Sample details: 1ff9b1f3cce75540c7a5f664822a7fa5 --

Hashes
MD5: 1ff9b1f3cce75540c7a5f664822a7fa5
SHA1: 17e3060ca811708a53ba2bcb1e64b1c1ad1b9377
SHA256: 79cb1ad7f322fcbe1d6d40a6e6604e9546d12a342824edb5290ef83d043d1065
SSDEEP: 6144:3lAcPLOpOym0A6RzqMmpAmYD0pJH4eC3ALv1Dc+:V5PCsLAzqimY4pJYe2A5Q+
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Basic_v50v60 | YRP/Microsoft_Visual_Basic_v50 | YRP/Microsoft_Visual_Basic_v50_v60 | YRP/Microsoft_Visual_Basic_v50_additional | YRP/Microsoft_Visual_Basic_v50v60_additional | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/Str_Win32_Internet_API |
Source
http://www.ydone.site:80/morningx/patrstag.png
http://ydone.site:80/morningx/patrstag.png
https://www.ydone.site:443/morningx/patrstag.png
https://ydone.site:443/morningx/patrstag.png
https://ydone.site/morningx/patrstag.png
http://ydone.site/morningx/patrstag.png
https://www.ydone.site/morningx/patrstag.png
http://www.ydone.site/morningx/patrstag.png
Strings
		!This program cannot be run in DOS mode.
`.data
MSVBVM60.DLL
vb4projectVb
Undermundene
disembarked
MMM-+z
nnnyyyy
SSSSSSSSS
SSSSSSmmmmmS
nnyyyn
Smmmmmmmm
nny aa
GGGGGSSm
)]nnnn
yyyynnn
''''mmmG
qwMMMMnnn
GGSSmm
yynnn-
q[[[[Qj
aaaaaa
X?4}X>Q
W?xf33
ZAy{ZA
disembarked
Nonchampion2
Vansire
alerted
Periodesaldi5
Affaldsomraadet
Pulicosity
Gommelin
Skilts
Afgangene
~{SgC4v'
gg+*~Uu
wnXR,k
QC:(7?
yh.l%6
HC`wTj
LIcH	2P
e^n[(t
6vYXKm
=+-OY&
t^f}6IG
9{t%i+
]0GB:Z	
!DkVr-)Np
 +^:w/vD
U&x|6xb
BCD""&
cBj-_?
&{U=r%
|m4	=M+
b:B4~*7
A{`,tq
?nu6U$
ZSt.E;
|}/B`i
^<xZ>4)G)
\dh&Wn
6PbZZj
h+-~[q%
z)u0$Du_
:c<W+g@
-}NB$a
iAy2Qx|G
:ua1Fq
,Za1,q!
;#2Ij\
M4%!XT0
]pWw`4
q#C%nL
$/vN|R
bQ0n(r6
Vex&-Y
xyjY_A
t*2?e,S
mQ:H(j
EASXHn\[rU
)P!M7-
g8&);\L
sA,K7Q
yDNnwog
:954/C`
ZN/0K5C=*
XjAvGbaJ
rvu@x	
wL]bOmi
+u|}1h
YFQ ad;
@s B'\
b5VbG7
vp #W&
]K8^#I
`@#6)^
]D}R^S
m	N6Xx
)dQ58D
Rla.B]
-XfhcdN
4*Mt05
yQLF8H
d-?ZBi&
v&)1\z
{tdO5O/v<
;D4~bk
W`g.$kI
gEW8`ld
[sM3-g
?=Z?Za
8WCA2I~
vLGN]s
G)2L-D
rNV5?L6
eU(13$o
!^0@|Q{*X
R%w*P&@I:2
A;7Fu`
t.0IlWC
/`]5bzp
??~$s$
~Ly[,2
o/z3  
4B2t 0
wM@Lkkh&
,|li@V 
z<6laj
A(g`yu
\}b!:<A
V]&?qs|
KC)>$}
,xhz|N
 }wqu3"mUc
N;s._v
uAc8VQX
P"NN-&
GR}K+Y
`=>!A$
$&Fx,l
3xrGoJ{
pU`"~h
mm_=}qY
FxRh?D
F'55rU
riLa)7TATD
~p<rfm
-p..7	&]
SNUt>f
8)xj`%
)NmrDLQu
e:!ovs
qdoDyb3
`zrV0W+
HackxL
gOo\N M
=agD;+
5C(dR(X
0Qr(t6
N!:@,s
7*TV)>
p1d9`B
+Q70m&
b	d}YB:
X%tkZ*
1{4(/3
+;eA b$
Z;klpqEB
9JiEsq
)0]=&7O
/J#5Ww
zV\GL!
6^Y eC
;?=CnI{
],iAHm
/XR~YT
oKQ)D\
*;5rI_
^[QC0A
Fr*Qai
lQaQ!B
NR-N~u
K[uNA&
%5p00}B
N'^,wi
rVelw`b
8?q;An
'89z0/
78OTS,
[z/2B 
*Ocp]r
IM<q$!
2w5FvB'
WpA .}
0t#g#Ri
YjTiwTGw
[=F,fmF
 n)wKSE
r.ONTG
6aK\Nu
Xphm|E
]sv=Ab%
{}@d'#
cd17y@
sB02\s
`d6`?(
Rhr2:Y
1H=y+s
X=Q7\^
xw-h|KQ
Ze<8Q4ni
Q+%*8h
*hvbp#`
	#I350
;?-_7H
06(Kbe
 n*AmQy8
JM1M5G=
VR$SgL
MtC]Jl
8 L(:~
1OT@\HE
~X%6CR
6Vh<GY
}NiK:t=
XYW8!9
(U Xpg
yzn)O+X
'?Z	U]
ugFs"Ji
lnx*Ri
!gUKsM
30F`+er9
tx>!(@
a	0XX!~
 gz,Eo
`az@Qq
hwN}.H
\fvh'?
,78pF)9
[#g+}5
2@[+;P
}PclbR
vf1OG8
08'7Xh?
@r!{9r9-U
MV<={;
PDRDF'
Yjs|3ur
rr*bJ8sF
9/Hgd`
QLj]!M
0$ja+2
+EV,-1
<4eQRb
	!+cE{
Cwt]ryu?`DX
&pwVPQ
_^r?#3
9Bm_0B
g vhEz
`4_q^Kp
\woko1
Rt#9bHp
)<%U[R
BEJmcV
HQ\#)KB
P)5~8g
_6	p&	
nYFpR5
*)>B9%
3%JEF^ 9
7#iT#%
hDnRJ;
'sL8#wjY
$tB'Dg6
5xDL:jM
fVAFHS
6&(p 3
h;b>57M
JNK6*sO
;T,L]!
3I\8T@
t2)%T1
6rJ(u'(p
90hsr	
%i$4qZ
BusIO=0
2l2cB3o
+x;}8}
["'Z(/%H
){ycx=m
R6[yjy
anMi](
t3.$m/L
@@cD}t
[,W2Sn
KPp8lFJ
 qhT$v
QL#V^Foe
5P\w+B
b6ndT8e
&slwJR1
/.rL_	Wh&
sJKnYx
NT\0L8
 di:<z
	g;d	s
JaU=U0?n
PHeapAlloc
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@SHELL32.DLL
NAya!`#
NAyaA^#
)#	NAw
NA{`>`#
NAzv;y
FA#akU#
NA#	:C
5EA#v9E
NAya1F#
kA#I:1
OA#	:'
b	uAV}
NA{	v@V
OHceOHceOHmeOHceOHceOH
eOHceOHceOHaeOH{eOHaeOH6eOH(eOH/eOH%eOH.eOH6eOHoeOH"eOH-eOH.eOH2eOH$eOHceOHheOHAe
MX&qNA#
@}5%	5
NA#bz&
VB5!6&*
VideoCapture
Dyngevis9
vb4projectVb
9_G=+r
vb4projectVb
Undermundene
Contemporarily
Foregathered
fidgeters
DEFENSIVERNE
Subsistensen
Unremittently
Begramser1
royals
timeGetTime
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
Gommelin
Afgangene
alerted
Nonchampion2
Affaldsomraadet
Pulicosity
kernel32 
EnumResourceTypesW
winmm.dll
SetTextCharacterExtra
user32 
OffsetRect
gdi32 
SetTextColor
FillRect
CreateSolidBrush
DeleteObject
GetSysColor
TextOutA
DrawTextA
olepro32.dll
OleTranslateColor
wininet
XXXXXXXXXXXXXXXXXXenA
__vbaStrCopy
__vbaSetSystemError
InternetCloseHandle
InternetReadFile
XXXXXXXXXXXXXXXXXXenUrlA
Merletti
Buddaci
VBA6.DLL
__vbaVarDup
__vbaStrVarMove
__vbaErrorOverflow
__vbaLenBstr
__vbaLateMemCallLd
__vbaVarTstEq
__vbaFpI4
__vbaOnError
__vbaVarMove
__vbaFreeObj
__vbaCastObj
__vbaObjSet
__vbaNew2
__vbaObjSetAddref
__vbaI2I4
__vbaFreeVarList
__vbaStrToUnicode
moundiness
__vbaStrToAnsi
__vbaStrMove
__vbaGosubFree
__vbaGosubReturn
__vbaGosub
__vbaFreeVar
__vbaI4Var
__vbaFreeStr
__vbaHresultCheckObj
,uTOXAMIN
Indkoger9
CHECKRYTTERNES
diamantbrylluppers
FLECTIVE
sporophyllary
fyrlaminat
CRETVENDTE
EXITENS
UGERAPPORTERS
Surveyed
Heksekosten8
artikelskrivning
dunelands
fiolerne
enthrone
X`9_G=+r
Harda7
vitterlighedsvidners
steres
dekagrammet
Datableness9
Unremittently
Holbaek5
Holbaek5
artikelskrivning
Heksekosten8
royals
Victims
Victims
Datableness9
steres
dekagrammet
DEFENSIVERNE
Arbejdsglders
Arbejdsglders
EXITENS
UGERAPPORTERS
RETVENDTE
Contemporarily
makahiki
makahiki
Indkoger9
CHECKRYTTERNES
TOXAMIN
Tableau2
Foregathered
Barsvlgs
Barsvlgs
diamantbrylluppers
FLECTIVE
HERNIORRHAPHIES
moundiness
Underboerens
Underboerens
enthrone
dunelands
Preterrestrial4
fiolerne
Goldfinny
Subsistensen
Hypericism1
Hypericism1
Surveyed
SKRIDTLAENGDEN
skriftkloge
Tiltros6
9_G=+r
Begramser1
Tildkker
Tildkker
Harda7
Pilikai
vitterlighedsvidners
Loftregelen5
L/F,:O
fidgeters
supereternity
supereternity
sporophyllary
Cubage2
fyrlaminat
neutralizes
Ablegation
DirectData
MainFile
MSVBVM60.DLL
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaGosubReturn
__vbaLenBstr
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
_adj_fprem1
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
_CIsin
__vbaChkstk
__vbaGosubFree
EVENT_SINK_AddRef
__vbaVarTstEq
__vbaI2I4
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaGosub
__vbaFPException
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
_adj_fdivr_m32
_adj_fdiv_r
__vbaI4Var
__vbaStrToAnsi
__vbaVarDup
__vbaFpI4
__vbaLateMemCallLd
_CIatan
__vbaStrMove
__vbaCastObj
_allmul
_CItan
_CIexp
__vbaFreeStr
__vbaFreeObj
X?4}X>Q
W?xf33
ZAy{ZA
MMM-+z
nnnyyyy
SSSSSSSSS
SSSSSSmmmmmS
nnyyyn
Smmmmmmmm
nny aa
GGGGGSSm
)]nnnn
yyyynnn
''''mmmG
qwMMMMnnn
GGSSmm
yynnn-
q[[[[Qj
aaaaaa