VMRay Analyzer Report
Try VMRay Analyzer
File Information
Sample files count 1
Created files count 0
Modified files count 0
c:\users\5p5nrgjn0js halpmcxz\desktop\ab17c139b27a1884df468664b2ae448a6bfd8973034b6bfa42d03a3533edbe8d.exe
-
File Properties
Names c:\users\5p5nrgjn0js halpmcxz\desktop\ab17c139b27a1884df468664b2ae448a6bfd8973034b6bfa42d03a3533edbe8d.exe (Sample File)
Size 284.00 KB (290816 bytes)
Hash Values MD5: f5aceff295707412e7679e7c0f3a797e
SHA1: 89c58b4bc7130630ff093afe1c57614a4b85ddc7
SHA256: ab17c139b27a1884df468664b2ae448a6bfd8973034b6bfa42d03a3533edbe8d
Actions
PE Information
+
File Properties
Image Base 0x400000
Entry Point 0x4012a4
Size Of Code 0x43000
Size Of Initialized Data 0x4000
Size Of Uninitialized Data 0x0
Format x86
Type Executable
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2017-07-04 22:46:22
Compiler/Packer Unknown
Sections (3)
+
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x42044 0x43000 0x1000 CNT_CODE, MEM_EXECUTE, MEM_READ 6.95
.data 0x444000 0x197c 0x1000 0x44000 CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE 0.0
.rsrc 0x446000 0x1098 0x2000 0x45000 CNT_INITIALIZED_DATA, MEM_READ 3.01
Imports (59)
+
MSVBVM60.DLL (59)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
__vbaStrI2 0x0 0x401000 0x42c4c 0x42c4c
_CIcos 0x0 0x401004 0x42c50 0x42c50
_adj_fptan 0x0 0x401008 0x42c54 0x42c54
__vbaFreeVar 0x0 0x40100c 0x42c58 0x42c58
__vbaStrVarMove 0x0 0x401010 0x42c5c 0x42c5c
__vbaFreeVarList 0x0 0x401014 0x42c60 0x42c60
_adj_fdiv_m64 0x0 0x401018 0x42c64 0x42c64
(by ordinal) 0x204 0x40101c 0x42c68 0x42c68
_adj_fprem1 0x0 0x401020 0x42c6c 0x42c6c
__vbaSetSystemError 0x0 0x401024 0x42c70 0x42c70
(by ordinal) 0x22a 0x401028 0x42c74 0x42c74
(by ordinal) 0x295 0x40102c 0x42c78 0x42c78
__vbaHresultCheckObj 0x0 0x401030 0x42c7c 0x42c7c
__vbaLenBstrB 0x0 0x401034 0x42c80 0x42c80
_adj_fdiv_m32 0x0 0x401038 0x42c84 0x42c84
__vbaObjSet 0x0 0x40103c 0x42c88 0x42c88
_adj_fdiv_m16i 0x0 0x401040 0x42c8c 0x42c8c
__vbaObjSetAddref 0x0 0x401044 0x42c90 0x42c90
_adj_fdivr_m16i 0x0 0x401048 0x42c94 0x42c94
(by ordinal) 0x256 0x40104c 0x42c98 0x42c98
(by ordinal) 0x209 0x401050 0x42c9c 0x42c9c
(by ordinal) 0x20b 0x401054 0x42ca0 0x42ca0
_CIsin 0x0 0x401058 0x42ca4 0x42ca4
__vbaErase 0x0 0x40105c 0x42ca8 0x42ca8
__vbaChkstk 0x0 0x401060 0x42cac 0x42cac
EVENT_SINK_AddRef 0x0 0x401064 0x42cb0 0x42cb0
DllFunctionCall 0x0 0x401068 0x42cb4 0x42cb4
_adj_fpatan 0x0 0x40106c 0x42cb8 0x42cb8
EVENT_SINK_Release 0x0 0x401070 0x42cbc 0x42cbc
__vbaUI1I2 0x0 0x401074 0x42cc0 0x42cc0
_CIsqrt 0x0 0x401078 0x42cc4 0x42cc4
EVENT_SINK_QueryInterface 0x0 0x40107c 0x42cc8 0x42cc8
__vbaExceptHandler 0x0 0x401080 0x42ccc 0x42ccc
(by ordinal) 0x25e 0x401084 0x42cd0 0x42cd0
_adj_fprem 0x0 0x401088 0x42cd4 0x42cd4
_adj_fdivr_m64 0x0 0x40108c 0x42cd8 0x42cd8
__vbaFPException 0x0 0x401090 0x42cdc 0x42cdc
_CIlog 0x0 0x401094 0x42ce0 0x42ce0
__vbaErrorOverflow 0x0 0x401098 0x42ce4 0x42ce4
__vbaNew2 0x0 0x40109c 0x42ce8 0x42ce8
(by ordinal) 0x288 0x4010a0 0x42cec 0x42cec
_adj_fdiv_m32i 0x0 0x4010a4 0x42cf0 0x42cf0
_adj_fdivr_m32i 0x0 0x4010a8 0x42cf4 0x42cf4
__vbaFreeStrList 0x0 0x4010ac 0x42cf8 0x42cf8
_adj_fdivr_m32 0x0 0x4010b0 0x42cfc 0x42cfc
_adj_fdiv_r 0x0 0x4010b4 0x42d00 0x42d00
(by ordinal) 0x2ad 0x4010b8 0x42d04 0x42d04
(by ordinal) 0x64 0x4010bc 0x42d08 0x42d08
__vbaStrToAnsi 0x0 0x4010c0 0x42d0c 0x42d0c
__vbaVarDup 0x0 0x4010c4 0x42d10 0x42d10
(by ordinal) 0x264 0x4010c8 0x42d14 0x42d14
_CIatan 0x0 0x4010cc 0x42d18 0x42d18
__vbaStrMove 0x0 0x4010d0 0x42d1c 0x42d1c
_allmul 0x0 0x4010d4 0x42d20 0x42d20
_CItan 0x0 0x4010d8 0x42d24 0x42d24
_CIexp 0x0 0x4010dc 0x42d28 0x42d28
__vbaFreeStr 0x0 0x4010e0 0x42d2c 0x42d2c
__vbaFreeObj 0x0 0x4010e4 0x42d30 0x42d30
(by ordinal) 0x245 0x4010e8 0x42d34 0x42d34
Icons (2)
+
Function Logfile
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefox with deactivated setting "security.fileuri.strict_origin_policy".


    
Screenshot
Expand-Icon
Exit-Icon
icon_left
icon_left
image