Sample details: 0dd04aa76d0499142d41a17423f56924 --

Hashes
MD5: 0dd04aa76d0499142d41a17423f56924
SHA1: 8699da2e5d044b18161933e6d1cf042c2b933253
SHA256: 62d05791e9b7dd2c7bbbd815af5b44fd72c491ae7fa041f74d5c46be55a2b7d7
SSDEEP: 1536:3WXzXDr/I7ssc3QMzuhG3FSLl/zvcQ2UD0ESknYnh1Qk1pk9yurWv4qil9OrvODY:mXjDk7BMzLHUD0ESknYnh1Qk1pk9yurg
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Basic_v50v60 | YRP/Microsoft_Visual_Basic_v50 | YRP/Microsoft_Visual_Basic_v50_v60 | YRP/Microsoft_Visual_Basic_v50_additional | YRP/Microsoft_Visual_Basic_v50v60_additional | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/Dropper_Strings | YRP/WMI_strings | YRP/SEH__vba | YRP/win_mutex | YRP/win_registry | YRP/Big_Numbers1 | YRP/TEAN | YRP/Str_Win32_Wininet_Library | YRP/Str_Win32_Internet_API |
Parent Files
00670415ee0e630f8335b6324c958aff
Strings
		!This program cannot be run in DOS mode.
`.data
-C000-ServicesVBP
xGTV:O
FrmMain
tmrWeb2
tmrWeb1
tmrTIMEOUT
tmrRetry
tmrMouseMove
tmrClickOrInput
tmrReLoadApp
Picture2
Picture1
tmrRemoveObject
tmrStartBegin
wbrStartup
SHDocVwCtl.WebBrowser
VB5!6&vb6chs.dll
ServicesVBP
|ig%]L
ReadyState
ieframe.dll
SHDocVwCtl.WebBrowser
WebBrowser
FrmMain
mCookieAndCache
mLocalMAC
modMain
Module1
clsTEA
modHookInfo
ServicesVBP
shlwapi.dll
PathFileExistsA
shell32.dll
SHGetPathFromIDListA
SHGetSpecialFolderLocation
user32
GetWindow
advapi32.dll
RegDeleteKeyA
RegCreateKeyA
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
advapi32
RegCreateKeyExA
RegSetValueExA
kernel32
ExpandEnvironmentStringsA
SetProcessWorkingSetSize
GetCurrentProcess
SendMessageA
CreateMutexA
xGTV*b
Picture1
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
tmrRemoveObject
Picture2
tmrMouseMove
tmrReLoadApp
wbrStartup
A"C:\Program Files (x86)\Microsoft Visual Studio\VB98\ieframe.oca
SHDocVwCtl
tmrTIMEOUT
tmrWeb2
tmrWeb1
tmrStartBegin
tmrRetry
wbrPopup1
wbrPopup2
tmrClickOrInput
FC:\Program Files (x86)\Microsoft Visual Studio\VB98\VBA6.dll
PostMessageA
wininet.dll
InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetCloseHandle
WebBrowserClick
TestString
VBA6.DLL
LoadLibraryA
msvbvm60.dll
GetDeviceCaps
MessageBoxIndirectW
VirtualProtect
InterlockedIncrement
InterlockedDecrement
CallWindowProcA
RtlMoveMemory
GetProcAddress
GetModuleHandleA
VirtualFree
VirtualAlloc
StrStrA
CreateIExprSrvObj
DecryptByte
Progress
FindFirstUrlCacheEntryA
C:\windows\SysWow64\msvbvm60.dll\3
EncryptFile
DecryptFile
EncryptString
DecryptString
EncryptByte
wininet
FindNextUrlCacheEntryA
FindCloseUrlCache
DeleteUrlCacheEntryA
lstrcpyA
lstrlenA
LocalAlloc
LocalFree
SHFileOperationA
HeapAlloc
HeapFree
I .Zda@
SA%lSA%l
CloseHandle
netapi32.dll
Netbios
GetProcessHeap
DeleteObjectDisp
LostMissionList
isLoad1
isLoad2
isLoaded1
isLoaded2
loadFrame1
loadFrame2
SourceFile
DestFile
ByteArray
New_Value
Percent
MSVBVM60.DLL
MethCallEngine
EVENT_SINK_AddRef
DllFunctionCall
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ProcCallEngine