ScreenShot
| Created | 2025.04.21 12:13 | Machine | s1_win7_x6401 |
| Filename | doitallmain.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 39 detected (AIDetectMalware, Bulz, Malicious, score, Artemis, Unsafe, V3nd, AGEN, Generic Reputation PUA, Detected, ai score=83, Wacapew, ABRisk, OHKR, R597229, GenAsa, hK4fJsJltlE, VBCode, susgen, PossibleThreat, Genetic) | ||
| md5 | b1bbdf491a3d32319eb33121c086030d | ||
| sha256 | 8a0d53b3b7956954147162b7ecca4adc1a629bbaa7d83842a033364c571cfa07 | ||
| ssdeep | 24576:eQHtzv+IUx9xGv4tS/8qVaYKsViuWaPfB/XZ:9RixGv4tUaYKsVKaPfR | ||
| imphash | 8b07ad58d25a6b73f77cdd25f11dab2c | ||
| impfuzzy | 96:ndlAOz/l1GQZEfmnvubFPTVugpni4lkHdA1+xk0G2xRNMzpJJ1Wsn/eG2HRARvbq:nkH6bkSo1gy2SkR | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 39 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
| info | Checks amount of memory in system |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Admin_Tool_IN_Zero | Admin Tool Sysinternals | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | DllRegisterServer_Zero | execute regsvr32.exe | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | Microsoft_Office_File_Zero | Microsoft Office File | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
MSVBVM60.DLL
0x401000 EVENT_SINK_GetIDsOfNames
0x401004 __vbaVarSub
0x401008 __vbaVarTstGt
0x40100c __vbaStrI2
0x401010 _CIcos
0x401014 _adj_fptan
0x401018 __vbaVarMove
0x40101c __vbaStrI4
0x401020 __vbaVarVargNofree
0x401024 __vbaFreeVar
0x401028 __vbaStrVarMove
0x40102c __vbaLenBstr
0x401030 __vbaLateIdCall
0x401034 __vbaFreeVarList
0x401038 __vbaEnd
0x40103c _adj_fdiv_m64
0x401040 EVENT_SINK_Invoke
0x401044 __vbaVarIndexStore
0x401048 __vbaFreeObjList
0x40104c __vbaStrErrVarCopy
0x401050 __vbaVarIndexLoadRef
0x401054 None
0x401058 _adj_fprem1
0x40105c None
0x401060 __vbaRecAnsiToUni
0x401064 None
0x401068 __vbaResume
0x40106c __vbaStrCat
0x401070 __vbaVarCmpNe
0x401074 __vbaForEachCollAd
0x401078 None
0x40107c None
0x401080 None
0x401084 __vbaLsetFixstr
0x401088 None
0x40108c __vbaStrDate
0x401090 __vbaSetSystemError
0x401094 __vbaHresultCheckObj
0x401098 __vbaNameFile
0x40109c None
0x4010a0 None
0x4010a4 None
0x4010a8 __vbaLenVar
0x4010ac _adj_fdiv_m32
0x4010b0 __vbaVarTstLe
0x4010b4 __vbaAryVar
0x4010b8 Zombie_GetTypeInfo
0x4010bc __vbaVarCmpGe
0x4010c0 __vbaAryDestruct
0x4010c4 __vbaLateMemSt
0x4010c8 __vbaVarIndexLoadRefLock
0x4010cc __vbaBoolStr
0x4010d0 None
0x4010d4 __vbaVarForInit
0x4010d8 __vbaExitProc
0x4010dc __vbaStrBool
0x4010e0 __vbaForEachCollObj
0x4010e4 None
0x4010e8 __vbaObjSet
0x4010ec None
0x4010f0 __vbaOnError
0x4010f4 None
0x4010f8 _adj_fdiv_m16i
0x4010fc __vbaObjSetAddref
0x401100 _adj_fdivr_m16i
0x401104 None
0x401108 __vbaVarIndexLoad
0x40110c None
0x401110 __vbaCyStr
0x401114 None
0x401118 __vbaForEachCollVar
0x40111c None
0x401120 __vbaBoolVar
0x401124 __vbaStrFixstr
0x401128 None
0x40112c None
0x401130 __vbaBoolVarNull
0x401134 __vbaFpR8
0x401138 __vbaVarTstLt
0x40113c __vbaRefVarAry
0x401140 __vbaVargVar
0x401144 _CIsin
0x401148 None
0x40114c __vbaVarZero
0x401150 __vbaLateMemStAd
0x401154 __vbaVarCmpGt
0x401158 __vbaNextEachCollObj
0x40115c __vbaChkstk
0x401160 __vbaCyVar
0x401164 EVENT_SINK_AddRef
0x401168 None
0x40116c __vbaGenerateBoundsError
0x401170 __vbaCyI2
0x401174 __vbaStrCmp
0x401178 None
0x40117c __vbaVarTstEq
0x401180 __vbaAryConstruct2
0x401184 __vbaDateR8
0x401188 None
0x40118c __vbaNextEachCollVar
0x401190 __vbaObjVar
0x401194 __vbaI2I4
0x401198 None
0x40119c DllFunctionCall
0x4011a0 __vbaVarOr
0x4011a4 __vbaVarLateMemSt
0x4011a8 __vbaCastObjVar
0x4011ac __vbaRedimPreserve
0x4011b0 _adj_fpatan
0x4011b4 __vbaFixstrConstruct
0x4011b8 __vbaLateIdCallLd
0x4011bc Zombie_GetTypeInfoCount
0x4011c0 __vbaRedim
0x4011c4 __vbaStrR8
0x4011c8 __vbaRecUniToAnsi
0x4011cc EVENT_SINK_Release
0x4011d0 __vbaNew
0x4011d4 None
0x4011d8 __vbaUI1I2
0x4011dc _CIsqrt
0x4011e0 __vbaVarAnd
0x4011e4 EVENT_SINK_QueryInterface
0x4011e8 __vbaVarMul
0x4011ec __vbaExceptHandler
0x4011f0 None
0x4011f4 __vbaStrToUnicode
0x4011f8 None
0x4011fc __vbaDateStr
0x401200 None
0x401204 _adj_fprem
0x401208 _adj_fdivr_m64
0x40120c __vbaVarDiv
0x401210 None
0x401214 None
0x401218 None
0x40121c None
0x401220 __vbaVarCmpLe
0x401224 None
0x401228 __vbaFPException
0x40122c __vbaInStrVar
0x401230 None
0x401234 __vbaStrVarVal
0x401238 __vbaUbound
0x40123c __vbaVarCat
0x401240 __vbaDateVar
0x401244 __vbaI2Var
0x401248 None
0x40124c None
0x401250 _CIlog
0x401254 __vbaErrorOverflow
0x401258 __vbaNew2
0x40125c __vbaVarLateMemCallLdRf
0x401260 __vbaInStr
0x401264 __vbaR8Str
0x401268 __vbaVarInt
0x40126c _adj_fdiv_m32i
0x401270 None
0x401274 _adj_fdivr_m32i
0x401278 __vbaVarSetObj
0x40127c __vbaStrCopy
0x401280 __vbaI4Str
0x401284 __vbaLateMemNamedCall
0x401288 __vbaFreeStrList
0x40128c __vbaVarCmpLt
0x401290 _adj_fdivr_m32
0x401294 __vbaR8Var
0x401298 _adj_fdiv_r
0x40129c None
0x4012a0 None
0x4012a4 None
0x4012a8 None
0x4012ac __vbaVarTstNe
0x4012b0 __vbaVarSetVar
0x4012b4 __vbaI4Var
0x4012b8 __vbaVarCmpEq
0x4012bc __vbaVarLateMemStAd
0x4012c0 __vbaVarAdd
0x4012c4 __vbaLateMemCall
0x4012c8 __vbaAryLock
0x4012cc None
0x4012d0 __vbaFreeVarg
0x4012d4 __vbaStrToAnsi
0x4012d8 __vbaVarDup
0x4012dc None
0x4012e0 __vbaOnGoCheck
0x4012e4 __vbaVarCopy
0x4012e8 __vbaVarLateMemCallLd
0x4012ec __vbaVarTstGe
0x4012f0 None
0x4012f4 __vbaFpI4
0x4012f8 __vbaVarSetObjAddref
0x4012fc __vbaLateMemCallLd
0x401300 None
0x401304 _CIatan
0x401308 None
0x40130c __vbaStrMove
0x401310 __vbaI2ErrVar
0x401314 __vbaCastObj
0x401318 __vbaAryCopy
0x40131c __vbaStrVarCopy
0x401320 None
0x401324 __vbaVarNeg
0x401328 None
0x40132c None
0x401330 _allmul
0x401334 __vbaVarLateMemCallSt
0x401338 None
0x40133c __vbaLateIdSt
0x401340 None
0x401344 _CItan
0x401348 None
0x40134c __vbaNextEachCollAd
0x401350 __vbaFPInt
0x401354 __vbaAryUnlock
0x401358 None
0x40135c __vbaVarForNext
0x401360 _CIexp
0x401364 __vbaFreeObj
0x401368 __vbaFreeStr
0x40136c None
0x401370 None
EAT(Export Address Table) is none
MSVBVM60.DLL
0x401000 EVENT_SINK_GetIDsOfNames
0x401004 __vbaVarSub
0x401008 __vbaVarTstGt
0x40100c __vbaStrI2
0x401010 _CIcos
0x401014 _adj_fptan
0x401018 __vbaVarMove
0x40101c __vbaStrI4
0x401020 __vbaVarVargNofree
0x401024 __vbaFreeVar
0x401028 __vbaStrVarMove
0x40102c __vbaLenBstr
0x401030 __vbaLateIdCall
0x401034 __vbaFreeVarList
0x401038 __vbaEnd
0x40103c _adj_fdiv_m64
0x401040 EVENT_SINK_Invoke
0x401044 __vbaVarIndexStore
0x401048 __vbaFreeObjList
0x40104c __vbaStrErrVarCopy
0x401050 __vbaVarIndexLoadRef
0x401054 None
0x401058 _adj_fprem1
0x40105c None
0x401060 __vbaRecAnsiToUni
0x401064 None
0x401068 __vbaResume
0x40106c __vbaStrCat
0x401070 __vbaVarCmpNe
0x401074 __vbaForEachCollAd
0x401078 None
0x40107c None
0x401080 None
0x401084 __vbaLsetFixstr
0x401088 None
0x40108c __vbaStrDate
0x401090 __vbaSetSystemError
0x401094 __vbaHresultCheckObj
0x401098 __vbaNameFile
0x40109c None
0x4010a0 None
0x4010a4 None
0x4010a8 __vbaLenVar
0x4010ac _adj_fdiv_m32
0x4010b0 __vbaVarTstLe
0x4010b4 __vbaAryVar
0x4010b8 Zombie_GetTypeInfo
0x4010bc __vbaVarCmpGe
0x4010c0 __vbaAryDestruct
0x4010c4 __vbaLateMemSt
0x4010c8 __vbaVarIndexLoadRefLock
0x4010cc __vbaBoolStr
0x4010d0 None
0x4010d4 __vbaVarForInit
0x4010d8 __vbaExitProc
0x4010dc __vbaStrBool
0x4010e0 __vbaForEachCollObj
0x4010e4 None
0x4010e8 __vbaObjSet
0x4010ec None
0x4010f0 __vbaOnError
0x4010f4 None
0x4010f8 _adj_fdiv_m16i
0x4010fc __vbaObjSetAddref
0x401100 _adj_fdivr_m16i
0x401104 None
0x401108 __vbaVarIndexLoad
0x40110c None
0x401110 __vbaCyStr
0x401114 None
0x401118 __vbaForEachCollVar
0x40111c None
0x401120 __vbaBoolVar
0x401124 __vbaStrFixstr
0x401128 None
0x40112c None
0x401130 __vbaBoolVarNull
0x401134 __vbaFpR8
0x401138 __vbaVarTstLt
0x40113c __vbaRefVarAry
0x401140 __vbaVargVar
0x401144 _CIsin
0x401148 None
0x40114c __vbaVarZero
0x401150 __vbaLateMemStAd
0x401154 __vbaVarCmpGt
0x401158 __vbaNextEachCollObj
0x40115c __vbaChkstk
0x401160 __vbaCyVar
0x401164 EVENT_SINK_AddRef
0x401168 None
0x40116c __vbaGenerateBoundsError
0x401170 __vbaCyI2
0x401174 __vbaStrCmp
0x401178 None
0x40117c __vbaVarTstEq
0x401180 __vbaAryConstruct2
0x401184 __vbaDateR8
0x401188 None
0x40118c __vbaNextEachCollVar
0x401190 __vbaObjVar
0x401194 __vbaI2I4
0x401198 None
0x40119c DllFunctionCall
0x4011a0 __vbaVarOr
0x4011a4 __vbaVarLateMemSt
0x4011a8 __vbaCastObjVar
0x4011ac __vbaRedimPreserve
0x4011b0 _adj_fpatan
0x4011b4 __vbaFixstrConstruct
0x4011b8 __vbaLateIdCallLd
0x4011bc Zombie_GetTypeInfoCount
0x4011c0 __vbaRedim
0x4011c4 __vbaStrR8
0x4011c8 __vbaRecUniToAnsi
0x4011cc EVENT_SINK_Release
0x4011d0 __vbaNew
0x4011d4 None
0x4011d8 __vbaUI1I2
0x4011dc _CIsqrt
0x4011e0 __vbaVarAnd
0x4011e4 EVENT_SINK_QueryInterface
0x4011e8 __vbaVarMul
0x4011ec __vbaExceptHandler
0x4011f0 None
0x4011f4 __vbaStrToUnicode
0x4011f8 None
0x4011fc __vbaDateStr
0x401200 None
0x401204 _adj_fprem
0x401208 _adj_fdivr_m64
0x40120c __vbaVarDiv
0x401210 None
0x401214 None
0x401218 None
0x40121c None
0x401220 __vbaVarCmpLe
0x401224 None
0x401228 __vbaFPException
0x40122c __vbaInStrVar
0x401230 None
0x401234 __vbaStrVarVal
0x401238 __vbaUbound
0x40123c __vbaVarCat
0x401240 __vbaDateVar
0x401244 __vbaI2Var
0x401248 None
0x40124c None
0x401250 _CIlog
0x401254 __vbaErrorOverflow
0x401258 __vbaNew2
0x40125c __vbaVarLateMemCallLdRf
0x401260 __vbaInStr
0x401264 __vbaR8Str
0x401268 __vbaVarInt
0x40126c _adj_fdiv_m32i
0x401270 None
0x401274 _adj_fdivr_m32i
0x401278 __vbaVarSetObj
0x40127c __vbaStrCopy
0x401280 __vbaI4Str
0x401284 __vbaLateMemNamedCall
0x401288 __vbaFreeStrList
0x40128c __vbaVarCmpLt
0x401290 _adj_fdivr_m32
0x401294 __vbaR8Var
0x401298 _adj_fdiv_r
0x40129c None
0x4012a0 None
0x4012a4 None
0x4012a8 None
0x4012ac __vbaVarTstNe
0x4012b0 __vbaVarSetVar
0x4012b4 __vbaI4Var
0x4012b8 __vbaVarCmpEq
0x4012bc __vbaVarLateMemStAd
0x4012c0 __vbaVarAdd
0x4012c4 __vbaLateMemCall
0x4012c8 __vbaAryLock
0x4012cc None
0x4012d0 __vbaFreeVarg
0x4012d4 __vbaStrToAnsi
0x4012d8 __vbaVarDup
0x4012dc None
0x4012e0 __vbaOnGoCheck
0x4012e4 __vbaVarCopy
0x4012e8 __vbaVarLateMemCallLd
0x4012ec __vbaVarTstGe
0x4012f0 None
0x4012f4 __vbaFpI4
0x4012f8 __vbaVarSetObjAddref
0x4012fc __vbaLateMemCallLd
0x401300 None
0x401304 _CIatan
0x401308 None
0x40130c __vbaStrMove
0x401310 __vbaI2ErrVar
0x401314 __vbaCastObj
0x401318 __vbaAryCopy
0x40131c __vbaStrVarCopy
0x401320 None
0x401324 __vbaVarNeg
0x401328 None
0x40132c None
0x401330 _allmul
0x401334 __vbaVarLateMemCallSt
0x401338 None
0x40133c __vbaLateIdSt
0x401340 None
0x401344 _CItan
0x401348 None
0x40134c __vbaNextEachCollAd
0x401350 __vbaFPInt
0x401354 __vbaAryUnlock
0x401358 None
0x40135c __vbaVarForNext
0x401360 _CIexp
0x401364 __vbaFreeObj
0x401368 __vbaFreeStr
0x40136c None
0x401370 None
EAT(Export Address Table) is none