Sample details: 747438b4310dcd375a313fb9f85367bf --

Hashes
MD5: 747438b4310dcd375a313fb9f85367bf
SHA1: 5644d853a253a3d0b63e2c1897d5b5c5922c87ad
SHA256: 08fc5c5be0901f89968927338b33da5edffc816b9d3bd85c44b1b4add8e4b0d6
SSDEEP: 6144:zYRzDFjLkaKE4rrtSYKzB4BpuuT+4wS96XIjIzg:MRzh0aKE4rrtSDz+puuT+A964
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Basic_v50v60 | YRP/Microsoft_Visual_Basic_v50 | YRP/Microsoft_Visual_Basic_v50_v60 | YRP/Microsoft_Visual_Basic_v50_additional | YRP/Microsoft_Visual_Basic_v50v60_additional | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/SEH__vba |
Source
http://b.reich.io/uztntl.exe
Strings
		!This program cannot be run in DOS mode.
`.data
MSVBVM60.DLL
Uncleave0
VB5!6&*
Gymnasiarchy5
Semifib7
Uncleave0
Ankylose
Geomyid
Uncleave0
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
user32
FindWindowA
PostMessageA
GetClassNameA
ShowWindow
comdlg32.dll
ChooseColorA
gdi32.dll
EnumFontFamiliesA
VBA6.DLL
__vbaErrorOverflow
__vbaHresultCheckObj
__vbaInStrB
__vbaLsetFixstrFree
__vbaStrCopy
__vbaNew2
__vbaVarSetObjAddref
__vbaVarTstNe
__vbaVarAdd
__vbaVarMove
__vbaFreeVar
__vbaStrVarMove
__vbaFreeVarList
__vbaVarDup
__vbaStrCat
__vbaFreeStr
__vbaStrToUnicode
__vbaSetSystemError
__vbaStrToAnsi
__vbaFreeStrList
__vbaStrMove
__vbaOnError
Ankylose
Unpardoning
/L9&	'`
9V-uc^
|Ys)tL
dL<1mZ
^&"77k
Dp^_}QK
@b(lem
 _9"TW<
%;W"?,f
"]jg5fC
nCLJrq
`%gVj1
WuXR_}#
*.9+`iH
$`dYX;
V:lU'+
*hlmT	
8jK|J{
%~ghTx
.\:_	/
Yc}jd4
]> <+,%OeT
Jw$WqW
_odmTT
SREW}#&rF
d~B0Cjv
_U,Dg{
OwERF+
rJw3JN_
/<elc^
 b.*+7{j
7	ij{oHi>
x'wMtv6
_U,yW{
X6Z/8!
~Z}#MC	#J2
gAC4Rp
|zxxsV
2z+S@5
*llmT1|
yn:F*YL
VZcY!	
(HA$td
PKw38/
|#%SU2
Q/.cxr
)/]:PcS
6RjrO[
P6EJw$
^mf4;(
+f(EoLH
Jw3JF_
@bFp~S
~ghT.'b.I
Sv@E-"
SRAW}#&
%^n_3!
X6J*97
"J*Myw
\D*P_}#
x=N$:.Q
af(EoL
r*RnZp
kVZfZp
Jw3JF_
|#%SU2
-Pgd'G
d~ghT7
'o!dmT
=@b?#rm
*gdmTTX
=#F4Kv{
VFAB/5
XgdzAN|Y
h^i!y}1
|#%SUH
Sn(Pu#1T
~gtCjn
Kv<	-"
knjB^p
J/L9s=
t;jaHW-K
"wh|b.
*/F=:;
MoL<!m'
A?iyLS
F/L9sE
9UkMW$
wi{UO3a/
dQde.@R)[
C>;,f088+]
C>;,f088+]
6DR&'L
I(MAU$
wv}*'E$	
`7[Zry
<QMY8!cxFU
lcH/,1
:f4Rb"
nBoLz2
mH7[ZJ
i=U(/]
>F$8DW
CT!Xnk#
t<[j~_
C%('s&ZN(1
ER{$p#
EE{-p#
R[ //.
8v(( 6
E7')`#
RR',|;
VR	JA.
#I.>$)
G*~~ln
rr'8z5
RR':z4
ACZjF8
FC[%`#
c.z^w{Xj
ib^ZXq
:)/IVu
y"92Z}
R2ZUR2ZUbe
u3R=c=G
5ad\t+
5ad\t+
sZ8:rU
sU;lsW
T9xrZ?
sU;GsT
L OGqU
>]SEPU
>]S	PU
$M9xsZ?4|U
9xsZ?,~U
sU;CsW
$MSzrU
>QS4RU
sU9xcZ>
sU9@q31
6i9xs!M
>MSZgU
sU;Gs]
oZ9Aq39
U9Aq3}
o[:{s!
sU9Aw5S
A	w_9Ar `
]CA=<<=>>B\^
B:658<AD^`bbaa`^DB?A
opqxyyqaD@=\
:aC;9?
yxpnba`bcpy
xbB<;C
}xoba_acpy}oC9;
xob__aoy}oA7>
}qc`_aoy}b;7\
4.-1Lfz
xc__bp
}qb_`cy}_7<
								
}n`_bx
										
											
												#N
qa^`x}\
												
qg^ayy=5
												
o__c}c
}b__p}>
p__a}a
n__cy>
q_^ayD
s"				
}a__q`
}a__p`
}a__p^
}a^_qD
ya^`q?
x`_aq9
}cabp:
ycabc8
(LJ&N~
}naaW>
W(+GR3"Gv
_}oaac@
|jUF)'Mu
yoaab?
{R4Oi~
xnab`<
ypcbb`>
}xpccngA5
A58Bny
yxpnnon`?5
B75<\nx
}yxWqqpq
<559?\ao
y_yyyxxqpn`\>7
579;<>==;96g
DB>9:86799;AC^
wwwlll
jjj|||
aaaxxx
iiiggg
ddd~~~
qqqnnn
vvvkkk
mmmqqq
rrrhhh
qqqeee
dddkkk
uuuiii)
hhbbbsss
|||iii
ccciii
___ooo
vvv|||
Unpardoning
MSVBVM60.DLL
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaOnError
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaLsetFixstrFree
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
__vbaVarTstNe
__vbaVarAdd
__vbaInStrB
__vbaStrToAnsi
__vbaVarDup
__vbaVarSetObjAddref
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeStr
|||iii
ccciii
___ooo
vvv|||
wwwlll
jjj|||
aaaxxx
iiiggg
ddd~~~
qqqnnn
vvvkkk
mmmqqq
rrrhhh
qqqeee
dddkkk
uuuiii)
hhbbbsss
]CA=<<=>>B\^
B:658<AD^`bbaa`^DB?A
opqxyyqaD@=\
:aC;9?
yxpnba`bcpy
xbB<;C
}xoba_acpy}oC9;
xob__aoy}oA7>
}qc`_aoy}b;7\
4.-1Lfz
xc__bp
}qb_`cy}_7<
								
}n`_bx
										
											
												#N
qa^`x}\
												
qg^ayy=5
												
o__c}c
}b__p}>
p__a}a
n__cy>
q_^ayD
s"				
}a__q`
}a__p`
}a__p^
}a^_qD
ya^`q?
x`_aq9
}cabp:
ycabc8
(LJ&N~
}naaW>
W(+GR3"Gv
_}oaac@
|jUF)'Mu
yoaab?
{R4Oi~
xnab`<
ypcbb`>
}xpccngA5
A58Bny
yxpnnon`?5
B75<\nx
}yxWqqpq
<559?\ao
y_yyyxxqpn`\>7
579;<>==;96g
DB>9:86799;AC^