02810290ee80f7af166f4ed2b831d306_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

02810290ee80f7af166f4ed2b831d306_JaffaCakes118
Size

1.7MB
MD5

02810290ee80f7af166f4ed2b831d306
SHA1

67d0003d95b460fd4d0697210eb74d85ce9900e8
SHA256

feeea896d7a5bb132298e98e3f96ef22c5a15edda3d139587743de629fa11b81
SHA512

099296230ee4a2b9207c1cb9ead27c6b6f97c7573048728d601d4d307c0e99456bd4b04da26238e6754e8a230e3ba12455e4a5dfe435b844b18bcb9a1b286c7b
SSDEEP

49152:hpmR1InVGR+kPpXpKXF7hv0EimnzUtKmanp:TmR1IQQkPvK1tLpm4

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/RDG Packer Detector v0.7.1 2013 Vx-Edition/RDG Packer Detector v0.7.1.exe
unpack001/RDG Packer Detector v0.7.1 2013 Vx-Edition/RDG Signaturas Actualizables.dll
unpack001/RDG Packer Detector v0.7.1 2013 Vx-Edition/dbghelp.dll
unpack001/RDG Packer Detector v0.7.1 2013 Vx-Edition/msvbvm60.dll

Files

02810290ee80f7af166f4ed2b831d306_JaffaCakes118
.rar
RDG Packer Detector v0.7.1 2013 Vx-Edition/General.ini
RDG Packer Detector v0.7.1 2013 Vx-Edition/Lenguaje/English.ini
RDG Packer Detector v0.7.1 2013 Vx-Edition/Lenguaje/French.ini
RDG Packer Detector v0.7.1 2013 Vx-Edition/Lenguaje/Muy Importante.txt
RDG Packer Detector v0.7.1 2013 Vx-Edition/Lenguaje/Portuguese (Brazil).ini
RDG Packer Detector v0.7.1 2013 Vx-Edition/Lenguaje/Romanian.ini
RDG Packer Detector v0.7.1 2013 Vx-Edition/Lenguaje/Russian.ini
RDG Packer Detector v0.7.1 2013 Vx-Edition/RDG E.R.A.db
RDG Packer Detector v0.7.1 2013 Vx-Edition/RDG Packer Detector v0.7.1.exe
.exe windows:4 windows x86 arch:x86

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

Sections

.text
Size: 606KB - Virtual size: 4.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
RDG Packer Detector v0.7.1 2013 Vx-Edition/RDG Signaturas Actualizables.dll
.dll regsvr32 windows:4 windows x86 arch:x86

b2f9281b136d5e87cb83cabdba85dc84

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

__vbaVarSub
__vbaR8ForNextCheck
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaVarVargNofree
__vbaAryMove
__vbaCyMul
__vbaFreeVar
__vbaLenBstr
__vbaAptOffset
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
__vbaGetFxStr3
ord516
_adj_fprem1
ord518
__vbaCopyBytes
__vbaStrCat
__vbaLsetFixstr
ord660
__vbaSetSystemError
__vbaVargVarCopy
__vbaLenVar
_adj_fdiv_m32
__vbaAryDestruct
__vbaExitProc
__vbaStrLike
__vbaCyAdd
__vbaOnError
_adj_fdiv_m16i
_adj_fdivr_m16i
__vbaVarIndexLoad
ord598
__vbaStrFixstr
__vbaFpR8
__vbaBoolVarNull
_CIsin
ord709
ord631
ord632
__vbaChkstk
ord526
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
ord528
ord529
__vbaCyI2
__vbaStrCmp
__vbaPutOwner3
__vbaAryConstruct2
__vbaGet4
__vbaVarTstEq
__vbaCyI4
__vbaI2I4
ord561
DllFunctionCall
__vbaRedimPreserve
__vbaStrR4
_adj_fpatan
__vbaR4Var
__vbaFixstrConstruct
__vbaRedim
EVENT_SINK_Release
__vbaUI1I2
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
__vbaStrToUnicode
ord606
_adj_fprem
_adj_fdivr_m64
__vbaI2Str
ord608
__vbaFPException
ord717
__vbaInStrVar
__vbaGetOwner3
__vbaUbound
__vbaStrVarVal
__vbaGetOwner4
__vbaVarCat
ord535
ord644
ord537
__vbaFileSeek
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaVar2Vec
ord648
__vbaInStr
ord570
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
__vbaStrCopy
ord573
__vbaI4Str
__vbaVarNot
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord578
__vbaVarTstNe
ord579
ord101
ord102
__vbaI4Var
ord103
__vbaVarCmpEq
ord104
ord105
__vbaAryLock
__vbaStrToAnsi
__vbaVarDup
ord616
__vbaVarCopy
__vbaFpI4
_CIatan
ord618
__vbaStrMove
__vbaR8IntI4
__vbaI4Cy
__vbaStrVarCopy
_allmul
_CItan
__vbaAryUnlock
_CIexp
__vbaStrCy
__vbaFreeStr
ord581

Exports

Exports

Analizar
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Uactualizacion

Sections

.text
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 328KB - Virtual size: 325KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RDG Packer Detector v0.7.1 2013 Vx-Edition/Signaturas Externas/RDG Signaturas Externas 2.ini
RDG Packer Detector v0.7.1 2013 Vx-Edition/Signaturas Externas/RDG Signaturas Externas.ini
RDG Packer Detector v0.7.1 2013 Vx-Edition/dbghelp.dll
.dll windows:5 windows x86 arch:x86

42cfa6142c38112bdaffa05fb22db82e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

dbghelp.pdb

Imports

msvcrt

__dllonexit
_wcsicmp
wcsncpy
wcscmp
wcsncmp
__CxxFrameHandler
_wsplitpath
_wcsnicmp
towlower
__unDName
fclose
wcstol
_CxxThrowException
bsearch
_snwprintf
fread
fseek
_wfopen
fopen
_osver
_mbsnbcpy
fflush
_iob
_wmakepath
wcsrchr
wcscpy
_wcsdup
ftell
_wgetenv
_mbsicmp
_access
_fullpath
_fsopen
_wfsopen
_sopen
_wsopen
_wfullpath
_read
_write
_onexit
_chsize
_close
_get_osfhandle
_open_osfhandle
_winminor
_winmajor
_mbscmp
_memicmp
wcsncat
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
time
memmove
_ftol
swprintf
calloc
wcscat
_ltoa
_itoa
printf
_vsnprintf
strncat
tolower
_strcmpi
_makepath
_purecall
malloc
free
_strlwr
isspace
ctime
strstr
??2@YAPAXI@Z
??3@YAXPAX@Z
qsort
strncmp
_strnicmp
isxdigit
wcslen
sprintf
strrchr
strncpy
_except_handler3
_splitpath
_stricmp
strchr
_lseeki64
wprintf

kernel32

GetFileType
Sleep
DeviceIoControl
ExpandEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
CopyFileA
SetFileAttributesA
CopyFileW
GetFileAttributesW
SetFileAttributesW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedIncrement
InterlockedDecrement
CreateFileMappingW
LCMapStringW
GetDriveTypeW
GetCurrentProcess
UnmapViewOfFile
GetEnvironmentVariableA
SetLastError
CloseHandle
CreateFileA
GetLastError
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
CreateDirectoryA
GetFullPathNameA
LocalAlloc
LocalFree
lstrcpyA
GetDriveTypeA
TlsGetValue
TlsAlloc
TlsFree
HeapReAlloc
HeapAlloc
HeapFree
IsDBCSLeadByte
GetProcAddress
GetModuleHandleA
lstrlenA
HeapDestroy
HeapCreate
DisableThreadLibraryCalls
GetVersionExA
MapViewOfFile
CreateFileMappingA
FreeLibrary
GetFileSize
LoadLibraryA
DuplicateHandle
ExpandEnvironmentStringsA
MultiByteToWideChar
WideCharToMultiByte
GetCurrentProcessId
VirtualFree
SetErrorMode
GetFileAttributesA
ReadProcessMemory
VirtualProtect
VirtualAlloc
DeleteFileW
WriteFile
CreateFileW
OutputDebugStringA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetSystemInfo
GetVersionExW
GetProcessHeap
SuspendThread
ResumeThread
GetThreadContext
VirtualQueryEx
LoadLibraryW
TerminateThread
SetEndOfFile
GetThreadSelectorEntry
MapViewOfFileEx
FlushViewOfFile
TlsSetValue
CreateThread

version

GetFileVersionInfoW
VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeW
GetFileVersionInfoSizeA

advapi32

CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
RegOpenKeyExA
RegQueryValueExA
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
RegCloseKey
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

rpcrt4

UuidCreate

Exports

Exports

DbgHelpCreateUserDump
DbgHelpCreateUserDumpW
EnumerateLoadedModules
EnumerateLoadedModules64
ExtensionApiVersion
FindDebugInfoFile
FindDebugInfoFileEx
FindExecutableImage
FindExecutableImageEx
FindFileInPath
FindFileInSearchPath
GetTimestampForLoadedLibrary
ImageDirectoryEntryToData
ImageDirectoryEntryToDataEx
ImageNtHeader
ImageRvaToSection
ImageRvaToVa
ImagehlpApiVersion
ImagehlpApiVersionEx
MakeSureDirectoryPathExists
MapDebugInformation
MiniDumpReadDumpStream
MiniDumpWriteDump
SearchTreeForFile
StackWalk
StackWalk64
SymCleanup
SymEnumSourceFiles
SymEnumSym
SymEnumSymbols
SymEnumTypes
SymEnumerateModules
SymEnumerateModules64
SymEnumerateSymbols
SymEnumerateSymbols64
SymEnumerateSymbolsW
SymEnumerateSymbolsW64
SymFindFileInPath
SymFromAddr
SymFromName
SymFunctionTableAccess
SymFunctionTableAccess64
SymGetFileLineOffsets64
SymGetLineFromAddr
SymGetLineFromAddr64
SymGetLineFromName
SymGetLineFromName64
SymGetLineNext
SymGetLineNext64
SymGetLinePrev
SymGetLinePrev64
SymGetModuleBase
SymGetModuleBase64
SymGetModuleInfo
SymGetModuleInfo64
SymGetModuleInfoW
SymGetModuleInfoW64
SymGetOptions
SymGetSearchPath
SymGetSymFromAddr
SymGetSymFromAddr64
SymGetSymFromName
SymGetSymFromName64
SymGetSymNext
SymGetSymNext64
SymGetSymPrev
SymGetSymPrev64
SymGetTypeFromName
SymGetTypeInfo
SymInitialize
SymLoadModule
SymLoadModule64
SymLoadModuleEx
SymMatchFileName
SymMatchString
SymRegisterCallback
SymRegisterCallback64
SymRegisterFunctionEntryCallback
SymRegisterFunctionEntryCallback64
SymSetContext
SymSetOptions
SymSetSearchPath
SymSetSymWithAddr64
SymUnDName
SymUnDName64
SymUnloadModule
SymUnloadModule64
UnDecorateSymbolName
UnmapDebugInformation
WinDbgExtensionDllInit
dbghelp
dh
lm
lmi
omap
srcfiles
sym
vc7fpo

Sections

.text
Size: 569KB - Virtual size: 568KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RDG Packer Detector v0.7.1 2013 Vx-Edition/msvbvm60.dll
.dll regsvr32 windows:4 windows x86 arch:x86

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

Exports

Exports

BASIC_CLASS_AddRef
BASIC_CLASS_GetIDsOfNames
BASIC_CLASS_Invoke
BASIC_CLASS_QueryInterface
BASIC_CLASS_Release
BASIC_DISPINTERFACE_GetTICount
BASIC_DISPINTERFACE_GetTypeInfo
CopyRecord
CreateIExprSrvObj
DLLGetDocumentation
DllCanUnloadNow
DllFunctionCall
DllGetClassObject
DllRegisterServer
DllUnregisterServer
EVENT_SINK2_AddRef
EVENT_SINK2_Release
EVENT_SINK_AddRef
EVENT_SINK_GetIDsOfNames
EVENT_SINK_Invoke
EVENT_SINK_QueryInterface
EVENT_SINK_Release
EbCreateContext
EbDestroyContext
EbGetErrorInfo
EbGetHandleOfExecutingProject
EbGetObjConnectionCounts
EbGetVBAObject
EbIsProjectOnStack
EbLibraryLoad
EbLibraryUnload
EbLoadRunTime
EbResetProject
EbResetProjectNormal
EbSetContextWorkerThread
GetMem1
GetMem2
GetMem4
GetMem8
GetMemEvent
GetMemNewObj
GetMemObj
GetMemStr
GetMemVar
IID_IVbaHost
MethCallEngine
ProcCallEngine
PutMem1
PutMem2
PutMem4
PutMem8
PutMemEvent
PutMemNewObj
PutMemObj
PutMemStr
PutMemVar
SetMemEvent
SetMemNewObj
SetMemObj
SetMemVar
RDGMax
TipCreateInstanceEx
TipCreateInstanceProject2
TipGetAddressOfPredeclaredInstance
TipInvokeMethod
TipInvokeMethod2
TipSetOption
TipUnloadInstance
TipUnloadProject
UserDllMain
VBDllCanUnloadNow
VBDllGetClassObject
VBDllRegisterServer
VBDllUnRegisterServer
VarPtr
Zombie_AddRef
Zombie_GetIDsOfNames
Zombie_GetTypeInfo
Zombie_GetTypeInfoCount
Zombie_Invoke
Zombie_QueryInterface
Zombie_Release
_CIatan
_CIcos
_CIexp
_CIlog
_CIsin
_CIsqrt
_CItan
__vbaAptOffset
__vbaAryConstruct
__vbaAryConstruct2
__vbaAryCopy
__vbaAryDestruct
__vbaAryLock
__vbaAryMove
__vbaAryRebase1Var
__vbaAryRecCopy
__vbaAryRecMove
__vbaAryUnlock
__vbaAryVar
__vbaAryVarVarg
__vbaBoolErrVar
__vbaBoolStr
__vbaBoolVar
__vbaBoolVarNull
__vbaCVarAryUdt
__vbaCastObj
__vbaCastObjVar
__vbaCheckType
__vbaCheckTypeVar
__vbaChkstk
__vbaCopyBytes
__vbaCopyBytesZero
__vbaCyAbs
__vbaCyAdd
__vbaCyErrVar
__vbaCyFix
__vbaCyForInit
__vbaCyForNext
__vbaCyI2
__vbaCyI4
__vbaCyInt
__vbaCyMul
__vbaCyMulI2
__vbaCySgn
__vbaCyStr
__vbaCySub
__vbaCyUI1
__vbaCyVar
__vbaDateR4
__vbaDateR8
__vbaDateStr
__vbaDateVar
__vbaDerefAry
__vbaDerefAry1
__vbaEnd
__vbaErase
__vbaEraseKeepData
__vbaEraseNoPop
__vbaError
__vbaErrorOverflow
__vbaExceptHandler
__vbaExitEachAry
__vbaExitEachColl
__vbaExitEachVar
__vbaExitProc
__vbaFPException
__vbaFPFix
__vbaFPInt
__vbaFailedFriend
__vbaFileClose
__vbaFileCloseAll
__vbaFileLock
__vbaFileOpen
__vbaFileSeek
__vbaFixstrConstruct
__vbaForEachAry
__vbaForEachCollAd
__vbaForEachCollObj
__vbaForEachCollVar
__vbaForEachVar
__vbaFpCDblR4
__vbaFpCDblR8
__vbaFpCSngR4
__vbaFpCSngR8
__vbaFpCmpCy
__vbaFpCy
__vbaFpI2
__vbaFpI4
__vbaFpR4
__vbaFpR8
__vbaFpUI1
__vbaFreeObj
__vbaFreeObjList
__vbaFreeStr
__vbaFreeStrList
__vbaFreeVar
__vbaFreeVarList
__vbaFreeVarg
__vbaGenerateBoundsError
__vbaGet3
__vbaGet4
__vbaGetFxStr3
__vbaGetFxStr4
__vbaGetOwner3
__vbaGetOwner4
__vbaGosub
__vbaGosubFree
__vbaGosubReturn
__vbaHresultCheck
__vbaHresultCheckNonvirt
__vbaHresultCheckObj
__vbaI2Abs
__vbaI2Cy
__vbaI2ErrVar
__vbaI2ForNextCheck
__vbaI2I4
__vbaI2Sgn
__vbaI2Str
__vbaI2Var
__vbaI4Abs
__vbaI4Cy
__vbaI4ErrVar
__vbaI4ForNextCheck
__vbaI4Sgn
__vbaI4Str
__vbaI4Var
__vbaInStr
__vbaInStrB
__vbaInStrVar
__vbaInStrVarB
__vbaInputFile
__vbaLateIdCall
__vbaLateIdCallLd
__vbaLateIdCallSt
__vbaLateIdNamedCall
__vbaLateIdNamedCallLd
__vbaLateIdNamedCallSt
__vbaLateIdNamedStAd
__vbaLateIdSt
__vbaLateIdStAd
__vbaLateMemCall
__vbaLateMemCallLd
__vbaLateMemCallSt
__vbaLateMemNamedCall
__vbaLateMemNamedCallLd
__vbaLateMemNamedCallSt
__vbaLateMemNamedStAd
__vbaLateMemSt
__vbaLateMemStAd
__vbaLbound
__vbaLdZeroAry
__vbaLenBstr
__vbaLenBstrB
__vbaLenVar
__vbaLenVarB
__vbaLineInputStr
__vbaLineInputVar
__vbaLsetFixstr
__vbaLsetFixstrFree
__vbaMidStmtBstr
__vbaMidStmtBstrB
__vbaMidStmtVar
__vbaMidStmtVarB
__vbaNameFile
__vbaNew
__vbaNew2
__vbaNextEachAry
__vbaNextEachCollAd
__vbaNextEachCollObj
__vbaNextEachCollVar
__vbaNextEachVar
__vbaObjAddref
__vbaObjIs
__vbaObjSet
__vbaObjSetAddref
__vbaObjVar
__vbaOnError
__vbaOnGoCheck
__vbaPowerR8
__vbaPrintFile
__vbaPrintObj
__vbaPut3
__vbaPut4
__vbaPutFxStr3
__vbaPutFxStr4
__vbaPutOwner3
__vbaPutOwner4
__vbaR4Cy
__vbaR4ErrVar
__vbaR4ForNextCheck
__vbaR4Sgn
__vbaR4Str
__vbaR4Var
__vbaR8Cy
__vbaR8ErrVar
__vbaR8FixI2
__vbaR8FixI4
__vbaR8ForNextCheck
__vbaR8IntI2
__vbaR8IntI4
__vbaR8Sgn
__vbaR8Str
__vbaR8Var
__vbaRaiseEvent
__vbaRecAnsiToUni
__vbaRecAssign
__vbaRecDestruct
__vbaRecDestructAnsi
__vbaRecUniToAnsi
__vbaRedim
__vbaRedimPreserve
__vbaRedimPreserveVar
__vbaRedimPreserveVar2
__vbaRedimVar
__vbaRedimVar2
__vbaRefVarAry
__vbaResume
__vbaRsetFixstr
__vbaRsetFixstrFree
__vbaSetSystemError
__vbaStopExe
__vbaStr2Vec
__vbaStrAryToAnsi
__vbaStrAryToUnicode
__vbaStrBool
__vbaStrCat
__vbaStrCmp
__vbaStrComp
__vbaStrCompVar
__vbaStrCopy
__vbaStrCy
__vbaStrDate
__vbaStrErrVarCopy
__vbaStrFixstr
__vbaStrI2
__vbaStrI4
__vbaStrLike
__vbaStrMove
__vbaStrR4
__vbaStrR8
__vbaStrTextCmp
__vbaStrTextLike
__vbaStrToAnsi
__vbaStrToUnicode
__vbaStrUI1
__vbaStrVarCopy
__vbaStrVarMove
__vbaStrVarVal
__vbaUI1Cy
__vbaUI1ErrVar
__vbaUI1I2
__vbaUI1I4
__vbaUI1Sgn
__vbaUI1Str
__vbaUI1Var
__vbaUbound
__vbaUdtVar
__vbaUnkVar
__vbaVar2Vec
__vbaVarAbs
__vbaVarAdd
__vbaVarAnd
__vbaVarCat
__vbaVarCmpEq
__vbaVarCmpGe
__vbaVarCmpGt
__vbaVarCmpLe
__vbaVarCmpLt
__vbaVarCmpNe
__vbaVarCopy
__vbaVarDateVar
__vbaVarDiv
__vbaVarDup
__vbaVarEqv
__vbaVarErrI4
__vbaVarFix
__vbaVarForInit
__vbaVarForNext
__vbaVarIdiv
__vbaVarImp
__vbaVarIndexLoad
__vbaVarIndexLoadRef
__vbaVarIndexLoadRefLock
__vbaVarIndexStore
__vbaVarIndexStoreObj
__vbaVarInt
__vbaVarLateMemCallLd
__vbaVarLateMemCallLdRf
__vbaVarLateMemCallSt
__vbaVarLateMemSt
__vbaVarLateMemStAd
__vbaVarLike
__vbaVarLikeVar
__vbaVarMod
__vbaVarMove
__vbaVarMul
__vbaVarNeg
__vbaVarNot
__vbaVarOr
__vbaVarPow
__vbaVarSetObj
__vbaVarSetObjAddref
__vbaVarSetUnk
__vbaVarSetUnkAddref
__vbaVarSetVar
__vbaVarSetVarAddref
__vbaVarSub
__vbaVarTextCmpEq
__vbaVarTextCmpGe
__vbaVarTextCmpGt
__vbaVarTextCmpLe
__vbaVarTextCmpLt
__vbaVarTextCmpNe
__vbaVarTextLike
__vbaVarTextLikeVar
__vbaVarTextTstEq
__vbaVarTextTstGe
__vbaVarTextTstGt
__vbaVarTextTstLe
__vbaVarTextTstLt
__vbaVarTextTstNe
__vbaVarTstEq
__vbaVarTstGe
__vbaVarTstGt
__vbaVarTstLe
__vbaVarTstLt
__vbaVarTstNe
__vbaVarVargNofree
__vbaVarXor
__vbaVarZero
__vbaVargObj
__vbaVargObjAddref
__vbaVargParmRef
__vbaVargUnk
__vbaVargUnkAddref
__vbaVargVar
__vbaVargVarCopy
__vbaVargVarMove
__vbaVargVarRef
__vbaVerifyVarObj
__vbaWriteFile
_adj_fdiv_m16i
_adj_fdiv_m32
_adj_fdiv_m32i
_adj_fdiv_m64
_adj_fdiv_r
_adj_fdivr_m16i
_adj_fdivr_m32
_adj_fdivr_m32i
_adj_fdivr_m64
_adj_fpatan
_adj_fprem
_adj_fprem1
_adj_fptan
_allmul
rtBoolFromErrVar
rtBstrFromErrVar
rtCyFromErrVar
rtDecFromVar
rtI2FromErrVar
rtI4FromErrVar
rtR4FromErrVar
rtR8FromErrVar
rtUI1FromErrVar
rtcAbsVar
rtcAnsiValueBstr
rtcAppActivate
rtcAppleScript
rtcArray
rtcAtn
rtcBeep
rtcBstrFromAnsi
rtcBstrFromByte
rtcBstrFromChar
rtcBstrFromError
rtcBstrFromFormatVar
rtcByteValueBstr
rtcCVErrFromVar
rtcCallByName
rtcChangeDir
rtcChangeDrive
rtcCharValueBstr
rtcChoose
rtcCommandBstr
rtcCommandVar
rtcCompareBstr
rtcCos
rtcCreateObject
rtcCreateObject2
rtcCurrentDir
rtcCurrentDirBstr
rtcDDB
rtcDateAdd
rtcDateDiff
rtcDateFromVar
rtcDatePart
rtcDeleteSetting
rtcDir
rtcDoEvents
rtcEndOfFile
rtcEnvironBstr
rtcEnvironVar
rtcErrObj
rtcExp
rtcFV
rtcFileAttributes
rtcFileCopy
rtcFileDateTime
rtcFileLen
rtcFileLength
rtcFileLocation
rtcFileReset
rtcFileSeek
rtcFileWidth
rtcFilter
rtcFixVar
rtcFormatCurrency
rtcFormatDateTime

Sections

.text
Size: 488KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 176KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

Imports

kernel32

Sections

.text Size: 606KB - Virtual size: 4.8MB

.rsrc Size: 8KB - Virtual size: 8KB

b2f9281b136d5e87cb83cabdba85dc84

Headers

File Characteristics

Imports

msvbvm60

Exports

Exports

Sections

.text Size: 3.6MB - Virtual size: 3.6MB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 328KB - Virtual size: 325KB

42cfa6142c38112bdaffa05fb22db82e

Headers

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

version

advapi32

rpcrt4

Exports

Exports

Sections

.text Size: 569KB - Virtual size: 568KB

.data Size: 13KB - Virtual size: 18KB

.rsrc Size: 1024B - Virtual size: 1000B

.reloc Size: 40KB - Virtual size: 40KB

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 488KB - Virtual size: 1.3MB

.rsrc Size: 176KB - Virtual size: 180KB

.reloc Size: 512B - Virtual size: 4KB

.text
Size: 606KB - Virtual size: 4.8MB

.rsrc
Size: 8KB - Virtual size: 8KB

.text
Size: 3.6MB - Virtual size: 3.6MB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 328KB - Virtual size: 325KB

.text
Size: 569KB - Virtual size: 568KB

.data
Size: 13KB - Virtual size: 18KB

.rsrc
Size: 1024B - Virtual size: 1000B

.reloc
Size: 40KB - Virtual size: 40KB

.text
Size: 488KB - Virtual size: 1.3MB

.rsrc
Size: 176KB - Virtual size: 180KB

.reloc
Size: 512B - Virtual size: 4KB