Sample details: 103ad37d67b8164d4410e7bc21d49d2f --

Hashes
MD5: 103ad37d67b8164d4410e7bc21d49d2f
SHA1: fdc79c25384716b3f984bf358a3b420d51f6a87d
SHA256: 2b5b5250d34fdd89ddd221d22d8b55be2b221159eb8239462f88c82ae0179482
SSDEEP: 6144:5x5dGpquyK+HFXhdvXWctczze4DqYMzRTLmbSNheSo72YsD2mSKI:zmpmzmmce4ZMzRTS24
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Basic_v50v60 | YRP/Microsoft_Visual_Basic_v50 | YRP/Microsoft_Visual_Basic_v50_v60 | YRP/Microsoft_Visual_Basic_v50_additional | YRP/Microsoft_Visual_Basic_v50v60_additional | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/SEH__vba |
Source
http://utasarmsinc.ru/live/ukbros001.exe
Strings
		!This program cannot be run in DOS mode.
`.data
MSVBVM60.DLL
Miscreed8
VB5!6&*
Hyperinotic
Spironema
Miscreed8
Witlet
Misguiders3
Miscreed8
Label1
C:\Program Files\Microsoft Visual Studio\VB98\VB6.OLB
Check1
KERNEL32.DLL
EnumUILanguagesA
user32
GetClassNameA
FindWindowA
ShowWindow
PostMessageA
comdlg32.dll
ChooseColorA
VBA6.DLL
__vbaLenVar
__vbaVarIdiv
__vbaI2Var
__vbaErrorOverflow
__vbaI4Var
__vbaInStrB
__vbaStrVarMove
__vbaNew2
__vbaVarSetObjAddref
__vbaVarTstNe
__vbaFreeStrList
__vbaVarDup
__vbaStrToUnicode
__vbaSetSystemError
__vbaStrToAnsi
__vbaFreeVarList
__vbaVarAdd
__vbaStrMove
__vbaFreeStr
__vbaStrVarVal
__vbaFreeVar
__vbaVarMove
Witlet
Subserve
 %#`t%y
$>ys/+~E
^,/+:U
nWON0p
'ebjwY_
q<Z381
Ak0I`<4d
j1PxDk
wjL)>D
Y&ypt 
nWOC\h
d*[`H)
IVFKz6
}{?8.aK
`<4dZ!
JsL^=D
a"[}DC
_6jasfG
'y~=@F
54X]$Y@\
q={&o}
ImF=[M
#gGq[i
(Hks+n
*e1ONm
[2	M@^i`
^kYG+3
Hft>_5
=412{Z
9)i.!P
'y~=@F
tr98~I(
[5b.!]
W,[>Rd
@UyOX	
`$cP98
 7UBE:
`aF8TZ
>!1'(2
AEUEI9
a$azCy
krNXix/T
rW^Ox*
,.(6)U
z*752S
]2Y[{m
X-	f3	
=2X+b_
&8gK+T
XNFyzb
b4wP!4
_\#B,Lq
8;Ab"=
nme+d"
%*h.vU8
b\hme.Y
qme,aG
ime.eU
ngL+*6)
-7|rcm
9n}3{5
)b_xX)
Ak0Eh@=
v/:yx6$
	x.!U	
)d:T>x
ziq//:
E~{"GTU
N^p`D!k^O
o/1.#+
g,Hga]
'@I},D
t-,}ke.
:kme}h
m9D!i^
m}3@g"
H6`MGn
R]1J{_;
eI2X	f
61:[[dt
ZX).~v
}gmo}U
BXyh,s
)?8(eJ
eerIHE
L]1\{_5
:kme}m
vJ#/:?
w:5XxDiq
nWOlk8
D*,nAd&
%Mr{RJ
lGSd/_E
=gO#X'
YUO0U"
__9\-,}z
`U^O<i
QDp#I3
Nu$H:I#
zgvyOH
|g}3(J
`%Xw'y
-s$Wiv
%M^Z#3
\w,[qY
$3O?:N
qQmG:g
R,VrH?
Zv7G{<s
a(x]5@l~rS,
[csBtW
^t~` r
me}bAc"^
M4'yvv
JyfZ%A
%MsP J
l;UeuL
=Sj6r<
O,rDF|$
W{<u3,
{#3#8{
eFb2>N
~=D|0v
X~ZR:U
HbQp0%
v<{kBW
[xgSW0L
$F=gEL
b6	Mi;+
If8T}QH
n}3Gd"
V^exxK/
(iFq	F
!NI\!8
V$.7?j
^^{Xys
1Da0>G^
g}j}e}A
G/qaBpl
`.O=8u
9cY=:x
E9'D|\
r_|dr3
Y$iQ7/
h.!P	|
_=4i	?y
ztT$vzG
"Kp)oo
sB/57*
DNCY[%
3rjljv
|%a;M,
If77{WOX/
h[MIi?NXvAl5
^I=V.,'Tg%H
8Vq!,Us
i#.7zN
*>e]Vm
II,g|Y
?1*CW]Q$
.y)>T$
<0?xvA
C~x*Gm
XQF`m^jI
$s&[^G
iQoJn&b
l@C>.wj
|C0+3r1]
pqwr}U
tZb|ja
OS1lQ)~
S~RLPR?
ZZ	j]H
e*6c<U
Q %v6H0
A,tVN6A
zF">34
pBw:TOk03
KyDi#y%
62"bq3
*D\ 6#
<LNFBHR
=O	ZpW
z"wE%	
jPZtf[
{<l~15
Oi:]qM
ar&Y	N
GLI)y;
3=b  v
lqTD*b
^?9}]>
=d&4tF
\l:9	,d
&fT,:2
SPO:?u
pN'K\8
&zM^.Z
K"|f?DU7
JZxXJF
~=a:N=
])!J\4
4/o6+C
$x}LGs
}sC.'_~
i%h1Sb
}M$2Ig`
]ph<Ov
j3HY]}
{E=NHz
inp,?H
0Q,GOh$
4mep2/*
8a-ViA>
~	Y]lD
3	5$imz
[#\B9/
-~|J rE
um.C&Xg
-l|\`JV|
LNZNFr
-iE3LMC
6.2BEj
iN}.&>
hB)	xl
J>O|	`
$3,+V0
2XV$	w
FJz u'^
<5^R*=
.+DJ`7	8
mB@3QU
VHXP$;
'n;aXL-
\xqlr>
}8g>/=
W.&`( 
e5,|86%X
V!XNFTg
R<dcb!
<$SD8L
&xmbld
iA"6:/\'>$
A?t#=u^
3I`jr5
`D+0Dp	
0/D mV`(Y
s{"_Ae
HD#UZ~
C?I&$	
&YA{U^
t5ikcBNT
`LzQEa
X^8A	g
rUC	(}
sJf#}L
L,]i=mT	L>
x'T{ %
aip/(2
A.ySn;
j79ZROF
w6Yeoy
1,jjdE
Yy[R8m
(] q-]
Ar-H!O
z?rm)"
|h<n|h<nA+g
aZ3U9A
r4U=Su4Uf
B5U=dD5UTf
a5U=Md5Uf
"8Uj@f
T8U<Sh
*VYQi 
*VYQi 
r3<Xe,
r<.Xe!
rL+Xe0
r%*Xeb	g
]CA=<<=
B:658<AD^`bbaa`^DB?A
5<Dbq}}}qponopqxyyqaD@=\
yxpnba`bcpy}xcB<>
xbB<;C
}xoba_acpy}oC9;
xob__aoy}oA7>
_aoy}b;7\
~mT4.-1Lfz	
xz__bp
}qb_`cy}_7<
								
}n`_bx
							z			
												#N
qa^`x}\
												
q`^ayy=5
										
o__c}c
}br_p}>
p__a}a
}a__pq7
q_^ayD
y`__x^
s"				
}a__q`
}a__p`
}a__p^
}a^_qD
ya^`q?
x`_aq9
}cabp:
	}nzac>
W(+GR3"Gv
}oaac@
|jUF)'Mu
yoaab?
{R4Oi~
xnab`<
zypbab\7
ypcbb`>
}xpccnaA5
A58Bny
yxpnnon`?5
B75<\nx
}y	xqzpqpobC:
<559?\aoqyyyyyxxqpn`\>7
579;<>==;96
9:86799;AC^
jjj|||
nnnbbb
aaaxxx
iiiggg
ddd~~~
qqqnnn
vXvkkk
mmmqqq
rrrhhh
`qqqeee
dddkkk
uuuiii
}}}hhhbbbsss
|||ii9
___ooo
vvv|||
Subserve
Check1
Check1
Label1
Label1
MSVBVM60.DLL
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaStrVarMove
__vbaFreeVarList
__vbaVarIdiv
_adj_fdiv_m64
_adj_fprem1
__vbaSetSystemError
__vbaLenVar
_adj_fdiv_m32
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaStrVarVal
__vbaI2Var
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
__vbaVarTstNe
__vbaI4Var
__vbaVarAdd
__vbaInStrB
__vbaStrToAnsi
__vbaVarDup
__vbaVarSetObjAddref
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeStr
y___9B
OtD6H/FW
T+555|
n7(U>u(
RZRxZWW
gJ>G]]
^cc#[@.
89YF_ 
KBRu}b
M)3o8RN
$C}Itl
M~J	|-
wdYFo0
zq[WmE
"Wb#P%
~rJ	f.
9l}a8;
>+<uV8k
)##'1p
B-Cb@2
BpKAHe
[;aJdF
$'2===
0eRH9|C
e)v%Le
Ass3:::
bWRD[R
f-N$\u
3!H6iX
C(>lJ)
t6?iTTH]
<#www)J
RW`A/@	
( g.<?
h:Goo/
Mx#dA&
B)]H)}
H*D1'5e=
@CS#ZZ[
MMhnm)
?A)-^J
oPJ_(k
Z'M{{;_
#Z'YWW
%tEXtdate:create
2015-04-13T15:28:33-05:00
%tEXtdate:modify
2015-04-13T15:28:33-05:00