xwormProtected.exe

First submission 2024-10-15 16:32:06

File details

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Mime type:	application/x-dosexec
File size:	1638.32 KB (1677640 bytes)
Compile time:	2024-10-15 10:08:21
MD5:	7e2087055a8ab78c0025757274549257
SHA1:	efa42811180edcf632a8a51a3a20093f67b65745
SHA256:	4c8bd4a1bdada3e9ff3a8cdb69948484733842c099f7bac5fc22c1aff00edf00
Import Hash :	e0e5cba487d80ef75c8cfd3e40cc6131
Sections 3	.text .data .rsrc
Directories 3	import resource security

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

OSINT Enrichments

Virus Total:	36/77 VT report date: 2024-10-15 16:25:09
Malware Type 1	trojan
Threat Type 2	zusy hcmm

URLs, FQDN and IP indicators 1

URL	Host (FQDN/IP)	Date Added
hXXp://94.154.172.127/iobj/xwormProtected.exe	94.154.172.127	2024-10-15 16:32:06

PE Sections 0 suspicious

Name	VAddress	VSize	Size	SHA1	MD5
.text	0x1000	0x18380c	1589248	48ca0b430983d7c5405ffda596c5f11951ce22c0	e7d419842e613ae1b3dc4ef469e0a02e
.data	0x185000	0x3d24	4096	1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d	620f0b67a91f7f74151bc5be745b7110
.rsrc	0x189000	0x10b18	69632	f22bfa8d3590a361a08fb127dc403027764b69d2	e4aa303c09e9e218758a01d864c41375

PE Resources 3

Name	Language	Sublanguage	Offset	Size	Data
RT_ICON	LANG_NEUTRAL	SUBLANG_NEUTRAL	0x1890e8	67624	PE Resource: RT_ICON - Data ( ``QPLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKQP`asuKJKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKKJKJsu.WVIHMLLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKMLIHWV-effgjk8ONKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKKJOOjk8fgeffghjkm8POKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKNMNMNMMLLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKMLNMNMNMNMNMNMNMNMMLMLLKLKLKLKLKLKLKLKLKLKLKLKLKMLNMNMMLLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKKJPOkm8hjfgfghjkm8POKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKKJEDEDEDGFLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKFEEDEDEDEDEDEDEDEDGFJINMONMLLKLKLKLKLKLKLKLKLKLKFEEDEDFELKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKKJPOkm8hjfgfghjkm8POKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKKJNMjilknmccJILKLKLKLKLKLKLKLKLKLKLKLKLKMLihmllklklklklklklkdcUTDC@?KJNMLKLKLKLKLKLKLKLKMLgflklkgfMLLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKKJPOkm8hjfgfghjkm8POKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKMLIHZYDCNMLKLKLKLKLKLKLKLKLKLKMLJITSONBANMLKLKLKLKLKMLJIQPONKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKKJPOkm8hjfgfghjkm8POKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKMLIHZYDCNMLKLKLKLKLKLKLKLKLKLKMLJITS}\|A@NMLKLKLKLKMLJIQPONKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKKJPOkm8hjfgfghjkm8POKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKMLIHYYDCNMLKLKLKLKLKLKLKLKLKLKMLJITSA@NMLKLKLKMLJIQPONKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKKJPOkm8hjfgfghjkm8POKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKMLIHZYDCNMLKLKLKLKLKLKLKLKLKLKMLJITS<;B@A@A@BAHGdc~BANMLKLKMLJIQPONKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKKJPOkm8hjfgfghjkm8POKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKMLIHZYDCNMLKLKLKLKLKLKLKLKLKLKMLJITSJIONONNMNMMLGF=;RQJIMLLKMLJIQPONKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKKJPOkm8hjfgfghjkm8POKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKMLIHZYDCNMLKLKLKLKLKLKLKLKLKLKMLJITSHGMLLKLKLKLKNMNMA@@?ONLKMLJIQPONKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKKJPOkm8hjfgfghjkm8POKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKMLIHZYDCNMLKMLNMONMLLKLKLKLKLKMLJITSHGMLLKLKLKLKLKNMDCsrIHLKLKMLJIQPONKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKKJPOkm8hjfgfghjkm8POKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKMLIHZYBALKJIFEA@@?HGONLKLKLKLKMLJITSHGMLLKLKLKLKLKLKLKLKgfFEMLMLJIQPONKJMLLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKKJPOkm8hjfgfghjkm8POKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKMLIHZY\[@?LKMLLKLKMLJITSHGMLLKLKLKLKLKLKONA@A@NNMLJIQPQPLKNMMLMLMLMLMLMLMLLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKKJPOkm8hjfgfghjkm8POKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKMLIHZYGFKJMLLKMLJITSHGMLLKLKLKLKLKLKON?>?>ONMLJIQPIHDCFEEDEDEDEDEDEDIHLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKKJPOkm8hjfgfghjkm8POKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKMLIHZYGFLKLKMLJITSHGMLLKLKLKLKLKLKONA@@?ONMLJIQPBANMLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKKJPOkm8hjfgfghjkm8POKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKMLIHZYIHSRQPSRjjA?ONMLJITSHGMLLKLKLKLKLKLKNMA@A@NMMLJIQP?>ONLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKKJPOkm8hjfgfghjkm8POKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKMLIHZYBALKKJKJDCFEYXIHNMJITSHGMLLKLKLKLKLKLKNMB@A@NMMLJIQPBANMLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKKJPOkm8hjfgfghjkm8POKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKMLIHZYDCNMMLLKQPA@A@ONJITSHGMLLKLKLKLKLKLKON@??>ONMLJIQPKJFEHGGFGFGFGFHFGFJILKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKKJPOkm8hjfgfghjkm8POKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKMLIHZYDCNMLKLKMLHGa`@?ONJITSHGMLLKLKLKLKLKLKON@?A?ONMLJIQPPOLKMLMLMLMLMLMLMLLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKKJPOkm8hjfgfghjkm8POKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKMLIHZYDCNMLKLKMLIHWVBAONJITSHGMLLKLKLKLKLKLKNMGFdcFEMLMLJIQPOOKJMLLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKKJPOkm8hjfgfghjkm8POKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKMLIHZYDCNMLKLKMLIH]\A@ONJITSHGMLLKLKLKLKLKQP?>~}EDNMLKMLJIQPONKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKKJPOkm8hjfgfghjkm8POKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKMLIHZYDCNMMLMLQP@?~}@?ONJITSIHMLMLMLNMONON?>^]xwCBNMLKMLJIQPPOLKMLMLMLMLMLMLMLMLLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKKJPOkm8hjfgfghjkm8POKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKMLIHZYA@LKJIIH@?ML_^HGNMJITSFEKJJIHGED@?CB{zBANMLKLKMLJIQPMLIHJIJIJIJIJIJIJIJIKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKKJPOkm8hjfgfghjkm8POKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKMLIHZYLKUTTSZY\|\|A@ONMLJITSPOTSUT[ZlkJIKJMLLKLKMLJIQPWVSRUTTSTSTSTSTSTSUTPOKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKKJPOkm8hjfgfghjkm8POKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKMLIHYXFEMLLKMLJITSJIJIMLLKLKLKMLKIQP@?ONLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKKJPOkm8hjfgfghjkm8POKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKMLIHZYEDLKMLLKMLJITS\|\|BAKJMLLKLKLKLKMLJIRQ?=ONLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKKJPOkm8hjfgfghjkm8POKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKMLIHWVZZ@?MLMLLKLKMLJISRqpGFBANMMLLKLKLKLKLKLKKJPOA@ONLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKKJPOkm8hjfgfghjkm8POKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKNMNMNMNMNMNMONKJBA@?HGONLKLKLKLKLKLKLKNMNMNMNMNMNMNNMLIHBA?>DCMLNMLKLKLKLKLKLKLKLKLKLKNMONONONONONONONONONONONONONMLLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKKJPOkm8hjfgfghjkm8POKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKKJKJKJKJKJKJKJLKNMONMLLKLKLKLKLKLKLKLKKJKJKJKJKJKJKJKJMLNMONNMLKLKLKLKLKLKLKLKLKLKLKLKKJKJKJKJKJKJKJKJKJKJKJKJKJKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKKJPOkm8hjfgfghjkm8POKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKMLLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKKJPOkm8hjfgfghjkm8POKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKKJPOkm8hjfgfghjkm8POKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKKJPOkm8hjfgfghjkm8POKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKKJPOkm8hjfgghikln8QQLKMMMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMMLKQQln8ikghbcdfhi9JIEDFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEEDJIhi9dfbcx{z}\|6ijfgghfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgghfgij\|6z}x{,,,,,,,,,,,,,,,,,,,,,,,,,,,VVLKRQz\|,,?=IHMMKJB@PO,,?>ONNMHFLKPOIHIH,,``GFNMGFabOOHGOOIHPP,,LKMLGFbcNMIHPOECgg,,KJNMDBwyHGLKOOA?,,WVJIMLIHB@ONLKIH,,A@POHGWWrtDBPOEClm,,QPIHONGFUTMLKJONBA,,DCLKOOHGJI?=POHG\\,,ECJIPOLKA@pqhiFEPOA@,,NMECOOONCARQeeIHMLIHVV,,ghA?LKPPJIHFMLLKONA@,,LKCBNMNNLKLKMLIHVV,,vwECEDNMNMLKMMGExz,,jkDBEDMLLKMLECHGqr,,klHGLKLKNMMLECCAXXbbHGCACAEDXX,,DCNMLKLKNMPOIHB@GEccYYA?GFNNPPPOONIH?=,,\\HGMLMLJHDBLKQPNNGFB@HGccBAHGOONNECA@BAIHNNNN@>,,B@ONHG^^vxKJA@GENMQPNMGFB@FEYXz}efA?NMNMIHDBsuVUEDNNIHVU,,QPKJJITSefIHB@FEMLQPONJHCBB@KJaa~\\CBONMLJISSijGFPOB@,,CAQP@>fgKIB@DCKJPOQPNMHFBABADCIHNMLKLKJIDCPOBA,,GENMGFaasuTSDCB@EDKJNNNMNMMLLKLKLKMLLKJIPORQRQJIGFMLPO@?,,hhFEONEClmTTKJLKMLLKKIMLNMNMNMNMMLLKLKNMONONCAVV,,B@PPCA}efGFNMLJIHQPFEBAA@CADBECEDEDDBB@DCdd,,QQKJKJSRCANMMLCBwypqmnoqz\|,,\|~CAPPB@A?NMNNB@,,DCOOECopHGLKONB@},,[\IGMLLK[[GFPOEDfg,,B@QPB@~B@POJIPO,,FEONFDklCANMNMDB,,``HFMLKJTTIHPOB@,,B@QPA@}BAPOGF^_,,GEONEDmoDCNMMLFE,,^^HGLKNM^^GFPOB@,,B@PP@>?=POHGYY,,DCONGFghYYIHONCA,,UUJHMLHGJINNECnp,,vxDBNMMLMLMLGF,,B@NNLKNMCA~,,IHLKMLKJKJ,,``GFONCB,,RQKJNNDB,,A?ONNMB@,,[[HGMLNMDCrt,,CBNMLKMLIGZZ,,y{CBNMMLLKLKKI+,SSJIMLKJLKNMCB,CAONJIQPLKNNA@,CBJI]^SSLKDB{~,fgIGCBopFEGFjk,TSJIMLBAKI]],KJJIRRB@LKTT,FENMJIB@MLQQ,GEOOB@rtECLKQQ,MLMLGF`aONLKJIWW,abGFMMKJKJKJNMECmn,?>PPMLLKMLNMCB,gg><JILKML>=,XXMLHF,,,,,,,,,,,,k}_o//////////////////////////////////////////////////////////////////////////////////////////////////OO_ +W_ +W_ +W_
RT_GROUP_ICON	LANG_NEUTRAL	SUBLANG_NEUTRAL	0x199910	20
RT_VERSION	LANG_GERMAN	SUBLANG_GERMAN	0x199924	500

Name

Language

Sublanguage

Offset

Size

Data

RT_ICON

LANG_NEUTRAL

SUBLANG_NEUTRAL

0x1890e8

67624

( ``QPLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKQP`asuKJKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKKJKJsu.WVIHMLLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKMLIHWV-effgjk8ONKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKKJOOjk8fgeffghjkm8POKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKNMNMNMMLLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKMLNMNMNMNMNMNMNMNMMLMLLKLKLKLKLKLKLKLKLKLKLKLKLKMLNMNMMLLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKKJPOkm8hjfgfghjkm8POKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKKJEDEDEDGFLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKFEEDEDEDEDEDEDEDEDGFJINMONMLLKLKLKLKLKLKLKLKLKLKFEEDEDFELKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKKJPOkm8hjfgfghjkm8POKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKKJNMjilknmccJILKLKLKLKLKLKLKLKLKLKLKLKLKMLihmllklklklklklklkdcUTDC@?KJNMLKLKLKLKLKLKLKLKMLgflklkgfMLLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKKJPOkm8hjfgfghjkm8POKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKMLIHZYDCNMLKLKLKLKLKLKLKLKLKLKMLJITSONBANMLKLKLKLKLKMLJIQPONKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKKJPOkm8hjfgfghjkm8POKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKMLIHZYDCNMLKLKLKLKLKLKLKLKLKLKMLJITS}|A@NMLKLKLKLKMLJIQPONKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKKJPOkm8hjfgfghjkm8POKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKMLIHYYDCNMLKLKLKLKLKLKLKLKLKLKMLJITSA@NMLKLKLKMLJIQPONKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKKJPOkm8hjfgfghjkm8POKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKMLIHZYDCNMLKLKLKLKLKLKLKLKLKLKMLJITS<;B@A@A@BAHGdc~BANMLKLKMLJIQPONKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKKJPOkm8hjfgfghjkm8POKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKMLIHZYDCNMLKLKLKLKLKLKLKLKLKLKMLJITSJIONONNMNMMLGF=;RQJIMLLKMLJIQPONKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKKJPOkm8hjfgfghjkm8POKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKMLIHZYDCNMLKLKLKLKLKLKLKLKLKLKMLJITSHGMLLKLKLKLKNMNMA@@?ONLKMLJIQPONKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKKJPOkm8hjfgfghjkm8POKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKMLIHZYDCNMLKMLNMONMLLKLKLKLKLKMLJITSHGMLLKLKLKLKLKNMDCsrIHLKLKMLJIQPONKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKKJPOkm8hjfgfghjkm8POKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKMLIHZYBALKJIFEA@@?HGONLKLKLKLKMLJITSHGMLLKLKLKLKLKLKLKLKgfFEMLMLJIQPONKJMLLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKKJPOkm8hjfgfghjkm8POKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKMLIHZY\[@?LKMLLKLKMLJITSHGMLLKLKLKLKLKLKONA@A@NNMLJIQPQPLKNMMLMLMLMLMLMLMLLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKKJPOkm8hjfgfghjkm8POKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKMLIHZYGFKJMLLKMLJITSHGMLLKLKLKLKLKLKON?>?>ONMLJIQPIHDCFEEDEDEDEDEDEDIHLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKKJPOkm8hjfgfghjkm8POKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKMLIHZYGFLKLKMLJITSHGMLLKLKLKLKLKLKONA@@?ONMLJIQPBANMLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKKJPOkm8hjfgfghjkm8POKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKMLIHZYIHSRQPSRjjA?ONMLJITSHGMLLKLKLKLKLKLKNMA@A@NMMLJIQP?>ONLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKKJPOkm8hjfgfghjkm8POKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKMLIHZYBALKKJKJDCFEYXIHNMJITSHGMLLKLKLKLKLKLKNMB@A@NMMLJIQPBANMLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKKJPOkm8hjfgfghjkm8POKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKMLIHZYDCNMMLLKQPA@A@ONJITSHGMLLKLKLKLKLKLKON@??>ONMLJIQPKJFEHGGFGFGFGFHFGFJILKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKKJPOkm8hjfgfghjkm8POKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKMLIHZYDCNMLKLKMLHGa`@?ONJITSHGMLLKLKLKLKLKLKON@?A?ONMLJIQPPOLKMLMLMLMLMLMLMLLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKKJPOkm8hjfgfghjkm8POKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKMLIHZYDCNMLKLKMLIHWVBAONJITSHGMLLKLKLKLKLKLKNMGFdcFEMLMLJIQPOOKJMLLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKKJPOkm8hjfgfghjkm8POKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKMLIHZYDCNMLKLKMLIH]\A@ONJITSHGMLLKLKLKLKLKQP?>~}EDNMLKMLJIQPONKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKKJPOkm8hjfgfghjkm8POKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKMLIHZYDCNMMLMLQP@?~}@?ONJITSIHMLMLMLNMONON?>^]xwCBNMLKMLJIQPPOLKMLMLMLMLMLMLMLMLLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKKJPOkm8hjfgfghjkm8POKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKMLIHZYA@LKJIIH@?ML_^HGNMJITSFEKJJIHGED@?CB{zBANMLKLKMLJIQPMLIHJIJIJIJIJIJIJIJIKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKKJPOkm8hjfgfghjkm8POKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKMLIHZYLKUTTSZY||A@ONMLJITSPOTSUT[ZlkJIKJMLLKLKMLJIQPWVSRUTTSTSTSTSTSTSUTPOKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKKJPOkm8hjfgfghjkm8POKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKMLIHYXFEMLLKMLJITSJIJIMLLKLKLKMLKIQP@?ONLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKKJPOkm8hjfgfghjkm8POKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKMLIHZYEDLKMLLKMLJITS||BAKJMLLKLKLKLKMLJIRQ?=ONLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKKJPOkm8hjfgfghjkm8POKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKMLIHWVZZ@?MLMLLKLKMLJISRqpGFBANMMLLKLKLKLKLKLKKJPOA@ONLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKKJPOkm8hjfgfghjkm8POKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKNMNMNMNMNMNMONKJBA@?HGONLKLKLKLKLKLKLKNMNMNMNMNMNMNNMLIHBA?>DCMLNMLKLKLKLKLKLKLKLKLKLKNMONONONONONONONONONONONONONMLLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKKJPOkm8hjfgfghjkm8POKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKKJKJKJKJKJKJKJLKNMONMLLKLKLKLKLKLKLKLKKJKJKJKJKJKJKJKJMLNMONNMLKLKLKLKLKLKLKLKLKLKLKLKKJKJKJKJKJKJKJKJKJKJKJKJKJKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKKJPOkm8hjfgfghjkm8POKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKMLLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKKJPOkm8hjfgfghjkm8POKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKKJPOkm8hjfgfghjkm8POKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKKJPOkm8hjfgfghjkm8POKJLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKLKKJPOkm8hjfgghikln8QQLKMMMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMLMMLKQQln8ikghbcdfhi9JIEDFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEEDJIhi9dfbcx{z}|6ijfgghfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgfgghfgij|6z}x{,,,,,,,,,,,,,,,,,,,,,,,,,,,VVLKRQz|,,?=IHMMKJB@PO,,?>ONNMHFLKPOIHIH,,``GFNMGFabOOHGOOIHPP,,LKMLGFbcNMIHPOECgg,,KJNMDBwyHGLKOOA?,,WVJIMLIHB@ONLKIH,,A@POHGWWrtDBPOEClm,,QPIHONGFUTMLKJONBA,,DCLKOOHGJI?=POHG\\,,ECJIPOLKA@pqhiFEPOA@,,NMECOOONCARQeeIHMLIHVV,,ghA?LKPPJIHFMLLKONA@,,LKCBNMNNLKLKMLIHVV,,vwECEDNMNMLKMMGExz,,jkDBEDMLLKMLECHGqr,,klHGLKLKNMMLECCAXXbbHGCACAEDXX,,DCNMLKLKNMPOIHB@GEccYYA?GFNNPPPOONIH?=,,\\HGMLMLJHDBLKQPNNGFB@HGccBAHGOONNECA@BAIHNNNN@>,,B@ONHG^^vxKJA@GENMQPNMGFB@FEYXz}efA?NMNMIHDBsuVUEDNNIHVU,,QPKJJITSefIHB@FEMLQPONJHCBB@KJaa~\\CBONMLJISSijGFPOB@,,CAQP@>fgKIB@DCKJPOQPNMHFBABADCIHNMLKLKJIDCPOBA,,GENMGFaasuTSDCB@EDKJNNNMNMMLLKLKLKMLLKJIPORQRQJIGFMLPO@?,,hhFEONEClmTTKJLKMLLKKIMLNMNMNMNMMLLKLKNMONONCAVV,,B@PPCA}efGFNMLJIHQPFEBAA@CADBECEDEDDBB@DCdd,,QQKJKJSRCANMMLCBwypqmnoqz|,,|~CAPPB@A?NMNNB@,,DCOOECopHGLKONB@},,[\IGMLLK[[GFPOEDfg,,B@QPB@~B@POJIPO,,FEONFDklCANMNMDB,,``HFMLKJTTIHPOB@,,B@QPA@}BAPOGF^_,,GEONEDmoDCNMMLFE,,^^HGLKNM^^GFPOB@,,B@PP@>?=POHGYY,,DCONGFghYYIHONCA,,UUJHMLHGJINNECnp,,vxDBNMMLMLMLGF,,B@NNLKNMCA~,,IHLKMLKJKJ,,``GFONCB,,RQKJNNDB,,A?ONNMB@,,[[HGMLNMDCrt,,CBNMLKMLIGZZ,,y{CBNMMLLKLKKI+,SSJIMLKJLKNMCB,CAONJIQPLKNNA@,CBJI]^SSLKDB{~,fgIGCBopFEGFjk,TSJIMLBAKI]],KJJIRRB@LKTT,FENMJIB@MLQQ,GEOOB@rtECLKQQ,MLMLGF`aONLKJIWW,abGFMMKJKJKJNMECmn,?>PPMLLKMLNMCB,gg><JILKML>=,XXMLHF,,,,,,,,,,,,k}_o//////////////////////////////////////////////////////////////////////////////////////////////////OO_
+W_
+W_
+W_

RT_GROUP_ICON

LANG_NEUTRAL

SUBLANG_NEUTRAL

0x199910

RT_VERSION

LANG_GERMAN

SUBLANG_GERMAN

0x199924

500

Meta infos 6

InternalName:	acvm7qw909e
ProductVersion:	1.00
Translation:	0x0407 0x04b0
ProductName:	Eamre_Cerqea
OriginalFilename:	acvm7qw909e.exe
FileVersion:	1.00

File signature

MD5	SHA1	Block size	Virtual Address
88473e8ab6b07059d4d938ec04f33cdb	8e611ec69e63018c68491b4c0a1c58a1374d07bd	10568	1667072

Strings analysis - File found

Autogen
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
Library
USER32.dll
KERNEL32.dll
MSVBVM60.DLL
VB5!6&VB6DE.DLL
VBA6.DLL

Strings analysis - Possible URLs found 12

http://crl.globalsign.com/root-r6.crl0G
http://ocsp.globalsign.com/codesigningrootr450F
https://www.globalsign.com/repository/0
http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0
http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
http://ocsp2.globalsign.com/rootr606
http://crl.globalsign.com/codesigningrootr45.crl0U
http://ocsp.globalsign.com/ca/gstsacasha384g40C
http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
http://crl.globalsign.com/ca/gstsacasha384g4.crl0
http://secure.globalsign.com/cacert/gstsacasha384g4.crt0

Import functions

KERNEL32.DLL 3 MSVBVM60.DLL 116

Function	Address	Souspicious	Anti Debug
GetProcAddress	0x401000
VirtualAlloc	0x401004
GetModuleHandleW	0x401008

Function	Address	Souspicious	Anti Debug
__vbaVarSub	0x401010
None	0x401014
__vbaStrI2	0x401018
_CIcos	0x40101c
_adj_fptan	0x401020
__vbaVarMove	0x401024
__vbaVarVargNofree	0x401028
__vbaFreeVar	0x40102c
__vbaLineInputStr	0x401030
__vbaStrVarMove	0x401034
__vbaLenBstr	0x401038
__vbaFreeVarList	0x40103c
None	0x401040
_adj_fdiv_m64	0x401044
None	0x401048
__vbaNextEachVar	0x40104c
__vbaFreeObjList	0x401050
None	0x401054
_adj_fprem1	0x401058
None	0x40105c
__vbaStrCat	0x401060
__vbaSetSystemError	0x401064
__vbaHresultCheckObj	0x401068
_adj_fdiv_m32	0x40106c
__vbaAryVar	0x401070
__vbaAryDestruct	0x401074
__vbaExitProc	0x401078
None	0x40107c
None	0x401080
__vbaOnError	0x401084
None	0x401088
__vbaObjSet	0x40108c
_adj_fdiv_m16i	0x401090
__vbaObjSetAddref	0x401094
_adj_fdivr_m16i	0x401098
None	0x40109c
None	0x4010a0
__vbaRefVarAry	0x4010a4
__vbaBoolVarNull	0x4010a8
_CIsin	0x4010ac
__vbaErase	0x4010b0
__vbaVargVarMove	0x4010b4
__vbaVarZero	0x4010b8
__vbaVarCmpGt	0x4010bc
None	0x4010c0
__vbaChkstk	0x4010c4
__vbaFileClose	0x4010c8
None	0x4010cc
None	0x4010d0
EVENT_SINK_AddRef	0x4010d4
None	0x4010d8
__vbaStrCmp	0x4010dc
__vbaVarTstEq	0x4010e0
None	0x4010e4
DllFunctionCall	0x4010e8
__vbaVarOr	0x4010ec
__vbaRedimPreserve	0x4010f0
_adj_fpatan	0x4010f4
__vbaRedim	0x4010f8
EVENT_SINK_Release	0x4010fc
__vbaNew	0x401100
None	0x401104
None	0x401108
_CIsqrt	0x40110c
EVENT_SINK_QueryInterface	0x401110
__vbaExceptHandler	0x401114
__vbaStrToUnicode	0x401118
None	0x40111c
_adj_fprem	0x401120
_adj_fdivr_m64	0x401124
None	0x401128
__vbaFPException	0x40112c
None	0x401130
__vbaStrVarVal	0x401134
__vbaUbound	0x401138
__vbaVarCat	0x40113c
None	0x401140
None	0x401144
_CIlog	0x401148
__vbaFileOpen	0x40114c
None	0x401150
__vbaNew2	0x401154
None	0x401158
_adj_fdiv_m32i	0x40115c
_adj_fdivr_m32i	0x401160
None	0x401164
__vbaStrCopy	0x401168
__vbaI4Str	0x40116c
__vbaFreeStrList	0x401170
_adj_fdivr_m32	0x401174
_adj_fdiv_r	0x401178
None	0x40117c
__vbaI4Var	0x401180
None	0x401184
__vbaAryLock	0x401188
__vbaVarAdd	0x40118c
__vbaVarDup	0x401190
__vbaStrToAnsi	0x401194
None	0x401198
__vbaVarLateMemCallLd	0x40119c
__vbaVarCopy	0x4011a0
None	0x4011a4
_CIatan	0x4011a8
__vbaStrMove	0x4011ac
__vbaCastObj	0x4011b0
__vbaAryCopy	0x4011b4
__vbaStrVarCopy	0x4011b8
__vbaForEachVar	0x4011bc
None	0x4011c0
_allmul	0x4011c4
_CItan	0x4011c8
None	0x4011cc
__vbaAryUnlock	0x4011d0
_CIexp	0x4011d4
__vbaFreeObj	0x4011d8
__vbaFreeStr	0x4011dc

Name	Latest seen	MD5
testingProtected.exe	2024-10-15 16:33:06	acb5119773d5585f9155c28f97fa6eb0