Sample details: 6af6892083aa1c23bec6fe4daeed0bb6 --

Hashes
MD5: 6af6892083aa1c23bec6fe4daeed0bb6
SHA1: ff0ec1ca6a6f37b6bc38d5cfae02cd03166b426d
SHA256: 2ec0dba38183ee8d48ae3917502db39e44d80270e06ead778fa090f5a2215320
SSDEEP: 6144:9v5MBghXvZi7PE2i49JzZWZJ5JtWTKEYrHo5m7aKmkqHMaG3mNLHP4sZ2xLjZ2:9v+Gt8sWywkV27kqHMaMsZ88
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Basic_v50v60 | YRP/Microsoft_Visual_Basic_v50 | YRP/Microsoft_Visual_Basic_v50_v60 | YRP/Microsoft_Visual_Basic_v50_additional | YRP/Microsoft_Visual_Basic_v50v60_additional | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasRichSignature | YRP/maldoc_find_kernel32_base_method_1 | YRP/domain | YRP/contentis_base64 | YRP/SEH__vba |
Source
http://dhm-mhn.com/sunday/crypted1.exe
http://dhm-mhn.com/sunday/crypted1.exe
Strings
		!This program cannot be run in DOS mode.
`.data
MSVBVM60.DLL
Obtusilobous
Indfaldsvinkelens
Kernevlgerens3
IIIII333333
qIII33333M8v-
_"?OSJ'
H};IIWd
#\rz,`%
33~s!/jR	
033333
33333333
Kernevlgerens3
Command1
Command1
VB5!6&*
huldres
brusebadene
Obtusilobous
Obtusilobous
Indfaldsvinkelens
Partook0
Slumretppet7
Klynkende5
Stoicheiometry7
borderside
Retsvidnes
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
Command1
VBA6.DLL
__vbaFreeVarList
__vbaStrCopy
__vbaFreeObj
__vbaFreeStr
"__vbaHresultCheckObj
__vbaNew2
__vbaStrCmp
__vbaUI1I2
__vbaStrMove
__vbaFreeVar
__vbaVarMove
>}EKxL
borderside
Descaling
Descaling
Slumretppet7
Smutter1
Smutter1
Klynkende5
Provisions
Provisions
Stoicheiometry7
Expending3
Expending3
Partook0
stelforbindelse
!Ynm)W
).#{z6 
G0^y;L
1&HVb,3v
3m,~4/!5>
}$08tH
}>$;iU
nuh%VP
C?j{J-
C|A3tY
s9Pj,(
)`2icp7A
-bRMigO
A.c60V
`dFu`M
MHM&~pq
]yHhB3\X
	j"}nu.b
SLlTJC
	.VG*2
:VdPf[
gP3}Ga
,M#jZ(lYw
@ kQq`
xgs]tF
w]cHDTz
4x9zEY
yPV`fH
An.W\_
oWcUF_~b
/^lCXIu
DY>{4L
$t`+,#$
|LrV`B
k[yP6f
iL0Lo*?)
m}~5l(
-|0R!&
w;mf6oN
nk=;h^
3Pw_{p
U)EJ\G
$s~2eX
N5b8+XJT
<6rmU9
2ys9jW&i
1ze1i#
e%Fj+{
-ZsPx%
OkXV]h
0i20F,9
E/op[_
a3do{u
,sj~hGD
~c~*.2
%)YA`P
,Ol;R}
Hs1"2XKW
4IC-]G
:-fY|?[
~.Xezg
~	`sy~
^JxD!;I
kps}ev
L"Sbfw_
s\L^*5
dL]<,1
;2N`8dH
p/-)pURJ
{t@DFc
rEDo!W`
QGv^7@
KkR9E!n
Y/|G9'
>1jp)k
g_;IL^
[H"(_s
C|!Yd(o
d&3"	2
2pG@S|
3S2m2N 
{Y(lQ{?
;mD&/[1.0E
T$1XMe
*Z|.!u
MFYxxN
w;$\\L
`>L 2QE0
HW:N[y
;H~kU#
TY$&jf
S3[37?
g<,Axb
^(0^L\
j^K'4y
23]Vd?
\)e'CF
~as-H4
ei`S}n
29RXC}Q
YJuh=>d
(.Jvcfx
dF6	a:
8!'\t-
/;UUv8
o[|k;Pe
~	-nXf
?TT19\
<<r%Fd
44D2	=
iTl\ce#^
9v,) t
(e|yv{
$+*#"s6
5<#:u!
B>y*IL
$E%D6g
ZAla@;6
Y]\.Q&%w
38O7G8
8E,XHr
7LIgrK
q@r}.;
y]@#7R
	 u`"	
R=ts)B
vF|z{:
'$r y*b
@/	(sL
F\iFKOi
N^{]`E
]?L!Gx
]0Fk;)M
0@3?=])
wUZ1_[N
*n7L{.
/_MsdJ7k
R,-<F8
nXLraQ
O1gP?|
[4"y)IS
2#m`de
*K~18]\o0e
]-z%W4-
a<<G/$Z
e P[<J
3;L@1v
	G&e2QQ
u63,u&
LFzH1O
~&DrR6I
N".grwj
Or7olc
6N0o]*
psEMN#
&6CnO&V
wV8.GI
->QOL$v	
u)GoXd
0]@-3+Y
;+z5u_Z
-/EFQ4
(BXTaUTj
1+'\u!e:*
g.gA1B
W`]sOr
ZV0DXV	Z
a$/`kZ
PCtP!_M\
`bMIlY
<C5%C!
fTSmtj
L(w!M{
)KshuQ
QC~fsv
ZP|b"`
7XoH+S
g~s/{1
6FN2ZN
6@[74P6n
C4`r3J7
6-/2N#
PKTm3)
^Y<V@J
b5anq)
S/,ZJJ
f9&!GO
DI\*Tv
1J<;0(
u=}tcL&&
T_>S	G
#S-/5n
nVSU)Z
xNHx&g
[Tjb8f\5
W-UYG)
&v@~ .
pqLB0T.
l{:dR<
aCn\vr
V/Ah}_\
od!pP@
`iV#g6
p6F|<m/
8D^%+j
*p5A@Y
\Ew{DQ
	O@%~g
LE18=G
`Pwpw5
)AeUo/
8dBj5T
(i\duG
QH(NNZF
=)u:v0'
Y'na{\a
jo-YwH"{D
wK.iI?
Rw)H>Gbd
[rl&x?
n}Rmx{T
	r7ly<
VT0Uj@9
K/4'\5
KH26-v
nU3:oQ2
6O+Gh=
{a2ZWZ
k\@q(aE
,*R(HP
t"?r,=
S&Xxkp
FH`s&IS
b7iC-B
19#DnVt
U^Trrk~
%dbre$
<,>Mc_4
3.tOV~
BM<Y/$n,
#6D_0]
`Ls/W\
 ~[}^\	2
Pkj\:)
yF]R.v
v+/.^U
f1FBYcS=
%2O _4'
t4M:4i
~6$[Z`
DA#I\p
)o|Nlg
W}YvG%
G-f**8
O!*DGU
E}'|Dnrg
T|a+'1g
Js)`xP
svOx&p
8J3BPi
0C7-W/
(>!D^2
e[?D7_|
z'0K3#k'
"S>[rw
 ,)@kx	
Fi*4I.z
W[LVrfv
M	M4>/A
9GIaWY
x\LOSK
1 t2&J
oiY0aX $
nU,[);>sA
Y8",d~
GN+/J]:V5
%)p"|fF
_QQ9D~-
S ID7'
:UaAw{
{[?*0f
?FS\o{
txz?wRo
"ZT d(
_U_7D|^
?$vTTL
7;KW!F
zP.sX>
l~dJVl
kx7#t)
?|}<~r
?c&4vI
4[W;0-*Y
`/	_*	R
bF"LN@Db&
Sd2?V0
7EQF[h
@po/xhu
5x3&[U
)BjB8gBl#n
g	qR\uP
T	MnBn)
])e8lg
>hTm7	3|
^QU8`[n
r6zLiT
rjE!yQ
| +@]E
?rj`c{6&
&UBHLH
u5<VLNs
|}Fq@^7
O#+bWE
Cf}xu"
2kN=UpdO
#g VlfO
K2*v8v
hWv4=o
h:o@\VKT
.>PemS,/
w3-ewO`
6^;'5=
erOe]u
@9^&3A
~mQFbs
i>3`(Q
7=_P=6
II(^-"
0^c"IQ
BHd'?B
*h78H=
m('nae
l= i{@
2/4(}~
Eq&OB"|F
2nen(fa
'yVe|$
L3e+[2
vMb@U}
HFDl4@
	`. [N
M^JhK<BG
 :u[d_
'={BC4
K S#VC@
\}ar%0
:jtQ2Ix
aR)j+r
6J+zK#
+(K]9I;
Qu%zIa[d
%\/Epg]O
+Rbo$$Q7
~'a*u7?R
wI+>RF
F[NKOc
B7gw+r
_&NQNTL
$IBBbS<C+
x+N:mH
zgBpgb
=Y8U{l
A	3~wH
K&oN9fz
pr8||l
;1^ml!
WjC\A	
wLA'T>d
jU,"N-
2eoA,2P
vBPr<s
utkmia?
K$u5Rzz
a]^mK/
Yp"%qU
$zMQz$
,&T)Ym
i)"hG"
%J>`:[
	`wzl(
DwZL,'
V j=Gae
i.8CgD&
ilZ{e(
IU11p/
vX	T'	l
WLWOQQa
fFp%}"
bVcw.i
xd:0g@
)A)o{u
fo=dk X
20_bA[&
]"(i@c
*==DN(
eI$fDI\
5E/+\9
!\$xKP$
cg`)UE
|kS>q=
H==tMr
szFA#+
]ED2gE
4*:	v;z
du0e@O
3|bz`R
35c|'b
!/IzA~
X9[xP2
'=RMq@
6hGkvV
<[~wxx\
a}odlF
!~).<gl&H$
58=j''
6ARB~l
i4SIX6
1yvEk	
eRfKu'|L
*sNn.(
36v@S.J
^8mv$1#j
UG:7B/
Gb_29N
YRj%2@
NTrx!N
dMTyWHX
eiqV=]
%2]-7k
-\-=`)9T
b?t==]
wz(xBv..C8j
`QCXBs
`?ip>Z
'_?lh13
F't7$8
$j/Z^2Z+
Di1[iz
KwI R@
TUP(X7E
)vR(n]
{[&8>Tp@
J~@,,{E'
N)>@m[\
	A7C4J
JUYg#p
@t?Jju,
8$;q>1rI
G*.^=&
F{t6{_%
"i[=hJ
V_N.o~
=Ii(3}
N*Hmrk
<pwi)8G
z~rW,c
-C0[:Q
:'wBtf
/Fg'bEj
B#WDeh
cN93#G
LYWYqf
-90Glr
>l/i'=
ghCrij
/g4X[y
24yUPb
?|,,/f%
l+~RCcd
8ZY&$'
=4EwZ-
wO-@/-
Kdh?i]N/Y
~BDN5,
C<<&Ku
fNN/ M"
\GI_,nU
aKmVz=L
vH%"Z29!
+n+=<y
E@aWrJ
j|gE8-
jaUfNX!
U2J	)8
Z</i.s
kCjTv%
h*8vTZ
*Ez66p
y@5yZ&x
KJwX\>
[BA&\s
QFiJQ	
J$D*$Q
e&'C72!
"8,3P*
cVsZU|
`Y(6'!
gi<:%p
6-Oe}J
4K	X~/e
%[dEi5
\@&	a29
>|6v0,
-MOzm'
5Uwkr7
X_~+iGB
P$mYlo
O57AQ2lc
f{,v27^U
K$h}uQN
v44%$}
^l_vPR/0
X]~TDa
x?z5^/oJ
=Xc{G k6
t^	,?a
MBW^T$
a0@dc%
<p~/U)@
GUsl8lo
iQn&V0F
hVHpAE
=YA2yn
slm(Jn
wV8*(n
qn;by5
.cC`Y@
4\NxD_8
4pJe3p,
H~u ][
&rfmRq
X<pvIB
#"\tz?
MHJ*7t=
luHcRn
cB,:>:Jf
$`QRCpS
.gHBmQOp{d
Mz\*d6lt
!rw2b2
Q?_T'&
JR1IVp-W
ha xFU4
1J~hO4
@oFelQ
f>G%fVQA~
lXCQ,=
:g e>9fO
$_Qo^B3
D `6Qg
`$JBl9q
*}LQen
yZwzfVf^
SHELL32.DLL 
AShell_NotifyIconW
fVf^12
NAfWf_
4$fVf^
^xfVf^
TfWf_h
fWf_RfVf^Q
fVf^fWf_j
4$HfVf^
fWf_fVf^fWf_
NAfWf_fVf^fWf_
fIfVf^fI
fVf^PfWf_Z
JNcE]vw
UaguQ1r
`1\awP
`[FawP
`=mawP
[c`oK*
[c`oK*
g2l0Ra
\Yq#lT
$\p,YMO
X4x)qo
Pd M@B
1&~:#Z
^gdO-wH
w1A-ry
9N	6e+
;C@+	S$
'`t0]PR
stelforbindelse
MSVBVM60.DLL
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaFreeVarList
_adj_fdiv_m64
_adj_fprem1
__vbaHresultCheckObj
_adj_fdiv_m32
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
_adj_fpatan
EVENT_SINK_Release
__vbaUI1I2
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
_adj_fdivr_m32
_adj_fdiv_r
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeStr
__vbaFreeObj
IIIII333333
qIII33333M8v-
_"?OSJ'
H};IIWd
#\rz,`%
33~s!/jR	
033333
33333333