General

Malware Config

Signatures

Files

• Challan.exe

  .exe windows:4 windows x86 arch:x86

  fa0ec3db9d471632812c3a6537db4471

  
  

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  msvbvm60

  __vbaVarSub

  __vbaVarTstGt

  ord690

  __vbaStrI2

  _CIcos

  _adj_fptan

  __vbaHresultCheck

  __vbaStrI4

  __vbaVarMove

  __vbaVarVargNofree

  __vbaAryMove

  __vbaFreeVar

  __vbaLateIdCall

  __vbaStrVarMove

  __vbaLenBstr

  ord696

  __vbaPut3

  __vbaEnd

  __vbaFreeVarList

  _adj_fdiv_m64

  ord698

  __vbaNextEachVar

  __vbaFreeObjList

  ord516

  __vbaVarIndexLoadRef

  __vbaStrErrVarCopy

  _adj_fprem1

  ord518

  ord519

  ord626

  __vbaResume

  __vbaVarCmpNe

  __vbaForEachCollAd

  __vbaStrCat

  __vbaSetSystemError

  __vbaLenBstrB

  __vbaHresultCheckObj

  __vbaLenVar

  _adj_fdiv_m32

  ord666

  __vbaAryVar

  ord667

  __vbaAryDestruct

  ord591

  __vbaVarIndexLoadRefLock

  ord593

  __vbaVarForInit

  __vbaForEachCollObj

  __vbaExitProc

  ord594

  __vbaStrLike

  __vbaObjSet

  __vbaOnError

  ord595

  ord596

  _adj_fdiv_m16i

  __vbaObjSetAddref

  _adj_fdivr_m16i

  __vbaVarIndexLoad

  ord598

  ord599

  ord520

  __vbaRefVarAry

  __vbaFpR8

  __vbaBoolVarNull

  _CIsin

  ord631

  __vbaErase

  __vbaVargVarMove

  ord525

  __vbaVarCmpGt

  ord632

  __vbaNextEachCollObj

  __vbaChkstk

  __vbaFileClose

  ord526

  EVENT_SINK_AddRef

  ord528

  __vbaGenerateBoundsError

  __vbaGet3

  ord529

  __vbaStrCmp

  __vbaAryConstruct2

  __vbaVarTstEq

  __vbaPutOwner4

  __vbaObjVar

  __vbaI2I4

  DllFunctionCall

  ord563

  ord670

  __vbaVarOr

  ord564

  __vbaLbound

  _adj_fpatan

  __vbaLateIdCallLd

  __vbaR8Cy

  __vbaRedim

  __vbaStrR8

  EVENT_SINK_Release

  __vbaNew

  ord600

  ord601

  __vbaUI1I2

  _CIsqrt

  __vbaObjIs

  __vbaVarAnd

  __vbaLateIdCallSt

  EVENT_SINK_QueryInterface

  __vbaStr2Vec

  __vbaUI1I4

  __vbaExceptHandler

  ord711

  ord712

  __vbaStrToUnicode

  __vbaPrintFile

  ord713

  _adj_fprem

  _adj_fdivr_m64

  ord714

  ord607

  ord608

  __vbaFPException

  ord717

  __vbaInStrVar

  __vbaStrVarVal

  __vbaUbound

  __vbaVarCat

  __vbaCheckType

  __vbaI2Var

  ord644

  ord537

  ord645

  _CIlog

  __vbaErrorOverflow

  __vbaFileOpen

  ord648

  __vbaVar2Vec

  __vbaInStr

  __vbaR8Str

  ord570

  __vbaVarLateMemCallLdRf

  __vbaNew2

  _adj_fdiv_m32i

  _adj_fdivr_m32i

  __vbaVarSetObj

  ord573

  __vbaStrCopy

  __vbaI4Str

  ord681

  __vbaVarCmpLt

  __vbaFreeStrList

  ord576

  __vbaDerefAry1

  _adj_fdivr_m32

  __vbaPowerR8

  _adj_fdiv_r

  ord685

  ord100

  __vbaVarTstNe

  __vbaI4Var

  ord689

  __vbaVarCmpEq

  __vbaFpCy

  __vbaVarAdd

  __vbaAryLock

  __vbaLateMemCall

  __vbaStrComp

  __vbaStrToAnsi

  __vbaVarDup

  __vbaFreeVarg

  __vbaFpI4

  ord616

  __vbaVarCopy

  __vbaVarLateMemCallLd

  ord617

  __vbaLateMemCallLd

  _CIatan

  ord618

  __vbaAryCopy

  __vbaStrMove

  __vbaCastObj

  __vbaForEachVar

  ord619

  __vbaR8IntI4

  __vbaStrVarCopy

  ord650

  _allmul

  __vbaLateIdSt

  _CItan

  __vbaNextEachCollAd

  __vbaUI1Var

  __vbaAryUnlock

  __vbaVarForNext

  _CIexp

  __vbaFreeObj

  __vbaFreeStr

  ord581

  Sections

  .text

  Size: 300KB - Virtual size: 299KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 4KB - Virtual size: 18KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 264KB - Virtual size: 260KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ