Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [*] MalFamily: "Androm"
- [*] MalScore: 10.0
- [*] File Name: "Exes_117493f7c493ed91c5c6d38a8d4869f9.exe"
- [*] File Size: 1520392
- [*] File Type: "PE32 executable (GUI) Intel 80386, for MS Windows"
- [*] SHA256: "5c4fa4eeac85fa15c0037c7d8d91257d26e1048535b2943e68519278abf02472"
- [*] MD5: "117493f7c493ed91c5c6d38a8d4869f9"
- [*] SHA1: "7a0ee7ddaa954731aaac2bca2015e71163d1766d"
- [*] SHA512: "e48ea6019d6c05b300000434489707fdb6633cc13491bafa741839f2437e7e6aac9084588c91a1174873e446a4bf9e51b725fd362658cb929be4b915c619a41b"
- [*] CRC32: "3B2BEF8A"
- [*] SSDEEP: "6144:MMyOMNGbntdQ45lHXRX4bCfCy1S8JZCnipYzvKuDqNx:MM0SdQ4b3ZHxY8JZCnipgi"
- [*] Process Execution: [
- "Exes_117493f7c493ed91c5c6d38a8d4869f9.exe"
- ]
- [*] Signatures Detected: [
- {
- "Description": "Creates RWX memory",
- "Details": []
- },
- {
- "Description": "Performs some HTTP requests",
- "Details": [
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D"
- }
- ]
- },
- {
- "Description": "Attempts to repeatedly call a single API many times in order to delay analysis time",
- "Details": [
- {
- "Spam": "Exes_117493f7c493ed91c5c6d38a8d4869f9.exe (2620) called API CreateProcessInternalW 41249 times"
- },
- {
- "Spam": "Exes_117493f7c493ed91c5c6d38a8d4869f9.exe (2620) called API GetLocalTime 86884 times"
- }
- ]
- },
- {
- "Description": "File has been identified by 47 Antiviruses on VirusTotal as malicious",
- "Details": [
- {
- "MicroWorld-eScan": "Trojan.GenericKD.32049838"
- },
- {
- "FireEye": "Trojan.GenericKD.32049838"
- },
- {
- "ALYac": "Trojan.GenericKD.32049838"
- },
- {
- "Cylance": "Unsafe"
- },
- {
- "BitDefender": "Trojan.GenericKD.32049838"
- },
- {
- "K7GW": "Trojan ( 0054fe4d1 )"
- },
- {
- "K7AntiVirus": "Trojan ( 0054fe4d1 )"
- },
- {
- "TrendMicro": "TROJ_GEN.R002C0RFB19"
- },
- {
- "Cyren": "W32/Trojan.ENLV-3738"
- },
- {
- "Symantec": "Trojan.Gen.MBT"
- },
- {
- "ClamAV": "Win.Trojan.Gamarue-6990922-0"
- },
- {
- "Kaspersky": "Backdoor.Win32.Androm.snjk"
- },
- {
- "Alibaba": "Trojan:Win32/GenKryptik.978db827"
- },
- {
- "NANO-Antivirus": "Trojan.Win32.Androm.fremrk"
- },
- {
- "ViRobot": "Backdoor.Win32.Androm.1520392"
- },
- {
- "AegisLab": "Trojan.Win32.Androm.4!c"
- },
- {
- "Rising": "Backdoor.Androm!8.113 (CLOUD)"
- },
- {
- "Ad-Aware": "Trojan.GenericKD.32049838"
- },
- {
- "Emsisoft": "Trojan.GenericKD.32049838 (B)"
- },
- {
- "Comodo": "Malware@#1ztfyalqgbe9r"
- },
- {
- "F-Secure": "Trojan.TR/AD.LokiBot.jfu"
- },
- {
- "DrWeb": "Trojan.PWS.Siggen2.17664"
- },
- {
- "McAfee-GW-Edition": "BehavesLike.Win32.Generic.tz"
- },
- {
- "Fortinet": "W32/Injector.EFXI!tr"
- },
- {
- "Sophos": "Mal/FareitVB-N"
- },
- {
- "Ikarus": "Trojan.Win32.Injector"
- },
- {
- "Endgame": "malicious (high confidence)"
- },
- {
- "Avira": "TR/AD.LokiBot.jfu"
- },
- {
- "MAX": "malware (ai score=100)"
- },
- {
- "Arcabit": "Trojan.Generic.D1E90AAE"
- },
- {
- "AhnLab-V3": "Trojan/Win32.Androm.C3288402"
- },
- {
- "ZoneAlarm": "Backdoor.Win32.Androm.snjk"
- },
- {
- "Microsoft": "Program:Win32/Uwamson.A!ml"
- },
- {
- "ESET-NOD32": "a variant of Win32/Injector.EFXU"
- },
- {
- "McAfee": "Artemis!117493F7C493"
- },
- {
- "VBA32": "TScope.Trojan.VB"
- },
- {
- "Panda": "Trj/GdSda.A"
- },
- {
- "TrendMicro-HouseCall": "TROJ_GEN.R002C0RFB19"
- },
- {
- "Tencent": "Win32.Backdoor.Lokibot.Auto"
- },
- {
- "Yandex": "Backdoor.Androm!b88DcGt0x/w"
- },
- {
- "eGambit": "PE.Heur.InvalidSig"
- },
- {
- "GData": "Trojan.GenericKD.32049838"
- },
- {
- "AVG": "Win32:Malware-gen"
- },
- {
- "Cybereason": "malicious.7c493e"
- },
- {
- "Avast": "Win32:Malware-gen"
- },
- {
- "CrowdStrike": "win/malicious_confidence_70% (W)"
- },
- {
- "Qihoo-360": "Win32/Backdoor.25c"
- }
- ]
- }
- ]
- [*] Started Service: []
- [*] Executed Commands: [
- "\\x01C:\\Users\\user\\AppData\\Local\\Temp\\Exes_117493f7c493ed91c5c6d38a8d4869f9.exe\""
- ]
- [*] Mutexes: [
- "CicLoadWinStaWinSta0",
- "Local\\MSCTF.CtfMonitorInstMutexDefault1"
- ]
- [*] Modified Files: [
- "C:\\Users\\user\\AppData\\Local\\Temp\\~DF12E7CEE597FE2ADB.TMP"
- ]
- [*] Deleted Files: []
- [*] Modified Registry Keys: []
- [*] Deleted Registry Keys: []
- [*] DNS Communications: []
- [*] Domains: []
- [*] Network Communication - ICMP: []
- [*] Network Communication - HTTP: [
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D HTTP/1.1\r\nCache-Control: max-age = 150849\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 10:50:30 GMT\r\nIf-None-Match: \"5ced1276-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D HTTP/1.1\r\nCache-Control: max-age = 135176\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 05:30:18 GMT\r\nIf-None-Match: \"5cecc76a-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D HTTP/1.1\r\nCache-Control: max-age = 168744\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 15:00:08 GMT\r\nIf-None-Match: \"5ced4cf8-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- }
- ]
- [*] Network Communication - SMTP: []
- [*] Network Communication - Hosts: []
- [*] Network Communication - IRC: []
- [*] Static Analysis: {
- "pe": {
- "peid_signatures": null,
- "imports": [
- {
- "imports": [
- {
- "name": null,
- "address": "0x401000"
- },
- {
- "name": "_CIcos",
- "address": "0x401004"
- },
- {
- "name": "_adj_fptan",
- "address": "0x401008"
- },
- {
- "name": "__vbaVarMove",
- "address": "0x40100c"
- },
- {
- "name": "__vbaStrI4",
- "address": "0x401010"
- },
- {
- "name": null,
- "address": "0x401014"
- },
- {
- "name": "__vbaFreeVar",
- "address": "0x401018"
- },
- {
- "name": null,
- "address": "0x40101c"
- },
- {
- "name": "__vbaStrVarMove",
- "address": "0x401020"
- },
- {
- "name": "__vbaFreeVarList",
- "address": "0x401024"
- },
- {
- "name": "_adj_fdiv_m64",
- "address": "0x401028"
- },
- {
- "name": null,
- "address": "0x40102c"
- },
- {
- "name": "__vbaFpCDblR8",
- "address": "0x401030"
- },
- {
- "name": "__vbaStrErrVarCopy",
- "address": "0x401034"
- },
- {
- "name": "_adj_fprem1",
- "address": "0x401038"
- },
- {
- "name": null,
- "address": "0x40103c"
- },
- {
- "name": "__vbaStrCat",
- "address": "0x401040"
- },
- {
- "name": "__vbaSetSystemError",
- "address": "0x401044"
- },
- {
- "name": "__vbaHresultCheckObj",
- "address": "0x401048"
- },
- {
- "name": "_adj_fdiv_m32",
- "address": "0x40104c"
- },
- {
- "name": null,
- "address": "0x401050"
- },
- {
- "name": "__vbaAryDestruct",
- "address": "0x401054"
- },
- {
- "name": null,
- "address": "0x401058"
- },
- {
- "name": null,
- "address": "0x40105c"
- },
- {
- "name": "__vbaObjSet",
- "address": "0x401060"
- },
- {
- "name": "_adj_fdiv_m16i",
- "address": "0x401064"
- },
- {
- "name": "__vbaObjSetAddref",
- "address": "0x401068"
- },
- {
- "name": "_adj_fdivr_m16i",
- "address": "0x40106c"
- },
- {
- "name": null,
- "address": "0x401070"
- },
- {
- "name": "_CIsin",
- "address": "0x401074"
- },
- {
- "name": null,
- "address": "0x401078"
- },
- {
- "name": null,
- "address": "0x40107c"
- },
- {
- "name": "__vbaChkstk",
- "address": "0x401080"
- },
- {
- "name": "__vbaFileClose",
- "address": "0x401084"
- },
- {
- "name": null,
- "address": "0x401088"
- },
- {
- "name": "EVENT_SINK_AddRef",
- "address": "0x40108c"
- },
- {
- "name": null,
- "address": "0x401090"
- },
- {
- "name": "__vbaVarTstEq",
- "address": "0x401094"
- },
- {
- "name": null,
- "address": "0x401098"
- },
- {
- "name": "DllFunctionCall",
- "address": "0x40109c"
- },
- {
- "name": null,
- "address": "0x4010a0"
- },
- {
- "name": "_adj_fpatan",
- "address": "0x4010a4"
- },
- {
- "name": "__vbaLateIdCallLd",
- "address": "0x4010a8"
- },
- {
- "name": "__vbaRedim",
- "address": "0x4010ac"
- },
- {
- "name": null,
- "address": "0x4010b0"
- },
- {
- "name": "EVENT_SINK_Release",
- "address": "0x4010b4"
- },
- {
- "name": "_CIsqrt",
- "address": "0x4010b8"
- },
- {
- "name": "EVENT_SINK_QueryInterface",
- "address": "0x4010bc"
- },
- {
- "name": "__vbaUI1I4",
- "address": "0x4010c0"
- },
- {
- "name": "__vbaExceptHandler",
- "address": "0x4010c4"
- },
- {
- "name": "__vbaStrToUnicode",
- "address": "0x4010c8"
- },
- {
- "name": null,
- "address": "0x4010cc"
- },
- {
- "name": "_adj_fprem",
- "address": "0x4010d0"
- },
- {
- "name": "_adj_fdivr_m64",
- "address": "0x4010d4"
- },
- {
- "name": null,
- "address": "0x4010d8"
- },
- {
- "name": null,
- "address": "0x4010dc"
- },
- {
- "name": null,
- "address": "0x4010e0"
- },
- {
- "name": "__vbaFPException",
- "address": "0x4010e4"
- },
- {
- "name": "__vbaInStrVar",
- "address": "0x4010e8"
- },
- {
- "name": "__vbaStrVarVal",
- "address": "0x4010ec"
- },
- {
- "name": "__vbaVarCat",
- "address": "0x4010f0"
- },
- {
- "name": "__vbaI2Var",
- "address": "0x4010f4"
- },
- {
- "name": null,
- "address": "0x4010f8"
- },
- {
- "name": "_CIlog",
- "address": "0x4010fc"
- },
- {
- "name": null,
- "address": "0x401100"
- },
- {
- "name": "__vbaErrorOverflow",
- "address": "0x401104"
- },
- {
- "name": "__vbaFileOpen",
- "address": "0x401108"
- },
- {
- "name": null,
- "address": "0x40110c"
- },
- {
- "name": "__vbaNew2",
- "address": "0x401110"
- },
- {
- "name": "__vbaInStr",
- "address": "0x401114"
- },
- {
- "name": "_adj_fdiv_m32i",
- "address": "0x401118"
- },
- {
- "name": "_adj_fdivr_m32i",
- "address": "0x40111c"
- },
- {
- "name": "__vbaStrCopy",
- "address": "0x401120"
- },
- {
- "name": "__vbaFreeStrList",
- "address": "0x401124"
- },
- {
- "name": "__vbaDerefAry1",
- "address": "0x401128"
- },
- {
- "name": "_adj_fdivr_m32",
- "address": "0x40112c"
- },
- {
- "name": "_adj_fdiv_r",
- "address": "0x401130"
- },
- {
- "name": null,
- "address": "0x401134"
- },
- {
- "name": "__vbaI4Var",
- "address": "0x401138"
- },
- {
- "name": "__vbaInStrB",
- "address": "0x40113c"
- },
- {
- "name": "__vbaStrToAnsi",
- "address": "0x401140"
- },
- {
- "name": "__vbaStrComp",
- "address": "0x401144"
- },
- {
- "name": "__vbaVarDup",
- "address": "0x401148"
- },
- {
- "name": null,
- "address": "0x40114c"
- },
- {
- "name": "__vbaFpI4",
- "address": "0x401150"
- },
- {
- "name": "__vbaR8IntI2",
- "address": "0x401154"
- },
- {
- "name": null,
- "address": "0x401158"
- },
- {
- "name": "_CIatan",
- "address": "0x40115c"
- },
- {
- "name": "__vbaStrMove",
- "address": "0x401160"
- },
- {
- "name": "__vbaCastObj",
- "address": "0x401164"
- },
- {
- "name": null,
- "address": "0x401168"
- },
- {
- "name": "__vbaR8IntI4",
- "address": "0x40116c"
- },
- {
- "name": null,
- "address": "0x401170"
- },
- {
- "name": "_allmul",
- "address": "0x401174"
- },
- {
- "name": null,
- "address": "0x401178"
- },
- {
- "name": "_CItan",
- "address": "0x40117c"
- },
- {
- "name": null,
- "address": "0x401180"
- },
- {
- "name": "_CIexp",
- "address": "0x401184"
- },
- {
- "name": "__vbaFreeStr",
- "address": "0x401188"
- },
- {
- "name": "__vbaFreeObj",
- "address": "0x40118c"
- },
- {
- "name": null,
- "address": "0x401190"
- }
- ],
- "dll": "MSVBVM60.DLL"
- }
- ],
- "digital_signers": null,
- "exported_dll_name": null,
- "actual_checksum": "0x0017e089",
- "overlay": {
- "size": "0x00003308",
- "offset": "0x00170000"
- },
- "imagebase": "0x00400000",
- "reported_checksum": "0x0017e089",
- "icon_hash": null,
- "entrypoint": "0x004014a0",
- "timestamp": "2011-06-23 15:54:43",
- "osversion": "4.0",
- "sections": [
- {
- "name": ".text",
- "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00001000",
- "size_of_data": "0x00112000",
- "entropy": "2.18",
- "raw_address": "0x00001000",
- "virtual_size": "0x001113b4",
- "characteristics_raw": "0x60000020"
- },
- {
- "name": ".data",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x00113000",
- "size_of_data": "0x00001000",
- "entropy": "0.00",
- "raw_address": "0x00113000",
- "virtual_size": "0x00000af0",
- "characteristics_raw": "0xc0000040"
- },
- {
- "name": ".rsrc",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00114000",
- "size_of_data": "0x0005c000",
- "entropy": "3.07",
- "raw_address": "0x00114000",
- "virtual_size": "0x0005b454",
- "characteristics_raw": "0x40000040"
- }
- ],
- "resources": [],
- "dirents": [
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00111d74",
- "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
- "size": "0x00000028"
- },
- {
- "virtual_address": "0x00114000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
- "size": "0x0005b454"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00170000",
- "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
- "size": "0x00003308"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_TLS",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000228",
- "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
- "size": "0x00000020"
- },
- {
- "virtual_address": "0x00001000",
- "name": "IMAGE_DIRECTORY_ENTRY_IAT",
- "size": "0x00000198"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
- "size": "0x00000000"
- }
- ],
- "exports": [],
- "guest_signers": {},
- "imphash": "1acc01f76ba06591846488c6407d280b",
- "icon_fuzzy": null,
- "icon": null,
- "pdbpath": null,
- "imported_dll_count": 1,
- "versioninfo": []
- }
- }
- [*] Resolved APIs: [
- "cryptbase.dll.SystemFunction036",
- "uxtheme.dll.ThemeInitApiHook",
- "user32.dll.IsProcessDPIAware",
- "oleaut32.dll.OleLoadPictureEx",
- "oleaut32.dll.DispCallFunc",
- "oleaut32.dll.LoadTypeLibEx",
- "oleaut32.dll.UnRegisterTypeLib",
- "oleaut32.dll.CreateTypeLib2",
- "oleaut32.dll.VarDateFromUdate",
- "oleaut32.dll.VarUdateFromDate",
- "oleaut32.dll.GetAltMonthNames",
- "oleaut32.dll.VarNumFromParseNum",
- "oleaut32.dll.VarParseNumFromStr",
- "oleaut32.dll.VarDecFromR4",
- "oleaut32.dll.VarDecFromR8",
- "oleaut32.dll.VarDecFromDate",
- "oleaut32.dll.VarDecFromI4",
- "oleaut32.dll.VarDecFromCy",
- "oleaut32.dll.VarR4FromDec",
- "oleaut32.dll.GetRecordInfoFromTypeInfo",
- "oleaut32.dll.GetRecordInfoFromGuids",
- "oleaut32.dll.SafeArrayGetRecordInfo",
- "oleaut32.dll.SafeArraySetRecordInfo",
- "oleaut32.dll.SafeArrayGetIID",
- "oleaut32.dll.SafeArraySetIID",
- "oleaut32.dll.SafeArrayCopyData",
- "oleaut32.dll.SafeArrayAllocDescriptorEx",
- "oleaut32.dll.SafeArrayCreateEx",
- "oleaut32.dll.VarFormat",
- "oleaut32.dll.VarFormatDateTime",
- "oleaut32.dll.VarFormatNumber",
- "oleaut32.dll.VarFormatPercent",
- "oleaut32.dll.VarFormatCurrency",
- "oleaut32.dll.VarWeekdayName",
- "oleaut32.dll.VarMonthName",
- "oleaut32.dll.VarAdd",
- "oleaut32.dll.VarAnd",
- "oleaut32.dll.VarCat",
- "oleaut32.dll.VarDiv",
- "oleaut32.dll.VarEqv",
- "oleaut32.dll.VarIdiv",
- "oleaut32.dll.VarImp",
- "oleaut32.dll.VarMod",
- "oleaut32.dll.VarMul",
- "oleaut32.dll.VarOr",
- "oleaut32.dll.VarPow",
- "oleaut32.dll.VarSub",
- "oleaut32.dll.VarXor",
- "oleaut32.dll.VarAbs",
- "oleaut32.dll.VarFix",
- "oleaut32.dll.VarInt",
- "oleaut32.dll.VarNeg",
- "oleaut32.dll.VarNot",
- "oleaut32.dll.VarRound",
- "oleaut32.dll.VarCmp",
- "oleaut32.dll.VarDecAdd",
- "oleaut32.dll.VarDecCmp",
- "oleaut32.dll.VarBstrCat",
- "oleaut32.dll.VarCyMulI4",
- "oleaut32.dll.VarBstrCmp",
- "ole32.dll.CoCreateInstanceEx",
- "ole32.dll.CLSIDFromProgIDEx",
- "sxs.dll.SxsOleAut32MapIIDOrCLSIDToTypeLibrary",
- "user32.dll.GetSystemMetrics",
- "user32.dll.MonitorFromWindow",
- "user32.dll.MonitorFromRect",
- "user32.dll.MonitorFromPoint",
- "user32.dll.EnumDisplayMonitors",
- "user32.dll.GetMonitorInfoA",
- "cryptsp.dll.CryptAcquireContextW",
- "cryptsp.dll.CryptGenRandom",
- "dwmapi.dll.DwmIsCompositionEnabled",
- "gdi32.dll.GetLayout",
- "gdi32.dll.GdiRealizationInfo",
- "gdi32.dll.FontIsLinked",
- "advapi32.dll.RegOpenKeyExW",
- "advapi32.dll.RegQueryInfoKeyW",
- "gdi32.dll.GetTextFaceAliasW",
- "advapi32.dll.RegEnumValueW",
- "advapi32.dll.RegCloseKey",
- "advapi32.dll.RegQueryValueExW",
- "gdi32.dll.GetFontAssocStatus",
- "advapi32.dll.RegQueryValueExA",
- "advapi32.dll.RegEnumKeyExW",
- "gdi32.dll.GdiIsMetaPrintDC",
- "ole32.dll.CoInitializeEx",
- "ole32.dll.CoUninitialize",
- "ole32.dll.CoRegisterInitializeSpy",
- "ole32.dll.CoRevokeInitializeSpy",
- "gdi32.dll.GetTextExtentExPointWPri",
- "kernel32.dll.NlsGetCacheUpdateCount",
- "kernel32.dll.GetCalendarInfoW",
- "kernel32.dll.RtlMoveMemory",
- "user32.dll.EnumDesktopsW",
- "kernel32.dll.GetTickCount",
- "kernel32.dll.Sleep",
- "user32.dll.GetCursorPos",
- "user32.dll.EnumWindows",
- "kernel32.dll.SetErrorMode",
- "kernel32.dll.SetLastError",
- "kernel32.dll.VirtualAllocEx",
- "kernel32.dll.CloseHandle",
- "shell32.dll.ShellExecuteW",
- "kernel32.dll.WriteFile",
- "kernel32.dll.UnmapViewOfFile",
- "kernel32.dll.CreateFileW",
- "kernel32.dll.TerminateProcess",
- "kernel32.dll.VirtualProtectEx",
- "kernel32.dll.CreateProcessInternalW",
- "kernel32.dll.GetTempPathW",
- "kernel32.dll.GetLongPathNameW",
- "kernel32.dll.GetFileSize",
- "kernel32.dll.ReadFile",
- "ntdll.dll.NtProtectVirtualMemory",
- "kernel32.dll.GetCommandLineW"
- ]
- [*] Static Analysis: {
- "pe": {
- "peid_signatures": null,
- "imports": [
- {
- "imports": [
- {
- "name": null,
- "address": "0x401000"
- },
- {
- "name": "_CIcos",
- "address": "0x401004"
- },
- {
- "name": "_adj_fptan",
- "address": "0x401008"
- },
- {
- "name": "__vbaVarMove",
- "address": "0x40100c"
- },
- {
- "name": "__vbaStrI4",
- "address": "0x401010"
- },
- {
- "name": null,
- "address": "0x401014"
- },
- {
- "name": "__vbaFreeVar",
- "address": "0x401018"
- },
- {
- "name": null,
- "address": "0x40101c"
- },
- {
- "name": "__vbaStrVarMove",
- "address": "0x401020"
- },
- {
- "name": "__vbaFreeVarList",
- "address": "0x401024"
- },
- {
- "name": "_adj_fdiv_m64",
- "address": "0x401028"
- },
- {
- "name": null,
- "address": "0x40102c"
- },
- {
- "name": "__vbaFpCDblR8",
- "address": "0x401030"
- },
- {
- "name": "__vbaStrErrVarCopy",
- "address": "0x401034"
- },
- {
- "name": "_adj_fprem1",
- "address": "0x401038"
- },
- {
- "name": null,
- "address": "0x40103c"
- },
- {
- "name": "__vbaStrCat",
- "address": "0x401040"
- },
- {
- "name": "__vbaSetSystemError",
- "address": "0x401044"
- },
- {
- "name": "__vbaHresultCheckObj",
- "address": "0x401048"
- },
- {
- "name": "_adj_fdiv_m32",
- "address": "0x40104c"
- },
- {
- "name": null,
- "address": "0x401050"
- },
- {
- "name": "__vbaAryDestruct",
- "address": "0x401054"
- },
- {
- "name": null,
- "address": "0x401058"
- },
- {
- "name": null,
- "address": "0x40105c"
- },
- {
- "name": "__vbaObjSet",
- "address": "0x401060"
- },
- {
- "name": "_adj_fdiv_m16i",
- "address": "0x401064"
- },
- {
- "name": "__vbaObjSetAddref",
- "address": "0x401068"
- },
- {
- "name": "_adj_fdivr_m16i",
- "address": "0x40106c"
- },
- {
- "name": null,
- "address": "0x401070"
- },
- {
- "name": "_CIsin",
- "address": "0x401074"
- },
- {
- "name": null,
- "address": "0x401078"
- },
- {
- "name": null,
- "address": "0x40107c"
- },
- {
- "name": "__vbaChkstk",
- "address": "0x401080"
- },
- {
- "name": "__vbaFileClose",
- "address": "0x401084"
- },
- {
- "name": null,
- "address": "0x401088"
- },
- {
- "name": "EVENT_SINK_AddRef",
- "address": "0x40108c"
- },
- {
- "name": null,
- "address": "0x401090"
- },
- {
- "name": "__vbaVarTstEq",
- "address": "0x401094"
- },
- {
- "name": null,
- "address": "0x401098"
- },
- {
- "name": "DllFunctionCall",
- "address": "0x40109c"
- },
- {
- "name": null,
- "address": "0x4010a0"
- },
- {
- "name": "_adj_fpatan",
- "address": "0x4010a4"
- },
- {
- "name": "__vbaLateIdCallLd",
- "address": "0x4010a8"
- },
- {
- "name": "__vbaRedim",
- "address": "0x4010ac"
- },
- {
- "name": null,
- "address": "0x4010b0"
- },
- {
- "name": "EVENT_SINK_Release",
- "address": "0x4010b4"
- },
- {
- "name": "_CIsqrt",
- "address": "0x4010b8"
- },
- {
- "name": "EVENT_SINK_QueryInterface",
- "address": "0x4010bc"
- },
- {
- "name": "__vbaUI1I4",
- "address": "0x4010c0"
- },
- {
- "name": "__vbaExceptHandler",
- "address": "0x4010c4"
- },
- {
- "name": "__vbaStrToUnicode",
- "address": "0x4010c8"
- },
- {
- "name": null,
- "address": "0x4010cc"
- },
- {
- "name": "_adj_fprem",
- "address": "0x4010d0"
- },
- {
- "name": "_adj_fdivr_m64",
- "address": "0x4010d4"
- },
- {
- "name": null,
- "address": "0x4010d8"
- },
- {
- "name": null,
- "address": "0x4010dc"
- },
- {
- "name": null,
- "address": "0x4010e0"
- },
- {
- "name": "__vbaFPException",
- "address": "0x4010e4"
- },
- {
- "name": "__vbaInStrVar",
- "address": "0x4010e8"
- },
- {
- "name": "__vbaStrVarVal",
- "address": "0x4010ec"
- },
- {
- "name": "__vbaVarCat",
- "address": "0x4010f0"
- },
- {
- "name": "__vbaI2Var",
- "address": "0x4010f4"
- },
- {
- "name": null,
- "address": "0x4010f8"
- },
- {
- "name": "_CIlog",
- "address": "0x4010fc"
- },
- {
- "name": null,
- "address": "0x401100"
- },
- {
- "name": "__vbaErrorOverflow",
- "address": "0x401104"
- },
- {
- "name": "__vbaFileOpen",
- "address": "0x401108"
- },
- {
- "name": null,
- "address": "0x40110c"
- },
- {
- "name": "__vbaNew2",
- "address": "0x401110"
- },
- {
- "name": "__vbaInStr",
- "address": "0x401114"
- },
- {
- "name": "_adj_fdiv_m32i",
- "address": "0x401118"
- },
- {
- "name": "_adj_fdivr_m32i",
- "address": "0x40111c"
- },
- {
- "name": "__vbaStrCopy",
- "address": "0x401120"
- },
- {
- "name": "__vbaFreeStrList",
- "address": "0x401124"
- },
- {
- "name": "__vbaDerefAry1",
- "address": "0x401128"
- },
- {
- "name": "_adj_fdivr_m32",
- "address": "0x40112c"
- },
- {
- "name": "_adj_fdiv_r",
- "address": "0x401130"
- },
- {
- "name": null,
- "address": "0x401134"
- },
- {
- "name": "__vbaI4Var",
- "address": "0x401138"
- },
- {
- "name": "__vbaInStrB",
- "address": "0x40113c"
- },
- {
- "name": "__vbaStrToAnsi",
- "address": "0x401140"
- },
- {
- "name": "__vbaStrComp",
- "address": "0x401144"
- },
- {
- "name": "__vbaVarDup",
- "address": "0x401148"
- },
- {
- "name": null,
- "address": "0x40114c"
- },
- {
- "name": "__vbaFpI4",
- "address": "0x401150"
- },
- {
- "name": "__vbaR8IntI2",
- "address": "0x401154"
- },
- {
- "name": null,
- "address": "0x401158"
- },
- {
- "name": "_CIatan",
- "address": "0x40115c"
- },
- {
- "name": "__vbaStrMove",
- "address": "0x401160"
- },
- {
- "name": "__vbaCastObj",
- "address": "0x401164"
- },
- {
- "name": null,
- "address": "0x401168"
- },
- {
- "name": "__vbaR8IntI4",
- "address": "0x40116c"
- },
- {
- "name": null,
- "address": "0x401170"
- },
- {
- "name": "_allmul",
- "address": "0x401174"
- },
- {
- "name": null,
- "address": "0x401178"
- },
- {
- "name": "_CItan",
- "address": "0x40117c"
- },
- {
- "name": null,
- "address": "0x401180"
- },
- {
- "name": "_CIexp",
- "address": "0x401184"
- },
- {
- "name": "__vbaFreeStr",
- "address": "0x401188"
- },
- {
- "name": "__vbaFreeObj",
- "address": "0x40118c"
- },
- {
- "name": null,
- "address": "0x401190"
- }
- ],
- "dll": "MSVBVM60.DLL"
- }
- ],
- "digital_signers": null,
- "exported_dll_name": null,
- "actual_checksum": "0x0017e089",
- "overlay": {
- "size": "0x00003308",
- "offset": "0x00170000"
- },
- "imagebase": "0x00400000",
- "reported_checksum": "0x0017e089",
- "icon_hash": null,
- "entrypoint": "0x004014a0",
- "timestamp": "2011-06-23 15:54:43",
- "osversion": "4.0",
- "sections": [
- {
- "name": ".text",
- "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00001000",
- "size_of_data": "0x00112000",
- "entropy": "2.18",
- "raw_address": "0x00001000",
- "virtual_size": "0x001113b4",
- "characteristics_raw": "0x60000020"
- },
- {
- "name": ".data",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x00113000",
- "size_of_data": "0x00001000",
- "entropy": "0.00",
- "raw_address": "0x00113000",
- "virtual_size": "0x00000af0",
- "characteristics_raw": "0xc0000040"
- },
- {
- "name": ".rsrc",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00114000",
- "size_of_data": "0x0005c000",
- "entropy": "3.07",
- "raw_address": "0x00114000",
- "virtual_size": "0x0005b454",
- "characteristics_raw": "0x40000040"
- }
- ],
- "resources": [],
- "dirents": [
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00111d74",
- "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
- "size": "0x00000028"
- },
- {
- "virtual_address": "0x00114000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
- "size": "0x0005b454"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00170000",
- "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
- "size": "0x00003308"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_TLS",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000228",
- "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
- "size": "0x00000020"
- },
- {
- "virtual_address": "0x00001000",
- "name": "IMAGE_DIRECTORY_ENTRY_IAT",
- "size": "0x00000198"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
- "size": "0x00000000"
- }
- ],
- "exports": [],
- "guest_signers": {},
- "imphash": "1acc01f76ba06591846488c6407d280b",
- "icon_fuzzy": null,
- "icon": null,
- "pdbpath": null,
- "imported_dll_count": 1,
- "versioninfo": []
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement