Sample details: 0ae994af3dcece45343836e94f8e7ecb --

Hashes
MD5: 0ae994af3dcece45343836e94f8e7ecb
SHA1: 76825200ebfb70573b1642addc34e84e1e8e56d2
SHA256: e38372681d9fd42504d33a7956865bdc6e0fac15dacefb857c3bc279f7d6ad1f
SSDEEP: 3072:8X5glWK2Jbo4AjfN41Y6o4nKcwi+h6ZUcGXwrx6pu+zAj:8JS9yEnCa63nKszU0rg
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Basic_v50v60 | YRP/Microsoft_Visual_Basic_v50 | YRP/Microsoft_Visual_Basic_v50_v60 | YRP/Microsoft_Visual_Basic_v50_additional | YRP/Microsoft_Visual_Basic_v50v60_additional | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/SEH__vba |
Source
http://asaigoldenrice.com/fedex/original_doc/fedex.exe
http://asaigoldenrice.com/fedex/original_doc/fedex.exe
Strings
		!This program cannot be run in DOS mode.
`.data
MSVBVM60.DLL
Blowings4
VB5!6&*
Messmate8
Unreverted
Blowings4
Botyrius8
Blowings4
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
Command16
Label38
user32
CallWindowProcA
FloodFill
shell32.dll
SHGetPathFromIDListG
ShellAboutG
shellA.dll
SHGetSpecialFolderLocation
GetActiveWindow
derk.dll
Aesthetics
Ingrain8
Demeaned1
Eglandulose
Prescrive5
Saccharonic1
Unrising8
Heathery
Workable6
Bekpak4
Penmanship4
Oolitic
VBA6.DLL
__vbaI4Var
__vbaVarDiv
__vbaLbound
__vbaVarDup
__vbaStrComp
__vbaVarMove
__vbaFreeObj
__vbaNew2
__vbaInStrB
__vbaObjSet
__vbaCyI4
__vbaCyAdd
__vbaI4Cy
__vbaFreeStrList
__vbaHresultCheckObj
__vbaLenBstr
__vbaErrorOverflow
__vbaStrCopy
__vbaStrToUnicode
__vbaStrToAnsi
__vbaSetSystemError
__vbaOnError
__vbaFreeVarList
__vbaFreeStr
__vbaDateVar
__vbaLenBstrB
__vbaI2I4
__vbaFreeVar
__vbaStrVarMove
__vbaStrMove
Nickneven0
-)y/T+
aILj)vL,
-)	cU+
-)yGT+
-)yGT+
=+D]^[b
ktCuNx
`9}9G~
|A:cyG
,\C]=Yi{
Mt@QL/[
*9}9G~
ceQM5i
\j,xi/
%.	uhxB
#e:G5h
PLQL/[
K]kukt/f
$?T,Cc
QA5IL)
+5g=sEF
Oi}]ND]
)(	dQTB
!a/O'Q
txxO]mY
yGT+M6D
wmtHnJ
U_NING
U_4ZS^
r	:(xB
EELD]"
K9)]]3C`M
)b`a[2
	!{GT+/q
UKOP\;{
vhx_]mY
Tf9}3fZ
	SsO!q
woKu?^
e[c`ef2
%.GuhD
 %.Cuh,
]wJXIA,
E=b\<3
c9}9_~
	!yGT+/1
H^n.1b
	%{GT+aq
QmGmhx
%.CEhl
:WV9ppaI
	9yET+/!
:hxGz!}
H`9BuX@>(yG
JIA|SG
5W,6(yG
Lt@WL/#
K?^})i
%.	5h4@
M=~y@}
^	Ss7/	
${*B}_u
jFESs_
5;ES{A
DO%.}*|
sy(n.:
":u9/~#
MD|05 
"f!FwK
'K<  (
,\CYMY
>PkpX$s
?ry-RL
:WV9m3
8TtJ%_
YrjIu<
:WV9l9
`@EMNAQ
=	IzGT
	%yFT+/a
PDWL/?
|GT+/a
Oeb,<ap
t@UL/#
1Lt@WT/+
PLWL/C
MIIH82
ZJK^`u
:(x@T!}
d.	uhpD
-wrRIA,
5hh]f3ir
PHQL/+R
`Q1WSOT
%.GuhT
z##hplg
W-t(yG
Jhx+]eY
Q5Ss1+
vhxw_uY
.dJ)_g
Lt@WL/'
,\C]MY
&v9}97~
\EA9}:
1$d>KM
9(Ou!K
Nt@Ut/
yy\R3f
Q{3@-9
1\t@UL/
8-=k<W
^R3eX(
0PhUt/
#2]ph`
,(LT]Y
xK#V"O
;a15PP:W
f9r4 [
kp\ {`
GQ0W[4
sIzoP(d
!Y^Zv1
r	thxG_eY
%.MMhX
$NV<p_
%.	uhp@
0PtU\/'
kpR\+#!
5< +vmp
|#u9nx
~_rEfG
uET+/1
-V@LDt
	{GT:7
%.	uh`D
7.=BJVr
	!yFT+aq
-)yGT+
-)yGT+
xSjcu:
-)":{]2
*/'>pW;
h[53b]
m;z|qf
ynb8k],
-)yGT+
	C	LUCS4
I+!0]P
iE]]C:
t:pH(uc
;,U,/>
S-ca93
'%622O
'y%_f)
=;%/vh
*>+.|R,
~3}BF/
;wjvGo
&HG5Dz
I;w9$^
b^%%S8
4tJ,)q
4`O,)3
D,)yG!
"%#78XQ!
D])5;H
)(8rG=
]:FLz(
!)=.'[
7 >0(rX
4XI,)y
4dI,)E
aeyGT+
^Rkw^Rkw
NfZ{oP
-)yGT+
Nickneven0
Command16
Command16
Label38
Label38
MSVBVM60.DLL
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
_adj_fdiv_m64
_adj_fprem1
__vbaSetSystemError
__vbaLenBstrB
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaOnError
__vbaCyAdd
__vbaObjSet
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaCyI4
__vbaI2I4
DllFunctionCall
__vbaLbound
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaVarDiv
__vbaFPException
__vbaDateVar
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
__vbaI4Var
__vbaInStrB
__vbaStrToAnsi
__vbaStrComp
__vbaVarDup
_CIatan
__vbaStrMove
__vbaI4Cy
_allmul
_CItan
_CIexp
__vbaFreeStr
__vbaFreeObj