General

Malware Config

Signatures

Files

• Payment Confirmation.exe

  .exe windows:4 windows x86 arch:x86

  e28d309f74620533eede0aebb08ddcf0

  
  

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  msvbvm60

  __vbaVarSub

  __vbaVarTstGt

  ord690

  __vbaStrI2

  _CIcos

  _adj_fptan

  __vbaHresultCheck

  __vbaStrI4

  __vbaVarMove

  __vbaVarVargNofree

  __vbaAryMove

  __vbaFreeVar

  __vbaStrVarMove

  __vbaLenBstr

  __vbaLateIdCall

  ord696

  __vbaFreeVarList

  __vbaPut3

  __vbaEnd

  _adj_fdiv_m64

  ord698

  __vbaNextEachVar

  __vbaFreeObjList

  ord516

  __vbaStrErrVarCopy

  __vbaVarIndexLoadRef

  _adj_fprem1

  ord518

  ord519

  ord626

  __vbaVarCmpNe

  __vbaForEachCollAd

  __vbaStrCat

  __vbaSetSystemError

  __vbaLenBstrB

  __vbaHresultCheckObj

  __vbaLenVar

  _adj_fdiv_m32

  ord666

  __vbaAryVar

  ord667

  __vbaAryDestruct

  __vbaVarIndexLoadRefLock

  ord591

  ord593

  __vbaVarForInit

  ord594

  __vbaOnError

  __vbaObjSet

  ord595

  ord596

  _adj_fdiv_m16i

  __vbaObjSetAddref

  _adj_fdivr_m16i

  ord598

  __vbaVarIndexLoad

  ord520

  __vbaRefVarAry

  __vbaBoolVarNull

  __vbaFpR8

  _CIsin

  ord631

  __vbaErase

  __vbaVargVarMove

  ord525

  __vbaVarZero

  __vbaVarCmpGt

  ord632

  __vbaChkstk

  __vbaFileClose

  ord526

  EVENT_SINK_AddRef

  ord528

  __vbaGenerateBoundsError

  __vbaStrCmp

  ord529

  __vbaGet3

  __vbaAryConstruct2

  __vbaVarTstEq

  __vbaPutOwner4

  __vbaI2I4

  __vbaObjVar

  DllFunctionCall

  ord670

  ord563

  __vbaVarLateMemSt

  __vbaVarOr

  ord564

  __vbaCastObjVar

  __vbaLbound

  _adj_fpatan

  __vbaLateIdCallLd

  __vbaRedim

  __vbaR8Cy

  __vbaStrR8

  EVENT_SINK_Release

  __vbaNew

  ord600

  ord601

  __vbaUI1I2

  _CIsqrt

  __vbaVarAnd

  __vbaObjIs

  EVENT_SINK_QueryInterface

  __vbaStr2Vec

  __vbaUI1I4

  __vbaExceptHandler

  ord711

  __vbaStrToUnicode

  ord712

  __vbaPrintFile

  ord713

  _adj_fprem

  _adj_fdivr_m64

  ord607

  ord714

  ord608

  __vbaFPException

  __vbaInStrVar

  ord717

  __vbaStrVarVal

  __vbaUbound

  __vbaVarCat

  __vbaI2Var

  ord537

  ord644

  ord645

  _CIlog

  __vbaErrorOverflow

  __vbaFileOpen

  __vbaVar2Vec

  ord648

  __vbaInStr

  __vbaNew2

  __vbaR8Str

  ord570

  __vbaVarLateMemCallLdRf

  _adj_fdiv_m32i

  _adj_fdivr_m32i

  __vbaVarSetObj

  ord573

  __vbaStrCopy

  ord681

  __vbaI4Str

  __vbaVarCmpLt

  __vbaFreeStrList

  ord576

  _adj_fdivr_m32

  __vbaPowerR8

  _adj_fdiv_r

  ord685

  ord100

  __vbaVarTstNe

  __vbaI4Var

  ord689

  __vbaFpCy

  __vbaVarAdd

  __vbaLateMemCall

  __vbaAryLock

  __vbaStrComp

  __vbaStrToAnsi

  __vbaVarDup

  __vbaFpI4

  ord616

  __vbaVarLateMemCallLd

  ord617

  __vbaLateMemCallLd

  _CIatan

  ord618

  __vbaCastObj

  __vbaStrMove

  __vbaAryCopy

  ord619

  __vbaR8IntI4

  __vbaStrVarCopy

  __vbaForEachVar

  _allmul

  __vbaVarLateMemCallSt

  _CItan

  __vbaNextEachCollAd

  __vbaUI1Var

  __vbaAryUnlock

  __vbaVarForNext

  _CIexp

  __vbaFreeStr

  __vbaFreeObj

  ord581

  Sections

  .text

  Size: 256KB - Virtual size: 253KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 4KB - Virtual size: 19KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 264KB - Virtual size: 261KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ