Sample details: 683526ef5a290ca5d32f978268c28fcb --

Hashes
MD5: 683526ef5a290ca5d32f978268c28fcb
SHA1: 7628587a8bcc55aff830c240e0b1de17edbab0b7
SHA256: 607b8d33d72f29b054525856a8a8547aa0ca6d0bf76ba5a9bc0e7474b3303949
SSDEEP: 6144:jIs8FwMADPjz/NbgYI7nrMWLyoRMO1NpXYzYcu4/rIAu5u9VSKI:r8FwMADP1bgYyrLG+0uJR
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Basic_v50v60 | YRP/Microsoft_Visual_Basic_v50 | YRP/Microsoft_Visual_Basic_v50_v60 | YRP/Microsoft_Visual_Basic_v50_additional | YRP/Microsoft_Visual_Basic_v50v60_additional | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/SEH__vba |
Source
http://utasarmsinc.ru/live/dew008.exe
Strings
		!This program cannot be run in DOS mode.
`.data
MSVBVM60.DLL
Doloritas
VB5!6&*
Jamborees8
Syconaria1
Doloritas
Cholesteric
Dovekey3
Doloritas
C:\Program Files\Microsoft Visual Studio\VB98\VB6.OLB
Label1
Check1
user32
GetClassNameA
FindWindowA
ShowWindow
PostMessageA
comdlg32.dll
ChooseColorA
KERNEL32.DLL
EnumUILanguagesA
VBA6.DLL
__vbaVarMul
__vbaNew2
__vbaErrorOverflow
__vbaI4Var
__vbaInStrB
__vbaVarSetObjAddref
__vbaVarTstNe
__vbaVarMove
__vbaFreeStrList
__vbaFreeVar
__vbaVarDup
__vbaFreeStr
__vbaStrToUnicode
__vbaSetSystemError
__vbaStrToAnsi
__vbaFreeVarList
__vbaVarAdd
__vbaStrVarMove
__vbaStrMove
Cholesteric
Bragi8
>o8;3K
@sL!$>
c#h3;3
PiQ4	S
 V_%cc
	gw(Eq
j3V&[m
CTX:ht
93Mo(@Z|
2Q;p<q
1eR?D*
TqH>1f
]@"*=6
sSgQ&.
T;X;hW1
Fsn?eH
cX-dW&I
E^M%cc
#e&-VQ
 <N9rq
C\ga `k
Si(g:*.
 <N=rq
ywga\7
M^kd2TJV]
q5Lr];
aE-UQV
@4]L]y
Wo/pD	
"A.ZWp
%C#|nS
Pe?x,w
acz!Sm
TpCP|k
[<V"2#
9yX#|9
^o<i#|
^|4&3<
`Q`7;s
@K)WXP
a{r7wy
i2By,g
%7pn,c
P}'%ea
FFmjfd
c:y*.`6
w*|.v:
^o{[#|
AR3a;{P
'Sb7??
Rid5y$u
_CKRaG@X
6\<xsL
@K5_XP>
S_g+kd
9{ ]X.
,enUy]
`$%jSl
:Rg-iw`Z
wZM48B
C-F@6w
<yJ~,g
$0+\Om
#ewn$'
<bK3,w
\jUGuL!
)5 UXP
<]s-{U
M@r/86
~R FZ7!<j`
 -EOOT
&)E	NT
'ucjJh;
, ?>y/
B2(UXi
5(UXP6
;EZ c;
}0`mXw{V(l
`yL@",-6NT
Km8:3Kr
K}+bmX
M@H<8W
RP8Q3!
lO	Dsz
EW6Xf:
&7-fYp3
L@H<96
1\ J\.
:U#?,G
t2;3Kt
9-'y<p)
;3KRT_
PR;YKS
SM@"*9
-_XP9I
 F.J[,
V\d5qe}B
psxd\w
#1<)sQ
Ncjd*t
mt$1dmx
~>FvL~
RG(L_f9
PhHqZe
QRG`LY
XPhxuZ}M
bTG-(UX
iM(9;3D
#e'j,oX
#2A$,o
hd5y$]
'mT)8u-
9UX%~E;
iOt(;3>,
(eMv@Q8;`
gR\n^r
>QYgv- l
Ra[m1Yk
a,g"~KX
bid5we9B
[LRmqe~
JqH>-h
RWHNYf
|U2ze$
t)uAmq
1Xt* 5CJ
3Hgc7%
Pql'gT!
f0&>rA
_Y4#5C
)U(ltL
bIe'h'
aqBO->|
EUi*gf~(
T4X7hm
<yF},%
JHXO	Buz
Bw~&d,
z?X:ht
6'4o[~
1@a-TXP>Iq
#7:hw.Z
&1n&%EWey
IKt$,7
xuJAp14H1
#eun,+
H73TU.
E2S\f^t
qz&.OR
T%X7lm
RGXLYl)
7maOps
t)qAmq
h(R;YKSRE
u`<6saSgQ&>
[M-kJC
K58\3-
5eEBe,
}M182RX
@R`87_
0WD1Y"U~VD
'AR'(#
|U2ze$
Ra_>=m
'7R,}(
&5r/^Y
M*"-9W
%8'u[8
Wd5y$1
X)TG5)UX
/24:;3
\Q3	bU
'LKzze
M8`f?M
'OH|?S
|U2za,z
aX|0V1
Ea$\^Rr
A@"*>6
aX?pWEq
Fha4dT
@R6gZ{
<yJx,w
!	a6r?
2\]V|7
=e?mXP
le5y$a;
p-r\.>
fRO0/K
e>)*$l
1@=\NB|%
)d"<VRO
L~v'FZa
1}M{9F
KX!sCs!
2}_9O7
!Rwf'|
pN:C$BU
(m\#Ydc
tZU6$m<
eWAEs2
^"a02hV
vk%_V"
o5N?qQ
 =wLL?
lBo#Z&
r	~\0yd
KC.,Af
q:1v.R
pGgRMp*3W3g
1)1Jt)?
m6jbCbY$
hoQo>$
klR}z!
O/;Dt~
!Q#ll!
|ZpG:y
Rlfe_d
M)'q\e)
} LWsn
PVv$B`
N8BcT~C
5gkh;_6
DHt.TF
(iYu\7
~C5=LZF
(2~|=2.H
&Z[bZ[
&Zwt"M6/
AH*"_[k
'&<ORqd
'TH(lK
x/Ie=(|
8"@8pX*O
.K|Ge4d
'L>>e[k
KXsdE/
)C{7_k
>nlW@"
tM`bTTM
94jq#QT?
7)^(0.Su
-o;)ER,
<uY:hW
)g`K4j
N|`\9n
UJ=s/	d
5-_vu%
]U.hXzP
J^|e9h^W8
I+7F}%
3h$JBxx
w-H811
*EGRlB
)_<<N^
bu2AtU
cQ#39)
MDoj@a)
NWu`U.;
pj:(xck
>39jZIQ
 1l2?2#
LP/IJ9
 JqSZa
E4[*'Z
JA_4(v
w1.CQ4
;MeorUO
Dgw|@9
6GCbD)N5
_Xvqp:
g~#CiJEP;t"
<A|w&yC
v o]Q`
@K ,tQmv
SAF`)r
&TPVt*XH
<Q<28>a
].oK=W
C="(n~
UA\Ds%)+
J6h~!P8~
eI7tq0y
;!(s@1
\Cg1I&^
3.7dX,t
'l/l.Ug
k-`#]n;
v7"nlQJUu-
(S_4)I
,|lBWP`
(^Dlw8
'ZBl{{
,v?xy,
Xt_CY0
W\^<)lt
;o_h.&
uCJj)ER
;&hDsU
@7iCF7z
U8}qt\
5XoWBY!
If=jQ=Y]@
<=>>B\^
^`bbaa`^DB?A
5<Dbq}}}qponopqxyyq
:aC;9?
yxpnba`bcpy}xcB<>
xbB<;C
}xoba_acpy}oC9;
xob__aoy}oA7>
}qc`2aoy}b;7\
~mT4.-1Lfz
xc__bp
}qb_`cy}_7<
								
}n`_bx
				2					
											
												#N
qa^`xq
												
q`^ayy=5
							
o__c}c
p__a}a
}a__pq7
n__cy>
q_:ayD
y`__x^
s"				
}a__p`
}a__p^
}a^_qD
ya^`2?
x`_aq9
ycabc8
(LJ&N~
}naac>
W(+GR3"Gv
}oaac@
|jUF)'Mu
yoaab?
{R4Oi~
xnab`<
ypbab\7
ypcbb`q
}xpccnaA5
A58Bn2
yxpnnon`?5
B75<\nx
}yxxqqpqpobC:
<559?\aoqyyyyyxxqpn`\q
579;<>==;96
DB>9:86799;AC^
wwwlll
jjj|||
nnnbbb
aaaxxxQ
iiiggg
qqqnnn
vvvkkk
mmmqqq
rrrhhh
qYqeee
dddkkk
uuuiii
}}}hhhbbbsss
|||iii
ccciii
___ooo
gggeee
vvv|||4
Bragi8
Check1
Check1
Label1
Label1
MSVBVM60.DLL
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
_adj_fprem1
__vbaSetSystemError
_adj_fdiv_m32
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaVarMul
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
__vbaVarTstNe
__vbaI4Var
__vbaVarAdd
__vbaInStrB
__vbaStrToAnsi
__vbaVarDup
__vbaVarSetObjAddref
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeStr
y___9B
OtD6H/FW
T+555|
n7(U>u(
RZRxZWW
gJ>G]]
^cc#[@.
89YF_ 
KBRu}b
M)3o8RN
$C}Itl
M~J	|-
wdYFo0
zq[WmE
"Wb#P%
~rJ	f.
9l}a8;
>+<uV8k
)##'1p
B-Cb@2
BpKAHe
[;aJdF
$'2===
0eRH9|C
e)v%Le
Ass3:::
bWRD[R
f-N$\u
3!H6iX
C(>lJ)
t6?iTTH]
<#www)J
RW`A/@	
( g.<?
h:Goo/
Mx#dA&
B)]H)}
H*D1'5e=
@CS#ZZ[
MMhnm)
?A)-^J
oPJ_(k
Z'M{{;_
#Z'YWW
%tEXtdate:create
2015-04-13T15:28:33-05:00
%tEXtdate:modify
2015-04-13T15:28:33-05:00