Sample details: 59f92df0500025d2a0b6b9fe829b2381 --

Hashes
MD5: 59f92df0500025d2a0b6b9fe829b2381
SHA1: 29937dd0bb9362b852f44b003afbaffffad0205a
SHA256: cd2eb7cb3108011dae597dfa349ad1348391a14aebcba2bfc926313d2292ce13
SSDEEP: 6144:yvS4rsWcOlWUmS5IhqaNX35m1FRAgDU5lW0Ao775+VnZZR/SKI:ytAPUmS5BQXJQfrDU58Zo03y
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Basic_v50v60 | YRP/Microsoft_Visual_Basic_v50 | YRP/Microsoft_Visual_Basic_v50_v60 | YRP/Microsoft_Visual_Basic_v50_additional | YRP/Microsoft_Visual_Basic_v50v60_additional | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/SEH__vba |
Source
http://utasarmsinc.ru/live/dew002.exe
Strings
		!This program cannot be run in DOS mode.
`.data
MSVBVM60.DLL
Chillroom0
VB5!6&*
Destaing8
Retrip
Chillroom0
Rumbled
Outhold7
Chillroom0
Check1
C:\Program Files\Microsoft Visual Studio\VB98\VB6.OLB
Label1
KERNEL32.DLL
EnumUILanguagesA
user32
GetClassNameA
FindWindowA
ShowWindow
PostMessageA
comdlg32.dll
ChooseColorA
VBA6.DLL
__vbaVarCopy
__vbaStrCmp
__vbaVarMul
__vbaLenBstr
__vbaErrorOverflow
__vbaI4Var
__vbaInStrB
__vbaStrCopy
__vbaNew2
__vbaFreeVarList
__vbaVarSetObjAddref
__vbaVarTstNe
__vbaVarMove
__vbaFreeStrList
__vbaFreeVar
__vbaVarDup
__vbaFreeStr
__vbaStrToUnicode
__vbaSetSystemError
__vbaStrToAnsi
__vbaVarAdd
__vbaStrVarMove
__vbaStrMove
Rumbled
Negatory7
2Vg)'w
%NHgI6
'HHysr;6
ZrZR}{
4}OfaS
zF/wqy
`t;J7C
2*B8Et
jX8,A'
ePW],!
<1OJbCK
~V7wqyw
dma%)vn
ht;raG
+MwvA2P2
Z2>H/$
	3^`n7(
b2^v9Ev
r_Q*_N
BvMvpP
cH)`G]b
?pGF*zg
b^b{+N
f"FUb{
RrK-&8
o7s9@V=
e *n,\
OGV)>x
b_s7xaq
0WQ3s4
_+(1IJ
j@^>^C
=C*`O a
pGFK<i&
\:PA!4
;gAhv%3
6^$8EJ
r/m{_vY
r/m{_vY
WZxpy`CZ
,;_)5o
<	dip`
ak+J?o
6m%Y#LF
T>${px)
~J2!Cd
2{GraCt
a}GjJu
REL^g.
N( \j.
dAbvQ`ch
taR Et
HrGVI4
L( ]je
Hm+{GrZ
SrVi&8
%:p'	y
]I$-,$
FD+/UQ
F1_JTlQ
yD[3=^v
0\)2)2
iSV	`$]
g''wa-
<1ObeCL
aAv15(
_|CMrz
LN-8Eto
V#d!oc
A Gpo%
psy`Bc
_gCMYz
]wO}!i	5aYM]qA
2V`~+%a
?,^W^!
J~Dz!+k
8J6"6;1
t	)et;
!8Arb-l
x=5Nbh@Rb
97qCaA@
:=5N_j
1bK<g&
l-g%)w;
dAbzPd
X3"L01
7"S(s2
Urb]&8
`YH S0
RpI+Z]T
pGvK<Y&
:ac|ia
et;J7q
8N~b-l
)VCMbvrwuP
Nkq;=s
A[a@ec4
 d;W5$
=*T[ZB:
A+/UQpt
1OZKC%
&Yog&w
/ElAb~S
v[:"9E
_JThHf2
K>sMe:
gB`n7&
_GXBsw
C<0;%j
,Q]52.
gs[by<jV
B\my#W4
,Q=_NVlB
_r*OCd
fl;'ac
0Fgsqy
!YQ=_NV
!S3C2+
jd=w-P
pk&tB1
wG=KC2
cILH>6m
db58EKp8
g-kSL!;u
:r/Y_PA
Y]<]#)
8L`x +
e%](Pq
[/Eh=v
%XH!30
v8$)b-
'Y%)LL
h(uzm&S
F<	Bpd
mcf/J"oS(c<jN
jAbb\k
LK/XPApB
HOUmOG
2Oru@X
h!S5o4
TH~gNI
1@T	:e%)
lwA@68
;Rps^TXx
pGKK<l&
5qz/r	v
3EQx0`p
g U:s25Z
?	2Fi5
py`x?+@
dA<atC-
gsBi^7
iDrU4*
(?uc_32
O-% B!l
]1:G!*
,z"t/+J
/kvs{k(
lsh-FC1
I!MvxXG
Y5q,|a
;i <XF
@(VoQO
ROQGX]
0lY''cL
y;;<5~
uX+Y9}
u[7w!&
kZ	H"c
 q`gLU
g},sGS
,sonl;
sw[~Tf&
%o 3!M-3
rj~k|m
zmZr-m
Y7I/mg
vS09p,
W+;k1{Dy
%g_\w!o)<n
7BoJ|Qu
1%_~<fHB
zRR/	z#
4F#^Wa!
yNfgRj
HAV/7D
2)8HoK
mk}<CW1K
YvxI~I$V
KP\+iSv
mpu?_t
+:L`Lk
zxPQ@F
&Mg@+K
`ty&h;<
	S25-ZE@F
?iM>DU
L%&LBD
84WM>\
pe)/Qg"]
$mF+3@
}~D)~i
joX[ {
:=N>vF=
uzk!ew
I6fm~l
RJ[wh(I
iB3;H 
2Uuxe>
!6cfIBt
OC(7v^
<zhNm4
TwP48z
}G3`o8
G7MTd|
BiO(kS'F
H>so|&
mq..7t
^SPW*k<1
A=o+zx
]V%BUt
\[HqH:
>$HK)Z
Ki@/sER
Yh^M:NY"Qj
_e'[a[
u80(CmQ
P1,@;Vlkr7
7L!u#\
"UFD7i
<<kRZ:
ZYDfu5
[<[fn'
Y!9	iL
]}Go9R
D~&\ha
$ {,zu
K2l{A4j
'$MuL{O
@auazms
Cp%u.L
?Yy*Q~
O#$&`X
!@Y<-`
hT+k>T+k>Ze
/+zIV-
f=T4Tf
f= BSf
*f=N-=
#f=.&=
s[^Vn%Fi
s[Vn%Fi
lf=Ko=Jz
C~sdC~sdC~sdC~sdC~sdC~sdC~sdC~sdC~sdC~sdC~sdC~sdC~sdC~sdC~sdC~sdC~sdC~sdC~sdC~sdC~sdC~sdC~sdC~sdC~sdC~sdC~sdC~sdC~sdC~sdC~sdC~sdC~sdC~sdC~sdC~sdC~sdC~sdC~sdC~sdC~sdC~sdC~sdC~sdC~sdC~sdC~sdC~sdC~sdC~sdC~sdC~sdC~sdC~sdC~sdC~sdC~sdC~sdC~sdC~sdC~sdC~sdC~sdC~sdC~sdC~sdC~sdC~sdC~sdC~sdC~sdC~sdC~sdC~sdC~sdC~sdC~sdC~sdC~sdC~sdC~sdC~sdC~sdC~sdC~sdC~sdCq
dsTidsTidsTidsTidsTidsTidsTidsTidsTidsTidsTidsTidsTidsTidsTidsTidsTidsTidsTidsTidsTidsTidsTidsTidsTidsTidsTidsTidsTidsTidsTidsTidsTidsTidsTidsTidsTidsTidsTidsTidsTidsTidsTidsTidsTidsTidsTidsTidsTidsTidsTidsTidsTidsTidsTidsTidsTidsTidsTidsTidsTidsTidsTidsTidsTi
SDc^SDc^SDc^SDc^SDc^SDc^SDc^SDc^SDc^SDc^SDc^SDc^SDc^SDc^SDc^SDc^SDc^SDc^SDc^SDc^SDc^SDc^SDc^SDc^SDc^SDc^SDc^SDc^SDc^SDc^SDc^SDc^SDc^SDc^SDc^SDc^SDc^SDc^SDc^SDc^SDc^SDc^SDc^SDc^SDc^SDc^SDc^SDc^SDc^SDc^SDc^SDc^SDc^SDc^SDc^SDc^SDc^SDc^SDc^SDc^SDc^SDc^SDc^SDc^SDc^SDc^SDc^SDc^SDc^SDc^SDc^SDc^SDc^SDc^SDc^SDc^SDc^SDc^SDc^SDc^SDc^SDc^SDc^SDc^SDc^SDc^SDc^SDc^SDc^SDc^SDc^
(sAias
iNs~iNs~iNs~iNs~iNs~iNs~iNs~iNs~iNs~iNs~iNs~iNs~iNs~iNs~iNs~iNs~iNs~iNs~iNs~iNs~iNs~iNs~iNs~iNs~iNs~iNs~iNs~iNs~iNs~iNs~iNs~iNs~iNs~iNs~iNs~iNs~iNs~iNs~iNs~iNs~iNs~iNs~iNs~iNs~iNs~iNs~iNs~iNs~iNs~iNs~iNs~iNs~iNs~iNs~iNs~iNs~iNs~iNs~iNs~iNs~iNs~iNs~iNs~iNs~iNs~iNs~iNs~iNs~iNs~iNs~iNs~iNs~iNs~iNs~iNs~iNs~iNs~iNs~iNs~iNs~iNs~iNs~iNs~iNs~iNs~iNs~iNs~iNs~iNs~e(
Fa\QFa\QFa\QFa\QFa\QFa\QFa\QFa\QFa\QFa\QFa\QFa\QFa\QFa\QFa\QFa\QFa\QFa\QFa\QFa\QFa\QFa\QFa\QFa\QFa\QFa\QFa\QFa\QFa\QFa\QFa\QFa\QFa\QFa\QFa\QFa\QFa\QFa\QFa\QFa\QFa\QFa\QFa\QFa\QFa\QFa\QFa\QFa\QFa\QFa\QFa\QFa\QFa\QFa\QFa\QFa\QFa\QFa\QFa\QFa\QFa\QFa\QFa\QFa\QFa\QFa\QFa\QFa\QFa\QFa\QFa\Qg
ap2Kfu
}Zgj}Zgj}Zgj}Zgj}Zgj}Zgj}Zgj}Zgj}Zgj}Zgj}Zgj}Zgj}Zgj}Zgj}Zgj}Zgj}Zgj}Zgj}Zgj}Zgj}Zgj}Zgj}Zgj}Zgj}Zgj}Zgj}Zgj}Zgj}Zgj}Zgj}Zgj}Zgj}Zgj}Zgj}Zgj}Zgj}Zgj}Zgj}Zgj}Zgj}Zgj}Zgj}Zgj}Zgj}Zgj}Zgj}Zgj}Zgj}Zgj}Zgj}Zgj}Zgj}Zgj}Zgj}Zgj}Zgj}Zgj}Zgj}Zgj}Zgj}Zgj}Zgj}Zgj}Zgj}Zgj}Zgj}Zgj}Zgj}Zgj}Zgj}Zg
(AL[|AL[|AL[|AL[|AL[|AL[|AL[|AL[|AL[|AL[|AL[|AL[|AL[|AL[|AL[|AL[|AL[|AL[|AL[|AL[|AL[|AL[|AL[|AL[|AL[|AL[|AL[|AL[|AL[|AL[|AL[|AL[|AL[|AL[|AL[|AL[|AL[|AL[|AL[|AL[|AL[|AL[|AL[|AL[|AL[|AL[|AL[|AL[|AL[|AL[|AL[|AL[|AL[|AL[|AL[|AL[|AL[|AL[|AL[|AL[|AL[|AL[|AL[|AL[|AL[|A
Z|WY44
zpykxgwlMfkBMxw}Q
`kjZ&*
F}{mgj`ZXwkM
dMgvjD&*
[l]Mt|YAglzIyUjEzjv(
Kj\Yy|\Pj}Gg
oplL]gk`ZEw|(
gq{MCq}\`ycepu`Zl
opl[AvsLG`v{(
tcDytcDytcDytcDytcDytcDytcDytcDytcDytcDytcDytcDytcDytcDytcDytcDytcDytcDytcDytcDytcDytcDytcDytcDytcDytcDytcDytcDytcDytcDytcDytcDytcDytcDytcDytcDytcDytcDytcDytcDytcDytcDytcDytcDytcDytcDytcDytcDytcDytcDytcDytcDytcDytcDytcDytcDytcDytcDytcDytcDytcDytcDytcDytcDytcDytcDytcDytcDytcDytcDytcDytcDytcDytcD
V{}{unXCqj_Z~\MvlfG{
faLjZxqaIa}[@g}nL
A\VjjIa}[@g}nLP`
[l@XpvJ^pv{(
V{iyt`Ktlj~|j{]ttBMxw}Q
A\G}|]x}[@g}nL
A\R}{kzv{Mml[@g}nL
A\F}{kzv{Mml[@g}nL
HMa[`ExyaLYqaMB
{pl_Zz{j[f\JxEwcAva
R}{mmq{kz|jxgwlMfk
VjjIa}_Zz{j[fO
Q}m]rKj\Ej`Kpk|c|tcg{]wAa
Q}m]rYl\|njxgwlMfk
Cq}\`ycxgw{MvlJP
CGt|CAwjnZlY
Cq}\`yciyt`KP`
Byf\Sw}lpzzOPnjFa
kg}n\pJjEzlj|}jjIq
opl_Zz{NLqjj[f
{pl_Z|w}AaaLDtk|(
Vwa\|vzMQ}m]r]yM{l
VjjIa}IAy}X(
O}Aa}IAy}
Vt`[pPnFqtj(
KGkg}n\p\fZp{{GgaJPB
xEH_xEH_xEH_xEH_xEH_xEH_xEH_xEH_xEH_xEH_xEH_xEH_xEH_xEH_xEH_xEH_xEH_xEH_xEH_xEH_xEH_xEH_xEH_xEH_xEH_xEH_xEH_xEH_xEH_xEH_xEH_xEH_xEH_xEH_xEH_xEH_xEH_xEH_xEH_xEH_xEH_xEH_xEH_xEH_xEH_xEH_xEH_xEH_xEH_xEH_xEH_xEH_xEH_xEH_xEH_xE
kgMyt<
\Ma^fDpY{\gqm]a}|
]Mt|IAy}
FpjDy]wMvm{MB
oplCG{
_IapAIx}X(
LjZxqaIa}_Zz{j[f
oplIAy}\Ao}
R}{|pu
g{8JZgw}
G}|]x}/fp`{%
Kj\5O|@FpjDy82
VjjIa}@J
}l\=:X{vjfXa6\@ptc
ElSjQ5%/
]SL}IK`NaonZpDBAvj`[z~{tBqaLzo|tVm}Zpv{~pj|AzvSz`v@Fv}S(
"Bkg{}}cD;JjOBjf\p8bQ^}v
9:]mRG\r7
fp\@ptc
SN|tjFtuj
D|]w~`Dq}}(
JjO|k{Zl8DMl8AIx}
]CA=<<=>>B\^
B:658<AD^`bbaa`^DB?A
}}}qponopqSyyqaD@=\
:aC;9?
yxpnba`bcpy}xcB<>
xbB<;C
}xoba_acpy}oC9;
xob__aoy}oA7>
}qc`_aoycb;7\
~mT4.-1Lfz
xc__bp
}qb_`cy}_7<
								
}n`_bx
										
											
												#N
												
q`^ayy=5
												c(3
o__c}c
}b__p}>
p__a}a
}a__pq7
n__cy>
q_^ayD
y`__x^
s"				
}a__q`
<}a__p`
}a__p^
}a^_qD
ya^`q?
x`_aq9
}cabp:
ycabc8
(LJ&N~
}naac>
W(+GR3"Gv
}oaac@
yoaab?
{R4Oi~
xnab`<
ypbab\7
ypcbb`>
}xpccnaA5
A58Bny
yxpnnon`?5
B75<\nx
}yxxqqpqpobC:
<559?\aoqyyyyyxxqpn`\>7
579;<>==;96
DB>9:86799;AC^
wwwlll
jjj|||
aaaxxx
Diiiggg
ddd~~~
qqqnnn
vvvkkk
mmmqq<
rLrhhh
qqqeee
dddkkk
uuuiii
}}}hhhbbbsss
|||iii
ccciiu
___ooo
gggeee
vvv|||
Negatory7
Check1
Check1
Label1
Label1
MSVBVM60.DLL
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
_adj_fdiv_m64
_adj_fprem1
__vbaSetSystemError
_adj_fdiv_m32
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaVarMul
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
__vbaVarTstNe
__vbaI4Var
__vbaVarAdd
__vbaInStrB
__vbaStrToAnsi
__vbaVarDup
__vbaVarCopy
__vbaVarSetObjAddref
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeStr
y___9B
OtD6H/FW
T+555|
n7(U>u(
RZRxZWW
gJ>G]]
^cc#[@.
89YF_ 
KBRu}b
M)3o8RN
$C}Itl
M~J	|-
wdYFo0
zq[WmE
"Wb#P%
~rJ	f.
9l}a8;
>+<uV8k
)##'1p
B-Cb@2
BpKAHe
[;aJdF
$'2===
0eRH9|C
e)v%Le
Ass3:::
bWRD[R
f-N$\u
3!H6iX
C(>lJ)
t6?iTTH]
<#www)J
RW`A/@	
( g.<?
h:Goo/
Mx#dA&
B)]H)}
H*D1'5e=
@CS#ZZ[
MMhnm)
?A)-^J
oPJ_(k
Z'M{{;_
#Z'YWW
%tEXtdate:create
2015-04-13T15:28:33-05:00
%tEXtdate:modify
2015-04-13T15:28:33-05:00