Sample details: 3a1f411155ee15a2bd36856db20f7431 --

Hashes
MD5: 3a1f411155ee15a2bd36856db20f7431
SHA1: 966712bfa467a5d702b16387ace1bd52263e52ab
SHA256: 35122578015ed3d1c0d6794bd9acc5bab35168e776857fb2949ea67a076ed2fe
SSDEEP: 6144:tHQpgwaOdA8MM310OKSRvmi9lj25yWHw0VE59JS4U:tNRQA8MM3VvXlJWHRE5Kx
Details
File Type: Composite
Added: 2019-10-09 12:50:24
Yara Hits
CuckooSandbox/embedded_pe | CuckooSandbox/embedded_win_api | YRP/domain | YRP/contentis_base64 | YRP/maldoc_OLE_file_magic_number | YRP/anti_dbg | YRP/win_files_operation |
Strings
		Microsoft Office
C:\Users\User\Desktop\AMS\Microsoft Office.exe
C:\Users\User\AppData\Local\Temp\Microsoft Office.exe
!This program cannot be run in DOS mode.
b[Rich
`.rdata
@.data
.pdata
.gfids
@.rsrc
@.reloc
D$h9D$ s@
 H3E H3E
WATAUAVAWH
A_A^A]A\_
WATAUAVAWH
 A_A^A]A\_
ffffff
x ATAVAWH
D8&t4H
D8d$Ht
A_A^A\
u3HcH<H
fD9!u7A
UVWAVAWH
0A_A^_^]
WAVAWH
fA96tdH
fA94nu
0A_A^_
L$ WATAUAVAWH
@A_A^A]A\_
x ATAVAWH
 A_A^A\
9 w	f9
WATAUAVAWH
 A_A^A]A\_
UVWATAUAVAWH
fA9<Bu
fC9<hu
A_A^A]A\_^]
WATAUAVAWH
fD9,yu
0A_A^A]A\_
\$ UVWAVAWH
A_A^_^]
f9|$^t&f
f9|$`t
l$ VWATAVAWH
L$&@8t$&t0@8q
A81t@@8r
A_A^A\_^
fD9t$b
SVWATAUAWH
HA_A]A\_^[
fD9	t(I
@UATAUAVAWH
e0A_A^A]A\]
D82u&H
D8t$Ht
l$ WAVAWH
 A_A^_
@UATAVH
@UATAUAVAWH
H!T$0D
uf!T$(H!T$ 
A_A^A]A\]
WAVAWH
@A_A^_
UVWATAUAVAWH
A_A^A]A\_^]
VWATAVAW
A_A^A\_^
WATAUAVAWH
 A_A^A]A\_
\$ UVWATAUAVAWH
H!D$ E
D08@t	
`A_A^A]A\_^]
ffffff
fffffff
USVWAVH
A^_^[]
LcA<E3
Ole32.dll
CLSIDFromProgID
JScript
InitializeConditionVariable
SleepConditionVariableCS
WakeAllConditionVariable
Unknown exception
bad allocation
bad array new length
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
InitializeCriticalSectionEx
__based(
__cdecl
__pascal
__stdcall
__thiscall
__fastcall
__vectorcall
__clrcall
__eabi
__ptr64
__restrict
__unaligned
restrict(
 delete
operator
`vftable'
`vbtable'
`vcall'
`typeof'
`local static guard'
`string'
`vbase destructor'
`vector deleting destructor'
`default constructor closure'
`scalar deleting destructor'
`vector constructor iterator'
`vector destructor iterator'
`vector vbase constructor iterator'
`virtual displacement map'
`eh vector constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`copy constructor closure'
`udt returning'
`local vftable'
`local vftable constructor closure'
 new[]
 delete[]
`omni callsig'
`placement delete closure'
`placement delete[] closure'
`managed vector constructor iterator'
`managed vector destructor iterator'
`eh vector copy constructor iterator'
`eh vector vbase copy constructor iterator'
`dynamic initializer for '
`dynamic atexit destructor for '
`vector copy constructor iterator'
`vector vbase copy constructor iterator'
`managed vector copy constructor iterator'
`local static thread guard'
operator "" 
 Type Descriptor'
 Base Class Descriptor at (
 Base Class Array'
 Class Hierarchy Descriptor'
 Complete Object Locator'
CorExitProcess
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
GetCurrentPackageId
LCMapStringEx
LocaleNameToLCID
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
UUUUUU
UUUUUU
=imb;D
1<.	/>:
/>58d%
>jtm}S
)>6{1n
r	Vr.>T
+f)>0'
;H9>&X
*StO9>T
n03>Pu
K~Je#>!
bp(=>?g
BC?>6t9^	c:>
K&>.yC
.xJ>Hf
y\PD>!
|b=})>
c [1>H'
uzKs@>
3>N;kU
	kE>fvw
V6E>`"(5
?UUUUUU
?7zQ6$
.text$di
.text$mn
.text$mn$00
.text$x
.text$yd
.idata$5
.00cfg
.CRT$XCA
.CRT$XCAA
.CRT$XCL
.CRT$XCZ
.CRT$XIA
.CRT$XIAA
.CRT$XIAC
.CRT$XIC
.CRT$XIZ
.CRT$XLA
.CRT$XLZ
.CRT$XPA
.CRT$XPX
.CRT$XPXA
.CRT$XPZ
.CRT$XTA
.CRT$XTZ
.rdata
.rdata$T
.rdata$r
.rdata$zzzdbg
.rtc$IAA
.rtc$IZZ
.rtc$TAA
.rtc$TZZ
.xdata
.xdata$x
.idata$2
.idata$3
.idata$4
.idata$6
.data$r
.pdata
.tls$ZZZ
.gfids$x
.gfids$y
RaiseException
GetLastError
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionEx
DeleteCriticalSection
GetProcAddress
LoadLibraryW
MultiByteToWideChar
GetConsoleWindow
KERNEL32.dll
ShowWindow
USER32.dll
CoInitializeEx
CoCreateInstance
ole32.dll
OLEAUT32.dll
CloseHandle
EnterCriticalSection
LeaveCriticalSection
CreateEventW
GetModuleHandleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW
RtlUnwindEx
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
RtlPcToFileHeader
SetLastError
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
WideCharToMultiByte
GetStdHandle
WriteFile
GetACP
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetFileType
SetStdHandle
GetStringTypeW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW
CreateFileW
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AUIUnknown@@
.?AUIActiveScriptSite@@
.?AVJSE@@
.?AVtype_info@@
.?AVbad_alloc@std@@
.?AVexception@std@@
.?AVbad_array_new_length@std@@
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity name="mmmmmmmmmmm"></assemblyIdentity><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo></assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADD