Sample details: 634aa845f5b0b519b6d8a8670b994906 --

Hashes
MD5: 634aa845f5b0b519b6d8a8670b994906
SHA1: 82ad537a7acb18702a02b6dd2c6d12eaac0b3656
SHA256: 7f7e5751277a0169ec2eb4492b0489ca850808f64b52e708f716f46ac160e54b
SSDEEP: 3072:dzimFU1cIsisNUbaxF6qJDe94aqosAm+w90Z69:tisYGDe94aqosAm+w90C
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Basic_v50v60 | YRP/Microsoft_Visual_Basic_v50 | YRP/Microsoft_Visual_Basic_v50_v60 | YRP/Microsoft_Visual_Basic_v50_additional | YRP/Microsoft_Visual_Basic_v50v60_additional | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/SEH__vba |
Source
http://94.130.104.170/WORM_VOBFUS.SMIS
Strings
		!This program cannot be run in DOS mode.
`.data
MSVBVM60.DLL
-C000-Lepidosirenoid
.ramungu videetipe Lunulir
dole2.
VB5!6&*
Levavami
ctekdg
Lepidosirenoid
mscomctl.ocx
MSComctlLib.ProgressBar
ProgressBar
Enabled
mscomctl.ocx
MSComctlLib.Slider
Slider
MSCOMCT2.OCX
MSComCtl2.UpDown
UpDown
shandra
frmTree
mdlMain
frmMain
Unefelar
Lepidosirenoid
DdeFreeDataHandle
user32
GetNextDlgTabItem
GetDoubleClickTime
winmm.dll
midiInGetID
kernel32
GetConsoleOutputCP
IsValidCodePage
timeBeginPeriod
SetScrollPos
VBA6.DLL
C:\Windows\system32\msvbvm60.dll\3
picBack
imgFlower
tmrFruits
C:\Program Files\Microsoft Visual Studio\VB98\VB6.OLB
imgFruit1
imgFruit2
savePicture
sndPlaySoundA
frameCut
lblTree
Label4
frameButtons
mnuOptions
Label2
mnuTypesFractals
mnuTypesPlants
mnuTypesUsers
cmdTimerStop
mnuSubTypes2
mnuSubTypes3
mnuSubTypes1
mnuLine
mnuTitleOptions
sldTree
cC:\Program Files\Microsoft Visual Studio\VB98\mscomctl.oca
MSComctlLib
mnuTitleFile
dUpDown
C:\Windows\system32\MSCOMCT2.oca
MSComCtl2
FrameMain
mnuSaveProfile
txtInput
cmdStop
w{%ProgressBar
mnuTitleTypes
Label3
mnuExit
chkTree
cmdFormSize
FrameFlowers
mnuSavePicture
CreateCompatibleDC
CreateDIBSection
BitBlt
SelectObject
DeleteObject
DeleteDC
msvbvm60.dll
VarPtr
SetStretchBltMode
StretchBlt
RtlMoveMemory
Quality
SetSamplingFrequencies
SampleHDC
Comment
SaveFile
MSVBVM60.DLL
frmTree
tmrFruits
picBack
picBack
picBack
picBack
picBack
imgFruit2
imgFruit1
imgFlower
frmMain
Make Your ...
wwwwwww
""",""""""
"+"""""+" 
" """ 
wwp" """ wwww
""""""""
 ,""""
""" " 
""""+"" 
wwwwww
frameCut
chkTree
Cut Operation
txtInput
UpDown
MSComCtl2.UpDown
Label3
frameButtons
ProgressBar
MSComctlLib.ProgressBar
cmdFormSize
cmdStop
Stop !
cmdTimerStop
GIF89a
Stop Timer
Do it !
FrameFlowers
txtInput
txtInput
chkTree
Flowers
sldTree
MSComctlLib.Slider
sldTree
MSComctlLib.Slider
chkTree
Fruits
UpDown
MSComCtl2.UpDown
UpDown
MSComCtl2.UpDown
Label3
Label2
Fruit Speed :
Label2
Flower Size  :
Label3
FrameMain
txtInput
txtInput
txtInput
chkTree
Broken Branches 
txtInput
sldTree
MSComctlLib.Slider
ctekdg%u
	W~w@`
YpEC'dP
txtInput
txtInput
txtInput
txtInput
chkTree
Fixed Size
sldTree
MSComctlLib.Slider
sldTree
MSComctlLib.Slider
sldTree
MSComctlLib.Slider
sldTree
MSComctlLib.Slider
UpDown
MSComCtl2.UpDown
UpDown
MSComCtl2.UpDown
UpDown
MSComCtl2.UpDown
UpDown
MSComCtl2.UpDown
UpDown
MSComCtl2.UpDown
chkTree
Fixed Angel
sldTree
MSComctlLib.Slider
sldTree
MSComctlLib.Slider
UpDown
MSComCtl2.UpDown
sldTree
MSComctlLib.Slider
UpDown
MSComCtl2.UpDown
UpDown
MSComCtl2.UpDown
Label2
Recision Level Low:
Label2
B.P.S Scale :
Label2
Recision Level Hi :
Label2
Starting Branch :
Label2
B.B Scale :
Label2
Width Scale :
Label2
Wind :
Label2
Trunk Height:
Label2
Widening  :
Label2
Width :
Label2
Leaf Level :
Label2
Branches per Step :
Label3
Label3
Label3
Label2
Total Steps :
Label4
lblTree
Times New Roman
mnuTitleFile
mnuSavePicture
Save Picture
mnuSaveProfile
Save Current Profile
mnuLine
mnuExit
mnuTitleTypes
&Types
mnuSubTypes1
Fractals
mnuTypesFractals
Fractal
mnuSubTypes2
Normal Plants
mnuTypesPlants
mnuSubTypes3
User Favorites
mnuTypesUsers
mnuTitleOptions
&Options
mnuOptions
On Top
mnuOptions
Fast Paint
mnuOptions
Sounds
mnuOptions
Random Background
((((((
ramungu videetipe Lunulir
lWidth
lHeight
lSrcLeft
lSrcTop
FileName
333333
333333
ffffff
333333
ffffff
333333
333333
MSVBVM60.DLL
MethCallEngine
EVENT_SINK_AddRef
DllFunctionCall
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ProcCallEngine
ssssssssssssssssssyyyyyyssssssssssssssssssyyyssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssyyysssssssssyyyyyyssssss
wO!~U)
AF'EM+OT1OT1EM+EM+EM+KR-KR-KR-W[0X^2af7ej;^d8ej;qyCq
Hn}EqyC\j;\j;\q<k
AF'EM+EM+IN+KR-EM+EM+EM+EM+W[0\j;n}E\q<\q<dzCdzCq
CQs=VxBe
>C$EM+KR-N[2N[2OT1KX/KX/KX/N`3Rm:Qs=Mt=[
GU-Qs=dzCbsAN[2D\3D\3KX/Ml=[
2J#Gg7Tv@Ml=Gg7Bd9Bd9Ml=M
:b-h|N_sHBd9;]6<b7Bd9M
Wm~Sm~Sr
jnEvxL
ppoYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYppo
ad~\_~\_wVYwVYwVYsRNhNQhNQhNQhNQaHKaHKaHK^FHZBEZBEZBEZBEQ:=Q:=T=@ZBEW@CQ:=YYY
LLI}|w
{edeed
}~}STU
}~}}~}2.+
STUABA
mh_\WL
lll<=<
eedUY`
mpkUWaHK^FHaHKkUW
qrr<=<
	K:5hNQhNQkUWkUWkUWaHK^FH{ed
ppkUWW@C
sthNQaHK
}~}}~}}~}
va`W@C
kUW<=<
y{~\_wVY
hNQN=8
ejwVYZBE
^FH^FHkUW~\_
^FHK:5aHK
PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD