Sample details: 6c6562261896ac3c5e8a0d4d63ab0442 --

Hashes
MD5: 6c6562261896ac3c5e8a0d4d63ab0442
SHA1: 961aa598563440a2d58eb2ba52b892ee77d0b230
SHA256: 508d9cf6139c98360131f3c266460922b70dea132330bec171a24eff35bcaa30
SSDEEP: 768:qXMz324B4+EE3239EXfloUkv+s8s7mrelVL4ZKBVO55dWi7MM9I:qXMzm4NAEOB37mQVQKBVU5RoM9I
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Basic_v50v60 | YRP/Microsoft_Visual_Basic_v50 | YRP/Microsoft_Visual_Basic_v50_v60 | YRP/Microsoft_Visual_Basic_v50_additional | YRP/Microsoft_Visual_Basic_v50v60_additional | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/SEH__vba |
Source
http://93.95.97.230/pay4.exe
Strings
		!This program cannot be run in DOS mode.
`.data
MSVBVM60.DLL
rearranges
rearranges
That old Puzzle game
KyKKyFq
%%%%%%_D
yv\\\\5\Qp
ECBm@@6
<<<tSSU
432)B?:
445Q;;:
KKLieee
cmdShuffle
&Shuffle
rearranges
Label2
Times New Roman
Label1
Turns :-
Times New Roman
Times New Roman
Times New Roman
Times New Roman
Times New Roman
Times New Roman
Times New Roman
Times New Roman
Times New Roman
Times New Roman
Times New Roman
Times New Roman
Times New Roman
Times New Roman
Times New Roman
Times New Roman
Times New Roman
rearranges
rearranges
rearranges
dD	`Y@
C:\Program Files (x86)\Common Files\DESIGNER\MSADDNDR.DLL
MSAddnDr.AddInInstance
AddInInstance
C:\Program Files (x86)\Common Files\DESIGNER\MSADDNDR.DLL
MSAddnDr.AddInInstance
AddInInstance
Module1
Module2
rearranges
c:\windows\system32\user32
CallWindowProcW
ReleaseDC
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
SelectObject
DeleteDC
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
c:\windows\system32\kernel32
RtlMoveMemory
FindResourceA
LoadResource
LockResource
SizeofResource
FreeResource
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
Image1
VPxQlpHQ1
VBA6.DLL
f_G'j?
'DAddinInstance
F<f4/AddInDesignerObjects
Label1
cmdShuffle
Label2
cmdShuffle_Click
setconnectionhips
aowIUL
MSAddnDr.AddInInstance
===@===
===I===
===k===
===a===
===%===!===
===x===
===M===0===
===P===
===s===
===~===
===<===
===G===
===q===	===<===
===K===
===:===
===R===
===e===
===+===
===8===
===9===
===f===
===g===
===,===*===
===o===
===@===+===
===R===
===y===
===9===
===S===
===e===
===<===
===D===
===K===
===K===
===s===
===3===
===.===:===
===(===
===4===
===k===
===|===
===]===y===
===z===-===
===;===I===
===@===
===|===
===?===
===r===
===q===u===
===Q===
==={===]===
===#===
===_===*===
===;===
===-===
===*===
===n===
===0===
===M===
===?===
===	===
===0===
===(===s===
===-===
Image1
rearranges
MSVBVM60.DLL
EVENT_SINK_GetIDsOfNames
MethCallEngine
EVENT_SINK_Invoke
Zombie_GetTypeInfo
EVENT_SINK_AddRef
DllFunctionCall
Zombie_GetTypeInfoCount
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ProcCallEngine
bBAfAA`UG
DbEAdAC GGbCAfAE`EGdCCfGEbEAdAC`GGbCAfAE`EG
/e	+g 
 oiKg`GGbCAfA
%EG(BBf={
AdAC`GGb
Ai@NaD
dmCfGEbEAdAC-SGbCQfAE`EGdC
fGUbEAfACaGGbCAfAA`EGdCCfG
bEAfAC?bFbAAfAEpEGdSCfGEcEAdAC`GGbSAfAE`EGdCCfGEbEAdAC`GGbCAfAE`EGdCCfGEbEAdAC`GGbCAfAE`EGdCCfGEbEAdAC`GGbCAfAE`EGdCCfGEbEAdAC`GGbCAfAE`EGdCCfGEbEAdAC`GGbCAfAE`EGdCCfi1
jGbCQfAENEGdACfGEbEAdAC`GGbcAf
E`EGdCCfGEbEAdAC`GGbCAfAE`EGdCCfGEbEAdAC`GGbCAfAE`EGdCCfGEbEAdAC`GGbCAfAE`EGdCCfGEbEAdAC`GGbCAfA
cdeM"D
]5O."2
Ja<l0[
QFU+Tg
McjiW26
L$/FsD
a-/rPL"O
!$HO;!
H354"#
r1?ou3
57UCCfGEbEAdAC`GGbCAfAE`EGdCCfGEbEAdAC`GGbCAfAE`EGdCCfGEbEAdAC`GGbCAfAE`EGdCCfGEbEAdAC`GGbCAfAE`EGdCCfGEbEAdAC`GGbCAfAE`EGdCCfGEbEAdAC3421341113115544
XXX<XXX
XXX<XXX
XXXHXXX
XXX0XXX
TTT@XXX
XXX"XXX1XXX:XXX<XXX<QQQa
QQQaXXX<XXX<XXX:XXX1XXX"XXX
XXX"yyy
XXX"XXX
XXX1XXX
XXX:XXX
XXX<XXX
XXXHXXX0TTT@QQQa
QQQaTTT@XXX0XXXH
XXX<XXX
XXX<XXX
XXX<XXX
XXXHXXX0TTT@QQQa
QQQaTTT@XXX0XXXH
XXX<XXX
XXX:XXX
XXX1XXX
XXX"XXX
XXX"XXX1XXX:XXX<XXX<QQQa
QQQaXXX<XXX<XXX:XXX1XXX"XXX
TTT@XXX
XXX0XXX
XXXHXXX
XXX<XXX
XXX<XXX
yv\\\\5\Qp
ECBm@@6
<<<tSSU
432)B?:
445Q;;:
KKLieee
PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD