Sample details: 235c89c7c1088f797cb890d1f4657358 --

Hashes
MD5: 235c89c7c1088f797cb890d1f4657358
SHA1: a67970a5d9165b93b1bf7542ef30141926a24b3b
SHA256: 7a1c17538a4473cee47405ac782f8a939a66621c3bfc3e892c4b71841511b527
SSDEEP: 6144:87uglAWkXZ9y/iu9fOXSoZ4Mo0nxKwcms9h2K3C6c3x2cBp22ofebjqrod:8KsAW4cb9fOXSdD4xKwdyh5XcRHeI
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Basic_v50v60 | YRP/Microsoft_Visual_Basic_v50 | YRP/Microsoft_Visual_Basic_v50_v60 | YRP/Microsoft_Visual_Basic_v50_additional | YRP/Microsoft_Visual_Basic_v50v60_additional | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/SEH__vba |
Source
http://kikkerdoc.com/images/angello.exe
http://kikkerdoc.com/images/angello.exe
Strings
		!This program cannot be run in DOS mode.
`.data
MSVBVM60.DLL
Scapulet
VB5!6&*
Wardha3
Maerose5
Scapulet
Tsikarev
Macdougall0
Scapulet
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
Label1
Check1
user32
GetClassNameA
FindWindowA
ShowWindow
PostMessageA
comdlg32.dll
ChooseColorA
KERNEL32.DLL
EnumUILanguagesA
VBA6.DLL
__vbaVarCopy
__vbaStrCmp
__vbaStrCat
__vbaLsetFixstrFree
__vbaErrorOverflow
__vbaI4Var
__vbaInStrB
__vbaStrCopy
__vbaNew2
__vbaVarSetObjAddref
__vbaVarTstNe
__vbaVarMove
__vbaFreeStrList
__vbaFreeVar
__vbaVarDup
__vbaFreeStr
__vbaStrToUnicode
__vbaSetSystemError
__vbaStrToAnsi
__vbaVarAdd
__vbaStrVarMove
__vbaStrMove
__vbaFreeVarList
__vbaI2Var
Tsikarev
Cladonioid
R4JTHQ
c.UZp'
>a2-iO8
|~ Qbt
6].g^]|
{hjZ9<
8&( 9.,
#O|iJr
iU|iJ8
7[|iJ~
[bUS0d
M	z:Al)2|
7pB%D|B
'+ZHPi
73Mz;Gh
L_A]AG
5$A&>a
=+`#DRD~
7Ms63yU
o.URpg
b;MDp}
j;EX<0
ez_C	_Y
zY9 6j
	@() 9d6
 u(!u-
ffOE+`
t~.e1v
~tT8k!
]pRp+T
S^N,nV
u@)]XO
4arf5,
}&) 6X[
GFpNn>
kV]XS3
:+f(Za
o4Jwzq	
LswF;-
0"rtOd
.Pj[$}
Gy?,U4
0nd#us
'b2q~hT
.HCyua
^|i(ar"
SAnK"{
v=L ?x.[N
C') 9</
1 b6v6
_|ipRp* 
C') 9</
hbEI}x
^;S|?5
b1}~B4zX
lcZkg_
U>!% 9
]Jz:IE
u9[XA>
FL|zqK
G9{zq	8
uVM]Z7r&
rI13rZ
5[y4"I
^A9y[c
avB%8_	
0XUZ[Sv
eD_j	_Y
u|`8?3
$>S^~=
w~z4R=E{ 
Jwz*	8b
{Z# 9V
z:=N}lS
?c-{uH
rn!F0Wu
^I|i s
WM4[A2<
v;KX=)
k+Ji!V|zq
v;KX=)
Llx]pb
u0j4^[
-@1#1Q@E
t8DN=<
1yR[tYB\P
GyCzq	8
tA)#_[6
\F ]nD7
sA0--cV
6tp6-b#U
Obg;EP
- ?#1Q
3Hvl=>
Kwz(I0
H@NqO/
#?Pi%?E
d5dc	&
c"UHv.A
ezB4zp,d
668t\u
nv@T%k{
66LD\>_
vaI\+2EgE
OvD^rU
R(['2	IQ
`:=(f!
8Ri.KE
6~1zM]
`x<5xUI
%^<5qu
/'z*J4
U;>9I=
=fp,x:=
z:+\$1
z:=Yk>
\,@%8Q
IFy:=Yk>
U<#RmS
pglRj)
&) 9Ny
m9vypi
tcz8&C-3
9@Ra\R
v&w>i(
A4- 9,u
Kp|8u`
;@H^k\
=+Jgt>y)
z:=.P[b
<5{MSg""
Sidk J
;%8XgF
,zw[Ql
PbSa1QB.
7qip=GN
\B^GDqI<
_Eak^O'
^EjLb(:
+LwK=<_
'b6}~k
	=aPmxH
5Jwz&	
_|9Ka.
d $`/~1S
{<H~iI
GvT}ayt
K?yFi}
;Ty[V?
~-@@TtU
KX1bs&
TG+"lyt
X&=3rp
}QE!CZ
JhFu(p
WS&)(<
G	Hvati
r}_xoGGH
IjX,oi
AR6Qb8
&) 972
PJwzqt
{*H~iy
^P'nEM
GnD=a'd
^=gk F
E\H$:R4
UHw/q,
W<9a+R
z`="2	
3oq??7E
=;H1(o
YAXGLr
|f}$nWU
;^X0T4
xCFjH^z
lIw]~c
Oo_+&.+
62uGT 
]>k1<F
?K[oOP
qP{5@X
C5l^qmk
NQkV=,V
c,[sm{("=
8	,$[^
T;W,.v
{bDN&Q
X}.EX3
lTqMUF
#jl~4X
3~bZ)}
8d%3rK/
58MI [
Ic6*Do
}EvYga
irx'Ef
MG6T~I:
\PP8Gf
'_C"+9
F7NH#EM-yUZ
LL`k|rK
b=TLM\
J^e)~vzR
szpH~4
=Q?B|d-
ZQV&<	
Wy)]BN
&kgSj_
zWm7Sj
 uP}PN
k[zD:+5e
g;G]%h
w.75^J
i6x|Sx#K
Na~0C%
+MvZK:
z8;4X|
V$Hq?L
jbQ0:J
g.[o!2
FU6.'8
@,n:<i
Z[aO2"
O70OBN
H wQo1$m
[gji_zr
`DS`6p
63rfT-l
|Hi%vg
K.U[\w-
0W;5bK
b\ fAa\$ES
b*E"}}ol
vKXL*0W
bn:.sd%
['=_2M
XxB8Yr
m/C9*a
cJt7S+]'
(PbsD1_
)9S_+3z
cz+}OR
,'qnDB
<``?DQ[
~V<tar?
"`.eEQ'
qxXBV}
bYW5K)	2
jd8m6*
dM[?iT
>t"VyA
  4R*4
JGGfJVO8+
N_~(GF
 jv9E2
VbP%vn
NIy81 
X]Y[w"s
vC)8UI
_kd?^$
/_TK-S
YiX_pM
K0'9?x
G~E#9)
JceCd`
&1|Q64
i:%8tf
S{l@$3
4~ZN=\
Xu__ D
5!Z u<
RTab:5
Ds9v"e
#M-*cd
z~ua-^v
QlD#u2
X)gc|`
~!(sgl
|+wG:%
L-J|n}R
94Yws!+&
Q,Jc/\ZI<
8R]]e$
Q*zeiz
dyFtK{
l8VX+b
|_DmHf.
^p	(}A
mv8XG8
8E]OCW
?k.OX}
_"9Sm+
do4?n~
NQ#/yg
]Xz1k	
6U+m%i
=1Q|j~
(oLqeR
UH1%Nj{
D$EQOW
@}`g}\~MP[
w k09A
QDhd~X
?8s%~{
)$H5F3
?M|-l<
s%a%WD
g;0Vj`5
o-xzO 6y
\/TtL*
jFiJ^h
0&ojd8
!RuhMa
|eC2y{
s=ox2r5
^nFhD[1
8}r1W,q
J{qtLz
W(7V|:;8
&:N>dq
/m?JVAO
mCkP!42
vO(	v!
	nxj h
*PtQe,
ZT0"?J
6vzZR0
tilboW
!U{w1Un?
Z6!dww
CXbG	#
G'Q]w83
p+ugF0
%G+Tn	'
B*M<iX{Tzm
[/fXBt
lLhD~8X
V3IA^/#
,bu\@/ 44
~=L!<G
1J)S;##
?lDI}a
59{Jt9
Pb:\T@_w
y#qRaV
0/JwO_
,8Z$TR`
!4z-y,n
W'LQxe
O2Do/u\\`
)-k]u>
$Xo(f^
zh1*g7d+3
2@}}36
Ws(;eXlS]
clCnpDd$Sqqm
cZ|5G[
0-$O\D
]pNOej
bK|F2'
&G1J(#
/RXxE4
P4D*E7>*
Lrki# 
X`A["%;i
NNNv0Y
4ReWlU;F
Sg!wmw#
3S+*zc
KzI : 
-u/zw9
Q`l5]i
\\S.~1e
v!=b:Oze
!9(vZ9
yk*zH8
9\P'y'
L|Ob0o
Cd`@1-
E)knyv4
6|wfOAcNI
9/>$er
mm)~!}^
"e>)F-
uR04#V
j]qW;JF
jNIygo
P'aw7.
w/Qc1T
	e0g!t
>PEHD.
+Cjg|94I
qXM-ze
ntmB;z
g-4[<~
rOPAz/
S%HV9"Y;
hnQM0Y
5~Qflh
_	Hp|6
{m,8u%)*7v
tio9']
s+l#n	q7
V/-1!G
tHH'[H
H<fGbG
ToHZ6~I
2^Q1y}b
:kF'cH
-d{^\0
->:}ZB]Z
](B<=D
9|*Of^
{zHO?n+
hDGAQWM
G'M41C
2\;BU	M
Ri&01Q
F4C$4/
6,:SR&
lxevKk
?>MuZA
^d1'z=
fZ(Llq+
t\SH4T
{eqFG4
U*${xR^
 AJj@F
e1E|vO
swq< l?
hy@CkO>
F)&O^P
"|(8Wq.
.4\AGhh
fh+<ZIrGg
Nu	7s%\w
9D[etg
/w0Va|
Y\fQ? 
o94&=t
EWZo8<
T!nYWY=
{y`Ww3
4yZAA#
zka6|~Y
ARdyaPR
4j0]^A
"G:.{{rx
w\Ug0:
rlqzWu
h3m$(%
=j]1EFB
s$U!/[(
gW"hc>I&
Ex3OXM
1?@qB]
Z`f4nYt
%f<844
TLx<*`
AJrO(B
gUbrC_
Tv+Yq#
V!!zW?.
4kq84kq8]
x`c[s*Kn
3fnjHP
0~$*'Q
]CA=<<=>>B\^
B:658<AD^`bbya
}}}qponoBqxy:qaD@=\
:aC;9?
yxpnba`bcpy}xcB<>
xbB<;C
}xoba_acpy}oC9;
xob__aoy}oA7>
qc`_aoy}b;7\
~mT4.-1Lfz
xc__bp
}qb_`cy}_7<
								
}n`_bx
									
											
												#N
qa^`x}\
												
q`^ayy=5
						
o__c}c
p__a}a
}a__pq7
F__cy>
q_^ayD
y`__x^
s"				
}a__q`
}a__p`
}a__p^
}a^_qD
ya^`q?
x`_aq9
}cabp:
ycabc8
}naac>
(+GR3"Gv
}oaac@
|jUF)'Mu
yoaab?
{R4Oi~
xnab`<
ypbab\7
ypcbb`>
}xpccnaA5
A58Bny
yxpnnon`?5
B75<\nx
}yxxqqpqpobC:
<559?\a
qyyyyyxxqpn`\>7
57V;<>==;96
DB>9:86799;AC^
wwwlll
jjj|||
nnnbbb
aaaxxx
iiiggg
ddd~~~
qqqnnn
vvvfkk
mmmqqq
rrrhhh
qqqeee
dddkkk
uuuiii
7}}hhhbbbsss
|||iii
ccciii
___ooo
gggeee
vvv|||
Cladonioid
Check1
Check1
Label1
Label1
MSVBVM60.DLL
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
_adj_fdiv_m32
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaI2Var
__vbaLsetFixstrFree
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
__vbaVarTstNe
__vbaI4Var
__vbaVarAdd
__vbaInStrB
__vbaStrToAnsi
__vbaVarDup
__vbaVarCopy
__vbaVarSetObjAddref
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeStr
|||iii
ccciii
___ooo
gggeee
vvv|||
wwwlll
jjj|||
nnnbbb
aaaxxx
iiiggg
ddd~~~
qqqnnn
vvvfkk
mmmqqq
rrrhhh
qqqeee
dddkkk
uuuiii
7}}hhhbbbsss
]CA=<<=>>B\^
B:658<AD^`bbya
}}}qponoBqxy:qaD@=\
:aC;9?
yxpnba`bcpy}xcB<>
xbB<;C
}xoba_acpy}oC9;
xob__aoy}oA7>
qc`_aoy}b;7\
~mT4.-1Lfz
xc__bp
}qb_`cy}_7<
								
}n`_bx
									
											
												#N
qa^`x}\
												
q`^ayy=5
						
o__c}c
p__a}a
}a__pq7
F__cy>
q_^ayD
y`__x^
s"				
}a__q`
}a__p`
}a__p^
}a^_qD
ya^`q?
x`_aq9
}cabp:
ycabc8
}naac>
(+GR3"Gv
}oaac@
|jUF)'Mu
yoaab?
{R4Oi~
xnab`<
ypbab\7
ypcbb`>
}xpccnaA5
A58Bny
yxpnnon`?5
B75<\nx
}yxxqqpqpobC:
<559?\a
qyyyyyxxqpn`\>7
57V;<>==;96
DB>9:86799;AC^