Sample details: 237e769d8cb2559d1dc3c48ca4e464fe --

Hashes
MD5: 237e769d8cb2559d1dc3c48ca4e464fe
SHA1: b908572bb4eca51e06be71e5f6f0357a7528655b
SHA256: 6607e11ea6bd31617b1043747996d7c75f15213b93ccdf9bc1f2205cc48a8dfb
SSDEEP: 12288:YnxXzyPI6FW/RiQFNE9tWGkFBx8SEZxBaT6a+z:YxD6I6FROYwrKrVz
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Basic_v50v60 | YRP/Microsoft_Visual_Basic_v50 | YRP/Microsoft_Visual_Basic_v50_v60 | YRP/Microsoft_Visual_Basic_v50_additional | YRP/Microsoft_Visual_Basic_v50v60_additional | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/SEH__vba |
Source
http://www.spiessens-be.me/output26AC30.exe
http://www.spiessens-be.me/output26AC30.exe
Strings
		!This program cannot be run in DOS mode.
`.data
MSVBVM60.DLL
jzr1hzr
xrbrzr
{xr*ayr
vr$Fxr
wr\Txrz
zrtLxr
wzrX"wr
sxr-zxrM
wrtjxr
wr0jxr
Remolade7
VB5!6&*
Proturan
Klong1
Remolade7
Dissolutions
Construct
Remolade7
C:\Program Files\Microsoft Visual Studio\VB98\VB6.OLB
Label1
Label52
sabot.dll
Trayplay5
Darrol5
Minimifidian1
Fackler7
Geissoloma1
Caren8
Reddendum0
Dispiece
Shirewick
Beats5
Feigher
Caffeol6
Cardamine
Clackamas
Berdache
Periwig6
Enterosepsis7
Dieticians
Nanerge
Fountains3
Boelsen2
Unpredicting
Rheostatics
Colorcasts2
Didacticism
Alembic4
Shveyzarii0
Natedogg
Gridley
Homeroom0
Defiles1
Huskwort
Houghtonlake8
Imband
Horsefair3
Winctl1
Condylura
Springily0
Rascally
Gandaki
Katumene7
Carrotwood
Shenge
Saidor
Enherit
Wojtecki3
Nonperiodic4
Andris2
Unlocked
Fourche
Wesby1
Asnto4
Nigglings8
Detonated3
Pumblechook1
Intercourse5
Palaeocarida2
Reforsake
Muruttidong
Montane
Wadder1
Gyorsopron
Primerole
Tricarpous3
Thecata1
Atomizing0
Shrouding6
Cutaway2
Desertism6
Stupak
Dolorifuge
Pleasure
Thendara5
Chaetosema
Bierbrier7
Skaerseldan
Lightful7
Cyphella1
Puskay
Rehrersburg8
Hautala4
Rhabdolith
Antistrophal
Inenergetic
Jordanna4
Coremium1
Moulder7
KERNEL32.DLL
EnumUILanguagesA
VDMDBG.dll
VDMEnumProcessWOW
comdlg32.dll
ChooseFontW
VBA6.DLL
__vbaStrComp
__vbaLenBstrB
__vbaI2I4
__vbaStrVarMove
__vbaVarTstGt
__vbaInStrB
__vbaUbound
__vbaFreeVarList
__vbaR8Var
__vbaFreeStr
__vbaStrMove
__vbaLateMemCallLd
__vbaVarTstNe
__vbaRedimPreserve
__vbaSetSystemError
__vbaVarAdd
__vbaVarMove
__vbaFreeVar
__vbaFreeObj
__vbaHresultCheckObj
__vbaLateIdCallLd
__vbaI4Var
__vbaLateMemSt
__vbaNew2
__vbaObjSetAddref
__vbaOnError
Dissolutions
Germany5
PlT;S(
9#Se*eG
""%((.
!IIRL).
X!}N8}#A
Op+d"$
rB<z^3
zSl5?q
q"%b(&
+m,sJ"
+H{(sV
>#lRV&
f*eqC3
[IdO%Rq
q>9QTl
z28`zl]
+@n-2}
 EJS2i
]\K(q!
[zwI[Gp
";xKNy8<S*
pPx%Qu
 |R!h-
6w^w11
#zwI[Kp
l&.#by
g*efWqD
 6w^w*z
/a44a*
xo&.ap
."nz"qC;
U5yu@#|
R!p:'dD
O(";q1
IIVL)u
h=zwI[Cp
9#cf*e
_~H#6R
~s	{zC
5Udsu@
=#d8*e
RnXO)&XoL
b23B#6
>~:'`D
Sg	]V[qC
*}@#6wZw
T`N'x'
b2#1#6
6Z+*5c
""nz"qC;<f)
[+eq 5
a~k$\w
\3:"lDp
PlT;R%J#
oN:>QNnj
6wZw!F
M[SO;d
bzwr7ww
aPx%Qb
zp-]2L
kUs{u@
>`:'dS
R!p:'pD
,\+x2<
lU	Qg>
+o,sB"=
)ify"KBr
52n#x-:S
Rp%v|/9
<6w^ws
'c{0T)
&oDyWK
-8Yf77>
EN:>AN
""nz"qC;
}ll^Cm
U>C:'`D
/:[Kt#
Sl]@|F
_'-\~y
#=+(z;
 !c2L1y
i"P66>/
)0lC6 
	M-IIr[[7
6}@#6wZw
f*"4uW
;*)5	A
S}oj/'
rO.]'ee
f:||y*
gi"H6>|/
}@#6w^w
pMtsqquf
2[c2L1}
g0bzAB
di"P63v/
^[Sl5PR
zwI[Kp
Hs	{z[
|f:x|d
CSdLIr]
)k'ynr
i"T6Mp/
YZ-]2L
_(GF22
b|@CZ-
7f8YO 2
V(|^C'=
`m'%.N
oygg}R
?OeQaw
?0zm]&;
o&X|{s
:QDW78
'*^>r1
E8m-x%
 .uS@uI
'Y9GK`2
p3dd28u0
<2tB#6
,9 [v`,
3v.t0fi
)fNt@s1
*fk0hv7
SS9`~5
.fS7nq=
0ont,:v
iA"E0si
;ja+te7
3n/9ds2
L_G^G:
5mftRx=
B_TRr)
5mhTRb9
QP]KU(
t_`zqH
5la2h{/
K/<2Hf
H-NS9A
d	q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4J'q4
+e	_#]0f#]0f#]0f#]0f#]0f#]0f#]0f#]0f#]0f#]0f#]0f#]0f#]0f#]0f#]0f#]0f#]0f#]0f#]0f#]0f#]0f#]0f#]0f#]0f#]0f#]0f#]0f#]0f#]0f#]0f#]0f#]0f#]0f#]0f#]0f#]0f#]0f#]0f#]0f#]0f#]0f#]0f#]0f#]0f#]0f#]0f#]0f#]0f#]0f#]0f#]0f#]0f#]0f#]0f#]0f#]0f#]0f#]0f#]0f#]0f#]0f#]0f#]0f#]0f#]0f#]0f#]0f#]0f#]0f#]0f#]0f#]0f#]0f#]0f#]0f#]0f#$
dc]pdc]rd	_Z3
c^pdc_M
dWdZ_o
~Spdc_p`c_pdc_
.f	_p$a_*d	7
IWJgIc
Q^pdcWJ
ve	_7d
e	_/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/
d	_'A	_
e	_G9T
c_pdc\pdc^rd	_
f	_pdc_pec_pfa_
m	_pd_7
l	_pdc_pd_5
dc[rd9_
6l>~4{0y
{0h)f;
g:vW;_
Z:n(h,n!{-u
z0h4f,
n+y:t!
|>v)l2u
n6l,o	l
J0w	h1~(`1
Z:n4{0y
l<n!q_
(f>~(`=h
d	j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q<j/Q
N:n4{0y%m;h
Z:n4{6u
`+c'e>i
l3vW;_
6l>~"`3
N:n(f1}4h+r*h2
N:n"`3
F1:!{-u
}w83Z<h
y+47a:v
{:F)`<h
`0t8[*t+g<
n^,r7a:v
{&:/l&:*h2
IlXbd^2
(hkuD%
>9&X`b
]P7NGf
JMaS~l
:J]q_*
9-;UTl
sM)8]4
e3n]8(
b0]iKR%
>)H\W]
^fjPPv
	 7CTq
!9]c9GK
7'{f\,
VKI5c8
N3HB9{
S9rw<b6
gYQL<,
!cWY)7Hu
A(dl~_^
_O@E4'
wsb[H9
c[RJ=;
uT	Yc^X
FYTG@5
cQI@<H8'
E(\ppjfPTB
{xxk`p~
EEGBBC8
ahuq`wy
|r`SgYC6,
ULL`a\
zskijth
vkq|zp
PMC2&9
nacni\O?
B97UOA1
{kgqqcZVK=%9
M1Ponmc
\OCC=:SLNaTI
~}njZ<
RC2:-!
]]T_]sf
]Zprktg]k
ef]NMI?
DLGA>;
y`jEvF
jI2Kcb
Z4cm1]
+U+3;U
(+#07Kl
mX%TQFI
U4&>yP
S <l0-
gcA**57
!#lRWY
h6>UG4
}ShxfTOi
Y4	*{Z(
'+:Llp
:'O!:o
!DF*\-
|jXACx
L7B;Ht
0MF=O_
zAGIk[[ku
2PH%'-
5`pBrD
BoxMe6
pS2)Fn
p88Y(M
TZNMY)
'.9]j{
LDi<9	
#LH0lkViC$
XWgTim
IHL=^}hgw
7?A0P@%M]TiCK
*K4VN[Zwi
%0L52b
*F!(C/
:7G?AP
!'8@QDC
"@BH*>0
"$82@{
!(+=Eg[x
hWMB<:
>J@|T)
:LYuS4
[+E8v$
yX[0'Ir
>&R$X-
N:UAiXu
k:c~/!
o??#V)
%.L=HX
>.bd[y
.(mdTN
p bdvL
- xhi8
`}nYQ%
W=<a/<
LNH?D&
W-8V-\0
:9Na?Im
6VKrih
tUP5ac
	\=pPe:
(?uNuu\
"u`9e>
czQ0s{
gZROj 
5mQeF!
bQKWc)
Q+RcCb{
Germany5
Label52
Label52
Label1
Label1
MSVBVM60.DLL
__vbaVarTstGt
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
_adj_fprem1
__vbaSetSystemError
__vbaHresultCheckObj
__vbaLenBstrB
_adj_fdiv_m32
__vbaLateMemSt
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaI2I4
DllFunctionCall
__vbaRedimPreserve
_adj_fpatan
__vbaLateIdCallLd
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaUbound
_CIlog
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
_adj_fdivr_m32
__vbaR8Var
_adj_fdiv_r
__vbaVarTstNe
__vbaI4Var
__vbaVarAdd
__vbaInStrB
__vbaStrComp
__vbaLateMemCallLd
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr