Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [*] MalFamily: ""
- [*] MalScore: 3.0
- [*] File Name: "Exes_9c65361abadc326a285a0dc8f3a66279.exe"
- [*] File Size: 638976
- [*] File Type: "PE32 executable (GUI) Intel 80386, for MS Windows"
- [*] SHA256: "49e2e88932d2cbe0d4649922e64e0a3bc053d9bceef42017fdc46d44abd211d9"
- [*] MD5: "9c65361abadc326a285a0dc8f3a66279"
- [*] SHA1: "11229221946d83ac3a7e93ebc3402454c8598061"
- [*] SHA512: "0712e859f8822f5cc8d483e3d4bf569c42ef42ef1a3af43dbbb05a4a759d3c9a4df999bdba6eef60f421cc0b44018364860724c53fb4e7c05103024abfc488bd"
- [*] CRC32: "F966556B"
- [*] SSDEEP: "12288:a2Yx55YZvZ5YZvZ5YZvZ5YmehOYmehOYmehOYmehOYmehOYmexI++YRYJI++YRYT:OqfPMRgh1nZy/zqR"
- [*] Process Execution: []
- [*] Signatures Detected: [
- {
- "Description": "File has been identified by 8 Antiviruses on VirusTotal as malicious",
- "Details": [
- {
- "FireEye": "Generic.mg.9c65361abadc326a"
- },
- {
- "McAfee": "Fareit-FPH!9C65361ABADC"
- },
- {
- "APEX": "Malicious"
- },
- {
- "Invincea": "heuristic"
- },
- {
- "McAfee-GW-Edition": "BehavesLike.Win32.VBObfus.jm"
- },
- {
- "Microsoft": "Trojan:Win32/Wacatac.B!ml"
- },
- {
- "Cybereason": "malicious.1946d8"
- },
- {
- "CrowdStrike": "win/malicious_confidence_70% (D)"
- }
- ]
- }
- ]
- [*] Started Service: []
- [*] Executed Commands: []
- [*] Mutexes: []
- [*] Modified Files: []
- [*] Deleted Files: []
- [*] Modified Registry Keys: []
- [*] Deleted Registry Keys: []
- [*] DNS Communications: []
- [*] Domains: []
- [*] Network Communication - ICMP: []
- [*] Network Communication - HTTP: []
- [*] Network Communication - SMTP: []
- [*] Network Communication - Hosts: []
- [*] Network Communication - IRC: []
- [*] Static Analysis: {
- "pe": {
- "peid_signatures": null,
- "imports": [
- {
- "imports": [
- {
- "name": null,
- "address": "0x401000"
- },
- {
- "name": null,
- "address": "0x401004"
- },
- {
- "name": null,
- "address": "0x401008"
- },
- {
- "name": "MethCallEngine",
- "address": "0x40100c"
- },
- {
- "name": null,
- "address": "0x401010"
- },
- {
- "name": null,
- "address": "0x401014"
- },
- {
- "name": null,
- "address": "0x401018"
- },
- {
- "name": null,
- "address": "0x40101c"
- },
- {
- "name": null,
- "address": "0x401020"
- },
- {
- "name": null,
- "address": "0x401024"
- },
- {
- "name": null,
- "address": "0x401028"
- },
- {
- "name": null,
- "address": "0x40102c"
- },
- {
- "name": null,
- "address": "0x401030"
- },
- {
- "name": null,
- "address": "0x401034"
- },
- {
- "name": null,
- "address": "0x401038"
- },
- {
- "name": null,
- "address": "0x40103c"
- },
- {
- "name": null,
- "address": "0x401040"
- },
- {
- "name": "EVENT_SINK_AddRef",
- "address": "0x401044"
- },
- {
- "name": null,
- "address": "0x401048"
- },
- {
- "name": null,
- "address": "0x40104c"
- },
- {
- "name": null,
- "address": "0x401050"
- },
- {
- "name": "EVENT_SINK_Release",
- "address": "0x401054"
- },
- {
- "name": null,
- "address": "0x401058"
- },
- {
- "name": "EVENT_SINK_QueryInterface",
- "address": "0x40105c"
- },
- {
- "name": "__vbaExceptHandler",
- "address": "0x401060"
- },
- {
- "name": null,
- "address": "0x401064"
- },
- {
- "name": null,
- "address": "0x401068"
- },
- {
- "name": null,
- "address": "0x40106c"
- },
- {
- "name": null,
- "address": "0x401070"
- },
- {
- "name": null,
- "address": "0x401074"
- },
- {
- "name": null,
- "address": "0x401078"
- },
- {
- "name": null,
- "address": "0x40107c"
- },
- {
- "name": null,
- "address": "0x401080"
- },
- {
- "name": null,
- "address": "0x401084"
- },
- {
- "name": null,
- "address": "0x401088"
- },
- {
- "name": null,
- "address": "0x40108c"
- },
- {
- "name": null,
- "address": "0x401090"
- },
- {
- "name": null,
- "address": "0x401094"
- },
- {
- "name": null,
- "address": "0x401098"
- },
- {
- "name": null,
- "address": "0x40109c"
- },
- {
- "name": null,
- "address": "0x4010a0"
- },
- {
- "name": null,
- "address": "0x4010a4"
- }
- ],
- "dll": "MSVBVM60.DLL"
- }
- ],
- "digital_signers": null,
- "exported_dll_name": null,
- "actual_checksum": "0x000a25ed",
- "overlay": null,
- "imagebase": "0x00400000",
- "reported_checksum": "0x000a25ed",
- "icon_hash": null,
- "entrypoint": "0x004011ac",
- "timestamp": "2007-06-17 13:22:49",
- "osversion": "4.0",
- "sections": [
- {
- "name": ".text",
- "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00001000",
- "size_of_data": "0x00093000",
- "entropy": "5.90",
- "raw_address": "0x00001000",
- "virtual_size": "0x000928b4",
- "characteristics_raw": "0x60000020"
- },
- {
- "name": ".data",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x00094000",
- "size_of_data": "0x00000000",
- "entropy": "0.00",
- "raw_address": "0x00000000",
- "virtual_size": "0x00004558",
- "characteristics_raw": "0xc0000040"
- },
- {
- "name": ".rsrc",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00099000",
- "size_of_data": "0x00008000",
- "entropy": "4.49",
- "raw_address": "0x00094000",
- "virtual_size": "0x000072ec",
- "characteristics_raw": "0x40000040"
- }
- ],
- "resources": [],
- "dirents": [
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00093764",
- "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
- "size": "0x00000028"
- },
- {
- "virtual_address": "0x00099000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
- "size": "0x000072ec"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_TLS",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000220",
- "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
- "size": "0x00000020"
- },
- {
- "virtual_address": "0x00001000",
- "name": "IMAGE_DIRECTORY_ENTRY_IAT",
- "size": "0x000000ac"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
- "size": "0x00000000"
- }
- ],
- "exports": [],
- "guest_signers": {},
- "imphash": "2bd819ed45f6d184d7331821bbd5e0c7",
- "icon_fuzzy": null,
- "icon": null,
- "pdbpath": null,
- "imported_dll_count": 1,
- "versioninfo": []
- }
- }
- [*] Resolved APIs: []
- [*] Static Analysis: {
- "pe": {
- "peid_signatures": null,
- "imports": [
- {
- "imports": [
- {
- "name": null,
- "address": "0x401000"
- },
- {
- "name": null,
- "address": "0x401004"
- },
- {
- "name": null,
- "address": "0x401008"
- },
- {
- "name": "MethCallEngine",
- "address": "0x40100c"
- },
- {
- "name": null,
- "address": "0x401010"
- },
- {
- "name": null,
- "address": "0x401014"
- },
- {
- "name": null,
- "address": "0x401018"
- },
- {
- "name": null,
- "address": "0x40101c"
- },
- {
- "name": null,
- "address": "0x401020"
- },
- {
- "name": null,
- "address": "0x401024"
- },
- {
- "name": null,
- "address": "0x401028"
- },
- {
- "name": null,
- "address": "0x40102c"
- },
- {
- "name": null,
- "address": "0x401030"
- },
- {
- "name": null,
- "address": "0x401034"
- },
- {
- "name": null,
- "address": "0x401038"
- },
- {
- "name": null,
- "address": "0x40103c"
- },
- {
- "name": null,
- "address": "0x401040"
- },
- {
- "name": "EVENT_SINK_AddRef",
- "address": "0x401044"
- },
- {
- "name": null,
- "address": "0x401048"
- },
- {
- "name": null,
- "address": "0x40104c"
- },
- {
- "name": null,
- "address": "0x401050"
- },
- {
- "name": "EVENT_SINK_Release",
- "address": "0x401054"
- },
- {
- "name": null,
- "address": "0x401058"
- },
- {
- "name": "EVENT_SINK_QueryInterface",
- "address": "0x40105c"
- },
- {
- "name": "__vbaExceptHandler",
- "address": "0x401060"
- },
- {
- "name": null,
- "address": "0x401064"
- },
- {
- "name": null,
- "address": "0x401068"
- },
- {
- "name": null,
- "address": "0x40106c"
- },
- {
- "name": null,
- "address": "0x401070"
- },
- {
- "name": null,
- "address": "0x401074"
- },
- {
- "name": null,
- "address": "0x401078"
- },
- {
- "name": null,
- "address": "0x40107c"
- },
- {
- "name": null,
- "address": "0x401080"
- },
- {
- "name": null,
- "address": "0x401084"
- },
- {
- "name": null,
- "address": "0x401088"
- },
- {
- "name": null,
- "address": "0x40108c"
- },
- {
- "name": null,
- "address": "0x401090"
- },
- {
- "name": null,
- "address": "0x401094"
- },
- {
- "name": null,
- "address": "0x401098"
- },
- {
- "name": null,
- "address": "0x40109c"
- },
- {
- "name": null,
- "address": "0x4010a0"
- },
- {
- "name": null,
- "address": "0x4010a4"
- }
- ],
- "dll": "MSVBVM60.DLL"
- }
- ],
- "digital_signers": null,
- "exported_dll_name": null,
- "actual_checksum": "0x000a25ed",
- "overlay": null,
- "imagebase": "0x00400000",
- "reported_checksum": "0x000a25ed",
- "icon_hash": null,
- "entrypoint": "0x004011ac",
- "timestamp": "2007-06-17 13:22:49",
- "osversion": "4.0",
- "sections": [
- {
- "name": ".text",
- "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00001000",
- "size_of_data": "0x00093000",
- "entropy": "5.90",
- "raw_address": "0x00001000",
- "virtual_size": "0x000928b4",
- "characteristics_raw": "0x60000020"
- },
- {
- "name": ".data",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x00094000",
- "size_of_data": "0x00000000",
- "entropy": "0.00",
- "raw_address": "0x00000000",
- "virtual_size": "0x00004558",
- "characteristics_raw": "0xc0000040"
- },
- {
- "name": ".rsrc",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00099000",
- "size_of_data": "0x00008000",
- "entropy": "4.49",
- "raw_address": "0x00094000",
- "virtual_size": "0x000072ec",
- "characteristics_raw": "0x40000040"
- }
- ],
- "resources": [],
- "dirents": [
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00093764",
- "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
- "size": "0x00000028"
- },
- {
- "virtual_address": "0x00099000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
- "size": "0x000072ec"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_TLS",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000220",
- "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
- "size": "0x00000020"
- },
- {
- "virtual_address": "0x00001000",
- "name": "IMAGE_DIRECTORY_ENTRY_IAT",
- "size": "0x000000ac"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
- "size": "0x00000000"
- }
- ],
- "exports": [],
- "guest_signers": {},
- "imphash": "2bd819ed45f6d184d7331821bbd5e0c7",
- "icon_fuzzy": null,
- "icon": null,
- "pdbpath": null,
- "imported_dll_count": 1,
- "versioninfo": []
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement