Sample details: 098645597ac8e1dd784dca99102aec52 --

Hashes
MD5: 098645597ac8e1dd784dca99102aec52
SHA1: b6f2915ee4dd05f7198e714244b526966f47fd60
SHA256: 3fc0b3d7fb9379704f9257b67bcec6969034db678b9bbe3177adc581036969d5
SSDEEP: 48:i8hYEZHlomfqiS6T8vsb3zP32i/kDVE3vrC8OScw3wiStKWK2:1KEZ1hDeiAYvrXQ6StKl2
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Basic_v50v60 | YRP/Microsoft_Visual_Basic_v50 | YRP/Microsoft_Visual_Basic_v50_v60 | YRP/Microsoft_Visual_Basic_v50_additional | YRP/Microsoft_Visual_Basic_v50v60_additional | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/SEH__vba | FlorianRoth/DragonFly_APT_Sep17_3 |
Source
http://www.maburk-oil.com/temp/1.exe
Strings
		!This program cannot be run in DOS mode.
`.data
MSVBVM60.DLL
Project1
Test Run
TahomaF
lblItWorks
It Works !
Tahoma
Dummy File
Project1
Project1
Project1
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
lblItWorks
MSVBVM60.DLL
_CIcos
_adj_fptan
_adj_fdiv_m64
_adj_fprem1
_adj_fdiv_m32
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
_adj_fdiv_m32i
_adj_fdivr_m32i
_adj_fdivr_m32
_adj_fdiv_r
_CIatan
_allmul
_CItan
_CIexp