Sample details: 55e2bb3036941b55dc96a94150a52a59 --

Hashes
MD5: 55e2bb3036941b55dc96a94150a52a59
SHA1: 12db905a1ed36249eb4627c2609df64d78948dfe
SHA256: d92fa0e4a321c7b342210c41308bcacec8da6f468ed39991be563bec9d1188a1
SSDEEP: 6144:0jYTTorlMBL1KABM3J3l4kNyBzCRV6f4Pzyy3SKI:TTToBWL1KABR0A
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Basic_v50v60 | YRP/Microsoft_Visual_Basic_v50 | YRP/Microsoft_Visual_Basic_v50_v60 | YRP/Microsoft_Visual_Basic_v50_additional | YRP/Microsoft_Visual_Basic_v50v60_additional | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/SEH__vba |
Source
http://utasarmsinc.ru/live/dew001.exe
Strings
		!This program cannot be run in DOS mode.
`.data
MSVBVM60.DLL
Darings0
VB5!6&*
Landoukro6
Lowprice
Darings0
Rotorua1
Unequatorial
Darings0
Check1
C:\Program Files\Microsoft Visual Studio\VB98\VB6.OLB
Label1
KERNEL32.DLL
EnumUILanguagesA
user32
GetClassNameA
FindWindowA
ShowWindow
VBA6.DLL
PostMessageA
comdlg32.dll
ChooseColorA
__vbaStrCopy
__vbaErrorOverflow
__vbaI4Var
__vbaInStrB
__vbaNew2
__vbaVarSetObjAddref
__vbaVarTstNe
__vbaVarMove
__vbaFreeStrList
__vbaFreeVar
__vbaVarDup
__vbaStrToUnicode
__vbaSetSystemError
__vbaStrToAnsi
__vbaFreeVarList
__vbaVarAdd
__vbaStrVarMove
__vbaFreeStr
__vbaStrMove
Rotorua1
Avinash
6|1w1F
Ez(	y)
\	y)^{h
6|!w1F
\	y)^{h
|!wLN}
xGIuB*
GDM~*x!w9F
4=TQYQ
,$=:LnO
q-^{g#
,S`Lie
ypf0Q	
2re}"7l
c1I@||`
9)zK(%
zu?%o5
'	@~6-h
g	Y/da
$G1}hC
C&KuoE
xlzeyi<
.jRF%e
/r![O-
 PY]kkw
{j597WrQ} 
o@Bsj`
$tgdCH
\f%}.J}
zH-h0)
9tl{g:l=
ZAD#r.
.C>%o8
\A-!4Wk
nn;-"a
D~Oi@Ap
W24BLk
'}lWd0e
^XLd9E&
nZAD#r
uC_Uv?
4ld=!!
(	p+A-
rH-h03>
plrjO3
X"+|3F
ZAD#r.
nx_R<{p
_Vz+G`
ZAD#r.
b7gSHK
75u3I"%
bi5K=F
<`P \_=>
wg^SlV
C_Ux9?
P3:	D8
f{Kp"!
oTH1P	Q
=*tKvxp
QmQ%`r
 f.x>9
\	/~4k1
.[QH6n
f}uVPWH
anSv5Zy
<Pj)2a
!(QQGH
?5ZxKV
<c0^!}
Ue9lRc
E=&{2ow$K
7%1@mt
Kk~3v!
jO&wqMO3
E=&{2ow&K
.U"0W}
fcD`=Y	
M;YY}6
nj}1#,
5zD}.Kp
?E;-H#'
L4P'b#d
nv+uA^Q
Nvw]B%9%o 
=-V$oEJe+KYI
]Bq8%o
qe+7ZI
v,}.c}
 fp*~q
2ecuAfR
O"S3F,FK
P3zKNKr9*
]B)=%o
`U|+3_]I
HK'Ukq
.)}.wy
z fp6zq
:ty({S
]yg/HK
.NRFpf
!|!&[F
J%o;y]
,	?c0Qj_
_	Y'"`
Gt?])S
VU+HKZC
Kmf';S+_I
SQ`G\70
jeAg02
}M~^gJ
Ro={Zk
1<N@<0
#nhE^D
3>~38!
"^UXwk
ue=<C?k
R/?%o=
B\bl6tb
@j(g #
rIb'#a
1SLo3p
^<!t?y
j6|!$g,
cTAZ^8
	pF-^T`
UVPLd}
b wycd
lj@;'N
HKW1C=
IT"wG3
Y i$RN`
c1QETsSh\
aN'c?K
od=t:}X
CXg=l2B
cl]ETB
jr]Ql8
P^}zj(
i{Es08
cxA\{h!x{U
m<]oma
mu).	@u6
j"mG%20
\^gW68
MoP,ghZ
rIb'CIa]
ixEs0B
}"%`T&
9t\"`lZB;
u3qa`c/
WpH6Sck6ic
m9]omE
DauT/D>%o
teq'`&
y]\|I3
i(fc9<Qm8
[YueTE
	82GgsGB
Hf7}hbl
9U"wfAE
xjlVS[
	<O3CM
cj!1S|
<]u%tHo
}U^}=6
"T 2`e0
H-h0Z&
_Qg15a#
im6=B|
k0ZAD#r
jcDx:"
\	y)^{h
 J\@yc^0h
X7"qUf
_w=VUQ
%`<'y6
W|Tw]F
KtU-bi3
t|Sw^F
9tf-@i*
 k\yyG^
Jtf-\i.
Na.p	];
ttU-ui3
 q\Uyd^
tw-ji6
 k\eyL^
Jtf-7i*
 v\`yF^
/	y)^{M
6O!G1k
)b.6q!
 g\jy]^
e|nwwF
w|swtF
\tH-ii5
6 !41?
 M\Oy}^,h
6|!w1F
o	K)p{
gG=LQu
]tV-ciZ
 g\VyJ^
Y|LwAF
Rk2ny)
|tf-Ni*
6|!w1F
 k\fyG^[h
XtS-cip
 v\yyh^
E|DwCF
|	*);{
 Q\ly[^
z|!wyF
	))m{H
 J\]y}^+h
vtO-{i6
Mt_-!i>
 g\{y)^{h
p|uwaF
 q\}yZ^{h
Z|DwmF
et\-fi6
 c\}y)^{h
E|Vw^F
VtB-Si*
,\qyD^
N|Uw1F
\t|-[i
zyu^^h
_|OwVF
PtT-fiZ
x|rw^F
mtj-/i
 o\kyL^
W|UwYF
\	y)^^h
P|@wGF
8	%)<{
MtN-viZ
 ^\ZyP^
P|UwAF
t[-yi5
\~yZ^$h
9	y)^{e
7P	q3m
\	y)^{h
C^.i9U
HO,5=8
\	y)^{h
6|!w1F
\	y)^{h
6|!w1F
\	y)^{h
6|!w1F
\	y)^{h
6|!w1F
6|!w1F
\	y)^{h
6|!w1F
\	y)^{h
6|!w1F
\	y)^{h
6|!w1F
\	y)^{h
6|!w1F
\	y)^{h
6|!w1F
\	y)^{h
\	y)^{h
\	y)^{h
\	y)^{h
\	y)^{h
\	y)^{h
6|!w1F
\	y)^{h
6|!w1F
\	y)^{h
6|!w1F
\	y)^{h
6|!w1F
\	y)^{h
6|!w1F
\	y)^{h
6|!w1F
\	y)^{h
6|!w1F
\	y)^{h
6|!w1F
	y)^{h
6|!w1F
6|!w1F
6|!w1F
6|!w1F
6|!w1F
\	y)^{
6|!w1F
\	y)^{h
6|!w1F
\	y)^{h
6|!w1F
\	y)^{h
6|!w1F
\	y)^{h
6|!w1F
\	y)^{h
6|!w1F
\	y)^{h
6|!w1F
\	y)^{h
6|!w1F
\	y)^{h
0#p10#p1sE
6|!w1F
\	y)^{h
= $_1r
AJb5EK
hHAEoV|J
AJhHAEoz|J
:kK1Eo
KhH@En
M{"vEE
;<FjwYF
;4Fhvq
v(;<F`
~hHAEn
RhHAEn
AJjsEH
AJ`7-K
AJhpC,`
-;<FjwAN
;4FjvAO
T_bHDJ
2JhqC,,
/;<FbN
AJb5eK
AJ`-yK
]CA=<<=>>B\^g
8<AD^`bbaa`^DB?A
5<Dbq}w}qponopqxyyqaD@=\
:aC;9?
yxpnba`bcpy}xcB<>
xbB<;C
}xoba_acpy}oC9;
xob__aoy}oA7>
}qc`_aoy}o;7\
~mT4.-1Lfz
xc__bp
_`cy}_7<
								
}n`_bx
										
											
												
qa^`x}\
												
q`^ayy=5
											o
o__c}c
}b__p}>
p__a}a
}a__pq7
n__cy>
q_^ayD
s"				
}a__q`
}a__p`
}a__p^
}a^_qD
yw^`q?
x`_aq9
q`_ccg
}cabp:
ycabc8
(LJ&N~
}naac>
W(+GR3"Gv
}oaac@
|jUF)'Mu
yoaab?
{R4Oi~
xnab`<
ypbab\7
ypcbb`>
}xpccnaA5
A58Bny
yxpnnon`?5
B75<\nx
}yxxqqpqpobC:
<559?\aoqyyyyyxxqgn`\>7
579;<>==;96
wB>9:86799;AC^
wwwlll
jjjA||
aaaxxx
iiiggg
dddR~~
qqqnnn
vvvkkk
mmmqqq
rrrhhh
qqqeee
dddkkk
uuuiii
}}}hhhbbbsss
|||iii
ccciiiX
___ooo
gggeee
vvv|||
Avinash
Check1
Check1
Label1
Label1
MSVBVM60.DLL
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
_adj_fprem1
__vbaSetSystemError
_adj_fdiv_m32
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
__vbaVarTstNe
__vbaI4Var
__vbaVarAdd
__vbaInStrB
__vbaStrToAnsi
__vbaVarDup
__vbaVarSetObjAddref
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeStr
y___9B
OtD6H/FW
T+555|
n7(U>u(
RZRxZWW
gJ>G]]
^cc#[@.
89YF_ 
KBRu}b
M)3o8RN
$C}Itl
M~J	|-
wdYFo0
zq[WmE
"Wb#P%
~rJ	f.
9l}a8;
>+<uV8k
)##'1p
B-Cb@2
BpKAHe
[;aJdF
$'2===
0eRH9|C
e)v%Le
Ass3:::
bWRD[R
f-N$\u
3!H6iX
C(>lJ)
t6?iTTH]
<#www)J
RW`A/@	
( g.<?
h:Goo/
Mx#dA&
B)]H)}
H*D1'5e=
@CS#ZZ[
MMhnm)
?A)-^J
oPJ_(k
Z'M{{;_
#Z'YWW
%tEXtdate:create
2015-04-13T15:28:33-05:00
%tEXtdate:modify
2015-04-13T15:28:33-05:00