Sample details: 5ec99b84a5f21bc0db2987ff9fb4adf6 --

Hashes
MD5: 5ec99b84a5f21bc0db2987ff9fb4adf6
SHA1: 6a085284937b6fc5a42e908f926667a20f359845
SHA256: 51da9ae52c8bd4c40ce060447e0e9891ef2625224dfb4d0b541cb3383f6e42d9
SSDEEP: 6144:8HJ5XJ7bFtdr/t01iFbZ/pgd8priQbRxZOe+Drkx5wpS86n/Tu/5RzSKI:8HJ77JtdxpVZ/48prL0DrVSh/
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Basic_v50v60 | YRP/Microsoft_Visual_Basic_v50 | YRP/Microsoft_Visual_Basic_v50_v60 | YRP/Microsoft_Visual_Basic_v50_additional | YRP/Microsoft_Visual_Basic_v50v60_additional | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/SEH__vba |
Source
http://utasarmsinc.ru/live/dew009.exe
Strings
		!This program cannot be run in DOS mode.
`.data
MSVBVM60.DLL
VB5!6&*
Wyazenkin2
Diodon
Ladyish
C:\Program Files\Microsoft Visual Studio\VB98\VB6.OLB
Label1
Check1
KERNEL32.DLL
EnumUILanguagesA
user32
GetClassNameA
FindWindowA
ShowWindow
PostMessageA
comdlg32.dll
ChooseColorA
VBA6.DLL
__vbaVarMul
__vbaErrorOverflow
__vbaI4Var
__vbaInStrB
__vbaLenBstrB
__vbaUI1I4
__vbaNew2
__vbaVarSetObjAddref
__vbaVarTstNe
__vbaVarMove
__vbaFreeStrList
__vbaFreeVar
__vbaVarDup
__vbaFreeStr
__vbaStrVarMove
__vbaStrToUnicode
__vbaSetSystemError
__vbaStrToAnsi
__vbaFreeVarList
__vbaVarAdd
__vbaStrMove
Ladyish
Bellis0
l<W-+7
Wl)Y n
CwMLF^
],y>h(
4|X$xc}v
L|}B"#
bK~fNF+
S5Hxmr
-z~aQ*
R6h:;cS
bpW^~n
CH$H_C
jk.aCG(
|/[d/(
U%OV*ZD
eyb(aqz
9Ko~lx
x[KtTj
#5Hxq0
AO0`W0v
R3P=wAJ
 NqWIS
|cMfr6
3(=-&H
6H	pk?
|H$TQF
c~IV-#
~F?OoNC
vRPOw@
:uU.;v
c6ooMNF
tL<L]C
MC),6*
0K7M|}[w
,M]gzT
XyHV-%
u)&I[C
'l3P='o
P}o!6ou
.)!gC4
^A1'1.
r.h2++
# Lr!	g
TAQ[C 
jEqlPd_
FAP=wA
WVS'xj
CNlfR/E
Pd*CT?
p3Pn!o
z?Xpfey{z
H=P\'u8
6^P{w@
$\H<.%v
z6.s	9
uL$HXC
L-[Vw)O{
p4GW!O
[esJqD
6H<?W!E
vC/Oo%
#0!>0+
1Y%)ch
[*y@"g
`abCV--3
E:TaR%
DqQ[C"
Xc*Di ]J
gH|uK$B
{5o	E]
dMfZ6Z
935L<XYC
XQ< 0*
jE~lPdV
(,nPd^
`aJCV-#}
v`Q>^;
C7wP?'
4J	] u
VTUh0>
#Ze#iYK
r)u2[C
:Eq1tH
DF*Qzn
kTUM0>
zh..y2
|HufBR
7f73Pj
4D9@l_
9XN,ey
e>0-Nt
IFOtT;
IV-+HN
g`tj-9
r?	;KeI
sM!O,^
ZAPDw@
	8N]Kt
*6AO4`6
}/U%OP
{76~y;)
mNVGY5
8Az8;3h
w=R_gB
dx$QMW
2>#6fy
LNVZvPdgS
1utWwx
g[$g7pRZ
ZM/v6r@
%r3U1&NhA!
ech)Z}
Ghr*=#M
Lt{bUU
;Ru	3S
o'SHxYf
O`nDdz
gp~.eb
	e6SYK
L-[HrH
$&z~k+
M|q,s`
Pgcj/c
Lz/e_*
@Dh%j~R
W2>?6cy
_'Q.az
TV4`Ffe+
d_ VM3K5
\lQV8N
Rd*C9:
{f4myX
F.HV-!
Lqv]#f
=^;Zr]
anQAO0
KNF^@b
'ToK<%
g+u;In
 O1v@m&
A7Wt=7
)Ws:n"
@;g6ne
rf}% c
8M8Usg6oM
/x&:6l
x5D,CExekq
'Ng}ro
MopJ e
[j['$~
zw0fu(7
u0V5Ki
dsK6HD
f(u3	/
<nG/2w
SgTrPs	
5m,P@eO
NBs=K<
=RG+)b
)j{kZK
|v>1AMb
e]|.IYZP
W_y?~R
Q(!896[
T8n(SppsEP
R)M9[C8
?+6.IE
(/1cX%
3NUgx)
FBO BI
2tZxi,
*X5r#]V
#~/b<G5
svOi i
"@R3'm
?P9*>`
RR(/k?}u
;_,*dy
GeTP&7
;	b(n>I<
hB1[1\dS%
mg@$k0.oA
U7pw4\
wBh-\o
\xK@(i
hx(yoU
	wY"cN
<AXpUOy
ZaZlOb
(]jskq
F!{$ V
R%.Ll:
bMJr(O2:
7>CE1m
hz3D=hd
,Nckpp
yJ2()o0
Nzlv{[H
,`;PcM
t`hWe@n
gb21}Q
'n/_VS
>|zS5p
9.*v*n
<DL(~*
Wnh!l 
k3XZxI
n?o]r2
&esF^A
8<y9[X
7o:s$`2
V@={*Jb
wGhRaMW
*1:U&d
|7qRar
z@dBku(
:C#iEo:
b&|yVC
PCIX9X
/).J&k4
Owm_)\
k@*?qj
3<<Ch'
1OV,+B
-gZoW:
)n5PPO	
ELeIEE
$rG/Ys
Ean:tH
DZa^;V
tv9F*ZI
M/dWNq>
\KU2m?r
J'Q)gC
5'$2F(
}v7P}E%
<*&C4!3
9PQG:~
D &(7,
5Ws)z[
 ^2h'E
5Pkg,C
	Bm3^V
]nROxN2.
i7(0{7
aD<sf^
Z3^"&NE`k'}
6JS{<7
RhuOAF
+^)KHZ
DcB|D}
_)U\``
}2Sn-r
!vpt55-
wNf=;Qf
qf=V6=[8
yad\t+Lp
yad\t+Lp
yad\t+Lp
yad\t+Lp
yad\t+Lp
yad\t+Lp
yad\t+Lp
yad\t+Lp
yad\t+Lp
yad\t+Lp
yad\t+Lp
yad\t+Lp
yad\t+Lp
yad\t+Lp
yad\t+Lp
wPAY(*
	9mHS1O7dD
-[AN"D
S j$[B
Iw|Q::
wRC::d@N
wXGN"DGN"X
]CA=<<=>>B\^
B:658<AD^`
baa`^DB?A
5<Dbq}}}qponopqxyyq
:aC;9?
yxpnba`bcpy}xcB<>
xbB<;C
}xoba_acpy}oC9;
_aoy}oA7>
}qc`_aoy}b;7\
~mT4.-1Lfz
xc__bp
}qb_`cy}_7<
}n`_bx
										
											
												#N
qa^`x}\
									
												
o__c}c
}b__p}>
p__a}a
n__cy>
q_^ayD
y`__x^
s"				
}a__q`
}a__p`
}a__p^
ya^`q?
x`_aq9
}cabp:
(LJ&N~
}naac>
W(+GR3"Gv
}oaac@
|jUF)'Mu
yoaab?
ypbab\7
ypcbb`>
}xpccnaA5
yxpnnon
B75<\nx
}yxxqqpqpobC:
<559?\aoqyyyyyxxqpn`\>7
<>==;96
DB>9:86799;AC^
wwwlll
jjj|||
aaaxxx
iiiggg
ddd~~~
qqqnnnl
vvvkkk
mmmqqq
rrrhhh
qqqeee
dddkkk
}}}hhhbbbsss
ccciii
___ooo
gggeee
vvv|||
Bellis0
Check1
Check1
Label1
Label1
MSVBVM60.DLL
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
_adj_fprem1
__vbaSetSystemError
__vbaLenBstrB
_adj_fdiv_m32
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaUI1I4
__vbaVarMul
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
__vbaVarTstNe
__vbaI4Var
__vbaVarAdd
__vbaInStrB
__vbaStrToAnsi
__vbaVarDup
__vbaVarSetObjAddref
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeStr
y___9B
OtD6H/FW
T+555|
n7(U>u(
RZRxZWW
gJ>G]]
^cc#[@.
89YF_ 
KBRu}b
M)3o8RN
$C}Itl
M~J	|-
wdYFo0
zq[WmE
"Wb#P%
~rJ	f.
9l}a8;
>+<uV8k
)##'1p
B-Cb@2
BpKAHe
[;aJdF
$'2===
0eRH9|C
e)v%Le
Ass3:::
bWRD[R
f-N$\u
3!H6iX
C(>lJ)
t6?iTTH]
<#www)J
RW`A/@	
( g.<?
h:Goo/
Mx#dA&
B)]H)}
H*D1'5e=
@CS#ZZ[
MMhnm)
?A)-^J
oPJ_(k
Z'M{{;_
#Z'YWW
%tEXtdate:create
2015-04-13T15:28:33-05:00
%tEXtdate:modify
2015-04-13T15:28:33-05:00