Sample details: 04f41c90a1d3dad1dda7074ec08ea275 --

Hashes
MD5: 04f41c90a1d3dad1dda7074ec08ea275
SHA1: ffc6221bd6215be5c4527fad8a20a6434726f40b
SHA256: 4d054b9bb238089b8cda1d9282b19d709096ded94688eabbbdf7afb77ca322c7
SSDEEP: 6144:9RIhTWPvMvdKQPzzAleQWgOxjTAKCKuzL4D8GCsvSm6yXGb5sF4pXZCY0rsUxyF:XIhC3MFKw/Al7WXxjkKMLS+n
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Basic_v50v60 | YRP/Microsoft_Visual_Basic_v50 | YRP/Microsoft_Visual_Basic_v50_v60 | YRP/Microsoft_Visual_Basic_v50_additional | YRP/Microsoft_Visual_Basic_v50v60_additional | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/SEH__vba |
Source
http://utasarmsinc.ru/live/Better.exe
Strings
		!This program cannot be run in DOS mode.
`.data
MSVBVM60.DLL
Chafee1
VB5!6&*
Koutrouvelis7
Keepership8
Chafee1
Amarevole
Withewood7
Chafee1
Label2
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
Check2
Text10
user32
GetClassNameW
FindWindowW
ShowWindow
PostMessageW
comdlg32.dll
ChooseColorA
KERNEL32.DLL
EnumUILanguagesW
VBA6.DLL
__vbaErrorOverflow
__vbaI4Var
__vbaLbound
__vbaVarCopy
__vbaStrCmp
__vbaNew2
__vbaVarSetObjAddref
__vbaFpI4
__vbaFreeStrList
__vbaVarDup
__vbaStrMove
__vbaStrToUnicode
__vbaSetSystemError
__vbaStrToAnsi
__vbaVarAdd
__vbaStrVarMove
__vbaFreeVarList
__vbaR8Var
__vbaLenVar
__vbaVarIdiv
__vbaI2Var
__vbaFreeVar
__vbaFreeStr
__vbaStrVarVal
__vbaVarMove
__vbaR8IntI4
Amarevole
Glassfuls
mr)8UF
eg3<gH
5_#HTkqW;
H)DlP,
p).D^1
bU+/1ru
vBMhw2f;
_#t\/A9K
8SGx[u+
MV=DFv
N%Dlo;
*UfH!*
=[fH!P
)DlnXu
OGxou+
wacim<
jFy?y<
^\=o?s
a;ENsu
)BhEl8YW
.Xg	j3
(GZ7DR/
)l)obd
^9}~9?ntVy_
A+A@!?;
hm.KNm8V
AFU:8L
R@6V2gK
=M%hQz
>|U1VK
XCV .D
_<r- Z
v;Au<X
MqX_`#
jZ|s,R/[2
hku<~<
])Dl8YP
+>t>.L
c0gwahk
mt6H*r
j	P}/T:
.#Zm8Zp
$E`}9C$
p0n	)fq
}Hfp!I
nT=Y*w
(Dlh^U
xVy{A!
CU;n;en
e/y>|V
]eHg$q5
4j!mGqm
F?	x]1U:
;8NjWy
CD<o;ib
Y2KaP=
j6OzVO
-NxVygd
h@p1+6
@;}$R2
9tv|BmR
&K}Dnj^E
R/>W2gO
NZBmAS`
h@P1+>
u.>qVy
iR+G1Q
ZxGxVJ
X<V iD
tv|z\z
UtN ;!
@-Nl8P
WfHJMso
zW2i<f
1`n;Iu
1Fe'c>|
]+G)Y'9
X'Tp-m
OEx 8E
{Vyivs
BWw>tRm
Vr>vum
tM|P;j
LVh[K@
~~e4ug
}Hfp!E
"@\aSz
ouMtL:
'L1Je#
#!&@W}
<*vSBpH
/c[]Rg
~ej~rP
S	y>=)8
4HV9-V
A@ysaYoh
T?j]>.
2g3nfH!P
THH	F+
VoH`As
;zXG%8
j^gV=.
"~	W({
4#&IIq
cp8waj
IkVqEq
	iF$;T
0MxwW$N
~vHj@\m
mwAf}i
lBZ+ q
J;&s}D
5dq+EX
RRsVqO
&y-|:X
m.sNaz
&S#;u{
K,u]K=Z
5cQ5_IS
VI(U4!
3-8{pH9
42^%)p
K}Sw?B
u?QSsViO
j>M lH
cdCwa`
8>Om`|
jHMV=[s
h'&=50.
;hC$B&
fPUMV=M'r
[uPeNT
9E@/,K
qYvX5i
+KUTh1
)8# ;_9~
-+I5&LS
UScRz2X
HH+Af^=
3qR1xVz2\
K$_"V[
#c%:U!
PKknP,
Lo`R\=A
N#m8go
6aX#$'
posWRv
p>|<&$
3%@V H
qmEY)X)W
)2e`B{
-%D=<(7#6
WCddrk24
K_NL/;&D
gb*1nr
6*ietr
B|atUp#Ve
$$aF	c
R{]62o"
6Hm?fR
SC.U0x
lB\!"c
1yO!y?
R7I?b3
.&hbBa
oWL#Z%'
G-d^zK
y]6f~{
TA|`JL
dVpuZ>
Xx\&4<
`LH-$6
f_t=}Zp
'zpT5\
 ;CrS$'
GI=R9T
!u,LJ^
iEPg!n<+
.?=0}3
Ax`f	ZUIw
-[KOLZ
f=j2^_4U
&ElS46
?ifg`S
OR-$ ~
vKklh;B1
|/<=C)9
=q+EC!
.s!1-e
z:N`PY
\y{e#J
[ pjh|x
k}{..6
'Nr'#_
Oa!I.NUh
20Ec o
+Z2@_cE
?KK2 1
1tL&FaaO
9Nyr<%fx
F>=q8D
=,e{tqU
YS8`O)
IzDd0/
x1h\4s
5Bbux=}
*5E(ACE
6.yq=<)9
NCMZgx
7$!.VV
3vw?*R
j?]xAK
1DTSrS_
!Ex9ZW
.LoTWP
2/WOqa
t"QMlV}j
d}M<@U
e*R&`#9
8apq	_;
iOh*\x
|IOB~o
kUATw_^
MtG_9+
b%muS)
80`oyf
#xzw[V
Y<8m&R
%{qW!m
0,{IW.
0,{IW.
0,{IW.
0,{IW.
0,{IW.
0,{IW.
0,{IW.
0,{IW.
0,{IW.
0,{IW.
0,{IW.
0,{IW.
0,{IW.
0,{IW.
0,{IW.
0,{IW.
0,{IW.
0,{IW.
0,{IW.
0,{IW.
u]`Xp'
u]`Xp'
u]`Xp'
u]`Xp'
u]`Xp'
u]`Xp'
u]`Xp'
u]`Xp'
u]`Xp'
u]`Xp'
u]`Xp'
u]`Xp'
u]`Xp'
u]`Xp'
u]`Xp'
u]`Xp'
u]`Xp'
M xa~ 
*#'=CKLLKA..
#%BZ___ZTNDADSL*-
#__X@)L__________ZNBBMM&
N___________Z9
3YSBBT/(
&.__________H
8R_L@NB&
#_________E
E__N?M>*
#=________;
W___M@S%
Z_______F
4____ZBBK#
,_______V
3______N@S
___2__ 
	<___GV_______X@K%
S______Q
5_________*____@C(*
Z___________
__@D%)
Y______
O____y_________Z?L
%K_____Y
 O_"_______q__TAD
+_____P
____________LB,
T____Z
6___________YBK
%Z____1
W__________Z
*Z___U21
I___________LC*
'T___OEY_*________XDB%"
$@Z_______
____TKD.
y.N___ZYXTSNMC,
($'->q@>-&
,+--/;
*).>EED<
0E<-;HOOOKA415;$.+
 KOOOOOOG'
EOOOOOB!
$IE00)
 JOOOOC
%JOE// 
@OOK=/
HOOOO3
3'AOOOOD.))
6OOOOOOOOOH.*
OOOOOOOOH.
(IOOOOOOOOD/
?OOOOOOOK
#GOOOOOOOH0
":OOOOOOOH0
,DKF8AOOOOOOJD.
*->HKOKKJH>/
,*,-.-
 0881,
#/=OOO+'35-
$O<OOOOO/
)?OOOOO@1
%AOOOO=.
,O:OOOOA8!
Glassfuls
Text10
Text10
Check2
Check2
Label2
Label2
MSVBVM60.DLL
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaStrVarMove
__vbaVarIdiv
__vbaFreeVarList
_adj_fdiv_m64
_adj_fprem1
__vbaSetSystemError
__vbaLenVar
_adj_fdiv_m32
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
DllFunctionCall
__vbaLbound
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaStrVarVal
__vbaI2Var
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaFreeStrList
_adj_fdivr_m32
__vbaR8Var
_adj_fdiv_r
__vbaI4Var
__vbaVarAdd
__vbaStrToAnsi
__vbaVarDup
__vbaFpI4
__vbaVarCopy
__vbaVarSetObjAddref
_CIatan
__vbaStrMove
__vbaR8IntI4
_allmul
_CItan
_CIexp
__vbaFreeStr
 0881,
#/=OOO+'35-
$O<OOOOO/
)?OOOOO@1
%AOOOO=.
,O:OOOOA8!
,+--/;
*).>EED<
0E<-;HOOOKA415;$.+
 KOOOOOOG'
EOOOOOB!
$IE00)
 JOOOOC
%JOE// 
@OOK=/
HOOOO3
3'AOOOOD.))
6OOOOOOOOOH.*
OOOOOOOOH.
(IOOOOOOOOD/
?OOOOOOOK
#GOOOOOOOH0
":OOOOOOOH0
,DKF8AOOOOOOJD.
*->HKOKKJH>/
,*,-.-
*#'=CKLLKA..
#%BZ___ZTNDADSL*-
#__X@)L__________ZNBBMM&
N___________Z9
3YSBBT/(
&.__________H
8R_L@NB&
#_________E
E__N?M>*
#=________;
W___M@S%
Z_______F
4____ZBBK#
,_______V
3______N@S
___2__ 
	<___GV_______X@K%
S______Q
5_________*____@C(*
Z___________
__@D%)
Y______
O____y_________Z?L
%K_____Y
 O_"_______q__TAD
+_____P
____________LB,
T____Z
6___________YBK
%Z____1
W__________Z
*Z___U21
I___________LC*
'T___OEY_*________XDB%"
$@Z_______
____TKD.
y.N___ZYXTSNMC,
($'->q@>-&