Advanced File Analysis System

CREATED / DROPPED FILES

File Path	Type and Hashes
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JFPXO29L\s[1].htm	Type : UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators MD5 : 2e1cb517a9d7d28cb585909742c47c22 SHA-1 : a02d361bfcd136b7f3e05a7eeb817fda178376a1 SHA-256 : 7584ef64753e3e96524ce9fed21423f3b9113c47be1a5e2941e28a2ab6dfb475 SHA-512 : efc699ecdc572a02a0f67b276118bc2fb8d87e361b945f727d4ef3427124d5df45705fa9b63ea8358adf89d9917166c39a99d0190911250ed4e703c7f908d469 Size : 24.199 Kilobytes.
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\jdm2a1on.default\cookies.sqlite-shm	Type : FoxPro FPT, blocks size 0, next free block index 417475840 MD5 : b7c14ec6110fa820ca6b65f5aec85911 SHA-1 : 608eeb7488042453c9ca40f7e1398fc1a270f3f4 SHA-256 : fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb SHA-512 : d8d75760f29b1e27ac9430bc4f4ffcec39f1590be5aef2bfb5a535850302e067c288ef59cf3b2c5751009a22a6957733f9f80fa18f2b0d33d90c068a3f08f3b0 Size : 32.768 Kilobytes.
C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\jdm2a1on.default\cache2\index	Type : data MD5 : c92862947cd92c5f099bd5be11982690 SHA-1 : 3979210b32df920083b399e6dbaec2f658fe3ac8 SHA-256 : 1778dda035853f2c741a8bd1d6cf05520c482de277a0a43224e4c73bccc31720 SHA-512 : bbb17876d1c5ddd17079827ca3b772541c314d9a8ce7417aa7ef4a75eb04db2a0a20e8332864959481622eb7219a6fa53b6fd6fb21974a9427092aed488f5be2 Size : 9.448 Kilobytes.
C:\Users\user\AppData\Local\Temp\WH_Set.ini	Type : ISO-8859 text, with CRLF line terminators MD5 : 30520e84dcd93d3dc0dff5bae924319d SHA-1 : 8b8a3fe5b352fcb5c26adc9b724b50a34b77df29 SHA-256 : 871e17aae98f378e77d75ba2f54567666327c4bd93974fb113e289b18ff371ca SHA-512 : a4042663b6228edb6276e7c6d3c598312005c8623769097b19c7ec8911dc655daa288acca8c0c0b50e69800bf25201e2f5e3965bc11aa5f769cb2ee544caf965 Size : 1.363 Kilobytes.
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\jdm2a1on.default\places.sqlite-shm	Type : data MD5 : 5b006f1b140a87d4adf020a09ba706b8 SHA-1 : ac428f9fe67186b10990682fd53775068f9a2267 SHA-256 : 1477768046d4143de5b305c4801298cc0ef6b34e28e0dc12aa76685f39f0cae0 SHA-512 : 798e8b6f384b8b7e879212fdf78232e6a143695c4cb1e87d61f40ba9488f08fe02f056fb4c72a8fe76a1c42a3efd630e3bc3bb7dd793bdd7dd17736e3ae85de0 Size : 32.768 Kilobytes.
C:\Users\user\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat	Type : Internet Explorer cache file version Ver 5.2 MD5 : be7e6432a32032cca4d534aaa388676d SHA-1 : 4858d82985bd6225a75a9d48d0058950e078e1c0 SHA-256 : 7d04f85ff80bce5b9b9aaa79d9c51f7bcf25c62f95f15af18d09cf1598153e86 SHA-512 : 3b7f497a29718863c73643fcb20f243887643e50f408bc35b2d214f5ad00fe5bdcbf0ca0f999a90122df202fb5e2aff538db97aa04a4def9406ae0eb8d7860e5 Size : 49.152 Kilobytes.
C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\jdm2a1on.default\cache2\index	Type : data MD5 : 5759064c3510519bddd7be7d28b0f97c SHA-1 : 876a2531dc24196c342fc1f6ed08d45dd8287c7c SHA-256 : 7fd86697e202fe0e78e80d40a3ca8b3af7a0d328f08ebd1934254c1052fe721d SHA-512 : b440311d385bedd08c1e069c05a22a2107148068905dc6385a9c7ec55f9037df29bcfa35a24798a52becfced8e3b9808035c1f1343731b4e7985de295700b050 Size : 1.564 Kilobytes.
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K6P3SCP6\v[1].js	Type : ASCII text, with very long lines MD5 : 297b2d897b87cbca475865fd6a12352e SHA-1 : 473e0ab3ebfa9bf7fff69f5766beeef256fdca08 SHA-256 : fa3e6b22b0dafb2f952dd9823138f0b56fff4e8389a321b144ac1b9dfee714a4 SHA-512 : 012d03f4ef2455992aa40192d7ab911c7b6c8f6c3bb76b79d199b68d4c78c03be1eb671a5b21fe7dff71e19f8f0230d07fe0edb9c20b38a311f3bf27defca9ab Size : 0.668 Kilobytes.
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K6P3SCP6\stat[1].htm	Type : ASCII text, with no line terminators MD5 : 444bcb3a3fcf8389296c49467f27e1d6 SHA-1 : 7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb SHA-256 : 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df SHA-512 : 9fbbbb5a0f329f9782e2356fa41d89cf9b3694327c1a934d6af2a9df2d7f936ce83717fb513196a4ce5548471708cd7134c2ae99b3c357bcabb2eafc7b9b7570 Size : 0.002 Kilobytes.
C:\Users\user\AppData\Local\Temp\~DFFCD0FC3DBC0607A7.TMP	Type : Composite Document File V2 Document, No summary info MD5 : 9592416b1709bc63d9e0dbd273deae6f SHA-1 : 6ef6b8e678b400b6399e23ff4e89cd3845a6b557 SHA-256 : 83b44721e919079db9d321e4a4c16c0450aa796587c90fe6df6ff74ef6eb21de SHA-512 : 9f4e1f94cc720094517537fb25a3e519f3f83aaecbe0a4f3cb7a58b9e2721def7411092b336ceaaf471a36184e4d11eb3a04bf56ad5b5e7c77046443f91a7053 Size : 32.768 Kilobytes.
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U8W72H2L\core[1].php	Type : HTML document, ASCII text, with very long lines, with no line terminators MD5 : 9a91299f264f7bd00aedcb2fa8ebc7a1 SHA-1 : e29eeed8dd37a2513ccaa86b63e31896272721d4 SHA-256 : 8b42822cae55a6c5f602f8f73bc34bb90590cfdbc7661bf58e76b837be03c0ca SHA-512 : 4939452cf2ef80a613b812a61c26a693ea4379f8939bad585591c2578a6e536487eb0a59a162ef5f5a82f115317c2a466606943fe791b628c2f0d8ba8ee939d6 Size : 0.971 Kilobytes.
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\jdm2a1on.default\cert8.db	Type : Berkeley DB 1.85 (Hash, version 2, native byte-order) MD5 : 50ff25de86f5f7bcd65bc60c4059fd7d SHA-1 : b029db04627107832dcdb12616fc13aafe16006c SHA-256 : 0dad261c0fc847969ba5b00beebcd0faea34ef637cdba8b765e39e806b59ca51 SHA-512 : 456c1a16726d6f266a233774b9d0745f6225a5a3460d50cb932433e24e782fd59542cb5af848a81268a05a91e2a3459a20d088be585e22cc8967a957b1724d4d Size : 147.456 Kilobytes.
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0D3JCK2E\pic[1].gif	Type : GIF image data, version 89a, 50 x 12 MD5 : bcdd9aa92c5876f207f70567d101a896 SHA-1 : 786c52002f857fcbff04a5781ec35792be11af4a SHA-256 : 98a4ab97e12555ab969012d151a578dae7a3b8699d202485fcf8116e55497735 SHA-512 : d320d7d860ad61f2ecdd76fb932ee4cf9c5f8b893eff26b57df065f64efd06a563957abb21aa56b5c6958e437638dbee1be592930ba71b5cb51892471072e4d5 Size : 0.719 Kilobytes.
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0D3JCK2E\s[1].htm	Type : UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators MD5 : bf51252c80c4a359551471dba779d72f SHA-1 : df3666ab73c322bc9b2c42540762c17ece8394d4 SHA-256 : 2f6e854926e320ed727717b301ddb580178b7f2e249da832a18b3d9c38f7ba7a SHA-512 : 9444f4ec6af022130afda313967a453c11e48431bb07055045854941027b0c40d48cc3cf8a86786df2ec605001426efddcfda35467d6d744eb4264384586e3d2 Size : 15.609 Kilobytes.
C:\Users\user\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019061120190612\index.dat	Type : Internet Explorer cache file version Ver 5.2 MD5 : f4298964d5c9cdff027f81204ebb121e SHA-1 : a210012a345d0df4c0ec1da1855da318bd3f8dd0 SHA-256 : 1850605580db0c200422bb201e774fe79f5ecd32b93ef5ad78bdbe68a0494158 SHA-512 : 379b44adaa0624c553d7e24b87d263b62f050780610a3c80e242f14593e0b938a6a86227dbb4087d68ec2af75d910ce03d41d18d9a267461e21eb0b996a7f8ee Size : 32.768 Kilobytes.
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JFPXO29L\stat[1].php	Type : ASCII text, with very long lines MD5 : a0ef1be69aef18e1f3ab55f567d7ba75 SHA-1 : 9abaa6ba2891c70ce201964dbd1923695f913ee9 SHA-256 : 99c819c0a4f4e29fcaed71d8b470a875bd874697d621287377ff5e934cd73d9e SHA-512 : b1cb402ea377c4d881e27daef636d5ef30d93efd22bcbb184009eb7aad2120675bc5bc942e73efd8ad59a69414c5566f2f3b38b311c5a6cf411d2d0e873ae2b4 Size : 11.71 Kilobytes.
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen_service.log	Type : UTF-8 Unicode (with BOM) text, with CRLF line terminators MD5 : 8eb273388deca3c028a48b22d11dfc6d SHA-1 : 4b674889aa3cdc5485cccff79769eeae966407ee SHA-256 : 79c8c4f6691872851c6dd4aae2f4a357faaec1598eef91bb152f0929fe61bf48 SHA-512 : 133c44cd755936044621a2112520b50b5ed8297d846aa7bf28b9c7d3f0d73fb3951459e42c7bfd3707f72a114fdc00675206ba66ac2dc3c25e32e36389a8405d Size : 6.329 Kilobytes.
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat	Type : Internet Explorer cache file version Ver 5.2 MD5 : 93ddcdc040a0c95db8d3f423e81c8faf SHA-1 : ef2f823496701dce8464b3db2657e382a40a6740 SHA-256 : 15654e6bba3d0ea4fa295b9d2890805b8ea5c9cd0290a5f92e0d89ec94b22104 SHA-512 : 4f98c402fbad56775fdb5fdb02578b99a70e68c05c16a8399a54ac6ec8fcb81cf7bbc91725cf48f92a5ac1db53cf0fbe136935524bc71eadc7855e7a7d420d4a Size : 180.224 Kilobytes.
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\jdm2a1on.default\prefs.js	Type : ASCII text, with very long lines, with CRLF line terminators MD5 : b3ef0eea4df04b895de875350d89a14e SHA-1 : f8078f05ca6389bdf88f938a3eb36aef62a9027a SHA-256 : 9ec72a31563561dde3fa42d831cbc105cbdac465bd4ea063d17379795ae17e10 SHA-512 : 7e22162d0842e952bbe483a3b46cfe423c82fa843f103e2ef471ca2016306e09719857b779fef3a467ff9b04a069ae2841acaf5e2a9d7a2cc4a513e3cb4370a2 Size : 15.911 Kilobytes.
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\jdm2a1on.default\places.sqlite	Type : SQLite 3.x database, user version 30 MD5 : 6a51f06cc5167870ab30a9d6f4324aca SHA-1 : bc256ff82b817139e245f26a4cb6c8339c21b821 SHA-256 : 753238b30b0bd68d98a7fd46260f4eb2496b125a1ae11df58e6b0fbbb723c311 SHA-512 : 7edc0670202b87f467a29f5b52ae66c028a36c5d2d67826f793f8181f09860a19ecefc149064d32135c7062dbf7822989b74474c54884d85147e446ba0008847 Size : 10485.76 Kilobytes.
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT	Type : FoxPro FPT, blocks size 0, next free block index 401590474 MD5 : 9a3251e8ecc798d13d069a8bd4384555 SHA-1 : c0473ba1ef3a6de845acf3e36be65da1fb68bae1 SHA-256 : fb8b541e2803b66ced8bab54bf129c4713db78ab82bca722645ef2338450cc74 SHA-512 : b365963c8a27fd6cc628f03d1ca8d55a6e5b577d46ab42b80fe6ef5858b7db17142482eaefe6062f510e99305c0fb2937e07eed75146d0e96fef6476560e4ae9 Size : 16.384 Kilobytes.
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\jdm2a1on.default\places.sqlite-wal	Type : data MD5 : 6a636cb1859beab81c508fa2f109f647 SHA-1 : f1ecbd81fddd2fa9da740ef200e043efb0da6a2b SHA-256 : 067a74baada30b55ccdaf63a7408cd79c2294152f68cbf1e07ad42cc2644b87d SHA-512 : 13db5fc8e6965867af12eae0ee13ad6b040730ca202cec39caeb346247bd39452a13b1a8373725128854c2aad0190fb6ccd0b667e07d42a9c73067b7e1b63cf6 Size : 32.824 Kilobytes.
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\jdm2a1on.default\webapps\webapps.json	Type : ASCII text, with no line terminators MD5 : 99914b932bd37a50b983c5e7c90ae93b SHA-1 : bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f SHA-256 : 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a SHA-512 : 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd Size : 0.002 Kilobytes.
C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\jdm2a1on.default\cache2\entries\9BBE93EE66A24A6574E0B0B292F1184CC816B4A0	Type : data MD5 : 629da11093ca47985765fa456f438e1a SHA-1 : 60875b6c8b9ea1139964f0678f9c3ba25b206934 SHA-256 : 9515b2d5c1300c21a81d4e814d17012b30a296f5c63c5201b7f4735c030cd7cf SHA-512 : 68f138341cba19f9df532c8677723b477effa46755849d19e7d09901a9292317bed796b00cf927e2da9d25a5a3df8bc38d8c68000aaf0b11a5dedc3ad62ab3d1 Size : 0.265 Kilobytes.
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0D3JCK2E\WHAD[1].gif	Type : GIF image data, version 89a, 325 x 90 MD5 : 042f95d8b841273f7c1cbcdca478cb83 SHA-1 : f9c9e15b5f227308088743fdbcfc93fc736a780c SHA-256 : 18ed6fead0fefd176bc43eb7d69ab47a3c1db4fae382686e1039b88a4305ce51 SHA-512 : 3aade37440ff405f22fcdfad944da64cb98d03f30d29f15fc00f862f4eee065605740fda53e32643b51f8c1fbfa5700c0acd969e65307dbb88dae3f8bee037eb Size : 3.241 Kilobytes.
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\index.dat	Type : Internet Explorer cache file version Ver 5.2 MD5 : 176c2ef4d798ef6cef922ab8b54a1c10 SHA-1 : 9230ff29697aa4af181f54acfd3c38151d0891ff SHA-256 : f813bcc021c7066c050308ce54f0a186d2a30300d28df9266f8eba4161366ef1 SHA-512 : f094e3657010cf5e637de92dd7c64a75efc5f25953bd750f38a2f9d9c0d0edffc7e4a429c5098f7a60c6d9361d89a64bbeb9b261971902d198c4ef18629ae3d2 Size : 32.768 Kilobytes.
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JFPXO29L\navcancl[1]	Type : HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators MD5 : 4bcfe9f8db04948cddb5e31fe6a7f984 SHA-1 : 42464c70fc16f3f361c2419751acd57d51613cdf SHA-256 : bee0439fcf31de76d6e2d7fd377a24a34ac8763d5bf4114da5e1663009e24228 SHA-512 : bb0ef3d32310644285f4062ad5f27f30649c04c5a442361a5dbe3672bd8cb585160187070872a31d9f30b70397d81449623510365a371e73bda580e00eef0e4e Size : 2.713 Kilobytes.

MATCH YARA RULES

Match Rules
SEH__vba
inject_thread
escalate_priv
screenshot
keylogger
win_registry
win_token
win_private_profile
win_files_operation
win_hook
Str_Win32_Wininet_Library
Str_Win32_Internet_API

STATIC FILE INFO

File Name:	exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
SHA1:	10f5a1e5338f23e5fef246e0c1cf517f637e7109
MD5:	d8c9f4b0ed094c10b66d509deddd5dac
First Seen Date:	2018-01-17 14:57:53.710320 ( 2018-01-17 14:57:53.710320 )
Number of Clients Seen:	8
Last Analysis Date:	2019-06-10 07:25:40.788836 ( 2019-06-10 07:25:40.788836 )
Human Expert Analysis Date:	2018-08-10 12:00:10.037589 ( 2018-08-10 12:00:10.037589 )
Human Expert Analysis Result:	Malware

PE Headers

Property	Value
magic literal enum	3
file type enum	6
debug artifacts	[]
number of sections	3
trid	[[54.9, u'Win32 Executable Microsoft Visual Basic 6'], [20.8, u'Win32 Executable MS Visual C++ (generic)'], [18.4, u'Win64 Executable (generic)'], [3.0, u'Win32 Executable (generic)'], [1.3, u'Generic Win/DOS Executable']]
compilation time stamp	0x5275C587 [Sun Nov 3 03:39:51 2013 UTC]
Translation	0x0804 0x04b0
LegalCopyright	\u96e8\u5f8b\u5728\u7ebf\u51fa\u54c1
InternalName	\u52a0\u52a0\u52a9\u624b
FileVersion	7.08
CompanyName	\u96e8\u5f8b\u5728\u7ebf
Comments	\u3000\u52a0\u52a0\u9b54\u517d\u52a9\u624b\u3000
ProductName	\u9b54\u517d\u52a0\u52a0\u52a9\u624b\u3000
ProductVersion	7.08
FileDescription	\u9b54\u517d\u52a0\u52a0\u52a9\u624b
OriginalFilename	\u52a0\u52a0\u52a9\u624b.exe
entry point	0x406398 (.text)
machine type	Intel 386 or later - 32Bit
file size	815104
ssdeep	6144:FT4dqlT9TwsTMfeP20vjCAoU/sqV4PX50ayZOu+G3Rk6Eb6r6B82k0DV8gmafjfO:pHD2AM0bOu+8Rk6Eb6rKjj5
sha256	a918d14f74c9f834163e9c62102fd0fc4e478e76b9231df038923807f95ae135
exifinfo	[{u'EXE:FileSubtype': 0, u'File:FilePermissions': u'rw-r--r--', u'SourceFile': u'/nfs/fvs/valkyrie_shared/core/valkyrie_files/1/0/f/5/10f5a1e5338f23e5fef246e0c1cf517f637e7109', u'EXE:OriginalFileName': u'\u52a0\u52a0\u52a9\u624b.exe', u'EXE:ProductName': u'\u9b54\u517d\u52a0\u52a0\u52a9\u624b\u3000', u'EXE:InternalName': u'\u52a0\u52a0\u52a9\u624b', u'File:MIMEType': u'application/octet-stream', u'File:FileAccessDate': u'2019:06:10 06:57:04+00:00', u'EXE:InitializedDataSize': 69632, u'File:FileModifyDate': u'2019:06:10 06:57:04+00:00', u'EXE:FileVersionNumber': u'7.8.0.0', u'EXE:FileVersion': 7.08, u'File:FileSize': u'796 kB', u'EXE:CharacterSet': u'Unicode', u'EXE:MachineType': u'Intel 386 or later, and compatibles', u'EXE:FileOS': u'Win32', u'EXE:ProductVersion': 7.08, u'EXE:ObjectFileType': u'Executable application', u'File:FileType': u'Win32 EXE', u'EXE:CompanyName': u'\u96e8\u5f8b\u5728\u7ebf', u'File:FileName': u'10f5a1e5338f23e5fef246e0c1cf517f637e7109', u'EXE:ImageVersion': 7.8, u'File:FileTypeExtension': u'exe', u'EXE:OSVersion': 4.0, u'EXE:PEType': u'PE32', u'EXE:TimeStamp': u'2013:11:03 03:39:51+00:00', u'EXE:FileFlagsMask': u'0x0000', u'EXE:LegalCopyright': u'\u96e8\u5f8b\u5728\u7ebf\u51fa\u54c1', u'EXE:LinkerVersion': 6.0, u'EXE:FileFlags': u'(none)', u'EXE:Subsystem': u'Windows GUI', u'File:Directory': u'/nfs/fvs/valkyrie_shared/core/valkyrie_files/1/0/f/5', u'EXE:FileDescription': u'\u9b54\u517d\u52a0\u52a0\u52a9\u624b', u'EXE:EntryPoint': u'0x6398', u'EXE:SubsystemVersion': 4.0, u'EXE:CodeSize': 761856, u'EXE:Comments': u'\u3000\u52a0\u52a0\u9b54\u517d\u52a9\u624b\u3000', u'File:FileInodeChangeDate': u'2019:06:10 06:57:04+00:00', u'EXE:UninitializedDataSize': 0, u'EXE:LanguageCode': u'Chinese (Simplified)', u'ExifTool:ExifToolVersion': 10.1, u'EXE:ProductVersionNumber': u'7.8.0.0'}]
mime type	application/x-dosexec
imphash	0bf37555b790fbefd247a663474ddcc6

PE Sections

Name	Virtual Address	Virtual Size	Raw Size	Entropy	MD5
.text	0x1000	0xb9a4c	0xba000	6.1190847931	ba4ef98081573a5aa3d5e410083f0007
.data	0xbb000	0x5dac	0x1000	0.0	620f0b67a91f7f74151bc5be745b7110
.rsrc	0xc1000	0xa955	0xb000	5.43488726884	23332a16e2800ac6cac4fb3c8913c95b

PE Imports

MSVBVM60.DLL
- __vbaVarSub
- __vbaVarTstGt
- __vbaStrI2
- __vbaNextEachAry
- _CIcos
- _adj_fptan
- __vbaVarMove
- __vbaStrI4
- __vbaVarVargNofree
- __vbaAryMove
- __vbaFreeVar
- None
- __vbaLateIdCall
- __vbaLenBstr
- __vbaStrVarMove
- None
- __vbaEnd
- __vbaFreeVarList
- _adj_fdiv_m64
- __vbaRaiseEvent
- __vbaFreeObjList
- __vbaR8Sgn
- None
- __vbaStrErrVarCopy
- None
- _adj_fprem1
- None
- __vbaRecAnsiToUni
- None
- __vbaResume
- __vbaCopyBytes
- __vbaStrCat
- __vbaLsetFixstr
- None
- __vbaSetSystemError
- __vbaRecDestruct
- __vbaHresultCheckObj
- None
- __vbaNameFile
- None
- __vbaLenVar
- _adj_fdiv_m32
- __vbaAryVar
- __vbaAryDestruct
- None
- None
- __vbaForEachCollObj
- __vbaStrBool
- __vbaExitProc
- __vbaBoolStr
- __vbaFileCloseAll
- __vbaObjSet
- __vbaOnError
- None
- None
- _adj_fdiv_m16i
- __vbaObjSetAddref
- None
- _adj_fdivr_m16i
- __vbaVarIndexLoad
- None
- __vbaFpR4
- None
- __vbaStrFixstr
- __vbaBoolVar
- None
- __vbaStrTextCmp
- __vbaRefVarAry
- __vbaFpR8
- __vbaBoolVarNull
- _CIsin
- __vbaErase
- None
- None
- __vbaNextEachCollObj
- None
- None
- __vbaChkstk
- None
- EVENT_SINK_AddRef
- None
- None
- __vbaStrCmp
- None
- __vbaVarTstEq
- __vbaAryConstruct2
- __vbaPrintObj
- __vbaObjVar
- DllFunctionCall
- __vbaVarLateMemSt
- __vbaVarOr
- __vbaCastObjVar
- __vbaRedimPreserve
- __vbaLbound
- _adj_fpatan
- __vbaR4Var
- __vbaFixstrConstruct
- __vbaLateIdCallLd
- __vbaStrR8
- __vbaRedim
- __vbaRecUniToAnsi
- EVENT_SINK_Release
- __vbaNew
- None
- _CIsqrt
- __vbaObjIs
- EVENT_SINK_QueryInterface
- __vbaStr2Vec
- __vbaExceptHandler
- None
- __vbaStrToUnicode
- None
- None
- __vbaDateStr
- _adj_fprem
- _adj_fdivr_m64
- None
- __vbaR8ErrVar
- __vbaFailedFriend
- __vbaI2Str
- None
- None
- None
- __vbaFPException
- __vbaInStrVar
- None
- __vbaStrVarVal
- __vbaUbound
- __vbaVarCat
- __vbaCheckType
- None
- __vbaLsetFixstrFree
- __vbaI2Var
- None
- None
- None
- _CIlog
- __vbaVarLateMemCallLdRf
- __vbaVar2Vec
- __vbaInStr
- __vbaR8Str
- __vbaNew2
- _adj_fdiv_m32i
- None
- _adj_fdivr_m32i
- None
- __vbaStrCopy
- __vbaI4Str
- None
- __vbaFreeStrList
- None
- _adj_fdivr_m32
- __vbaR8Var
- None
- _adj_fdiv_r
- None
- None
- None
- None
- __vbaVarTstNe
- __vbaI4Var
- __vbaForEachAry
- __vbaVarCmpEq
- __vbaVarAdd
- __vbaLateMemCall
- __vbaAryLock
- __vbaVarDup
- __vbaStrToAnsi
- __vbaFpI2
- __vbaVarLateMemCallLd
- __vbaVarCopy
- None
- __vbaVarTstGe
- __vbaFpI4
- __vbaLateMemCallLd
- __vbaRecDestructAnsi
- None
- _CIatan
- __vbaI2ErrVar
- __vbaUI1Str
- __vbaStrMove
- __vbaCastObj
- None
- __vbaAryCopy
- __vbaR8IntI4
- __vbaStrVarCopy
- __vbaHresultCheckNonvirt
- None
- None
- _allmul
- __vbaLenVarB
- __vbaLateIdSt
- _CItan
- None
- __vbaUI1Var
- __vbaFPInt
- __vbaAryUnlock
- _CIexp
- __vbaMidStmtBstr
- None
- __vbaFreeObj
- __vbaFreeStr
- __vbaRecAssign
- None

{u'lang': u'LANG_CHINESE', u'name': u'WAV', u'offset': 814430, u'sha256': u'd6656b584447d385b05f85641c03c8f215e220fab1ee5ba17d098919d3a24a8c', u'type': u'RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 48000 Hz', u'size': 4222}

{u'lang': u'LANG_CHINESE', u'name': u'WAV', u'offset': 818652, u'sha256': u'f24dea86cd3c11256e7a9e24dbabaffc5ae06e71b2051b63ee7d46c51db5fcbf', u'type': u'RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 48000 Hz', u'size': 3246}

{u'lang': u'LANG_CHINESE', u'name': u'WAV', u'offset': 821898, u'sha256': u'914baab1b6c83c594098477f02e619f36467b804e576144cc2ef52c62a18c05a', u'type': u'RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 22050 Hz', u'size': 11056}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_ICON', u'offset': 810678, u'sha256': u'60edaa1b794d4775cb4e13442c1a853f59352ec2dc8bf969073a56539a34fd4e', u'type': u'data', u'size': 3752}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_ICON', u'offset': 808462, u'sha256': u'effc78815ac386da3eac228673413967ffad956119e4810990e848eb4e2617c8', u'type': u'dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0', u'size': 2216}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_ICON', u'offset': 807078, u'sha256': u'4fb84d4c84664e0d3ac09f6092889c52db488e65675cb05841b9982eec254f43', u'type': u'GLS_BINARY_LSB_FIRST', u'size': 1384}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_ICON', u'offset': 797438, u'sha256': u'1c81eb3256efee730afabf3c58945249022e7934ce2c3485ecc24b0af8b88eda', u'type': u'data', u'size': 9640}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_ICON', u'offset': 793174, u'sha256': u'bac2731ad67b4b81dab801df765aadc375c2e00e10f65bc5dfa528e2ec132ed6', u'type': u'data', u'size': 4264}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_ICON', u'offset': 792046, u'sha256': u'ef6fa52fdc5ff6321a7542ac088d5350800569fb1cfdf032e6d87af54384604c', u'type': u'GLS_BINARY_LSB_FIRST', u'size': 1128}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_GROUP_ICON', u'offset': 791956, u'sha256': u'13a94745048ef42e9d88c821bb491c0557eab5917cad289309d7fea4731150a7', u'type': u'MS Windows icon resource - 6 icons, 48x48', u'size': 90}

{u'lang': u'LANG_CHINESE', u'name': u'RT_VERSION', u'offset': 791296, u'sha256': u'c5f1d1d830d788d4e9e89582c3a96083bb8f8763b4aa739996db369a8764ef14', u'type': u'data', u'size': 660}

{u'lang': u'LANG_CHINESE', u'name': u'RT_MANIFEST', u'offset': 832954, u'sha256': u'737f6ffa75d9975eba77a0e5d0c9788d7f971f056f637db2b1db46b0ea0166d8', u'type': u'XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators', u'size': 923}

File Name: exe

File Type: PE32 executable (GUI) Intel 80386, for MS Windows

SHA1: 10f5a1e5338f23e5fef246e0c1cf517f637e7109

MD5: d8c9f4b0ed094c10b66d509deddd5dac

CREATED / DROPPED FILES

MATCH YARA RULES

STATIC FILE INFO

ADDITIONAL FILE INFORMATION

PE Headers

PE Sections

PE Imports

PE Resources

CERTIFICATE VALIDATION