Sample details: 6f566ae45b33fdb97a9274bfa0b81bf8 --

Hashes
MD5: 6f566ae45b33fdb97a9274bfa0b81bf8
SHA1: 4da34392af851aea4853cbf18b7df06ac175c583
SHA256: cd071e977d4e9ebae10acbc59c928a83f31e35822be5b85ccd961dfacd16de50
SSDEEP: 6144:4jqMoGNpHP0XOWdwUQkRQ+w+W/VoI969v6hac:7DWpHP0XTvQkW+w+W/Vog6J6
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Basic_v50v60 | YRP/Microsoft_Visual_Basic_v50 | YRP/Microsoft_Visual_Basic_v50_v60 | YRP/Microsoft_Visual_Basic_v50_additional | YRP/Microsoft_Visual_Basic_v50v60_additional | YRP/ProtectSharewareV11eCompservCMS | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/SEH__vba |
Source
http://lb4yiaur-site.ftempurl.com/tt/outputA2DA34F.exe
Strings
		!This program cannot be run in DOS mode.
`.data
MSVBVM60.DLL
Killduff3
VB5!6&*
Baylet
Outwardly6
Killduff3
Ratoff4
Killduff3
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
Command14
abluvion3.dll
Devoir
user32
EnumWindows
VBA6.DLL
__vbaErrorOverflow
__vbaSetSystemError
__vbaCyErrVar
__vbaVarDiv
__vbaVarTstGt
__vbaVarAdd
__vbaRedim
__vbaCyI4
__vbaCyAdd
__vbaI4Cy
__vbaStrMove
__vbaOnError
__vbaFreeStr
__vbaStrVarMove
__vbaFreeVar
__vbaVarMove
__vbaI2Var
__vbaFreeVarList
__vbaR8Var
Ratoff4
Tlamelula
.NVw	7K
]:^17/
w;L5nK
47fSGB_
p3L5nH
+HI\IW
	(P\1j
Vb6Cv&
!uUrZZ9
0W&|'u
'uI!p<
B=N_rx
NlLiqY
Ua:{,8
Ir8I5n=~8_B
5JdaKTo|
CJa2W2
'fqX7>6
ZGr$iv
d68KQ9
q/{P1|
	XxWEq
63+,(2
R[v\wg):
e#W]Ux 
|1@E:E
x+H5>O@:a72b
#S,dfK|
w,\4qWc
zp;kh1t
i*[ujw
39U5&kk&
iiGC*gy>
-b6^iP
IN$]f%
FD':{O|
jO=x=B
#S`iq*
8(B=-->
Il	xN#D
@92--:v
8]:^xF
$KWM$+*r
CBzx%C
o(d'>:
t ='Rf
|OO@j`bq
h@E:>9
kR8N+fiq*
8N#kiq
?/KFo|
+@_h$Q
8*Rd5r
42 *.I#
."C	58KH8
7qg9mLN
J7GK)l~
j{J{xM
Rh&{<cD
:#yaaD#
vN;liq,
:q@-|e
ONUB1z1
OVUB#z1
EoP7(kk
,vEo`G
=a0]f%
a;Aq:Y
|kAvf)d
li0c,{^
H/-"Y3:j
=oH58ON
+"'7|3EvfW
CB+A^75
2@na,{~
[<J\EN
=a0]f%
|1@E:E
]R}	s/
s&L*lz
93iEE#
?8N7miq
AdP(?3h6$+
aIXT~C
TQ ::q{
("hB+A^75
PW# W\-
m:1w(	
W5n)d,
%|8Y)X,"
b	3:=yM
$]	6!o
Gl,u6M
w'6SZH
Go?Z#e
.D#jy*
1-<|?M
jqX^:^
8Ngmiq
o!dB?:b*
%rVhh2
0S!IQ=R=
'liq/`x
Gr?i^EV
bI(K(B+A
?3DI<o
 O_2FO
8;SWpVtK-
L@U	Hf
HbV	;\$
<N14$f
?Xf=iv
+(wES*
2U%+(Bd
rkD_7*
+(wES*4
o4!9x{C
ob-9xO
ddd|||
xxxzzz
uuu~~~
sss}}}
rrr{{{
mmm}}}
mmmyyS
kkkrrr
hhhuuu
ddd|||
yyyccc
Biiihhh
ccc|||
sssddd
eeewwS
tttggg
iii|||
mmmxxx
nnnw\w
lll{{{
uuummm
kkkySy
vvvkkk~~~
vvvmmmuuu
|||tttqqqvvv
1wwlll
nnnbbb
aaaxxx
iiiggg
ddd~~~
qqqnnn
vvvkkk
mmmqqq
rrrhhh
qqqeee
dddkkk
uuuiij
#hhbbbss
|||iii
ccciiiK
___ooo
gggeee
vvv|||
Tlamelula
Command14
Command14
MSVBVM60.DLL
__vbaVarTstGt
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
_adj_fprem1
__vbaSetSystemError
_adj_fdiv_m32
__vbaCyErrVar
__vbaOnError
__vbaCyAdd
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaCyI4
DllFunctionCall
_adj_fpatan
__vbaRedim
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaVarDiv
__vbaFPException
__vbaI2Var
_CIlog
__vbaErrorOverflow
_adj_fdiv_m32i
_adj_fdivr_m32i
_adj_fdivr_m32
__vbaR8Var
_adj_fdiv_r
__vbaVarAdd
_CIatan
__vbaStrMove
__vbaI4Cy
_allmul
_CItan
_CIexp
__vbaFreeStr
|||iii
ccciiiK
___ooo
gggeee
vvv|||
1wwlll
nnnbbb
aaaxxx
iiiggg
ddd~~~
qqqnnn
vvvkkk
mmmqqq
rrrhhh
qqqeee
dddkkk
uuuiij
#hhbbbss
ddd|||
xxxzzz
uuu~~~
sss}}}
rrr{{{
mmm}}}
mmmyyS
kkkrrr
hhhuuu
ddd|||
yyyccc
Biiihhh
ccc|||
sssddd
eeewwS
tttggg
iii|||
mmmxxx
nnnw\w
lll{{{
uuummm
kkkySy
vvvkkk~~~
vvvmmmuuu
|||tttqqqvvv