Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: 4d9e0a4c41c69c0c86a3dfd178d0ac10 --

Hashes
MD5: 4d9e0a4c41c69c0c86a3dfd178d0ac10
SHA1: b2097e6ad83597e94bd2f7ef4a38fa0b25c7f734
SHA256: d31b0e873692abd0ce81fc1fcea900a9b829373412c99b45146408e5f41482e6
SSDEEP: 12288:+WWB62d3Ua8TXnpeQ56a5sW1yPuKIIIQWWWmnnnKHHHwrrr+ACU3m:WB62dErl56oUPuK1CU3m
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Basic_v50v60 | YRP/Microsoft_Visual_Basic_v50 | YRP/Microsoft_Visual_Basic_v50_v60 | YRP/Microsoft_Visual_Basic_v50_additional | YRP/Microsoft_Visual_Basic_v50v60_additional | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 |
Source
http://23.249.161.100/work/vbc.exe
http://watchdogdns.duckdns.org/work/vbc.exe
Strings
		!This program cannot be run in DOS mode.
`.data
MSVBVM60.DLL
ek7Hvw
Clrerf
{{{{{"
j_g}7,,
_'EEj:
TTTMD_
?99999u
\99999C
Y[[xxxx]d9C
S99999F
-999999
d999991
|w(q&XX000000000X
99999J
/hYX0UUUUUUUU00X
IU########UU0X
99999k
555555
iiiiii5
i!!!!!i5
#UXXxx[n
55##00
ww|PPc
rr}xxxxx%%
`[}rrr
__j*:).0
_	/////
Fyyc`(
h/II3,
Mdn~~0+o
{D??_1??K
.C?A'e
(JJ(2Q
BB:P#t
qdxB[BB3
ER%ZA:!+
{r.s!A-
h	EQuU2
EWu.Z6
yb*E }""6
D`I/VM
,/,%2M)[l^
0`la<G
}"?Q1v
M#x",M
C3K2,:s
>iWi#t
Fb3+#G
}#EN+N
3V\_\y4~
(z'G}$!
	aGI8M
(G?=yR
,Yy-CK
4;%3NA
8a4#s~
Q$!4Dt
1i>&+i
-U_Lyq\1
)j	KKB
'Pt}Ej@8
j=\7z?
Bw ki*[
*1}^:^'
%WgpFk
$A2AI0
2HV}1=
N"A}zAE
IT(gy;{v
XvKr.G
dRczfI
0\rWyV
L!_r~g
b*oi#H
c&mUyj
\NPE/Gr
j[/7U=/
"dZR0{
At! \N
.$JnswM
?YR^I_	
H`ywI{M
E*b>1`
|As_U>v
*f +eN
j]W%'XW7
Gt/1AM
zL6wO/C~K
?&l<l79
K~0Z	a#
&	N0J^
5T1gw,
i>,y9'+
Ss28U(
%/q4IUG
{:('kVCz
%wz9[qR.
9Kl:||
.L,$+3
_ $[y3z
R<E9OW
YI@it&
E]P~.`
gqK6I=
[glA)Qq
t -C39
'!4]/&
G>b]5'
EE:YPA
QM2@!5
@'j;Wg
gp$Lo/|
ZJ(@cwW_'m
 2G#R|
+)Z(y_
MS<wn@#
6+`6X3
Ywz%'J
Ev}#`_
Z'>#5v+
?T1b(k
.Um?um
ohq=n[
9okU@z
zq}\@F9{ a
n,#y+,
9?9X.h
@F[=;%~
dB1UNR
(i	A~1
=\6@R-
e'1@"L-
Y.E7A2
	%y[4v
V)9"e8M
Yq!A85
D+1!i:
v4wk4Im
]0!^yA
f"&sE8
'?1&SB
(a=w%,<
-U_ZZb
l'qk*t
NE}	0&k-
B_Zw	}0
|k@VTR
q	x8*+[
_Bn)t}+
I1FA6~
Zns?L,;
6e0`q;
c?QA."
;SZ(dv/
f?>T!6XjE
rNE>R7
\	5Ii8
3k B'p
oojU8Q^
))1+hKy
#$5?xWQ
&kGSvV)#
Z^uL) 
2G,$/d
B~$UO=O
X	6+6Z
{:>6$v
E%p#nF
Glj>]d7j
?$~@{4
< B0[.
F21zd.
$#RCOe
<v*d_)
[@wi~w
\o{/t,
5eRd=^b
1I5#a_
mjCsZF
GUBSoA
vroz@a~m
)-2l6S
pnS[O9/
61~e!p;
+Mp^)@
%;r,wS
|)Ah::
\?duwK
d	|oRU
dn6DJe
Pc#a@|jG
(#qMw)*
Qh8o<m
T%~],Ab
uoPukX
M\=1kk
o\|J@_)G
tO ~am
~ki[bj
59}O(oLc
0M1k\ (
3{3XbM
_'w9hA
82W/p~
!]b8L.-
~@+{?Vl
:J|'>i
XdX\OuY
[?((?D
p/sOAa
Tl\*[K&
cun"\@
VPU{Qk<
SI$Zz$K B
W@fUH[
c$IF'P$
:$[g J
j	HoVt
+\Gn3TM
BVI;f+
/F<8WS
Yx9%VZ
^RgL%O
GQOUJe(
1!!>]A
<N-(Z16
:>o^b7
`vCz.<)
dNE|H>
bnby^t
H |X#c
(Nm[&J
!&eObc
sRf_fl!
xmguCa
m?^9]C
'i0O5M
K(Sl-C
I(F'WU
V2V;<m
n:Y :B
W/J.|i
gp6_GD
|r&pP?n
jAhIconhtifyhl_NohShelT
 SDKLHJKSDLHJXCKCSDFCSDFSDF#kERNEL32
JKLDFHSDGHJKFSDJHGFSDGHJFSDGHJFGHJSDHJGSDF#GlobalAlloc
$hRroc
$hvion
$hqrma
$hvInf
$h\wSe
hshelT
!NjtD>
ldk:r>
)Fjkl>
lT|d96
lfjAl>
)2jKO>
)~j6s>
?ijVl>
1*k3~>
<T|d9^
!:kSm>
!:kPm>
!:kom>
!:kYm>
ldkFg>
l>jil>
!:j2c>
lV|dl>
g1lZ=1
gVCOm>|
l>JYd>
lv;#l>
VB5!6&*
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
esegui_1
Form_Load
VBA6.DLL
__vbaFpUI1
__vbaRecDestruct
__vbaFreeObjList
__vbaR8Str
__vbaVarLateMemSt
__vbaFreeStrList
__vbaStrCat
__vbaFreeVarList
__vbaI4Var
__vbaStrCopy
C__vbaFreeStr
__vbaNew2
__vbaStrCmp
__vbaStrMove
__vbaFreeVar
__vbaVarMove
__vbaHresultCheckObj
__vbaFreeObj
__vbaObjSetAddref
,yNicke
y Pemph
L`;*;Demes
Y(XBC:O
AddressToCall
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
} j`h8
MSVBVM60.DLL
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaRecDestruct
__vbaHresultCheckObj
_adj_fdiv_m32
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
__vbaVarLateMemSt
__vbaFpUI1
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
__vbaNew2
__vbaR8Str
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
__vbaI4Var
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr