Sample details: 14c19e2b38a2e6fee0d4f141318ba8ab --

Hashes
MD5: 14c19e2b38a2e6fee0d4f141318ba8ab
SHA1: 7c71f2d0c963be17c0af6ae596b5fe7302f25972
SHA256: e1db55e885e3e62297f100417df3589a45d98a101126ba009998e70e50464540
SSDEEP: 6144:2w7IilbTLOCw/YCZM1yCiZYNhBcFhQ8Pt4l+EBG:2w7PxLOC4YCZYy0fcFhJt4lRBG
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Basic_v50v60 | YRP/Microsoft_Visual_Basic_v50 | YRP/Microsoft_Visual_Basic_v50_v60 | YRP/Microsoft_Visual_Basic_v50_additional | YRP/Microsoft_Visual_Basic_v50v60_additional | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasOverlay | YRP/HasDigitalSignature | YRP/HasRichSignature | YRP/maldoc_find_kernel32_base_method_1 | YRP/domain | YRP/url | YRP/contentis_base64 | YRP/SEH__vba |
Source
http://phoenixcomtact.com/temp/powermannna.exe
http://phoenixcomtact.com/temp/powermannna.exe
Strings
		!This program cannot be run in DOS mode.
`.data
MSVBVM60.DLL
Clievb4projectVb
Stoppeggenes
Sneharen8
Sneharen8
Fluvial
gs)]yM
s~q:&g[
<G=FI6
dI"F,_
sIokS`
;wZ!#Q
}Tm;iZp7nO
sAxAn{
Y`';pZi
wt)RNL
3FW&/3
C7h*0uh
oEZc_V
RTkXRe
j5!N]qFpn
w)l9+E
#'0W#f
%>EB%";
8ZsdCXg
v*tg+S
[ Vn%Tj?|+
z$?SV"
LD:8 3YK
`~zUn@
GdJt;x(
vxJ+`4
td7cM^
kCPPfry
a"bA'[
H`bvUu
Kd(qmr
2n!-zSs
+=v=Mu
R!zA0s
i[AAe~R
j1-W	T
Hc<{}5
yLvfb#
o%Faocr(^A
E2M"utm
sE	Yhf>
448^3y*
o!J9zp'
{nM&P-q
lP<'9kI
L`%Ew@
B~Wa|5
N((@qX$
''t(+{gF
U8s':F
_E2qMG
v!R"((
:JEE=Mc
*G%<Wg5nU'U
OS	ts5`+Jmn
nvLu{^
o)o5:O
yq.G/Nl
Ip\pj6
bd-h >".
ZU6>RU
')yKaO
2c+RwA
q%F}VOW
)-14o5Q
>/x\s}
aT	ad>c
O)0Dr^j
K>Jd=a<
RQN1EWW
O;o;#^Op
z:z'R0
xR6wBR?1
mwBc/	
X\c7N!
fg]	+#?
MX/'do
D>{.J&>ZM
8irY0vH,
\s=;5~oh
@gh#tF
k%`#?5
Q)<50?
yF)z_)
Ta!_<W>OA^
&|}I!D
yd4"Cm
e"(E_S
]O2i`n
F	1"Y )
<>v@|KK
G	fDx5Z
4MF'bp
'512m_
IMowD-
apV}g5YT
&!"wF"
0-tm'(
(vp%}K
p%MT~z
Jh>6=#
Y;~(9'
}3MD06
D;=1R<
IH:>Yu
{C<D\4&>
JB+3tT
UMG}.qM6
&q/yQ3fO
7xKZjl
/\!6f?
8#MNfA
I.VV$L2s
@;.kIG
O ,DK5
Bze\ho
uU'$Jb
vCk"-^
o1XGtT
_n'`>)
@\:Du'
1Eb4*z
WnA`d]'%
i5:;fs
9}0#Ju
49a!yf
avvA#H
hX\T&~
!]dW2ZjJ
sW*cTaT
]!M8d[
<(DX2hXp
 }/aM$*
Ej\y`"
UR8UjW
|RYn%$W/a
,5UML>
Z?d:qQ.
4%	ZQf
1p-GvJ
s]86\1
5}	[(1
_>S8~cx
{L$hz]
 ~=N_W
@es-IH
b1k^Eh
Q*m]#EpU
|)-NP|
#;z7Bl
3VxIf5
cbJz=Xy
kkB lv
(iP$|tr
wwb<0'
T0jt=N)y{G
A#FC0U
2u("m3
4QGG)=
Rd4)	&
|V8zdPd
_mk	:K
5>u)!y
t	sC#9[l[7
'-_2%K
6s'o_m#
@96"(U
+daLMa
Et09Cp0
MuF@_"
[d~l6#
0/wo^q
X+-QQ/h
n):i91
Vs43&!q
R[_&^b'
$4bR9.
%r`"AU
p4.QU{
Qgv^1f
C'-wO+
|85T.'
&(h) '!
*<T		u
Y18O5_y2
9S,P+`
xUJ/A!
zrfWzI
[qVU;\
;Hn	#`
J|r?as
{Y=tIR
"au";k:
=4hT6Y
1g\X'3
,fdiJu
^apa}N
{%?S"T
lQ#Gos
pA=IZ.
)g3zG'Z
4r.e_sF
_oRjY'p
P9"Vg4
ETN(b<
Wzf2kJ
QkX@{S!
[	p0{$
oe<n7[
v4dO4h
iu4FmXj7
"k	oas
S-m^.:
=%!rJj@
	Qw/4(]	
NwN'YQ
tYh7eZgr]
t&043k
ZmTME`b
8w$|QM
NCsu+ 
y@^Y;"
RuDm{5
(:N6}+
1jR(mh
hK	yS\D
<R3PjlB
|KSkpI
)TkcY\-|
WaGj'3
8)2W!Y
e~Lfu]!S
b$**Y"
Y\FW@)
&HMLVb 
58WQ)C
rBMxIGz#
'O&0=!
Y|>W6W
 .:'rr
GE?!r9K
?{7d#zU"l
G1Cl-%
'm4	EF
/y=j)G<
2N@1+y
!Q8-aRN5
2.2D/[
"JxY#E
v6@_ \
R>zgeF
s8NX}*
p|0GmD
|eVJH!
f	,\0/
X}dR@_
;wgd6.
G-H3)KN
ze*@"od Mo
ZLd #n
[r7@t:
X'f9kn
T3g^P4
!$r^Tv
	[}]	R
i<u5""
;1o?dU
_iIv?-y
,-v	/S
^w;7By
Bca7-?P
jMR|o%r
K$K,;>
3(am9h
1$wr D
 W?$G	
pPS4y?G
wV6e":
H":	GUJ
rC4<URo
ntdll.dll
THVUzB
VB5!6&*
ManyCam
Lanete
vb4projectVb
vb4projectVb
Stoppeggenes
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
Fluvial
Form_Paint
VBA6.DLL
__vbaFreeObj
__vbaFreeVarList
__vbaVarDup
__vbaFreeVar
__vbaVarMove
__vbaVarXor
__vbaBoolVarNull
__vbaHresultCheckObj
__vbaNew2
__vbaVarForNext
__vbaVarForInit
MSVBVM60.DLL
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaFreeVarList
_adj_fdiv_m64
_adj_fprem1
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaVarXor
__vbaVarForInit
_adj_fdiv_m16i
_adj_fdivr_m16i
__vbaBoolVarNull
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
_adj_fdivr_m32
_adj_fdiv_r
__vbaVarDup
_CIatan
_allmul
_CItan
__vbaVarForNext
_CIexp
__vbaFreeObj
AddTrust AB1&0$
AddTrust External TTP Network1"0 
AddTrust External CA Root0
050607080910Z
200530104838Z0
Salt Lake City1
The USERTRUST Network1!0
http://www.usertrust.com1
UTN-USERFirst-Object0
3http://crl.usertrust.com/AddTrustExternalCARoot.crl05
http://ocsp.usertrust.com0
9f*<Z,m
Salt Lake City1
The USERTRUST Network1!0
http://www.usertrust.com1
UTN-USERFirst-Object0
100510000000Z
150510235959Z0~1
Greater Manchester1
Salford1
COMODO CA Limited1$0"
COMODO Time Stamping Signer0
GS@(YC
1http://crl.usertrust.com/UTN-USERFirst-Object.crl05
http://ocsp.usertrust.com0
Salt Lake City1
The USERTRUST Network1!0
http://www.usertrust.com1
UTN-USERFirst-Object0
110824000000Z
200530104838Z0{1
Greater Manchester1
Salford1
COMODO CA Limited1!0
COMODO Code Signing CA 20
1http://crl.usertrust.com/UTN-USERFirst-Object.crl0t
1http://crt.usertrust.com/UTNAddTrustObject_CA.crt0%
http://ocsp.usertrust.com0
Greater Manchester1
Salford1
COMODO CA Limited1!0
COMODO Code Signing CA 20
111010000000Z
161009235959Z0
662121
Overland Park1
10025 Mastin1
Gammadyne Corporation1
Gammadyne Corporation0
@Gs9Nc_
https://secure.comodo.net/CPS0A
0http://crl.comodoca.com/COMODOCodeSigningCA2.crl0r
0http://crt.comodoca.com/COMODOCodeSigningCA2.crt0$
http://ocsp.comodoca.com0 
support@gammadyne.com0
)>c]v]
`^b|rB
Greater Manchester1
Salford1
COMODO CA Limited1!0
COMODO Code Signing CA 2
Salt Lake City1
The USERTRUST Network1!0
http://www.usertrust.com1
UTN-USERFirst-Object
141021014554Z0#
/GVu#+g