Sample details: 4e15d812491ff0454f1e9393675b1c60 --

Hashes
MD5: 4e15d812491ff0454f1e9393675b1c60
SHA1: ec9291957872191902fb525641040b42e057acd8
SHA256: e4d0b740421cfba7e7e4a30a2a69d59486e7347979af94145fb8f335960c33d5
SSDEEP: 768:29QXHugT0lvlq/P1vwwrnkjBt1TJk8vK8GSdrD9wGy241ZUb/CxhYLJP30UOEGaK:i0PuBpmUbaxeLd4IfmkBwC8BD+KBq2x
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Basic_v50v60 | YRP/Microsoft_Visual_Basic_v50 | YRP/Microsoft_Visual_Basic_v50_v60 | YRP/Microsoft_Visual_Basic_v50_additional | YRP/Microsoft_Visual_Basic_v50v60_additional | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/SEH__vba |
Source
http://94.130.104.170/WORM_VOBFUS.SMM2
Strings
		!This program cannot be run in DOS mode.
`.data
MSVBVM60.DLL
Y\K@"E
-C000-Healsome
046}#2.RulwmMUXzmMbioz
VB5!6&*
turfing
759691||||
Healsome
CHARTWIZ.OCX
MSChartWiz.SubWizard
SubWizard
infremedien
maladapt
mdlMain
frmTree
Healsome
||||||
SetWindowsHookA
joyGetThreshold
ImmGetConversionStatus
GetCursor
winmm.dll
midiStreamStop
user32
IsZoomed
imm32.dll
kernel32
WaitForSingleObjectEx
ConvertDefaultLocale
VBA6.DLL
C:\Windows\system32\msvbvm60.dll\3
MSVBVM60.DLL
BitBlt
sndPlaySoundA
CreateCompatibleDC
CreateDIBSection
SelectObject
DeleteObject
DeleteDC
msvbvm60.dll
VarPtr
SetStretchBltMode
StretchBlt
RtlMoveMemory
Quality
SetSamplingFrequencies
SampleHDC
Comment
SaveFile
BSubWizard1
C:\Program Files\Microsoft Visual Studio\VB98\Wizards\CHARTWIZ.oca
MSChartWiz
tmrFruits
C:\Program Files\Microsoft Visual Studio\VB98\VB6.OLB
SubWizard2
imgFruit1
picBack
imgFruit2
imgFlower
savePicture
frmTree
SubWizard2
MSChartWiz.SubWizard
SubWizard1
MSChartWiz.SubWizard
tmrFruits
picBack
picBack
picBack
picBack
picBack
imgFruit2
imgFruit1
imgFlower
((((((
RulwmMUXzmMbioz
759691||||
lWidth
lHeight
lSrcLeft
lSrcTop
FileName
333333
333333
ffffff
333333
ffffff
333333
333333
MSVBVM60.DLL
MethCallEngine
EVENT_SINK_AddRef
DllFunctionCall
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ProcCallEngine
-,))%#!"
----,,)%##"
-.$*2=<;6543
#..$7?SSRQQPP
0GG@OUVVVVVVVP
-EE0OUVVVVVVVP
/FF@OUVVVVVVVQ
8HHANUVVVVVVVQ
8KKCNUVVVVVVVR
ALLCNUVVVVVVVS
BMMDNUVVVVVVVS
'BB+7ITTTTTTT>
(( 1:IJJJJJ?9
FFF*&&
BQ,,,+)+$$!!  
Adspppppppppppppppppps(
BPG,,,,'''###"  
HeeeeKY\}}}|zzwwvv]]]4
BQ++J%Z^
DSn..nQ~
6CPc--cR
6CRf//fR
7CRoOOoS
8CUqTTqU
:CVrWWrV
:CVtjjtV
<Agummug
LlxxlL\`
DMNNMEX[a
$LL*++''''##
$P(&&&"!"!!  
n~nn~nnnnnn~nnnnnnnnnnnnnn
nnnnnnnnnnnnnnnnnnnnnnnnnn
Koo___^^^^^VVVUTTTNKKJJIJIIEI
NttttttrRbe
F\)),)(P$ai
G\~.....~Y
5GOm%%%%%nO
7HZp-0-/-pZ
7GZp00000qZ
8H]qXXXXXq]
S{|||||{Sdk
JWbbbbbWSch
fffffeA%
fffffffffeA%
UeVUeffffffffeA
wwwwwwwwA'
wwwwwwwwwwwwwwA