Sample details: 1f03f822c038d3691d088b3472c362c1 --

Hashes
MD5: 1f03f822c038d3691d088b3472c362c1
SHA1: 44757993ffee9c84a9ba27f15b61f87e6906e257
SHA256: 22b72c95b28e9464945f6657aff43cf12022e0b7d0f7291f81f4acb25aeb44b0
SSDEEP: 1536:bnS2OoQpzoRjbuaVtH4nKijCHjWjCLBKCaU9dY8zYX0jPm4iOZcnlpZZz0v:BO/pq9ijCHjacPlYX0jPMzZI
Details
File Type: PE32
Yara Hits
YRP/contentis_base64 | YRP/domain | YRP/Microsoft_Visual_Basic_v50v60 | YRP/Microsoft_Visual_Basic_v50 | YRP/Microsoft_Visual_Basic_v50_v60 | YRP/Microsoft_Visual_Basic_v50_additional | YRP/Microsoft_Visual_Basic_v50v60_additional | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/SEH__vba |
Source
http://mpag.gov.my/eosconline/intranet.exe
http://mpag.gov.my/eosconline/intranet.exe
Strings
		!This program cannot be run in DOS mode.
`.data
MSVBVM60.DLL
VB5!6&*
Caesura7
Palmerdale
Tingle3
Nonbelieving7
C[>NdG>ES<wE
Carrillo4
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
Eluder8
VBA6.DLL
__vbaFreeStr
__vbaFreeObj
__vbaHresultCheckObj
__vbaNew2
__vbaFreeVar
__vbaVarDup
__vbaStrMove
gdi32.dll
EnumFontFamiliesW
user32
DdeDisconnect
EqualRgn
channeler.dll
Lockpin5
__vbaErrorOverflow
__vbaObjSetAddref
__vbaLbound
__vbaFpI4
__vbaStrCmp
__vbaObjSet
__vbaSetSystemError
C[>N:O
Tingle3
Beardless
saait6Jo
`c[?0Jo
|tMS<N
5s:-7Q
[5_YSx
WqunEn
=axB]7h5
,+DTF&
P	q.Zf
unmg-X
wZ7_YKo
=)w\2J0@
\y#{Xw
*@_W6i
+wZ7_Y
<oMo!\
(cQ]}g0E
LqJS:+0C
NgR9Ez0
je~tCo
a65(BW
y/c?!L~
+	@s8%
2Ck:"W
}NcEc}?
VDdDf[
+"[t_L
~]|L13
Yy["Yz
z:(KZ#*I
9^5_E(
/k_YKoD
WwZ3Hb
d!kK8(
\Zi|Xg
Sa{2({c
Bf_N\V
qjd :o
4(cPIng0
"Drw?1
Q*P3F;
,+\!cd
`@tMS>
v@["[z
n@["a(wx|
)HwG0w
=1nG2>
gSc^A,
'hNK%@
Ca9SLn
`X*?8)
Z3+aOt
.i|;8e
!$\5X0
?1Lo+c
gH["Dj`
G8oQqfS
kAKV~nO
uccm1n
Ca9).n
9H^K$(Y
z/[Fz1-
}PU'q!
WqulEnz>
";VX.2
;P^5X]
eeH["Dn`
/	.23h
^kBz	0
%VFY@,~
xh+yO@t"d
wi.f,y
D@2PeY<
'VB9AXN
>C/qeU (
sq23PX!
1A^OYT
<G)	l2
,w&dH2
S=CP>5AI
 Wqul7^
^^kB>1
*@^Q6i
\5K.`X)y
2B[XV,nb}
1nG%Li
G;QIYT
>{tTGj
3A,.]a
`X*?<)
C/qkm$xo
.Ep232
DKP*B*
'Sd_om
`X*?8)
QFF;2-
mH["Djw
,3V2'Zw
L5J2`X\
p')KwG0
Wqj| r
E`_YKo
;w1K9L
Zi|Xnw
(^kBUr
Bx?|:6
fxWmln
G8oQefS
9Ko(wI
*@_V7i
/;H1[x
'6>gPB/
51n_Uye
/:)'q|W
X>Hdwa
]`dc[4
{SWIyFy
#SV;~R|
TYOOL4zp
f!WeU$
CHx}V(
uiK.E-a
DAIw+q
xi/U^59}
r"dhdx
~j/X\A
+*B6_m
C"e'\}
x`c[t*Ko
x`c[t*Ko
x`c[t*Ko
x`c[t*Ko
x`c[t*Ko
x`c[t*Ko
x`c[t*KA
x`c[t*Ko
`0>=D(
xpc[tK#.
x`c[t*Ko
x`c[t*Ko
x`bZt.Jn
gwC<YF
x`aS|*Ig
x`kYt+C/
h`c{t*
h`#[djKO
zhC_t*kk
x`gK4*O
x`c[t*Ko
x`c[t*Ko
+|P&Arq
`c[&O, 
x`c[t*Ko
x`c[t*Ko
t]_Wp&Hk
t]_Wp&Hk
t]_Wp&Hk
m)rK=(
V!zO_m
*eFskk
=)rK!)rK=
^eND_Vc
nCdkUND_
C5UVUUUe3IS
DvUUUUeWwS5
vfveUWweS`
vveUU6wwUp
vUU335wffp
eUUeeg[uU`
vgfUUWwvep
weUUSWweV
eUUSSVw
vfffvw
wwgeUW
eeUS56wUV
uUUUUW
wwvvfg
vfeUUWwUV
UUUeU6
wwwww1
lEWggvveFFj
weVA5Kfvw
	S3STC1
	fgwe36l
Beardless
Carrillo4
Liddy2
Eluder8
Atoui1
MSVBVM60.DLL
_CIcos
_adj_fptan
__vbaFreeVar
_adj_fdiv_m64
_adj_fprem1
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
DllFunctionCall
__vbaLbound
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
_adj_fdivr_m32
_adj_fdiv_r
__vbaVarDup
__vbaFpI4
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr
C5UVUUUe3IS
DvUUUUeWwS5
vfveUWweS`
vveUU6wwUp
vUU335wffp
eUUeeg[uU`
vgfUUWwvep
weUUSWweV
eUUSSVw
vfffvw
wwgeUW
eeUS56wUV
uUUUUW
wwvvfg
vfeUUWwUV
UUUeU6
wwwww1
lEWggvveFFj
weVA5Kfvw
	S3STC1
	fgwe36l