Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: 6b981b5d4be81fe65f67773058d48d2e --

Hashes
MD5: 6b981b5d4be81fe65f67773058d48d2e
SHA1: 978dc4155bd47dd5c3b6f4a27ea3158607ddde36
SHA256: 49adf441b813e40f7e91081959cbf910447149de82b5799f2f4621b79807aaf2
SSDEEP: 3072:dcLqPasMAo3Xu//zT0yiRVYIqcwdrxftuve/ppE6knnA1Bs2Ewndk7:prS3XuzT0yUpU9ftuvipE6knA1BdE
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Basic_v50v60 | YRP/Microsoft_Visual_Basic_v50 | YRP/Microsoft_Visual_Basic_v50_v60 | YRP/Microsoft_Visual_Basic_v50_additional | YRP/Microsoft_Visual_Basic_v50v60_additional | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 |
Source
http://109.169.89.4/better/better.exe
Strings
		!This program cannot be run in DOS mode.
`.data
MSVBVM60.DLL
indlaansordningenscauliculisnutterne
topiainjectionsoffergaverneforblffel
skkebaandenestyvekroneseddeltaphepho
}xxxxx%%
`[}rrr
__j*:).0
	/////
Fyyc`(
U#"'+*"
{{y|{wH
~zvA;=<
?F( 7I}/
Picture1
sekundostypehjulenehexadecanoicassyr
omvejenadvokatenfeltmarkeringerldige
evnendedivertilalinearizablesnippert
genarchashipbandageretbackacheinterm
lindhardtmakrokdenthrigesstatuepalae
nedrykkesredialledaponeurosismastica
selskabskjolenbelbsgrnsersscarificat
redningsmandskabetslkkertkatabaticca
eksamensprojektetbravurarierspennari
barleducstrithaarenebylivhellishness
economizesoverattentivelyfedthysteri
dokimasticdrillingkluntemikkeltavpro
lystprincipperteisoutthrobbinglispou
nonmercantiletrdemllensbankruptlyhst
ubrugtstructuralizesylowrgforgiftnin
ginglesslavendesunheartenlodsstation
dokumentnavneneeutrophicbratschngler
samvretsbrandfarligsteherreekviperin
prepavingpeabodybrnehaveseminarietbe
ceyloneserruchefrastdendesopfindelse
tppelageressyncopizemedaljoneruncomp
prunusthroatbandkosmetologenbimmelim
jovialbortvisendebygningstjenestenbe
tvrfagobliviatessklmsstykkeranidhvos
ressourceforbrugetclipunrevengefulne
udfringeneditorializerbefallenreflek
kapitalkontoernebidfladernerundholts
kvartsurenehuskselytroposisdbuverden
geologiknurledpointfulnessannuitants
coxalgicunenouncedforvirringsbarycen
forwhyspringbalsaminenslrlingekontra
unmovedbundtmagernesneddmpningernecz
stranguleringersboatlessnonsettingfl
birkelundenonresistancebaudraterneap
defibrinizepaabegyndsparriertornillo
portrtsmalonylrelongnoropianicaltern
ideamongertaxakrslernesbegrnsningena
jestinglystereotypylitziesidoletdrug
trlbandtercinefestooneriesdircakalli
bacillicidalstopurskontrolleriodopsi
undeaniwbellsinsurgentlytvangsauktio
eavesdroppingfdselsveersrehingingnon
dicephalousearlspropulsepredentataly
U%[4in
+$Lt1!GK
AQx<H{"
"QPMK7`
FQ0DY*~
)A`.gs
\]&R=:
LIYxD:
	kda<^M1"
xB]j!W\
Nr"fi+j
?$-Yit
Ku"YjC
RhUmS	
NI#*"xXS
j5R%f\
f':/d'
;)`/v:
+2^[ogY
:u]B(tH
6)7BP(
}kb$<q
D`7i(>
P8	_p#V"
#@3/xtT}8
?e1d\o~
<#7|U6'
EmM3tY
%_{?K8
[	w>~&
Q_?GwI
V;{j^	
Jo<qZ{
XIB~Jl
'db>gqd
}p(PLX
	knxa5"a
-xr3\U
gPW\|{Sb
,UPuOD	
DLdV	rC
P*#cdW
Gj.5,%
g!#@(w
[!VA!c
|_Ew	>
SyMk>p
PZ|Qmj_
@G/ZUO;K-F
p]Knr'
'7VX`	
A_9nH@
B)!EaQ
To[tY&
wZD./)mG
QM`AY)G
_q}ts0
tW ?kc
2UU;4H
!pL9t@k
 =AALW
] .&;O
R[!|NHc
BpKdju
9if'?xm
C!?i7H
1kqJ0h<
:&k2[J{X
iwJy\*
O{}04tz
w/g9+C:
Hth>$O
1AY1b5
uz{Rk]
/Z +|x
kq>_%l
u{rE1T~N
<PC]beS
4]b8F`
W?lx%_
2X[PHl
.Aiebp6
ymu$	Qq
7zab&5
fSp:}H~&
xL;}S*
dlQVxY
t?K$h@
qQcz`U
?.<lbe
1"SfFa
bi)4#JV	X)
|$.p)AO
 j0lv!
	6h'0N
\Xb^3+
RjeOq9
80]`}'
oENPI0
CD_gZYQ8
01)R$os
[mNsWw\
dX82B~c_&{
CLKb[:h
h-*:?m
S.+v7ciQ%
:Ui[1o
G/2.C'
rXP7\,
%$wQ!C:$
F.*O(F
iu,MvW
]iI3q]
=X<f-B`4qb
gevH&e
R}\t3S
w>J+BR
g;LxAZ.7
N5[)S/m%
h>V*qeAc
CsMgCa
avv/ 7
2-JWlR
X,E^xt
1[5[CsX
/&ycx? 
R9,}WVz+:
\-pb0x
S/;DD)
R!	vJf
t=Ws"i,
TTj/]`!
96\g2{
3Ij056
 ?7Ai'
s(z?&T
hj!k}oS
(EQr3=
<<Xr?X
/]C(T%
#G7&-,B
cw1"4qp
S;qflB
H[3Fr%
IdBUE\
&tCz1d
KP&TN$y
Gi+uC@
h/;Z9Z
4Pw$g}
&?$|FV
L=B0&n
kh)joA
SR0){'?
6r.'6P^
F[uF?~R
B0\Ht,I
K!#4N[
Ck4;[4;
~@ ir	L'
J"xoFs/
tN.Y"7
WHz|Ag
k\p(/d
<gy/ h
)8/3CO
>_MMrM
.r(8h<
q`E8z+
.c1N:m
a'3|"P\
g'.BJ{
q=C/d|
O,c9(h[
E`cM=HYw&
8rsVk\
{oEC^	4
}J]!.^
Jf[F'5
 {:EmP
C^g35\a
O&|-}b
<"yz!,
3\wE"l
EmB!yx
TJ\\Lf
bYrw]/
D0hkJx
6`Z~8t	
zf09uX
~nc8to
YRy]\	
G,0r#\
nxa#,^
sBsh/>
!BD9;R
Z'g:@>
9[?C(!B
I!|H_(
i:2Y k
6qV%r/
YltG/{
'R<N{kW
p@pMGUu
p65Tvpwn
p#s<0@
A8Dc[]
Tc{RoNf
ifp5L7
>	}tU{l)
$6rwXK
uj?{2%q
]u)	?n
qUemtl 
dYZ&?aL
L8][0"
&<8`:?
vV[d{G
+eP"ai@^
|Q)eLZ
,Mq_Mt
7cT7z`Qa-!G'
$.z'ek
h)!\Ze
Z,tq/LJ'
T.`HGA
]]f1e_
[P7`LU+
M>A:+[U6
Av2I_?pj
$T2_iC
4,Ohd_@
V7G7ZPAa-s`
SNi%4*=
@c&'4'
0REML52
.dR4|~
=!'kT|<U
V]5C#QF
25'|H~
5M1Tg>
EnAt$?
K~r70-:
	t{auw
bZBzHi
7f>Ooh\^t;
XEbdA6y
aH4^x?
~.yyDX*7
V"6qhy
bv	yWe
q 6!U-
LKa-^Qh
Y.	s,t
K'bT3Dd
]YT!cKJ
|^Pk<t=
(0+ceMR0
H+#guU
Vfcg@$M
LZ"sWk@6
<Gch3w
'],wdQ
RfB,i7
Xj}%	J
db KV:_
W#>)>.@
!tm0ou]
{w8vW0
jzPXMt
"<O=UI
\)>U=l+
]3K1f<r
`EH18X.
[mRY{-
W!:2a|
TG	hX'1
M?uT.vT1
sRSV	qv
/?_^6`
4JSq05|
SgNu( 
-h$yVe
10]+Ta
%}BP[P
s&vW<U
N#i^ja7#
_( 6(fQ
!uXFw{
^u@RK8
%r'ef8b
YNjf*{
.fy)Vwm
~e-6LC
3>,)sA?
qMg#Rg
k^~H"$Zg[
;?=$WP
_X6ld?
qS*~c)A/
5q(CxvvM3uH	
dDo*]b
QQ9L8z
MxR,SV
?ZI6t;Nl
#wN/*,
va+~dn
xwLh+m
C[rw3P
ucaC\>s
XXSo$Y
Q>]\"Q
iZRp%|mxY
s6cV$&
XLWWN7
	/sX`P9R
Tzdsr2
_%	bqn
YZ@{vp
7t ~6=
yYA;rK
%L ~59r6
po8&q>
|q%&k?f
VJ sPQ
RM:O]!*
sJu:/	
'ze,[l'#/
`YXUa9
Q.\XFt8
\5m	<*e
zUp%Q)
Y_IPH(
5"Z{jX
5n2JAW%
`wTptuG*
*&y	Fx
iRxk*$
C]&P9d
&G(nhErI
AFJKHDFHLSFJHDJKLGHKJFJIDHGUISDHFUISDHFUISDHFUIHF78E45YT78WHJUIFERHFUHSDJKFHSDFJKFHSDF78FHUIFHSDUIFHSJKHSDFJKHGSDFUIOGHUIDFHGSUIDFHGUIFHGUIDFHUIGDFHUICreateFileMappingW
PW_W_NF
NFSW_j
NFIIIW_
 MapViewOfFile
$hthel
Shell_NotifyIconW
&;9jR!
.-);9h
.?(;9=
vulkansstilnendeslsboammoniuriaminid
tbrudsskadernesluttikinsypigerpenmak
VB5!6&*
eyeletedproduktionsprincipgarderobea
gnaversmournfullestbaarevognenimitat
indlaansordningenscauliculisnutterne
indlaansordningenscauliculisnutterne
topiainjectionsoffergaverneforblffel
kvartsurenehuskselytroposisdbuverden
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
sekundostypehjulenehexadecanoicassyr
ceyloneserruchefrastdendesopfindelse
trlbandtercinefestooneriesdircakalli
defibrinizepaabegyndsparriertornillo
dicephalousearlspropulsepredentataly
geologiknurledpointfulnessannuitants
redningsmandskabetslkkertkatabaticca
undeaniwbellsinsurgentlytvangsauktio
StringFromPointer
selskabskjolenbelbsgrnsersscarificat
udfringeneditorializerbefallenreflek
lindhardtmakrokdenthrigesstatuepalae
jestinglystereotypylitziesidoletdrug
samvretsbrandfarligsteherreekviperin
barleducstrithaarenebylivhellishness
genarchashipbandageretbackacheinterm
ideamongertaxakrslernesbegrnsningena
ressourceforbrugetclipunrevengefulne
ubrugtstructuralizesylowrgforgiftnin
dokumentnavneneeutrophicbratschngler
dokimasticdrillingkluntemikkeltavpro
Picture1
prunusthroatbandkosmetologenbimmelim
unmovedbundtmagernesneddmpningernecz
prepavingpeabodybrnehaveseminarietbe
tvrfagobliviatessklmsstykkeranidhvos
birkelundenonresistancebaudraterneap
lystprincipperteisoutthrobbinglispou
omvejenadvokatenfeltmarkeringerldige
__vbaVarSub
coxalgicunenouncedforvirringsbarycen
HUAWEERI2.dll
dataalderenreptilferoustelefonforbin
ddssfgfdgf
SetThreadPriority
dsdxssdsd
SetPriorityClass
ddsfgsfdgf
GetThreadPriority
dsdxdsdsd
GetPriorityClass
ddsfsgfdgf
GetCurrentThread
GetCurrentProcess
msxsvsvsfw32.dll
GetOpenFileNamePreview
msxsssvvfw32.dll
GetSaveFileNamePreviewA
ksexvsrnsel32
CloseHandle
winspool.drv
OpenPrinterA
GetPrinterA
ClosePrinter
GetKeyValue
StartSysInfo
KERNEL32.DLL
RtlMovCCeMemory
IsBaCCdStringPtrA
advapi32
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
VBA6.DLL
__vbaExitProc
__vbaVarDup
__vbaStrCmp
__vbaOnError
__vbaInStrVar
__vbaStrVarVal
__vbaLenBstr
__vbaRecDestruct
__vbaUI1I2
__vbaVarMove
__vbaStrVarMove
__vbaI2Var
__vbaObjSet
__vbaErrorOverflow
__vbaStrCopy
__vbaI4Var
__vbaFreeVarList
__vbaVarTstNe
__vbaFreeStr
__vbaStrToUnicode
__vbaSetSystemError
__vbaStrToAnsi
__vbaFreeVar
__vbaFreeObjList
__vbaStrI2
__vbaVarLateMemSt
__vbaFreeStrList
__vbaStrCat
__vbaStrMove
__vbaFreeObj
__vbaObjSetAddref
__vbaNew2
__vbaHresultCheckObj
KeyRoot
KeyName
SubKeyRef
KeyVal
lpString
lMaxLength
} jLhX
MSVBVM60.DLL
__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaRecDestruct
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaExitProc
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
DllFunctionCall
__vbaVarLateMemSt
_adj_fpatan
EVENT_SINK_Release
__vbaUI1I2
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaInStrVar
__vbaStrVarVal
__vbaI2Var
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
__vbaVarTstNe
__vbaI4Var
__vbaStrToAnsi
__vbaVarDup
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr
?F( 7I}/
U#"'+*"
{{y|{wH
~zvA;=<
}xxxxx%%
`[}rrr
__j*:).0
	/////
Fyyc`(
# Project: Project1
# Makefile created by Dev-C++ 4.9.9.2
CPP  = g++.exe
CC   = gcc.exe
WINDRES = windres.exe
RES  = 
OBJ  = main.o $(RES)
LINKOBJ  = main.o $(RES)
LIBS =  -L"C:/Dev-Cpp/lib"  
INCS =  -I"C:/Dev-Cpp/include" 
CXXINCS =  -I"C:/Dev-Cpp/lib/gcc/mingw32/3.4.2/include"  -I"C:/Dev-Cpp/include/c++/3.4.2/backward"  -I"C:/Dev-Cpp/include/c++/3.4.2/mingw32"  -I"C:/Dev-Cpp/include/c++/3.4.2"  -I"C:/Dev-Cpp/include" 
BIN  = Project1.exe
CXXFLAGS = $(CXXINCS)  
CFLAGS = $(INCS)  
RM = rm -f
.PHONY: all all-before all-after clean clean-custom
all: all-before Project1.exe all-after
clean: clean-custom
	${RM} $(OBJ) $(BIN)
$(BIN): $(OBJ)
	$(CPP) $(LINKOBJ) -o "Project1.exe" $(LIBS)
main.o: main.cpp
	$(CPP) -c main.cpp -o main.o $(CXXFLAGS)