GdipBitmapSetResolution
GdipGetImageEncodersSize
GdipBitmapSetPixel
GdipGetImagePalette
GdipSetRenderingOrigin
GdipDrawString
GdipFillPath
GdipImageSelectActiveFrame
GdipDeleteRegion
GdipCreateMatrix
GdipImageGetFrameCount
GdipPrivateAddFontFile
GdipGetImageHorizontalResolution
GdipDrawImagePointRect

kernel32

GlobalUnlock
RtlMoveMemory
WaitForSingleObject
GlobalFree
GetLastError
CloseHandle
lstrlenW
GlobalAlloc
OpenProcess
GetVersionExW
FindFirstFileW
GlobalLock
FindClose

user32

SetWindowPos
GetSystemMenu
IsWindow
DestroyIcon
ModifyMenuW
GetWindowRect
ScreenToClient
GetMenuItemCount
AppendMenuW
IsZoomed
GetIconInfo
SetForegroundWindow
GetMenuItemID
GetWindowTextW
FindWindowW
MoveWindow
GetWindowThreadProcessId
EnableWindow
SetActiveWindow
GetWindowLongW
IsIconic
GetMenu
GetClassLongW
CreatePopupMenu
GetSubMenu
GetWindowPlacement
IsWindowVisible
FindWindowExW
DestroyMenu
GetClassNameW
ShowWindow
SetWindowLongW
GetMenuState
SystemParametersInfoW
GetMenuStringW
SendMessageW
TrackPopupMenu
PostMessageW
GetWindow
GetCursorPos
GetParent

msvbvm60

EVENT_SINK_GetIDsOfNames
__vbaVarSub
__vbaVarTstGt
__vbaStrI2
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaVarVargNofree
ord693
__vbaAryMove
__vbaFreeVar
__vbaLineInputStr
ord588
__vbaStrVarMove
__vbaLenBstr
ord696
__vbaFreeVarList
_adj_fdiv_m64
EVENT_SINK_Invoke
__vbaNextEachVar
__vbaRaiseEvent
__vbaFreeObjList
__vbaR8Sgn
__vbaVarFix
__vbaStrErrVarCopy
_adj_fprem1
ord518
ord626
__vbaCopyBytes
__vbaForEachCollAd
__vbaVarCmpNe
ord629
__vbaStrCat
ord660
__vbaLsetFixstr
__vbaWriteFile
__vbaSetSystemError
__vbaRecDestruct
__vbaLenBstrB
__vbaHresultCheckObj
ord558
_adj_fdiv_m32
__vbaAryVar
ord666
Zombie_GetTypeInfo
__vbaAryDestruct
__vbaLateMemSt
__vbaVarIndexLoadRefLock
ord591
EVENT_SINK2_Release
__vbaForEachCollObj
__vbaExitProc
ord300
ord301
__vbaOnError
__vbaObjSet
ord595
_adj_fdiv_m16i
ord303
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarIndexLoad
ord305
ord306
ord520
__vbaBoolVar
ord307
__vbaFPFix
ord309
__vbaVarTstLt
__vbaRefVarAry
__vbaVargVar
__vbaBoolVarNull
_CIsin
ord709
__vbaErase
ord631
__vbaNextEachCollObj
ord632
ord525
__vbaChkstk
ord526
__vbaFileClose
EVENT_SINK_AddRef
ord528
ord529
__vbaStrCmp
__vbaExitEachColl
__vbaAryConstruct2
__vbaVarTstEq
ord560
__vbaObjVar
ord561
DllFunctionCall
__vbaVarLateMemSt
ord563
__vbaCastObjVar
__vbaStrR4
__vbaLbound
__vbaRedimPreserve
_adj_fpatan
__vbaR4Var
__vbaFixstrConstruct
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
__vbaStrR8
__vbaRedim
EVENT_SINK_Release
__vbaNew
ord600
_CIsqrt
__vbaVarAnd
__vbaObjIs
ord311
EVENT_SINK_QueryInterface
__vbaVarMul
__vbaExceptHandler
ord313
ord712
__vbaStrToUnicode
ord606
_adj_fprem
_adj_fdivr_m64
ord607
ord714
__vbaR8ErrVar
__vbaVarDiv
__vbaFailedFriend
ord608
ord716
__vbaFPException
__vbaInStrVar
ord717
ord319
__vbaUbound
__vbaStrVarVal
__vbaVarCat
__vbaDateVar
__vbaCheckType
ord537
ord644
ord645
_CIlog
__vbaFileOpen
ord648
__vbaVar2Vec
__vbaNew2
__vbaInStr
ord571
__vbaVarInt
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
__vbaVarSetObj
ord573
__vbaStrCopy
EVENT_SINK2_AddRef
__vbaI4Str
ord681
__vbaVarNot
__vbaFreeStrList
ord576
_adj_fdivr_m32
__vbaPowerR8
__vbaR8Var
_adj_fdiv_r
ord685
ord100
__vbaVarTstNe
ord579
__vbaVarSetVar
__vbaI4Var
__vbaVarCmpEq
__vbaLateMemCall
__vbaVarAdd
__vbaAryLock
ord320
__vbaFreeVarg
__vbaStrComp
__vbaVarDup
__vbaStrToAnsi
ord321
__vbaFpI2
__vbaVarTstGe
__vbaUnkVar
__vbaVarCopy
ord616
__vbaFpI4
__vbaVarLateMemCallLd
__vbaLateMemCallLd
ord617
__vbaVarSetObjAddref
_CIatan
__vbaAryCopy
__vbaUI1Str
ord618
__vbaCastObj
__vbaStrMove
__vbaForEachVar
__vbaStrVarCopy
ord619
_allmul
__vbaLateIdSt
__vbaFpCSngR4
__vbaLenVarB
_CItan
__vbaNextEachCollAd
ord546
__vbaFPInt
__vbaAryUnlock
_CIexp
__vbaI4ErrVar
__vbaFreeObj
__vbaFreeStr
__vbaRecAssign
ord581

Sections

.text
Size: 488KB - Virtual size: 485KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 436KB - Virtual size: 433KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

29b61e5a552b3a9bc00953de1c93be41

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 151KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 71KB - Virtual size: 71KB

c5d4a9d0d7a222a3e40c09bfc298906d

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 176KB - Virtual size: 175KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 92KB - Virtual size: 88KB

29b61e5a552b3a9bc00953de1c93be41

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 151KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 71KB - Virtual size: 71KB

b49328cd049cd8ced0f78bb4f88c7812

Headers

File Characteristics

Imports

version

advapi32

gdi32

comctl32

gdiplus

kernel32

user32

msvbvm60

Sections

.text Size: 488KB - Virtual size: 485KB

.data Size: 4KB - Virtual size: 29KB

.rsrc Size: 436KB - Virtual size: 433KB

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 151KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 71KB - Virtual size: 71KB

.text
Size: 176KB - Virtual size: 175KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 92KB - Virtual size: 88KB

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 151KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 71KB - Virtual size: 71KB

.text
Size: 488KB - Virtual size: 485KB

.data
Size: 4KB - Virtual size: 29KB

.rsrc
Size: 436KB - Virtual size: 433KB