Sample details: 0ad0a360ff9b14f7e4ccb40be99c5709 --

Hashes
MD5: 0ad0a360ff9b14f7e4ccb40be99c5709
SHA1: 39c76ac930f918f52ff3f5000962d038eaa853e6
SHA256: b62ae6ad5f029c61f3fc11b7f94f46c6a6ad758f2a4ed40663c4a0c4ff77c479
SSDEEP: 1536:poU/5UnAAW+Z6xOZct4sAAhG3FSti/zvDS2HZI0ESknYnh1Qk1pk9yurWv4qil92:R/5UnAAT6esAXJHZI0ESknYnh1Qk1pks
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Basic_v50v60 | YRP/Microsoft_Visual_Basic_v50 | YRP/Microsoft_Visual_Basic_v50_v60 | YRP/Microsoft_Visual_Basic_v50_additional | YRP/Microsoft_Visual_Basic_v50v60_additional | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/Dropper_Strings | YRP/WMI_strings | YRP/SEH__vba | YRP/win_mutex | YRP/win_registry | YRP/Big_Numbers1 | YRP/TEAN | YRP/Str_Win32_Wininet_Library | YRP/Str_Win32_Internet_API |
Parent Files
6e01adac4caa3aec4fbc2d341fa501c3
Strings
		!This program cannot be run in DOS mode.
`.data
-C000-ServicesVBP
FrmMain
tmrWeb2
tmrWeb1
tmrTIMEOUT
tmrRetry
tmrMouseMove
tmrClickOrInput
tmrReLoadApp
Picture2
Picture1
tmrRemoveObject
tmrStartBegin
wbrStartup
SHDocVwCtl.WebBrowser
VB5!6&vb6chs.dll
ServicesVBP
|ig%]L
ReadyState
ieframe.dll
SHDocVwCtl.WebBrowser
WebBrowser
ServicesVBP
FrmMain
mCookieAndCache
mLocalMAC
modMain
Module1
clsTEA
modHookInfo
shlwapi.dll
PathFileExistsA
shell32.dll
SHGetPathFromIDListA
SHGetSpecialFolderLocation
user32
GetWindow
advapi32.dll
RegDeleteKeyA
RegCreateKeyA
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
advapi32
RegCreateKeyExA
RegSetValueExA
kernel32
ExpandEnvironmentStringsA
SetProcessWorkingSetSize
GetCurrentProcess
SendMessageA
CreateMutexA
Picture1
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
tmrRemoveObject
Picture2
tmrMouseMove
tmrReLoadApp
wbrStartup
A"C:\Program Files (x86)\Microsoft Visual Studio\VB98\ieframe.oca
SHDocVwCtl
tmrTIMEOUT
tmrWeb2
tmrWeb1
tmrStartBegin
tmrRetry
wbrPopup1
wbrPopup2
tmrClickOrInput
FC:\Program Files (x86)\Microsoft Visual Studio\VB98\VBA6.dll
PostMessageA
wininet.dll
InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetCloseHandle
WebBrowserClick
TestString
VBA6.DLL
LoadLibraryA
msvbvm60.dll
GetDeviceCaps
MessageBoxIndirectW
VirtualProtect
InterlockedIncrement
InterlockedDecrement
CallWindowProcA
RtlMoveMemory
GetProcAddress
GetModuleHandleA
VirtualFree
VirtualAlloc
StrStrA
CreateIExprSrvObj
DecryptByte
Progress
FindFirstUrlCacheEntryA
C:\windows\SysWow64\msvbvm60.dll\3
EncryptFile
DecryptFile
EncryptString
DecryptString
EncryptByte
wininet
FindNextUrlCacheEntryA
FindCloseUrlCache
DeleteUrlCacheEntryA
lstrcpyA
lstrlenA
LocalAlloc
LocalFree
SHFileOperationA
HeapAlloc
HeapFree
I .Rha@
CloseHandle
netapi32.dll
Netbios
GetProcessHeap
DeleteObjectDisp
LostMissionList
isLoad1
isLoad2
isLoaded1
isLoaded2
loadFrame1
loadFrame2
SourceFile
DestFile
ByteArray
New_Value
Percent
MSVBVM60.DLL
MethCallEngine
EVENT_SINK_AddRef
DllFunctionCall
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ProcCallEngine