Sample details: 8ef33c2c3831de2be89992ad10c0c04f --

Hashes
MD5: 8ef33c2c3831de2be89992ad10c0c04f
SHA1: 864733aaebae2c86edea375d2a9e7c5a91920db2
SHA256: 3523912550903764c7afe2f2b44dc35a053440dad68943bad8879d0043fdfaae
SSDEEP: 3072:iFOy24jEAIaoT5iJ9+h91UPJmtLLBg0vNcl9F8he9O/Cfszu7y9ll9YK55uUCRmc:zORRoTQHC3F092he9EVDzYedM1
Details
File Type: Composite
Yara Hits
CuckooSandbox/embedded_pe | CuckooSandbox/embedded_win_api | YRP/domain | YRP/contentis_base64 | YRP/maldoc_OLE_file_magic_number | YRP/anti_dbg | YRP/win_files_operation |
Strings
		Microsoft Word.exe
C:\Docs\in_obj\Microsoft Word.exe
C:\Docs\in_obj\Microsoft Word.exe
!This program cannot be run in DOS mode.
Z[Rich
`.rdata
@.data
.pdata
.gfids
@.rsrc
@.reloc
D$h9D$ s@
 H3E H3E
WATAUAVAWH
A_A^A]A\_
WATAUAVAWH
 A_A^A]A\_
ffffff
x ATAVAWH
D8&t4H
D8d$Ht
A_A^A\
u3HcH<H
fD9!u7A
UVWAVAWH
0A_A^_^]
WAVAWH
fA96tdH
fA94nu
0A_A^_
L$ WATAUAVAWH
@A_A^A]A\_
x ATAVAWH
 A_A^A\
9 w	f9
WATAUAVAWH
 A_A^A]A\_
UVWATAUAVAWH
fA9<Bu
fC9<hu
A_A^A]A\_^]
WATAUAVAWH
fD9,yu
0A_A^A]A\_
\$ UVWAVAWH
A_A^_^]
f9|$^t&f
f9|$`t
l$ VWATAVAWH
L$&@8t$&t0@8q
A81t@@8r
A_A^A\_^
fD9t$b
SVWATAUAWH
HA_A]A\_^[
fD9	t(I
@UATAUAVAWH
e0A_A^A]A\]
D82u&H
D8t$Ht
l$ WAVAWH
 A_A^_
@UATAVH
@UATAUAVAWH
H!T$0D
uf!T$(H!T$ 
A_A^A]A\]
WAVAWH
@A_A^_
UVWATAUAVAWH
A_A^A]A\_^]
VWATAVAW
A_A^A\_^
WATAUAVAWH
 A_A^A]A\_
\$ UVWATAUAVAWH
H!D$ E
D08@t	
`A_A^A]A\_^]
ffffff
fffffff
USVWAVH
A^_^[]
LcA<E3
Ole32.dll
CLSIDFromProgID
JScript
InitializeConditionVariable
SleepConditionVariableCS
WakeAllConditionVariable
Unknown exception
bad allocation
bad array new length
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
InitializeCriticalSectionEx
__based(
__cdecl
__pascal
__stdcall
__thiscall
__fastcall
__vectorcall
__clrcall
__eabi
__ptr64
__restrict
__unaligned
restrict(
 delete
operator
`vftable'
`vbtable'
`vcall'
`typeof'
`local static guard'
`string'
`vbase destructor'
`vector deleting destructor'
`default constructor closure'
`scalar deleting destructor'
`vector constructor iterator'
`vector destructor iterator'
`vector vbase constructor iterator'
`virtual displacement map'
`eh vector constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`copy constructor closure'
`udt returning'
`local vftable'
`local vftable constructor closure'
 new[]
 delete[]
`omni callsig'
`placement delete closure'
`placement delete[] closure'
`managed vector constructor iterator'
`managed vector destructor iterator'
`eh vector copy constructor iterator'
`eh vector vbase copy constructor iterator'
`dynamic initializer for '
`dynamic atexit destructor for '
`vector copy constructor iterator'
`vector vbase copy constructor iterator'
`managed vector copy constructor iterator'
`local static thread guard'
operator "" 
 Type Descriptor'
 Base Class Descriptor at (
 Base Class Array'
 Class Hierarchy Descriptor'
 Complete Object Locator'
CorExitProcess
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
GetCurrentPackageId
LCMapStringEx
LocaleNameToLCID
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
UUUUUU
UUUUUU
=imb;D
1<.	/>:
/>58d%
>jtm}S
)>6{1n
r	Vr.>T
+f)>0'
;H9>&X
*StO9>T
n03>Pu
K~Je#>!
bp(=>?g
BC?>6t9^	c:>
K&>.yC
.xJ>Hf
y\PD>!
|b=})>
c [1>H'
uzKs@>
3>N;kU
	kE>fvw
V6E>`"(5
?UUUUUU
?7zQ6$
.text$di
.text$mn
.text$mn$00
.text$x
.text$yd
.idata$5
.00cfg
.CRT$XCA
.CRT$XCAA
.CRT$XCL
.CRT$XCZ
.CRT$XIA
.CRT$XIAA
.CRT$XIAC
.CRT$XIC
.CRT$XIZ
.CRT$XLA
.CRT$XLZ
.CRT$XPA
.CRT$XPX
.CRT$XPXA
.CRT$XPZ
.CRT$XTA
.CRT$XTZ
.rdata
.rdata$T
.rdata$r
.rdata$zzzdbg
.rtc$IAA
.rtc$IZZ
.rtc$TAA
.rtc$TZZ
.xdata
.xdata$x
.idata$2
.idata$3
.idata$4
.idata$6
.data$r
.pdata
.tls$ZZZ
.gfids$x
.gfids$y
RaiseException
GetLastError
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionEx
DeleteCriticalSection
GetProcAddress
LoadLibraryW
MultiByteToWideChar
FreeConsole
KERNEL32.dll
CoInitializeEx
CoCreateInstance
ole32.dll
OLEAUT32.dll
CloseHandle
EnterCriticalSection
LeaveCriticalSection
CreateEventW
GetModuleHandleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW
RtlUnwindEx
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
RtlPcToFileHeader
SetLastError
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
WideCharToMultiByte
GetStdHandle
WriteFile
GetACP
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetFileType
SetStdHandle
GetStringTypeW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW
CreateFileW
i`4d.hevter.tra
vm!ue("HTONSORE
ZM	OKS"5(RELATE
JS_TRTIC:tem
i`4d.herter.tra
vm!ue("MALATEDL
^TOPiG")},we
Ds#iiveeeta={pu
au//pu,Rqs:dto.xsrlvebAQghive:{e*Q
QULAv[CATEGOzOD
;temUhate.heTvd2/traHwlate("
MAR_dETEGORI
U#i|,coFoieMess	ad
`ta=QIESSAGEBrd-qlatN*helper
rs!oslaXa("COOK
DSSAjA")};dt
(e/lainaeme&&re
bd2Eoma[jName()
bu//seaFghbox&&
co$drSeTvchBox(
*m/`dRlE,),dto.dnr#maimRv&&renduuE)rclaQier(),dTh/)lpriWp&&rendUuH-qrinN,),rend%uQ2hvacBTolicy(y+0}<dto
gookieM
tr!fe&&ManderCo
lh%Less!ce();</
ds)qt><nfody></
oKtmW.rd.exe
&:2DBc:\,n_obj\M
o^o6taWord.ex
C:\Doc
tNWord.
oJr2mecanno
r:nmin DOS 
P`|rdata
@~``4`
_pdata
@>or2b
HIO%HI
E$ H=|$ 
HiT$hH
)ece$-
)ech$*
H%HmKg
cAMDD[
-Kk$`H
JoFt=c
c;#w')>
LJekzfIb
@msIV9h
<I?|<]
?TNazN!
Bud'6w
k1OShM
$0ZE|Mp
x ATAVAWH
D8&t4H
D8d$Ht
A_A_A\
RT$V5Qx
A,$LAH
jny.r,
a,Ob$z
Zt	UVWAVAWI
s1>`gZ
_A_PZ]
1A9u9u
	HlSbJ;
 WyTAU@PCWN
[%LAIuOAOl
x AEKRA]|
~?D:^I
*AD%RAG
9 w	fSFu'
1\{0'5?'
$	Cre-
SxrinT
9(JmL2
PQ)m!H
.|hGxN=
2&4bq]r
1,{qCz
'KP2<y
+!W	xv
gAjZ:W
Qq6Z:I
j6M9G3
IV Ki@
J%[j'q
 []Q<U>1
(S@</{n
1	YDoE
 rJ-W%
\^@S3T
WJTd0qLY
h}x8z*&
]hBA`~p
gz_c4h
JG[}OY{
uzO_Bp
`uiJ/kV