Sample details: 415bafcf36a22df02e56a9e582f39b24 --

Hashes
MD5: 415bafcf36a22df02e56a9e582f39b24
SHA1: 2cf9b2825d4e26eef6ba8fe1906d22788c55bc7f
SHA256: 3d3c288fcea8c0ae627a42c9378871cfab1ac04ed9d62e861c84d4196691e74b
SSDEEP: 6144:kXo2HDEIEUNJOgTd32PiFgtRgJ2hZfmVJ/GOeWYrRqtiOtJu451n/hRSPx/uQJ:kXNHDEVUN9T2+D5+Y
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Basic_v50v60 | YRP/Microsoft_Visual_Basic_v50 | YRP/Microsoft_Visual_Basic_v50_v60 | YRP/Microsoft_Visual_Basic_v50_additional | YRP/Microsoft_Visual_Basic_v50v60_additional | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/SEH__vba | YRP/android_meterpreter | YRP/SharedStrings |
Source
http://suchfamily.site/hugo.exe
http://suchfamily.site/hugo.exe
Strings
		!This program cannot be run in DOS mode.
`.data
MSVBVM60.DLL
Irrupts3
VB5!6&*
Altena
Adroop4
Irrupts3
Embiodea1
Madhuca
Irrupts3
C:\Program Files\Microsoft Visual Studio\VB98\VB6.OLB
Command15
zoonotic.dll
Rounceval
KERNEL32.DLL
CreateTimerQueueTimer
KERNEL32
SleepEx
VBA6.DLL
__vbaFreeVarList
__vbaLenVar
__vbaVarIdiv
__vbaI2Var
__vbaFreeObj
__vbaHresultCheckObj
__vbaObjSet
__vbaErrorOverflow
__vbaFreeStr
__vbaSetSystemError
__vbaI4Var
__vbaVarDiv
__vbaVarTstGt
__vbaVarAdd
__vbaVarDup
__vbaFreeVar
__vbaStrVarMove
__vbaStrMove
__vbaStrCopy
__vbaRedimPreserve
__vbaVarMove
__vbaOnError
Embiodea1
Format1
iZ5niG
WVp3=45
NN)z;>
?yN|z'1
HJcol=
c4o+[\
4]w~[/,1
,vO@KV8
JGy15 
dV"MjJq
0$uN|z
{~2Sfd
E@bq?"
5xE~2/fd
R-j	|q
ppB}^:
e)t7Vk
4]w~c/,
C& qt4
IFN|qn
4]wvOS
~`[g++
xKm")J
0LsB} 
DJ2|A|
V3BBrd
w~k/,A
p>1bWs
%G=1DC
EQxEnp
!FN)z;9
w~g/,I
,vO@+T8
|'2C~y
7\Cg(_t
aL)qfx
!ehRF/
V"MjLq
w~_/,I
j!l	|q
vx]t!{-
VMPxR6
m4U"MjLq
E@bq7:
p4G717z
5^hTIZ
%m&O@kW8
V"M~Lq
*XnMA6
nY/3$)
y76,A9
p)7Hf2M?
9wImy7
O=jX>D
5xE~2#fd
GW.#MD
p)sWf2M?
?0[os*
'2CvI	
(2)f2w
DFxaKs
vO@sW8
8>Mkm3_0
9wk`q?:
xC~2/fd
vO@cW8
ppB}^:
px"{^:
8AY.X6
5=xwkc
]sFCYL5
Nk8 :C
j}npU1
uUUp3:<
1D@bvr
0;CN|r
6~f!\3
z$6~f!
w_7dctq
3.t7B|P
J{7?ue
 (qt?M
TnMA4M: j
R#e0LyO
>C#Y/;
U\i$R1
wAN^XL
E@bq?&
w~K/,A
-,<f21
jX0L^%ZR
wQ*S}6N0
:/9xm3k
;@bq7V
H|wDFC
E@bq?v
%=xwif
3=07j*;
V )=:f2
UTp	g;
=&]6G+
p>1"Rs
 Q}?fH
 @$a9A
fAAb,M
(V6C>}
4JV6P=ca
T7?"6Q'=z
10Yzc@Q
V~SH^\u
b|}>+]-
#m6w'X
ufiy"/
,>5`UF*
4hLxY|IMqV8H
Mjp-zq
QMA}yw0)
	8(f[@
NLvG?}
Cg!xj.
7KOzZxJGrY;~
k87ODZ
)x<~-S
^0mngH
_fOTwi>
|9Vg7A
V!F,~&7
zbm})+
f2wldJ
NHvL?i
TtDD|_5
\b+}_+
iB%6ZB
0#@GC$E
ddd|||
xxxzzz
u	u~~~
sss}}}
zzzzzz
rrr{{{
mmm}}}
mmmyyy
hhhuuu
ddd|||
iiihhh
ccc|||
sssddd
eeewww
wtttggg
iii|||
mmmxxx
nnnwwo
lll{{{
uuummm
kkkyyy
vvvkkk~~~
vvvmmmuuu
o|||tttqq
wwwlll
jjj|||
nnnbbb
aaaxxx
iiiggg
ddd~~~
qqqnnn
vvvkkk
mmmqqq
rrrhhh
qqqeee
dddkkk
uuuiii
}}}hhhbbbsss
ccciii
_{_ooo
gggeee
vvv|||
Format1
Command15
Command15
MSVBVM60.DLL
__vbaVarTstGt
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaStrVarMove
__vbaVarIdiv
__vbaFreeVarList
_adj_fdiv_m64
_adj_fprem1
__vbaSetSystemError
__vbaHresultCheckObj
__vbaLenVar
_adj_fdiv_m32
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
DllFunctionCall
__vbaRedimPreserve
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaVarDiv
__vbaFPException
__vbaI2Var
_CIlog
__vbaErrorOverflow
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
_adj_fdivr_m32
_adj_fdiv_r
__vbaI4Var
__vbaVarAdd
__vbaVarDup
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeStr
__vbaFreeObj
"#HO!#1
!!Tv&&JI##D('(>
'(B1%(;
&&W*%&X*)+Q
1IY,$X{
*.VU+0G
*,A!5;S
		G 		H!
15BN9?N
)*7G$%B
017F+-4
!!Ds*,[
;=?,13:
:<@V24:
'A $6?(.;N),3h,/2
GJONWZ`
247F,.0
**-<47;
SW^yVZb
+-0W,.1
:<?%79;Z468
MRZ6MQa
:<>=;<>v<>A
LPb1TYe
R./3i;=B
@BE+@BEd@BF
NT^^FKY
358SEGJ
?AET7<C
UY_6PR`qOR`
<>Cl78>. !$	
9:>rKMQ
@EMF;AK
'()!IKN
JLN4EHJo;>C
PRWs\_c
ACF'CFI_?BF
SS[!`bh
CEGI=@D
[]h4bdj
6<C905>s).7
bfm#dgj
+08'+/:]*/F
!"~h,._i258q78<
mptKjmq
$34h.?@B@BCErBCF
IKM*EGHf<>E
hkn>ilo
DFY@CFM
DHc-CIPsDIP
EIQtEKR
hjl@bdg
OSZ'?DL
iknr`be
ORZAHKN
QSVwSVY
kmp#beg
NQTDMPR
jmoCbdg
b4		_	
Z^`$LNP
ehjm]`c
WZ\{UXZ
tvx	UX[z[]`
fhk5[]`
begSXZ\
Y\]z`be
OQS=QSU
OQSxSVX
WX[6dgj
gjlOgjm
TWYeQTV
knprcfi
 (22!b
OQTYDGI
]`bFbdg
HKMbBDFf7:<
gilRjlo
kmpKjmp
H:		L)
9(		K(
dgiJbeh
hknShjn
jloemps
iln psv
gjkDadg
ehjabdg
`bd*`cf
fhk	]`b
kmo_ehj
VXZ0ace
jln9ceh
jmn4_ad
cef'\^a
`cdlY[^
adf?\^a
XZ\}QTY
SY_8LQW
VZ`_NRW
cfj-[^a
dfi3]`e
gjm3^bh
hlp,cgl
`cez[^a
egkI[^a
[]_:WY[
cehFacf
ceh2^`b{]_a
dfi8adgkVXZ