Sample files count | 1 |
Created files count | 0 |
Modified files count | 0 |
File Properties | |
---|---|
Names | c:\users\5p5nrgjn0js halpmcxz\desktop\ab17c139b27a1884df468664b2ae448a6bfd8973034b6bfa42d03a3533edbe8d.exe (Sample File) |
Size | 284.00 KB (290816 bytes) |
Hash Values |
MD5: f5aceff295707412e7679e7c0f3a797e
SHA1: 89c58b4bc7130630ff093afe1c57614a4b85ddc7 SHA256: ab17c139b27a1884df468664b2ae448a6bfd8973034b6bfa42d03a3533edbe8d |
Actions |
|
File Properties | |
---|---|
Image Base | 0x400000 |
Entry Point | 0x4012a4 |
Size Of Code | 0x43000 |
Size Of Initialized Data | 0x4000 |
Size Of Uninitialized Data | 0x0 |
Format | x86 |
Type | Executable |
Subsystem | IMAGE_SUBSYSTEM_WINDOWS_GUI |
Machine Type | IMAGE_FILE_MACHINE_I386 |
Compile Timestamp | 2017-07-04 22:46:22 |
Compiler/Packer | Unknown |
Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
---|---|---|---|---|---|---|
.text | 0x401000 | 0x42044 | 0x43000 | 0x1000 | CNT_CODE, MEM_EXECUTE, MEM_READ | 6.95 |
.data | 0x444000 | 0x197c | 0x1000 | 0x44000 | CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE | 0.0 |
.rsrc | 0x446000 | 0x1098 | 0x2000 | 0x45000 | CNT_INITIALIZED_DATA, MEM_READ | 3.01 |
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset |
---|---|---|---|---|
__vbaStrI2 | 0x0 | 0x401000 | 0x42c4c | 0x42c4c |
_CIcos | 0x0 | 0x401004 | 0x42c50 | 0x42c50 |
_adj_fptan | 0x0 | 0x401008 | 0x42c54 | 0x42c54 |
__vbaFreeVar | 0x0 | 0x40100c | 0x42c58 | 0x42c58 |
__vbaStrVarMove | 0x0 | 0x401010 | 0x42c5c | 0x42c5c |
__vbaFreeVarList | 0x0 | 0x401014 | 0x42c60 | 0x42c60 |
_adj_fdiv_m64 | 0x0 | 0x401018 | 0x42c64 | 0x42c64 |
(by ordinal) | 0x204 | 0x40101c | 0x42c68 | 0x42c68 |
_adj_fprem1 | 0x0 | 0x401020 | 0x42c6c | 0x42c6c |
__vbaSetSystemError | 0x0 | 0x401024 | 0x42c70 | 0x42c70 |
(by ordinal) | 0x22a | 0x401028 | 0x42c74 | 0x42c74 |
(by ordinal) | 0x295 | 0x40102c | 0x42c78 | 0x42c78 |
__vbaHresultCheckObj | 0x0 | 0x401030 | 0x42c7c | 0x42c7c |
__vbaLenBstrB | 0x0 | 0x401034 | 0x42c80 | 0x42c80 |
_adj_fdiv_m32 | 0x0 | 0x401038 | 0x42c84 | 0x42c84 |
__vbaObjSet | 0x0 | 0x40103c | 0x42c88 | 0x42c88 |
_adj_fdiv_m16i | 0x0 | 0x401040 | 0x42c8c | 0x42c8c |
__vbaObjSetAddref | 0x0 | 0x401044 | 0x42c90 | 0x42c90 |
_adj_fdivr_m16i | 0x0 | 0x401048 | 0x42c94 | 0x42c94 |
(by ordinal) | 0x256 | 0x40104c | 0x42c98 | 0x42c98 |
(by ordinal) | 0x209 | 0x401050 | 0x42c9c | 0x42c9c |
(by ordinal) | 0x20b | 0x401054 | 0x42ca0 | 0x42ca0 |
_CIsin | 0x0 | 0x401058 | 0x42ca4 | 0x42ca4 |
__vbaErase | 0x0 | 0x40105c | 0x42ca8 | 0x42ca8 |
__vbaChkstk | 0x0 | 0x401060 | 0x42cac | 0x42cac |
EVENT_SINK_AddRef | 0x0 | 0x401064 | 0x42cb0 | 0x42cb0 |
DllFunctionCall | 0x0 | 0x401068 | 0x42cb4 | 0x42cb4 |
_adj_fpatan | 0x0 | 0x40106c | 0x42cb8 | 0x42cb8 |
EVENT_SINK_Release | 0x0 | 0x401070 | 0x42cbc | 0x42cbc |
__vbaUI1I2 | 0x0 | 0x401074 | 0x42cc0 | 0x42cc0 |
_CIsqrt | 0x0 | 0x401078 | 0x42cc4 | 0x42cc4 |
EVENT_SINK_QueryInterface | 0x0 | 0x40107c | 0x42cc8 | 0x42cc8 |
__vbaExceptHandler | 0x0 | 0x401080 | 0x42ccc | 0x42ccc |
(by ordinal) | 0x25e | 0x401084 | 0x42cd0 | 0x42cd0 |
_adj_fprem | 0x0 | 0x401088 | 0x42cd4 | 0x42cd4 |
_adj_fdivr_m64 | 0x0 | 0x40108c | 0x42cd8 | 0x42cd8 |
__vbaFPException | 0x0 | 0x401090 | 0x42cdc | 0x42cdc |
_CIlog | 0x0 | 0x401094 | 0x42ce0 | 0x42ce0 |
__vbaErrorOverflow | 0x0 | 0x401098 | 0x42ce4 | 0x42ce4 |
__vbaNew2 | 0x0 | 0x40109c | 0x42ce8 | 0x42ce8 |
(by ordinal) | 0x288 | 0x4010a0 | 0x42cec | 0x42cec |
_adj_fdiv_m32i | 0x0 | 0x4010a4 | 0x42cf0 | 0x42cf0 |
_adj_fdivr_m32i | 0x0 | 0x4010a8 | 0x42cf4 | 0x42cf4 |
__vbaFreeStrList | 0x0 | 0x4010ac | 0x42cf8 | 0x42cf8 |
_adj_fdivr_m32 | 0x0 | 0x4010b0 | 0x42cfc | 0x42cfc |
_adj_fdiv_r | 0x0 | 0x4010b4 | 0x42d00 | 0x42d00 |
(by ordinal) | 0x2ad | 0x4010b8 | 0x42d04 | 0x42d04 |
(by ordinal) | 0x64 | 0x4010bc | 0x42d08 | 0x42d08 |
__vbaStrToAnsi | 0x0 | 0x4010c0 | 0x42d0c | 0x42d0c |
__vbaVarDup | 0x0 | 0x4010c4 | 0x42d10 | 0x42d10 |
(by ordinal) | 0x264 | 0x4010c8 | 0x42d14 | 0x42d14 |
_CIatan | 0x0 | 0x4010cc | 0x42d18 | 0x42d18 |
__vbaStrMove | 0x0 | 0x4010d0 | 0x42d1c | 0x42d1c |
_allmul | 0x0 | 0x4010d4 | 0x42d20 | 0x42d20 |
_CItan | 0x0 | 0x4010d8 | 0x42d24 | 0x42d24 |
_CIexp | 0x0 | 0x4010dc | 0x42d28 | 0x42d28 |
__vbaFreeStr | 0x0 | 0x4010e0 | 0x42d2c | 0x42d2c |
__vbaFreeObj | 0x0 | 0x4010e4 | 0x42d30 | 0x42d30 |
(by ordinal) | 0x245 | 0x4010e8 | 0x42d34 | 0x42d34 |
This feature requires an online-connection to the VMRay backend.
An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefox
with deactivated setting "security.fileuri.strict_origin_policy".