Windows Analysis Report SecuriteInfo.com.__vbaHresultCheckObj.11013.25640

Overview

General Information

Sample Name: SecuriteInfo.com.__vbaHresultCheckObj.11013.25640 (renamed file extension from 25640 to exe)
Analysis ID: 451415
MD5: c6066a473750ed5ad023d20ce532c8c8
SHA1: b2c181c008fd857b0f0122dbfd05d4193654ccc2
SHA256: 932f31e907302148994f479eafe8dfbf203537491bbd586c43190c59afa248ff
Tags: exe
Infos:

Most interesting Screenshot:

Detection

GuLoader
Score: 88
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected GuLoader
C2 URLs / IPs found in malware configuration
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Found potential dummy code loops (likely to delay analysis)
Machine Learning detection for sample
Tries to detect virtualization through RDTSC time measurements
Abnormal high CPU Usage
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to call native functions
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Detected potential crypto function
PE file contains strange resources
Program does not show much activity (idle)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

AV Detection:

barindex
Found malware configuration
Source: SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Malware Configuration Extractor: GuLoader {"Payload URL": "https://andreameixueiro.com/IRANSAT_Vsidob74.bin"}
Multi AV Scanner detection for submitted file
Source: SecuriteInfo.com.__vbaHresultCheckObj.11013.exe ReversingLabs: Detection: 30%
Machine Learning detection for sample
Source: SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Joe Sandbox ML: detected

Compliance:

barindex
Uses 32bit PE files
Source: SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Networking:

barindex
C2 URLs / IPs found in malware configuration
Source: Malware configuration extractor URLs: https://andreameixueiro.com/IRANSAT_Vsidob74.bin

System Summary:

barindex
Abnormal high CPU Usage
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Process Stats: CPU usage > 98%
Contains functionality to call native functions
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_02228274 NtAllocateVirtualMemory, 1_2_02228274
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222827B NtAllocateVirtualMemory, 1_2_0222827B
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_02228306 NtAllocateVirtualMemory, 1_2_02228306
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_022283BF NtAllocateVirtualMemory, 1_2_022283BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222840D NtAllocateVirtualMemory, 1_2_0222840D
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_02228487 NtAllocateVirtualMemory, 1_2_02228487
Detected potential crypto function
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_02228274 1_2_02228274
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222DE22 1_2_0222DE22
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_02223E26 1_2_02223E26
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_02223E36 1_2_02223E36
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222CA3F 1_2_0222CA3F
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222CE00 1_2_0222CE00
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222EA01 1_2_0222EA01
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222CA17 1_2_0222CA17
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222626C 1_2_0222626C
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_02220A71 1_2_02220A71
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_02220A77 1_2_02220A77
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222827B 1_2_0222827B
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222DE43 1_2_0222DE43
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222124F 1_2_0222124F
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_02226E50 1_2_02226E50
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_02221A57 1_2_02221A57
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222725B 1_2_0222725B
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222D25D 1_2_0222D25D
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_02227EAB 1_2_02227EAB
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_02220AB2 1_2_02220AB2
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_02223EB5 1_2_02223EB5
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_022266BD 1_2_022266BD
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_02221680 1_2_02221680
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222DE80 1_2_0222DE80
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_02221A89 1_2_02221A89
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222CE96 1_2_0222CE96
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222BE97 1_2_0222BE97
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_02226A9C 1_2_02226A9C
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_022232E5 1_2_022232E5
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_022212E9 1_2_022212E9
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_02226EEF 1_2_02226EEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222DEF2 1_2_0222DEF2
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_02220ED0 1_2_02220ED0
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222CAD5 1_2_0222CAD5
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_02221B27 1_2_02221B27
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_02226327 1_2_02226327
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_02220B2C 1_2_02220B2C
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_02223B36 1_2_02223B36
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222DF36 1_2_0222DF36
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_02226B04 1_2_02226B04
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_02227B0E 1_2_02227B0E
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222171F 1_2_0222171F
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_02223F6F 1_2_02223F6F
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222E772 1_2_0222E772
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222CB77 1_2_0222CB77
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_02226742 1_2_02226742
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222DF4F 1_2_0222DF4F
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222C350 1_2_0222C350
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222C750 1_2_0222C750
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222BF51 1_2_0222BF51
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_022213AA 1_2_022213AA
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_022217BF 1_2_022217BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222C783 1_2_0222C783
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222CF8C 1_2_0222CF8C
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_02223B8D 1_2_02223B8D
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222678D 1_2_0222678D
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222B791 1_2_0222B791
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_02226B91 1_2_02226B91
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_02226F9B 1_2_02226F9B
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222DFE3 1_2_0222DFE3
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_022263E7 1_2_022263E7
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_022287F0 1_2_022287F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_02220BC2 1_2_02220BC2
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222BBCE 1_2_0222BBCE
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_02221BD7 1_2_02221BD7
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_02220FDB 1_2_02220FDB
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_02222BDE 1_2_02222BDE
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_02223C37 1_2_02223C37
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222143F 1_2_0222143F
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_02226C05 1_2_02226C05
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222BC08 1_2_0222BC08
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222C010 1_2_0222C010
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222CC1F 1_2_0222CC1F
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_02222C1C 1_2_02222C1C
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_02226866 1_2_02226866
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222086C 1_2_0222086C
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_02221874 1_2_02221874
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_02220C4A 1_2_02220C4A
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222C84F 1_2_0222C84F
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222C453 1_2_0222C453
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222305E 1_2_0222305E
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222705F 1_2_0222705F
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222C45F 1_2_0222C45F
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222BCB6 1_2_0222BCB6
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_022230B9 1_2_022230B9
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_02221083 1_2_02221083
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222EC92 1_2_0222EC92
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_02226497 1_2_02226497
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222E097 1_2_0222E097
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_02226C95 1_2_02226C95
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_022210EB 1_2_022210EB
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_022268E9 1_2_022268E9
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_022214EF 1_2_022214EF
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_02223CF6 1_2_02223CF6
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_022208FA 1_2_022208FA
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222C8FB 1_2_0222C8FB
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222CCFF 1_2_0222CCFF
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222CCCB 1_2_0222CCCB
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_022260D4 1_2_022260D4
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_02221925 1_2_02221925
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_02223D33 1_2_02223D33
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222DD3F 1_2_0222DD3F
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222DD02 1_2_0222DD02
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_02227104 1_2_02227104
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222DD0F 1_2_0222DD0F
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_02226D63 1_2_02226D63
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222DD78 1_2_0222DD78
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222BD42 1_2_0222BD42
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_02223D43 1_2_02223D43
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_02226545 1_2_02226545
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222CD55 1_2_0222CD55
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_02225D5F 1_2_02225D5F
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222D1B1 1_2_0222D1B1
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_02223DB6 1_2_02223DB6
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_022271B4 1_2_022271B4
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222DDBB 1_2_0222DDBB
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222C993 1_2_0222C993
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_02226991 1_2_02226991
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222159A 1_2_0222159A
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222619D 1_2_0222619D
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_022215E1 1_2_022215E1
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_022265ED 1_2_022265ED
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_02226DFE 1_2_02226DFE
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222C9FF 1_2_0222C9FF
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222BDFC 1_2_0222BDFC
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_022219C3 1_2_022219C3
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_02223DC9 1_2_02223DC9
PE file contains strange resources
Source: SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Sample file is different than original file name gathered from version info
Source: SecuriteInfo.com.__vbaHresultCheckObj.11013.exe, 00000001.00000002.1181876551.0000000000435000.00000002.00020000.sdmp Binary or memory string: OriginalFilenameObject.exe vs SecuriteInfo.com.__vbaHresultCheckObj.11013.exe
Source: SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Binary or memory string: OriginalFilenameObject.exe vs SecuriteInfo.com.__vbaHresultCheckObj.11013.exe
Uses 32bit PE files
Source: SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
Source: classification engine Classification label: mal88.troj.evad.winEXE@1/0@0/0
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe File created: C:\Users\user\AppData\Local\Temp\~DF934512EC1FF84EF0.TMP Jump to behavior
Source: SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Section loaded: C:\Windows\SysWOW64\msvbvm60.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: SecuriteInfo.com.__vbaHresultCheckObj.11013.exe ReversingLabs: Detection: 30%

Data Obfuscation:

barindex
Yara detected GuLoader
Source: Yara match File source: SecuriteInfo.com.__vbaHresultCheckObj.11013.exe, type: SAMPLE
Source: Yara match File source: 1.0.SecuriteInfo.com.__vbaHresultCheckObj.11013.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 1.2.SecuriteInfo.com.__vbaHresultCheckObj.11013.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000001.00000002.1181676924.0000000000401000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match File source: 00000001.00000000.653822220.0000000000401000.00000020.00020000.sdmp, type: MEMORY
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0040663B push ebp; iretd 1_2_00406645
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222EE10 push esi; retf 1_2_0222EE5B
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222EE60 push esi; retf 1_2_0222EE63
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222EE64 push esi; retf 1_2_0222EE67
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222EE68 push esi; retf 1_2_0222EE6B
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222EE6C push esi; retf 1_2_0222EE6F
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222EE70 push esi; retf 1_2_0222EE73
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222EE74 push esi; retf 1_2_0222EE77
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222EE78 push esi; retf 1_2_0222EE77
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222EE5C push esi; retf 1_2_0222EE5F
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222EEAD push esi; retf 1_2_0222EE5B
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_02228AF9 push ebp; retf 1_2_02228B0F
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222EC92 push esi; retf 1_2_0222EE5B
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion:

barindex
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_02228274 NtAllocateVirtualMemory, 1_2_02228274
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222626C 1_2_0222626C
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222124F 1_2_0222124F
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_02226E50 1_2_02226E50
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222D25D 1_2_0222D25D
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_022266BD 1_2_022266BD
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_02221680 1_2_02221680
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222BE97 1_2_0222BE97
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_02226A9C 1_2_02226A9C
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_022232E5 1_2_022232E5
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_022212E9 1_2_022212E9
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222D2FF 1_2_0222D2FF
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_02220ED0 1_2_02220ED0
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_02226327 1_2_02226327
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_02223B36 1_2_02223B36
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_02226B04 1_2_02226B04
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222171F 1_2_0222171F
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222E772 1_2_0222E772
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_02226742 1_2_02226742
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222C350 1_2_0222C350
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222BF51 1_2_0222BF51
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222D3A4 1_2_0222D3A4
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_022213AA 1_2_022213AA
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222D3A8 1_2_0222D3A8
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_022217BF 1_2_022217BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_02223B8D 1_2_02223B8D
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222678D 1_2_0222678D
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_02226B91 1_2_02226B91
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_022263E7 1_2_022263E7
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222BBCE 1_2_0222BBCE
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_02220FDB 1_2_02220FDB
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_02223C37 1_2_02223C37
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222143F 1_2_0222143F
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_02226C05 1_2_02226C05
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222BC08 1_2_0222BC08
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222C010 1_2_0222C010
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_02226866 1_2_02226866
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222086C 1_2_0222086C
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222B846 1_2_0222B846
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222BCB6 1_2_0222BCB6
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_02221083 1_2_02221083
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_02226497 1_2_02226497
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_02226C95 1_2_02226C95
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_022210EB 1_2_022210EB
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_022268E9 1_2_022268E9
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_022214EF 1_2_022214EF
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_02223CF6 1_2_02223CF6
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_022208FA 1_2_022208FA
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_022260D4 1_2_022260D4
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_02223D33 1_2_02223D33
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_02226D63 1_2_02226D63
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222BD42 1_2_0222BD42
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_02223D43 1_2_02223D43
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_02226545 1_2_02226545
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_02225D5F 1_2_02225D5F
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222D1B1 1_2_0222D1B1
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_02226991 1_2_02226991
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222159A 1_2_0222159A
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222619D 1_2_0222619D
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_022215E1 1_2_022215E1
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_022265ED 1_2_022265ED
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_02226DFE 1_2_02226DFE
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222BDFC 1_2_0222BDFC
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe RDTSC instruction interceptor: First address: 000000000222B3DF second address: 000000000222B409 instructions: 0x00000000 rdtsc 0x00000002 mov eax, 00000001h 0x00000007 cpuid 0x00000009 popad 0x0000000a xor edx, AD6145DAh 0x00000010 cmp bh, dh 0x00000012 test bh, ah 0x00000014 xor edx, 12B119F7h 0x0000001a test bx, dx 0x0000001d cmp ecx, ecx 0x0000001f xor edx, D2104AFFh 0x00000025 test ebx, edx 0x00000027 mov ebx, edx 0x00000029 pushad 0x0000002a rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe RDTSC instruction interceptor: First address: 000000000222B409 second address: 000000000222B409 instructions: 0x00000000 rdtsc 0x00000002 mov eax, 00000001h 0x00000007 cpuid 0x00000009 popad 0x0000000a shl edx, 05h 0x0000000d add edx, ebx 0x0000000f movzx ebx, byte ptr [esi] 0x00000012 cmp bh, dh 0x00000014 add edx, ebx 0x00000016 xor edx, 09D23C6Ah 0x0000001c jmp 00007F0104364A0Eh 0x0000001e push ss 0x0000001f pop ss 0x00000020 jmp 00007F0104364A09h 0x00000022 add esi, 02h 0x00000025 mov word ptr [ebp+00000271h], bx 0x0000002c mov bx, word ptr [esi] 0x0000002f cmp bx, 0000h 0x00000033 mov bx, word ptr [ebp+00000271h] 0x0000003a jne 00007F0104364950h 0x00000040 mov ebx, edx 0x00000042 pushad 0x00000043 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe RDTSC instruction interceptor: First address: 000000000222B3B8 second address: 000000000222B3B8 instructions:
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe RDTSC instruction interceptor: First address: 000000000222E29D second address: 000000000222E29D instructions:
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe RDTSC instruction interceptor: First address: 000000000222C060 second address: 000000000222C075 instructions: 0x00000000 rdtsc 0x00000002 mov eax, 00000001h 0x00000007 cpuid 0x00000009 popad 0x0000000a mov edx, 9D78574Ah 0x0000000f pushad 0x00000010 mov edx, 000000F5h 0x00000015 rdtsc
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe RDTSC instruction interceptor: First address: 000000000222B3DF second address: 000000000222B409 instructions: 0x00000000 rdtsc 0x00000002 mov eax, 00000001h 0x00000007 cpuid 0x00000009 popad 0x0000000a xor edx, AD6145DAh 0x00000010 cmp bh, dh 0x00000012 test bh, ah 0x00000014 xor edx, 12B119F7h 0x0000001a test bx, dx 0x0000001d cmp ecx, ecx 0x0000001f xor edx, D2104AFFh 0x00000025 test ebx, edx 0x00000027 mov ebx, edx 0x00000029 pushad 0x0000002a rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe RDTSC instruction interceptor: First address: 000000000222B409 second address: 000000000222B409 instructions: 0x00000000 rdtsc 0x00000002 mov eax, 00000001h 0x00000007 cpuid 0x00000009 popad 0x0000000a shl edx, 05h 0x0000000d add edx, ebx 0x0000000f movzx ebx, byte ptr [esi] 0x00000012 cmp bh, dh 0x00000014 add edx, ebx 0x00000016 xor edx, 09D23C6Ah 0x0000001c jmp 00007F0104364A0Eh 0x0000001e push ss 0x0000001f pop ss 0x00000020 jmp 00007F0104364A09h 0x00000022 add esi, 02h 0x00000025 mov word ptr [ebp+00000271h], bx 0x0000002c mov bx, word ptr [esi] 0x0000002f cmp bx, 0000h 0x00000033 mov bx, word ptr [ebp+00000271h] 0x0000003a jne 00007F0104364950h 0x00000040 mov ebx, edx 0x00000042 pushad 0x00000043 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe RDTSC instruction interceptor: First address: 000000000222B3B8 second address: 000000000222B3B8 instructions:
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe RDTSC instruction interceptor: First address: 000000000222E29D second address: 000000000222E29D instructions:
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe RDTSC instruction interceptor: First address: 000000000222C060 second address: 000000000222C075 instructions: 0x00000000 rdtsc 0x00000002 mov eax, 00000001h 0x00000007 cpuid 0x00000009 popad 0x0000000a mov edx, 9D78574Ah 0x0000000f pushad 0x00000010 mov edx, 000000F5h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe RDTSC instruction interceptor: First address: 000000000222C075 second address: 000000000222C0A1 instructions: 0x00000000 rdtsc 0x00000002 popad 0x00000003 xor edx, 2F78EC29h 0x00000009 xor edx, 66DC7D09h 0x0000000f cmp cx, cx 0x00000012 cmp bx, cx 0x00000015 add edx, 2B23399Ah 0x0000001b cmp bl, bl 0x0000001d cmp dword ptr [edi+14h], edx 0x00000020 mov edx, dword ptr [ebp+000001CDh] 0x00000026 je 00007F01043649F6h 0x00000028 pushad 0x00000029 lfence 0x0000002c rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe RDTSC instruction interceptor: First address: 000000000222C0A1 second address: 000000000222BD95 instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a popad 0x0000000b jmp 00007F0104E2E8B8h 0x00000010 jmp 00007F0104E2ECE2h 0x00000012 cmp bx, bx 0x00000015 add esi, 00001000h 0x0000001b test bh, ah 0x0000001d test ch, ch 0x0000001f mov dword ptr [ebp+000001CEh], esi 0x00000025 mov esi, D1CB123Dh 0x0000002a test ax, bx 0x0000002d xor esi, 9D079601h 0x00000033 cmp bl, al 0x00000035 xor esi, 6EEE3B7Fh 0x0000003b test ax, ax 0x0000003e sub esi, 2221CF43h 0x00000044 test bl, bl 0x00000046 cmp dword ptr [ebp+000001CEh], esi 0x0000004c mov esi, dword ptr [ebp+000001CEh] 0x00000052 je 00007F0104E2F5D7h 0x00000058 test ah, ch 0x0000005a test ax, 00005041h 0x0000005e mov dword ptr [ebp+00000218h], esi 0x00000064 cmp cl, FFFFFFB9h 0x00000067 mov esi, 1CDCD8D0h 0x0000006c jmp 00007F0104E2ECE6h 0x0000006e test bx, cx 0x00000071 cmp edx, ecx 0x00000073 xor esi, 8DEA0809h 0x00000079 test edi, 1851CFE8h 0x0000007f cmp ch, bh 0x00000081 xor esi, 46C5E00Dh 0x00000087 pushad 0x00000088 mov ebx, 000000B2h 0x0000008d rdtsc
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_02228274 rdtsc 1_2_02228274
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Anti Debugging:

barindex
Found potential dummy code loops (likely to delay analysis)
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Process Stats: CPU usage > 90% for more than 60s
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_02228274 rdtsc 1_2_02228274
Contains functionality to read the PEB
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222AA71 mov eax, dword ptr fs:[00000030h] 1_2_0222AA71
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222B2B6 mov eax, dword ptr fs:[00000030h] 1_2_0222B2B6
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222C350 mov eax, dword ptr fs:[00000030h] 1_2_0222C350
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222C750 mov eax, dword ptr fs:[00000030h] 1_2_0222C750
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222C783 mov eax, dword ptr fs:[00000030h] 1_2_0222C783
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_02227C90 mov eax, dword ptr fs:[00000030h] 1_2_02227C90
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: SecuriteInfo.com.__vbaHresultCheckObj.11013.exe, 00000001.00000002.1185657895.0000000000CE0000.00000002.00000001.sdmp Binary or memory string: Program Manager
Source: SecuriteInfo.com.__vbaHresultCheckObj.11013.exe, 00000001.00000002.1185657895.0000000000CE0000.00000002.00000001.sdmp Binary or memory string: Shell_TrayWnd
Source: SecuriteInfo.com.__vbaHresultCheckObj.11013.exe, 00000001.00000002.1185657895.0000000000CE0000.00000002.00000001.sdmp Binary or memory string: Progman
Source: SecuriteInfo.com.__vbaHresultCheckObj.11013.exe, 00000001.00000002.1185657895.0000000000CE0000.00000002.00000001.sdmp Binary or memory string: Progmanlock

Language, Device and Operating System Detection:

barindex
Contains functionality to query CPU information (cpuid)
Source: C:\Users\user\Desktop\SecuriteInfo.com.__vbaHresultCheckObj.11013.exe Code function: 1_2_0222B4B5 cpuid 1_2_0222B4B5