General

Malware Config

Signatures

Files

• EFfI.exe

  .exe windows:5 windows x86 arch:x86

  bc825bbffbc5fb838ffa4daf7dac8401

  
  

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  msvbvm60

  __vbaFpUI1

  kernel32

  VirtualProtect

  GetModuleFileNameW

  GetModuleHandleA

  LoadLibraryA

  LocalAlloc

  LocalFree

  GetModuleFileNameA

  ExitProcess

  user32

  MessageBoxW

  Exports

  Exports

  ,����o~�=�v�d"c���[����$��d�ӝ�+F�����:��(�蹕,���Sz+���)+�u���� &�Ky��d��W|r���*�O�2���cnMȱ�Hb;�%���)�EVt�o��A]軇��0︔���V�߫7���m$�����?�O��ncɷ>n���� z����AtB%������9 �2_�������N���>�;��6sWD��߿��"J����k��ȗ�{���Z΃y�� i�t���s�Y�53#�1ybb��*����)ᙗQru�q̩=�kUo��<���_„�X�k���sqP=�콄I��;��{ �D�(��K��0�?>�NМ��R�{Fn�m���Ox�LnJ Sy�A!$�G�#�B�z#��S�?��m��ϑP,�y����Eս�YK~>H�w&��Do���yĢ�
  d$�iM(v� uQ��&��@�qe$8��
  <��a���t���� o-�77�p8��S<�����w
  /t|'m8Z���4NZ«�R���C�(����<Hs�� �҄g��D��[j�Gl8<0��;�bg���]T��h- �a����R� yD<Wy{1)o #2�=�$�R���!�TN�}G���~��R.8�"y�H�G����' �{R�H�:)��۪B+Ֆ�#���P�>�|�C�+� SF7��ܔ�=)���=��~�C[�{ve-� ��y�6P���NZ�ӭ����0O  i�ok���*ܵ5���/VŠ�4�����/�V��T�f�K���ԧ��ʆ�X�
  ���|d� 4�R��6a���-<A�}�FAp��徃�@��a��,%���L��I���q�_mU��wQ*��B,��z Io��y��c��5)*w���]�(�@�n���u��8���: ”=sI�ń�gԻ�������^wQK�����P~l��"a�K�����h����cN��BW����6�:r�=��{8����^@&xN�mpm��
  ��CN&��}�u����ƨ�l=Y����+p/��
  �o� 47M��t/�7ҟ�f�s
  \c<�CY+0^d���]v��A�#>.gh��f7\��A��\���� )�ls��S�H�� ���&�gڠ&��a|�@FL�6q�;$��L��O@\x�`0ؖ��c��o�vim8�w�����@f���)EgH�)w��V~����i�xy��!�ð�/$Ϭjԥ�c|&M�T�(T��72�i��]-�a{,�2۫����F#&��� ����]�t�����񊙼j���q&�~�c ��4<�}����$�|�u�z�wB�I4��.u05G(��L�;��(/E}�<.���~}kEfv{���D�� %R�,gW3��Ix"p���>��0�#���L��I������5O��v2�ײ��j�W��i����Y�Ȭ.��0���qX��1��jOD����l��-r`����a
  GW�p�H�Vw4�a_����N���N�U�y0E���:�% �j��;b��p���KnDi��,+aE�N��
  Y:L+�@Y������k����2wJ�3Ξ��Z��+1+유���&=?oidP��R[�'�����J�Rα��VZ"�6�[[N^��=P�K`��L�U�m���9��:��y����N�ke i�ftv���ӄ�bL $���ZV䷑CO[�WϷ~ � LY~��x*�l�B�rcURk� 7�u�s����;�S�ȏa�9��F��{��M�E ;��Σ��!py� �&�َ9�T8�Vnq��z �Y'�}u��Z����i�ъ��h5������M\���L�N�U28����'���u�
  �:�4�z��I��:ăbR�q1�"�|1��/�% c�+�;�m�������|�vWWJ�G��+�� 㾯�������\ܶ���T��^
  U�=�/T�@S���5�Rke�
  ���&Ő� {2[�&�?��Bt^��l���d'�> �z5C=Q���y>�s���Ÿ�dǬ�'n�AM:���+.*���=DV��� �2\<���{�d��1�������Zi�����_�"���M���|�����;�1��.��v��i@�
  8��Z�q��8��� bJ�Hڭ�lS4Cu��SÌ@�ڵ��ʂ۰q����秌˽j‚}^8�cg�L#O$��kl��hM��}���ւ��A��6C��E�w�ӆX�娿�~�B�Pl;/�T ]"�hg�����yP(1̠�����}�?V* �w�|�xqS��­r� 8�'�A��j�*�\;�Hcm��n+Wg/�R�FDwb%��$�@���˭�����L)�lfkm�C��/~�9�-����[)�k0�@����w톲��%Ѫ��X���ԗ��tjn9�t����ϡL�"0�
  y�&b�4ɰo�%z8:��Mu��������)76�IR�n��6t�GMs���h9Dg@�ug] qvL��&��t_o)8\��+�����d��ض��xx� ��� X�������!"7'��RW���f��`���k3�D��[a��'�vU���0?�mr� Jli��.@�$Hp�� A���rd(�]TЦZ�Eq��~j�l���Ȇ+/J��]��!�u��nA��T��O�}�Q�8�El��;� ��*|�Nc~F�1R&o���D���F3�W� ���[|�ŏ��WQpp�鼂)Dj�ػ����6Y<�m��N�(�n����Ӆ4!0�D����оL<!���K0��?ֹ\���(H��v�IȲ�]��*&o���E�"�s�����b����ȭ�ݽ�@��vQQ�����$�9{�A�f���V�f
  �t S�,[d~q�����)��7�/C����D�E>hD��C~4b5� uN��(�������������x��P`���ܿ����|�IP�0Ne����i.��t�ëf� ���^�j���u�k���~]�I'��h3�?c~R�&��|0�-��my��::�p7]nҝO����#�0Vy�����
  �����is��-5t;z|
  Z/|�9�����\�^�K��������;�`��ʏ79�ufC�Z��ګ�

  Sections

  .text

  Size: - Virtual size: 537KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: - Virtual size: 5KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .vmp0

  Size: - Virtual size: 2.5MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .tls

  Size: 4KB - Virtual size: 24B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .vmp1

  Size: 2.8MB - Virtual size: 2.8MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 12KB - Virtual size: 10KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ