Sample details: 5c896ed48ddf650ac36e47a99228e025 --

Hashes
MD5: 5c896ed48ddf650ac36e47a99228e025
SHA1: 2a7a6a9cfccff0de6b98288c9b6f0b51e781f0b8
SHA256: 282580e389579755ace56bc0af68615f46d11a22001853493b417aa80037b2b6
SSDEEP: 6144:clll/mUkVfYe3EUOgrdZy4jsKk1AJ5cHGYYNxNTPGBQnAURIilDPCSKI:cllleNYe3EkCksKk2LCaxAi5/
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Basic_v50v60 | YRP/Microsoft_Visual_Basic_v50 | YRP/Microsoft_Visual_Basic_v50_v60 | YRP/Microsoft_Visual_Basic_v50_additional | YRP/Microsoft_Visual_Basic_v50v60_additional | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/SEH__vba |
Source
http://utasarmsinc.ru/live/emma001.exe
Strings
		!This program cannot be run in DOS mode.
`.data
MSVBVM60.DLL
Hulloaing2
VB5!6&*
Flamer
Bladerunner
Hulloaing2
Sisterliness
Hulloaing2
C:\Program Files\Microsoft Visual Studio\VB98\VB6.OLB
Label1
Check1
user32
GetClassNameA
FindWindowA
ShowWindow
PostMessageA
comdlg32.dll
ChooseColorA
KERNEL32.DLL
EnumUILanguagesA
VBA6.DLL
__vbaErrorOverflow
__vbaI4Var
__vbaInStrB
__vbaNew2
__vbaVarSetObjAddref
__vbaVarTstNe
__vbaFreeStrList
__vbaVarDup
__vbaStrToUnicode
__vbaSetSystemError
__vbaStrToAnsi
__vbaVarAdd
__vbaFreeVar
__vbaStrCopy
__vbaVarMove
__vbaR8Var
__vbaFreeStr
__vbaStrVarMove
__vbaStrMove
__vbaFreeVarList
__vbaI2Var
Sisterliness
Overrude8
;5df\w-
7df^w-
7df^w-
7df^w-
7df^w-
7df^w-
7df^w-
7df^w-
7df^w-
7df^w-
7df^w-
7df^w-
7df^w-
7df^w-
7df^w-
7df^w-
7df^w-
7df^w-
7df^w-
7df^w-
7df^w-
7df^w-
7df^w-
7df^w-
7df^w-
7df^w-
7df^w-
7df^w-
7df^w-
$Q$!8K
&G2^w}
_}YJ,BA>
 O?h@68
+^A{z]8
.|:(CD
qC/r|8
:vue]L3!f
 _w-6s
|+uPNa
xe$RP;D
df^!zb(
`Ig;df
jeeu&2
bKKT;|K
6bOaGh
x>+hW_
@nH(:c
qk0:eh
ORFDX^$
8HSiz"
fJw-y>HU
OCF\\$
.bwaIh
F-Y}ce
!E[8'z":),
('k^w~
g?3wmJ
q%JNEF
Z-Y|ge
t1Pf@G
Nw?ff^${]
rJqihQ
"]w-YxHv
PH?h/\;
Q0KHPCo
)C>QHV
H,B|Ze
_JP7k=
16IN~	Av
m/S^r]
hf?K;H[
}f^'~\
*WGAx+
2{wJ4k
{]<(iH
Tns}$.&
m$R[e&
Qw-~#Ng$O'
y}[x+V
Ri:3 e+7
&wD>I)
3BCJ7=
vWx]hg
o HAcq
16QZ}l<f
)S>"?e@
>[.$:_
C48Kf<
(BDf1G
}^w}]x+,z
eAU:&7
evHe[V
hugd6[
UX"+Ge
<AAC2O!
%ef[w-
jP;Dnp
Z&XV>&
YV0d_`g^w
{]<liH
g(Q>{$*
2555=V
bYKN9{Ws
~d)Nqi
q[`M{?
j{vuW>
aoFJIc
S{=kh/
@S>Kqeu
09"+G3lD
`BCJ7=>
eIP7y[
tL?h`\J
M?h`\]
E;	z}yy
rl54wG
`@%P7P[
ge756s
.lFbvSype hi
?K9hCs
19yCmnn
<_E>m/E
JXte4=f
\Oao H
uJH$^>Q
/(w-` NV
Me[S5N
R_}d\w
=S>.qe
ke_6Ma
/joFLI
Xy+jKOa
dg1D4+R
^pU	=T
(FD\8i
feaOb[
4)j4s}
:[FjH^$
f}&E{9
nIs;!A
]F7.{at
{N`u]Vx
p?12xS
k/lw!a
T-aX5FG
}5J,WR
2)A&8	
,v$jbl
>(-nxSy
2d?QT=M]B
SK9X`O
-ou0Dt
-V-Y}_e
r`A+6df6
xe$"g]5
2%.dRd
/.0d]g1
@)wJ4k
MAQb^8
E:(U6yG
B+3hf^!}
xj^w{Z
@g`ey=
0(U6y3;
pz7t5y-
/C6rE	
L?hxPn
IP7PB)C
jeeNe[r
vx8jZc+_
|fb#pN
u"lN+]
lC|C J
OTG@eT
.C=M:dW
rZthsf
$n.,jp:
;8u`Mn
9T7)?0j
i.*JG$S
<9RNHK
foMl,o
&	(;"i
&s;=Yo>
S*j84EmwC
k'/lGS
+:EBmr
-a\I%mZ
wssxL2G
J\<tt8
z&`)*I
h5B&hC
}M/+x5T:
ROY2Ju
e;g<G	
6'6sjgw)
B'||5a
]O5Ms3
 s@FBg
f(|3<'
z} m*M}
CMDO/$i
d^lLbJ\=
UV$<*U+
TSv8P!
!G$T,1
J7X	v%
x)aI#j
 +C+!j}E
WS\SXznD
2#aL$!em8n
[Yo0j6
:SM'/3
RQ={Sc
(1pOO'
>I/+Ev
d}odN&
`$J`2'4
!D*VO{
47rA2	
Mda<tc
w vE?f
7%T=@w}b
I%z4b<&
A=m*wN
`'JTUv
<ra*yF5
gM'r00Z{t
B!#,y0dG
~%RWE-
+3-x"0=~V+
\	?CK n
^QvpX8\
Io\r u
Eo>ccaZg
u}|ngK
O!V	ro
/_L@k]}
[~;i)Nc&;
r82"f)
v5xNkv
<'xee^
Ij8vku
.+<}ytl
QgG_%-
<P^N'*
siy^2m
6>qN	l
d]"v?H
AxB(P2
PU6b% gb-p
zpT$i`
^*`1?I
T(m#Ry9
fEA<&V
)h	eU+
m:*bj*R*
'jEf	Y
wLHUVb
F	'.n0
viD->aK
Z^gw%?
8oUHY.
imRO.?V
bz\~8r
26N7Dx&-
,%/JV4B
xreTFkH
v~*("l
e7B,|4
eWgV'>1
7df^w-
7df^w-
7df^w-
7df^w-
7df^w-
7df^w-
7df^w-
7df^w-
hY$7^7q
OBlYAK-
7rNlCQFrvHKqT$'
7aIkZsNpSKPm7gU{VPBI^JCq@a__7wOq@sNpSKP
7ws_cmd
NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{Ns
mSfRPE
TV^aTV^aTV^aTV^aTV^aTV^aTV^aTV^aTV^aTV^aTV^aTV^aTV^aTV^aTV^aTV^aTV^aTV^aTV^aTV^aTV^aTV^aTV^aTV^aTV^aTV^aTV^aTV^aTV^aTV^aTV^aTV^aTV^aTV^aTV^aTV^aTV^aTV^aTV^aTV^aTV^aTV^aTV^aTV^aTV^aTV^aTV^aTV^aTV^aTV^aTV^aTV^aTV^aTV^aTV^aTV^aTV^aTV^aTV^aTV^aTV^aTV^aTV^aTV^aTV^aTV^aTV^aTV^aTV^aTV^aTV^aTV^aTV^aTV^aTV^aTV
QS[dQS[dQS[dQS[dQS[dQS[dQS[dQS[dQS[dQS[dQS[dQS[dQS[dQS[dQS[dQS[dQS[dQS[dQS[dQS[dQS[dQS[dQS[dQS[dQS[dQS[dQS[dQS[dQS[dQS[dQS[dQS[dQS[dQS[dQS[dQS[dQS[dQS[dQS[dQS[dQS[dQS[dQS[dQS[dQS[dQS[dQS[dQS[dQS[dQS[dQS[dQS[dQS[dQS[dQS[dQS[dQS[dQS[dQS[dQS[dQS[dQS[dQS[dQS[dQS[dQS[dQS[dQS[dQS[dQS[dQS[dQS[dQS[dQS[dQS[dQS[dQS[dQS[dQ
pEGOpEGOpEGOpEGOpEGOpEGOpEGOpEGOpEGOpEGOpEGOpEGOpEGOpEGOpEGOpEGOpEGOpEGOpEGOpEGOpEGOpEGOpEGOpEGOpEGOpEGOpEGOpEGOpEGOpEGOpEGOpEGOpEGOpEGOpEGOpEGOpEGOpEGOpEGOpEGOpEGOpEGOpEGOpEGOpEGOpEGOpEGOpEGOpEGOpEGOpEGOpEGOpEGOpEGOpEGOpEGOpEGOpEGOpEGOpEGOpEGOpEGOpEGOpEGOpEGOpEGOpEGOpEGOpEGOpEGOpEGOpEGOpEGOpEGOpEGOpEGOpEGOpEGOpEGOpEGOpEGOpEGOpEGOpEGOpEGOpEGOpEGOpEGOpEGOpEGOpEGOpEG
goPegoPegoPegoPegoPegoPegoPegoPegoPegoPegoPegoPegoPegoPegoPegoPegoPegoPegoPegoPegoPegoPegoPegoPegoPegoPegoPegoPegoPegoPegoPegoPegoPegoPegoPegoPegoPegoPegoPegoPegoPegoPegoPegoPegoPegoPegoPegoPegoPegoPegoPegoPegoPegoPegoPegoPegoPegoPegoPegoPegoPegoPegoPegoPegoPegoPegoPegoPegoPegoPegoPegoPegoPegoPego
ACKtACKtACKtACKtACKtACKtACKtACKtACKtACKtACKtACKtACKtACKtACKtACKtACKtACKtACKtACKtACKtACKtACKtACKtACKtACKtACKtACKtACKtACKtACKtACKtACKtACKtACKtACKtACKtACKtACKtACKtACKtACKtACKtACKtACKtACKtACKtACKtACKtACKtACKtACKtACKtACKtACKtACKtACKtACKtACKtACKtACKtACKtACKtACKtACKtACKtACKtACKtACKtACK'
DhhlSp
dCD;rlS
D{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{NLD{N
oqVBSf
'qRwSf
dfnQdfnQdfnQdfnQdfnQdfnQdfnQdfnQdfnQdfnQdfnQdfnQdfnQdfnQdfnQdfnQdfnQdfnQdfnQdfnQdfnQdfnQdfnQdfnQdfnQdfnQdfnQdfnQdfnQdfnQdfnQdfnQdfnQdfnQdfnQdfnQdfnQdfnQdfnQdfnQdfnQdfnQdfnQdfnQdfnQdfnQdfnQdfnQdfnQdfnQdfnQdfnQdfnQdfnQdfnQdfnQdfnQdfnQdfnQdfnQdfnQdfnQdfnQdfnQdfnQdfnQdfnQdfnQq
{]tdlD
yyyC|||
]CA=<<=>>B\^
B:6^8<AD^`bbaa`^DB?A
5<Dbq}}}qponopqxyyqaD@=\
:aC;9?
yxpnba`bcpy}xcB<>
xbB<;C
}xoba_acpy}
xob__aoy}oA7>
}qc`_aoy}b;7\
~mT4.-1Lfz
xc__bp
}qb_`cy}_7<
								
N}n`_bV
										
										#N
qa^`x}\
										N	
q`^ayy=5
												
}b__p}>
p__^}a
}a__pq7
n__cy>
q_^ayD
y`__x^
s"	N		
}a__q`
}a__p`
}a__p^
}a^_qD
ya^`q?
x`_aq9
}cabp:
ycabc8
(LJ&N~
W(+GR3"Gv
}oaac@
|jUF)'Mu
yoaabN
{R4Oi~
xnab`<
ypbab\7
ypcbb`>
}xpccNaA5
A58Bny
B75<\nx
}yxxqqpqpobC:
<559?\ao
yyyyyxxqpn`\>7
579;<>==;96
lDB>9:86799
wwwlll
jjj|||
n{nbbb
4aaxxx
iiiggg
ddd~~~
qqqnnn
v{vkkk
mmm4qq
rrrhhh
qqqeee
dddkkk
uuuiii
}}}hhhbbbsss
|||iii
ccciii
___ooo
gggeee
Overrude8
Check1
Check1
Label1
Label1
MSVBVM60.DLL
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
_adj_fprem1
__vbaSetSystemError
_adj_fdiv_m32
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaI2Var
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
__vbaR8Var
_adj_fdiv_r
__vbaVarTstNe
__vbaI4Var
__vbaVarAdd
__vbaInStrB
__vbaStrToAnsi
__vbaVarDup
__vbaVarSetObjAddref
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeStr
y___9B
OtD6H/FW
T+555|
n7(U>u(
RZRxZWW
gJ>G]]
^cc#[@.
89YF_ 
KBRu}b
M)3o8RN
$C}Itl
M~J	|-
wdYFo0
zq[WmE
"Wb#P%
~rJ	f.
9l}a8;
>+<uV8k
)##'1p
B-Cb@2
BpKAHe
[;aJdF
$'2===
0eRH9|C
e)v%Le
Ass3:::
bWRD[R
f-N$\u
3!H6iX
C(>lJ)
t6?iTTH]
<#www)J
RW`A/@	
( g.<?
h:Goo/
Mx#dA&
B)]H)}
H*D1'5e=
@CS#ZZ[
MMhnm)
?A)-^J
oPJ_(k
Z'M{{;_
#Z'YWW
%tEXtdate:create
2015-04-13T15:28:33-05:00
%tEXtdate:modify
2015-04-13T15:28:33-05:00