Sample details: 3770dc289922631eac21a0811bdf523d --

Hashes
MD5: 3770dc289922631eac21a0811bdf523d
SHA1: 2f2034d29cc06ec63af1b20bb5d6a31005ffe95f
SHA256: da741375b92e79d98e23fa2ec92e252b9015271fc4274783c583c7d326fb3d7b
SSDEEP: 6144:l9cM06uhvJTLUnVaC1R3kA3kDxjj4dBr67MlNxN/wUEtlw3dBNnfZ22WaL3MVw5:cjIobVjj4dB2gR/NEHw3PNnx2XaIVw5
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Basic_v50v60 | YRP/Microsoft_Visual_Basic_v50 | YRP/Microsoft_Visual_Basic_v50_v60 | YRP/Microsoft_Visual_Basic_v50_additional | YRP/Microsoft_Visual_Basic_v50v60_additional | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/SEH__vba |
Source
http://www.ambao.bid/alpha/ultraebu.png
Strings
		!This program cannot be run in DOS mode.
`.data
MSVBVM60.DLL
Skadeskudtes
VB5!6&*
Worldcoin
Skadeskudtes
Tuberkel2
Inconclusive0
Nykalkuleredes2
grafikterminals
Cystein
Fortolkningsraekkefoelge
damner
Vamper
Varmekildes
Medicinmnds2
Skadeskudtes
organisationsmedlems
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
Ritualiser
Microfluidal
toiletartikler
N;>H>4
User32
IsChild
mpr.dll
WNetGetConnectionA
ValidateRect
kernel32
LocalUnlock
winspool.drv
ConnectToPrinterDlg
DlgDirSelectExA
LeaveCriticalSection
GDI32.DLL
EnumFontsA
ExitWindowsEx
advapi32
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
VBA6.DLL
__vbaEnd
__vbaFreeStr
__vbaVarDup
__vbaFreeVar
__vbaStrMove
__vbaFreeVarList
__vbaVarMove
__vbaObjVar
__vbaFreeStrList
__vbaHresultCheckObj
__vbaStrCmp
__vbaFreeObj
__vbaCastObj
__vbaObjSet
__vbaNew2
__vbaObjSetAddref
__vbaSetSystemError
__vbaCopyBytes
damner
Syntone2
Syntone2
Vamper
unvendable
unvendable
Varmekildes
befinder
befinder
Cystein
eksponentielle
eksponentielle
Nykalkuleredes2
Dagsarbejdes8
Dagsarbejdes8
grafikterminals
superefficient
superefficient
Fortolkningsraekkefoelge
Koldstarter
Koldstarter
Tuberkel2
Rystes
Rystes
Ritualiser
Redmold8
Microfluidal
thymectomize
organisationsmedlems
toiletartikler
Inconclusive0
Portrttet0
.O ta"S
'B|q_j
Ih#;`S
(_qNgm}
:W|( 2
5Z/fFV
]t-Hw'9
S$X^Y0]VM.
@%\.sz
U>1 T-
c:s{Kq
o1Aq9Q
v,X|tv
K[1v\#
F$^qS\
bAM9'?
(.xF|d
bdd;WL
#C8|VvRz
_2<F\.+m
uHoG~?	C
U@%A]`
8ng-2m
r:C>vG
->6z,O
bZ]ha1\
zok]kn(
hELi3G
IE?K,*
h*Dg= 
W>tr\p
-R]k/"
<j.KJI
j;2,rzV
:0-3SKQ
v,2l'm
D_kO"l-
vWkDQ-
JsYb:J
8SNMg2
6.+%IcJ
p5C-aa
k;X>VK
R2C._i
:Dr~_C
/>Lbc	!
o| 6Vu
AH[gWd
P77Ej8
p_c`^Y
MX@9cO
rm_"`k
#D8B`C>
TE_CSS
bNhL-tP
=f>n)Z8O
_&yD~7
fcQ+/8AxR
SkH^:IUd
Eb)V~:
4orGNI
l:+@{6
d	q=Lo/C
8cD?NW
L|VXAw
S+MTMtFK
+{]m5iu
+NVZEz
MdH^7L
bB4dqM
IE7.oX
E%qg;=
OL+(!c
_r2oz.
VCb4bo
0+7`m(
G@OH-|
bS80r[iz
szHH=P
^|x^)>
oA4X@Zh
[?T7CEI!
jLmba<
GGXgP~
c(5sxTo
C&e{8K
I)d'Ly
Pj1vw8
=:kI4A
N|=	xZm^.
g/lY:'	
2OIhQT
:C\)x0co
;(0CKU
Hv'uS{
H9<:%B
_'6!8C
FtVuD@
TAC4FhUV
%=7w[(
Y2s-,Y
]'(1+M	
H>.2{R2
.^kW1Is
b^96~> 
.%(	{D
96Vn<$
~"~zHx
E(xO:K
5D8,	\
6:NRq /
|!XChT
l:_. mP
"$dJtlR
N(\#u4
IJCHK-F
OEM_;R
?Z6z1V
iI<t'u
7XBO\I
;0$A )
%Zp.H0Q[
7GsW`e/N/
/BnSjaA
g$K2Cr{
5&|_*,lh
\/Ax#K
H*9!me 
4NVQ,8
&#]WR2[
;hQgM&
)+mj^/
i6*5aeJI
?b@[H{+
{mk~!R8
CoiXE_
F/0YF.
jqn8Dk
?jKG=$AY
^gf-)|
^@SO31
p T#s-
^+ES\?*
4kLu}Av#
x|T3lG
k!/t0r
1];RJ+
/*<S9D
X'5JW(
Iai;tQD
>0IP+/
5.('Z:n
9Vyu)`v[_
sCEf ZX
-MxzJ)03
+1JL_:H
qKb=I/pw
n	JuvYC
P'"}!#
yI86[o
|iv*Ww
5ro.&;
} %hb1>X)
AqCx8O
=vX fC
5D2Xfu
_d[1gF
b7#v^j	]>
>vD%B3
.B.4E0
5=3l@=\
o0T$PD
|V	^"8
k&)Een
3m/4HZ
xW(5fO
zh:T`|H
+wi_xs
n2*Qt;
/ R08/
Z	 k?k
,&gh`X
O=T}NUR` 
8`xs0*
!f	ek#
4}&MK@|
ClpQ	3
!%!oEX
<YJ{*|f
`uye[fN
J"N7:t
W9+lW@
;>S)Qe
]}Z@T@
S)-Tck&#
f<06P-
_P}pa9
>t5W<z
S77JU+
JEHVNO
=ED_ON
{m#o3C
0fXI[$d
#mK<${.
^pl'$a
GY@un4i
"8^:D]
". AhB
mJjU*C
>cU;](#
fj)Y:Ku
$.&0*9$*F
~~SB}*
KVhP3D
Ytuqy;
-XB9Zz
%rsOW$,
:YH(jc
OW_Pc0
1\RZF~
xb`:}$
2;~G"/
c[bD&+
s#?djU
+!2YRO
[)*V\hl
.KLDeT
e=MRfa
7/y1x3!4
|;k,\|2"
H[40@#5
/^Mo#?V
jrML`[\b~%
<=oB&k
H6)E|J
8S~H6(
o`k+O6F
ca{Lfj
w6gJ4-
Qz>(b[
m3"`Ux
JJI4QRs
y<u-q-
x;R>7,
dV,j\1.
%Bh3;DR
lm3*G*
Ezm\2Hk
Em,@AqV
HavK+S
[df2Ic
3	V6Zs
[|IHg#
hUkx!>
d6EeFG
v~f_xn@
v~y`g2
2rp?Q?	>
Xw\Z+f%T}
rVs	+z
GhU$Ox4
pVYVrD=N
PG'3qQ
iWXH}Zn~
(rVDOr
RBK;}4
M(~Tr.
|X*18x
$-)ro5
O?L+wr
0$R:	.&e=
iqPy?3
SUQ#2X
oYjJ6<x
TW&bc?z
D9#VhU
D(~[\0
mS7bN!
ee=SEH
rs-2K/
fmC}5;
]UA>]}
nk0779
v[bQF`
2i){p_
O'&-^iz
G&Hu	A
MVF~s_N
4S2TUA
Nk8/Zv1
o/F	$l
VJ5xU?
	RC)Ry
4p LJfq
Rfg@	]d
t>o/P5
a29(d>F
7eR7(<
L;l'Z]
<X"/x6
.*#thrL
`g47o>
,]%Kd,
2e|QB"LO
Shell_NotifyIconA
shell32
aKERNEL32
ACreateFileMappingA
MapViewOfFileEx
Nei%AD
@@@ddddO
2X33X,;
ooR_2222Ap%%X{~
+HHHH+Np%_&
{zzHN,&O
0#Q,{@
^w00{}d
q=bb*Y
un.5ccafM
D5bqVV
aaaa..
ae.C??
\)q`	|4f
Portrttet0
} jPhP)@
} jPhP)@
} jPhP)@
} jPhP)@
} jPhP)@
} jPhP)@
} jPhP)@
} jPhP)@
} jPhP)@
} jPhP)@
} jPhP)@
} jPhP)@
} jPhP)@
} jPhP)@
} jPhP)@
} jPhP)@
} jPhP)@
} jPhP)@
} jPhP)@
} jPhP)@
} jPhP)@
} jPhP)@
} jPhP)@
} jPhP)@
} jPhP)@
} jPhP)@
} jPhP)@
} jPhP)@
} jPhP)@
} jPhP)@
} jPhP)@
} jPhP)@
} jPhP)@
} jPhP)@
} jPhP)@
} jPhP)@
} jPhP)@
} jPhP)@
} jPhP)@
} jPhP)@
MSVBVM60.DLL
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
_adj_fprem1
__vbaCopyBytes
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
__vbaObjVar
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
__vbaVarDup
_CIatan
__vbaCastObj
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr
;;3333
j)q9q)
9)j9aHK
9z)jzH,
///////[
mmmEEEE''E
^xEmmE
'''x^^^^^^
>Z''Emm
WWWWWWWWWWW
WWW;;;
;;;WWWW
WWW;;;;
mWWW;;;
W;WxmmAZ;WWW;;
>xW;;;;;;;
o;;;;;;;;;;
"bxo;;o
255555
TTT0tt
,,,,,,,,
*zYYY]_:
==??AS
##QQQ9
vu]:Q##gQ
HHHHHH
H222H#
j$gttH
9y_2H2
qq`22222
{VVJkl
'''ii'
Woo,,,DZ 
+lXXJJX
\\\\\\\\08\\\\\\\\\\\\\\
+6D\\\\\\\
KN8\\\\\
\\\M+U/G2G
22222GV
3[ ,\'<$	
#>C";-SZ
,\':H!UQQQQ$-
)4RP,\\'X
,\\\\'F1J
,\\\\\,P
9,,\\\\\\\,
,,,,,\\\\\\\\\\,\\\\\\\\\\
]118{FFO
V//6xDDM
G006jEEN
477?YHHR