Sample details: 2b6c575818cfa9750631b06421a00193 --

Hashes
MD5: 2b6c575818cfa9750631b06421a00193
SHA1: 7e99ac4072abf997a0d5f77dc909f50e4701e4c0
SHA256: 813f8a29130dc108311c98b123e2956f890d7ac9fbe2e9bde256062443e223f1
SSDEEP: 3072:luVV2GP+Aboh8qmbcRzd3S4+RKpHfOXO124I+IZJpGT5+GgaM9q6fa0s:lu2GR/qmbcUcHfBoBCFTgaMDf
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Basic_v50v60 | YRP/Microsoft_Visual_Basic_v50 | YRP/Microsoft_Visual_Basic_v50_v60 | YRP/Microsoft_Visual_Basic_v50_additional | YRP/Microsoft_Visual_Basic_v50v60_additional | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/maldoc_find_kernel32_base_method_1 | YRP/domain | YRP/contentis_base64 | YRP/SEH__vba |
Source
http://thronetradlng.com/temp/shopdoz.exe
Strings
		!This program cannot be run in DOS mode.
`.data
MSVBVM60.DLL
CDigestant
t     
Impackment4
Putrefaction8
Putrefaction8
Combinableness4
tV5bPR:
VTY -a
iLarvp1Q{
FY*92{
pbg|d1
YlA!l>
-v7~s*
aX)>-}
H{/_:0
"=K!4[
Khy'x'
W+v((n
BE]}).
|gZQ1~
IBD8u%
b_RsLc
G_!>?0
r{=xI+D
kAhc,S
7n$(sQ
6w*a:9
+.\'Y~W
J_#h.$+p
??\$p[(
#X7'7Frk
f]De{)
t\%2i1
KE~`1RK
;{v<`z2
C{m[9)
Q38T.S
+}TQsC,
]C#Kh&
"(nK"=
2&RtX,T\
2EXBCw
bEJu}vk
h,{;4>
|2&-ybK
" #[tm%
F+?^"kO
:\xaT2D~
+ik=38
UL<-8o
b,9Woq
g=8[XKn
Z^Tg.$Z
yh|[Z9^
JQ- Z9
G@Od-h=
%iWS*z
}OiaE%
<bGi!?
Plih$u
[.C^"N
GK9o.c
!ATur>
Az=*@nw
koJVLy
8a<D'f
G!JZh%t
lA_6z[Q
9~0i& 
	.3qMXX(Q
{lbv=u
g,FO@flP
IUT'"w
m2Fbph
z%sGcM
oLv(OoK
 'EzBp
4HZUUQY
\=*l(.
__|xR8j@
Gyk%l"
Z`)!i@
W0KaeR
 Xp	D2`
V9B* |
^	MvxW
.3l	:e
Mxb	/tAK
r5_AOc
G*7azI_O
ny5Gtf
9j ZJn
O)L>	E
/II<:y
<wi.jV3
('Xd>gMw
t1-}+P
Y@%fl6K(&
/3XbWk
[f?iXa
p"F"g+
tTfdJ"
DWb/45
cb7	MS'
])pkv\
Xm@&? [
'q-%OV~
rFQwgbI
;	)6{F
uOd=P1-
er$ 9U)_
*?ZLP/c
E$}G&W@
	^My1z
HBe^!8
@=nv(f
9'V\dX-u
q7-7i!r
W%px0 
wj	{la
WB_G)3
L!HF:;
oZ'HgP'2
#PtEL8:
+n?:Kk
dns iQ3
e+\s %.
W,T/.[
&{w0T,
wWZ%zb
!yn$I|{
qYq.d>X
HO\7lk
*IyS0!
GFI~R-^V
0+CiF.
P|7>"[
-t]MV-
+9	KD{8
/)#n]X
{`rv*5
WLiG@t
r%GKg+0
vGhPs9
|qy+/W
OPcW?{QTu_
d-ivFi
57N|^-
;\X"Imb|
J_N}=m
hsm/QJ
RfE]@.j1
 aY")%[
IM<0zo9
cb6<t}
Wg')33(cd
vv](D_}-
7'bV2!q
ls:X]<
S3zAPO
s "P^ 
$CNinr
s'I?5L
,DE:kM
!UnOoT8
AO',{"
c=s>5S
5gmwX6
Y.SFRi,
'=|D_Z
hGoD<r
?1AF#aW
CQbN7l
G@%9N}
S`6 &a=
">+4vL=)|
<@.}U~
[nXhm*!
9Dj*m6
}7-$lj4
"xjfR=
*2}DWH
<L$So`
4F5Oc'F
sT+;x!C
k"{fuY
bE(%#M
	YDL(<
[K'8=|
(Y|6bd
k/~x#A.Z
&j `yE
IwAM#2T
%7TLyI
k3ejdl
O3]%}6Mm^}
{Nw)t_
Qh_EW)Gq
]T}xPG
A?)N n
M`qnn$s;c
2N:Tfr
S]UJ}c
	.u&/S
=o4E*,
9jP(/Z
9}j|rh
YWH<][
1AaK3H
d]wC*[
kV6j[\
B%eqN:D=I6F
	]C8n@
.c1e/%
`)Ygu&s
S]@%Kx
5.?yr@
wAA#}`ID
2Jkj8K
+%j;z4K
VP!YM	G
Q4{&yA
aKXoi'
>:!B'N
o,.#bL
s@Wj/J4
Bu2?gD
{9~<WZ
ssaal}
}u[MyP39)}
4[ JlXY
;PJ1UOlt
*	sqV~~
>14h+ 
dU.P,	
Asc,?XPW
@WEMIz
d{bL9K
uDx#hM
$R2/~_fr
z=H[%C
pZjdok
eF},7XZ
+Apk%:PV
c `M&\s
 U/t\N?s
dPNHLd<
%-U]@Z
^\GYDw
",xu^MHU
;4A.{i
QNLIxk 
_6hK3:
Pu[q!&
*Bd8=wJ
}b%^{Ee<
q`3dlw
;{|N||0
Oh`VV\
E^M,Cc
Ka[S4.{
]c+fG+
kE]R#~n
GrQG4>
@0Kcj/<
s:=M+E8
ak$OH7
3GwBl"3l1
c%3RG-
"$-0tl
qnt!:X
v`T-<$
#N)16q
$J2nyp
V|6sC4
*5,^3M
GjeOFH
g")H*k
H?j/ab
#1m$5]
/0uv).D
g(GD-VV
WPm]c6n
~D2_^l
i;|nZi/^
Tp!{$-
E3``3^
{,e	N-
_SLyuA
H622^0
gaah<`
6*'.CHH
HJUcOM
B'as+{_
ntdll.dll
KRIHa]).
VB5!6&*
Anstikkende3
Carryke8
Digestant
Digestant
Impackment4
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
Combinableness4
Form_Paint
VBA6.DLL
__vbaFreeStr
__vbaFreeVarList
__vbaFreeVar
__vbaStrMove
__vbaR8FixI4
__vbaVarForNext
__vbaNew2
__vbaVarXor
__vbaBoolVarNull
__vbaVarForInit
__vbaHresultCheckObj
MSVBVM60.DLL
__vbaR8FixI4
_CIcos
_adj_fptan
__vbaFreeVar
__vbaFreeVarList
_adj_fdiv_m64
_adj_fprem1
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaVarXor
__vbaVarForInit
_adj_fdiv_m16i
_adj_fdivr_m16i
__vbaBoolVarNull
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
_adj_fdivr_m32
_adj_fdiv_r
_CIatan
__vbaStrMove
_allmul
_CItan
__vbaVarForNext
_CIexp
__vbaFreeStr