Sample details: 25fb3582cd381e60532554a4e45ba233 --

Hashes
MD5: 25fb3582cd381e60532554a4e45ba233
SHA1: 01352c3169538c443e0a7d7b4d647d91b52e32d9
SHA256: 1c7555e43e9588740872eea20aaa16ed42b9f2dad6a1686e75bf4c21dc623fd6
SSDEEP: 3072:0UaHbVBFBTlea0cwHXoXmPYNETU/vWfiJ8vwqKo5IGb+ctOKthW:0UcVBFBB1uRwOTU/uK8vwZyIGqcNP
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Basic_v50v60 | YRP/Microsoft_Visual_Basic_v50 | YRP/Microsoft_Visual_Basic_v50_v60 | YRP/Microsoft_Visual_Basic_v50_additional | YRP/Microsoft_Visual_Basic_v50v60_additional | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasOverlay | YRP/HasDigitalSignature | YRP/HasRichSignature | YRP/maldoc_find_kernel32_base_method_1 | YRP/domain | YRP/url | YRP/contentis_base64 | YRP/SEH__vba |
Source
http://phoenixcomtact.com/temp/powermannna.exe
Strings
          	            !This program cannot be run in DOS mode.
`.data
MSVBVM60.DLL
vb4projectVb
Mandsnavn
Lauryl3
Lauryl3
Flatworks1
^p`]+l
s:#7Gi
rZ3-KGRU\
7^&+f+
{8G|{=
^ *d*@
TQ(hAn
yxaiq?
52+:VZ!H8
#N$4H7G
e%,CyCCe
X|lwF3i$
D5(:35d
t,*dl-M
Hf.8k%
-30mQ<	d+
\iFsRe
or/$It
~SdL,]
Ri:zc)
g|L!QKa
eUj"Z%?u
@R1mjKE
Zs#Q-!
aQ`&9Q
"j*v=[
K`6^"&mW
Qf>gRqm
1*^x5<N
],=V[B
vk%n<q'f
DxK1:I
_/)0}4
@[.gx|6
|T*xI}e
,0PZ&I
T8<gB3
J>xXeJ
sC"Gbl
Fww-+:-
:Sw@N*
w~njD$h
?W(`1@
7<<}-}
Ica?g8
HxeO]i
O[JSaK
azGXb,
 0Yj&|
'z[-cQ@
F<=PX~
VL;o@h
3S8%,F
i_f}{k
ro:U"r
N.khwj
7	~\,h{
A9$Il.36
.R'.YD
~.A %"
w!!8nJ&
3#5l7z)
a*~mf:O
THaQlg
MDHP@Lb
o'n|).
s%ck]j
QZx'H(Od
E{ofkGv9
B;;UW}
+An|o0^"
t	zo)0
W.1E0`
rw?p*Xe
	6NHX<
6,)SFJ+Q
29`{0sQ
@h:&$f
Hr;wh:E
jhF{!B
?UCh9:QH
[8i0pR
-S[:l,a
qBvwUvrnscD
rr`')w>E
fR4a!;#
\xU``u
>U;G}U
Q\ln*X
^9Ndwf1]
9XX]w|G
$X0 uc
RI%9BX
&=k^2lJ?
mFw}^o
!j@[W0
He|B;[x
&8.6KH
4fKe^f
Xsun? q
t@fV"+L|HT
"7BKT?I
'pk^G](p
LA)2N65
f2FU2z
nE3.${
Dc`afW
6MpTJY
$x%i2U
y|'!bv
^ % .;
#WJ	M*
/oGcH|
J\.+w_
e=|(g\
a\JX[_
_?YED=
EC|We/
1HQ-v>
3r`2A8
saPy8&
JHB/C1
n[Q>]'
}#).}$
?'6P#A"N2
ri1XW,[
qxs}yI
(71y!##	
f\pj*`nE
,<Tgr|7
La>nv%
ZKiGF@
!D=!"0
7656g{(
u)#D?2
N>|\]~
W'Wdv@
A&U'by*
H6No?zL
S):(rm
Aocv%	IK
Q:VUP=
QSnX~<
jH8YE&M
:3LN k
-|04GEm:
?98CAx
w/h.Y+w
C $fYZ
Yxms/@
f zn0H
p6D#j,
2t8yP4
*Mu0Br
h*dcA"
vH.kUrs
6`REUq
*OI	xY
)-M}sv
"I{U9=
lpC18[
cRumqy=
;Ip>9]
N<[.}Xu
)RJeet
^ZZZg(
:VK[{t]?@>I
U(	TNV#z
\iFN:h
f#o^p=!
\8us[N
F[PR<N
Tf<-B#=
u5F$SYe
z61shUr
XCe^cXm
"?EW=I
&69a6t
.	j#|u
qLOSK0
v}qfZ3
YTBb:e
4_GdnyAm
9LlIe=Voh
t -@rk
b7AAbA[S
`TBrMU
PJ4)iM
T|U'H$
4pC!~	
p= o\~
Ze}C/3
Y:xL-^VW>
w|'BFL
YyRX&$
tf	Q)e
L)/\c_
CzV@oCC
VDjrK2
u50cGfa
8|Hxk	
YlmtAL;g
p*69l_
Bd}s[N
ZWiKf>
i"k+aP
"OPWS#"
]m@+XT
@K2?8DR
vi#[I4
LM/](K
}\!tE1I
|X`5>s
@A;_')n
 __0#`i
zQ$1XkD
1%$(@j
]M7OvJy
667LmM
gd]G;Mo
swh/x:
u}|J~0
[CE<$P
L}x=yc
.gZ^f#
?<DOF:H
g2 -9V
Csv"/ff
}evO|,
$3liX~[
*Cw%)	U
AiCFE}E
={PG$U
;JaT4T
&OZM"Sk
fjf|Wr}
v2[GaL
RD8u	b
i?!U=T
!Bfi&2x
g_'t}g
g.+Hl(
D5#%zs
[6J6!<
0tX/Gf
F1TgD8
[EAvsS
J-v%#<*-~
vHIqv+
5*XZ(|U
jSwd S;
<;`7iOV?
JwCVHeE
&a6}g!
W,I:wvRL
UMJtzX
 QbO_>
:41]N9l
p~g1h%G
+/S	+*
o"/o)R8
Xzv<A[Bh
`&Aq1!
;n _Tp
i:zR]a
*Q'jO]
	IjPo 
z87^@&
TF'.W%
b${U^*
`bu,[#Q
 SJd.nl
&2kr~yeYq
UhR-S5
ntdll.dll
2I@-ry
0HO"XJ@
1I@O]^@
2I$-/y@
=I@/wU
L<I@/we
2I@d:I
HO"yC@
-wEEdsI@
2I@-{m
>I@-uu
	(^2I@
f5I@-ma
b5I@-m
9I@awY@
:I@/BQC
-juA~T
>HYEE*
h:I@/uQ
;P-h]C
L5I@YEY
1I@-uQ*
"I@YEM
I@fF }
3I@/wU
]@OOD@
3I@-GE
2IEdsI@-
2I@-rY
2I@-ry
-FmH,"
A@-~mL-fmH-nmD#
2I@-rE
2M@YG]
2I@-rE
R=8'Lm 
R=p'Lm
rIpfFG
$2I@&	
GU&'IL
dH@gOJ1	
VB5!6&*
chromium
Serveringsdamers6
vb4projectVb
vb4projectVb
Mandsnavn
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
Flatworks1
Form_Paint
__vbaVarXor
VBA6.DLL
__vbaFreeStr
__vbaFreeVarList
__vbaFreeVar
__vbaFreeObj
__vbaBoolVarNull
__vbaHresultCheckObj
__vbaNew2
__vbaVarForNext
__vbaVarForInit
} jThp
MSVBVM60.DLL
_CIcos
_adj_fptan
__vbaFreeVar
__vbaFreeVarList
_adj_fdiv_m64
_adj_fprem1
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaVarXor
__vbaVarForInit
_adj_fdiv_m16i
_adj_fdivr_m16i
__vbaBoolVarNull
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
_adj_fdivr_m32
_adj_fdiv_r
_CIatan
_allmul
_CItan
__vbaVarForNext
_CIexp
__vbaFreeObj
__vbaFreeStr
DigiCert Inc1
www.digicert.com1!0
DigiCert Assured ID CA-10
130521000000Z
140604000000Z0G1
DigiCert1%0#
DigiCert Timestamp Responder0
https://www.digicert.com/CPS0
2http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08
2http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w
http://ocsp.digicert.com0A
5http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0
DigiCert Inc1
www.digicert.com1$0"
DigiCert Assured ID Root CA0
110210120000Z
260210120000Z0o1
DigiCert Inc1
www.digicert.com1.0,
%DigiCert Assured ID Code Signing CA-10
.http://www.digicert.com/ssl-cps-repository.htm0
http://ocsp.digicert.com0C
7http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
4http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
4http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
DigiCert Inc1
www.digicert.com1.0,
%DigiCert Assured ID Code Signing CA-10
120720000000Z
140725120000Z0m1
Ontario1
Mississauga1
Web Solution Mart1
Web Solution Mart0
qwp_`j}:
-http://crl3.digicert.com/assured-cs-2011a.crl03
-http://crl4.digicert.com/assured-cs-2011a.crl0
.http://www.digicert.com/ssl-cps-repository.htm0
http://ocsp.digicert.com0L
@http://cacerts.digicert.com/DigiCertAssuredIDCodeSigningCA-1.crt0
AUdSU'-1
DigiCert Inc1
www.digicert.com1$0"
DigiCert Assured ID Root CA0
061110000000Z
211110000000Z0b1
DigiCert Inc1
www.digicert.com1!0
DigiCert Assured ID CA-10
.http://www.digicert.com/ssl-cps-repository.htm0
http://ocsp.digicert.com0C
7http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
4http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
4http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
DigiCert Inc1
www.digicert.com1.0,
%DigiCert Assured ID Code Signing CA-1
DigiCert Inc1
www.digicert.com1!0
DigiCert Assured ID CA-1
140330184022Z0#
=G]9Ib:
?w3i6c