Sample details: 74c9e3bb80526ad20b62322f0408027a --

Hashes
MD5: 74c9e3bb80526ad20b62322f0408027a
SHA1: 99b4f463648c41e315f6c42ed5a11f4ed9181699
SHA256: 42ef9fafb4906251ed3600a9a072ac6fe534602f2f8c85458fdf74bf2c4642f5
SSDEEP: 6144:2s/trNfyBu4LrBxxCAb8I9JjPY71UahF68VA:2s/RNfyBu4LrXxCy8I9JjPYRUe68G
Details
File Type: PE32
Added: 2019-10-09 18:27:30
Yara Hits
YRP/Microsoft_Visual_Basic_v50v60 | YRP/Microsoft_Visual_Basic_v50 | YRP/Microsoft_Visual_Basic_v50_v60 | YRP/Microsoft_Visual_Basic_v50_additional | YRP/Microsoft_Visual_Basic_v50v60_additional | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/SEH__vba |
Source
http://193.26.217.230/win2.png
Strings
		!This program cannot be run in DOS mode.
`.data
user32.DLL
gdiplus.DLL
oleaut32.DLL
kernel32.DLL
NTDLL.DLL
MSVBVM60.DLL
CalendarDateSelector
;')x:O
Calendar
Multi Dates
FullDate
month1
September
BGSCalendar
September
LblDOW
MS Sans Serif
LblDOW
MS Sans Serif
LblDOW
MS Sans Serif
LblDOW
MS Sans Serif
LblDOW
MS Sans Serif
LblDOW
MS Sans Serif
LblDOW
MS Sans Serif
LblDOM
LblDOM
LblDOM
LblDOM
LblDOM
LblDOM
LblDOM
LblDOM
LblDOM
LblDOM
LblDOM
LblDOM
LblDOM
LblDOM
LblDOM
LblDOM
LblDOM
LblDOM
LblDOM
LblDOM
LblDOM
LblDOM
LblDOM
LblDOM
LblDOM
LblDOM
LblDOM
LblDOM
LblDOM
LblDOM
LblDOM
LblDOM
LblDOM
LblDOM
LblDOM
LblDOM
LblDOM
LblDOM
LblDOM
LblDOM
LblDOM
LblDOM
DOWBar
LblFiller
Calendar
Calendar
CalendarDateSelector
CalendarDateSelector
modMpicture2
kernel32
WideCharToMultiByte
BGSCalendar
oleaut32
SysAllocStringByteLen
SysStringLen
VBA6.DLL
__vbaI4Var
__vbaVarMove
__vbaErrorOverflow
__vbaUI1I4
__vbaGenerateBoundsError
__vbaFreeVarList
__vbaVarCat
__vbaObjSetAddref
__vbaI4ErrVar
__vbaFreeVar
__vbaFreeObj
__vbaHresultCheckObj
__vbaObjVar
__vbaNew2
;')xX{
month1
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
LblDOW
DOWBar
FullDate
LblDOM
LblFiller
GetResString
CalcShellParams
StartShellInit
XorBy64
__vbaExitProc
__vbaStrI2
__vbaOnError
__vbaVarSub
__vbaFPInt
__vbaFpR8
__vbaI2Str
__vbaStrCmp
gdiplus
GdipDisposeImage
__vbaAryUnlock
__vbaAryLock
__vbaStrCat
__vbaI4Str
VirtualAlloc
__vbaI2Var
__vbaVarDup
__vbaFreeStrList
__vbaStrVarVal
__vbaFpI2
__vbaFreeObjList
__vbaI2I4
__vbaObjSet
__vbaStrMove
__vbaUI1I2
__vbaUbound
__vbaLbound
__vbaLenBstr
__vbaStrCopy
__vbaAryDestruct
__vbaVar2Vec
__vbaAryMove
GetProcAddress
RtlMoveMemory
VirtualProtect
__vbaFreeStr
user32
LoadStringW
SysAllocStringLen
GetSystemDefaultLCID
GetModuleHandleW
NewAddr
pShellCode
ArrayCont
KeyTrace
j@h\<@
j@h\<@
j@h\<@
jthl<@
j@h\<@
jxhl<@
j|hl<@
j@h\<@
jlhl<@
j@h\<@
jlhl<@
j@h\<@
j@h\<@
j@h\<@
jdhl<@
j@h\<@
j@h\<@
j@h\<@
jthl<@
j@h\<@
j|hl<@
j@h\<@
jlhl<@
j@h\<@
jlhl<@
j@h\<@
j@h\<@
jxhl<@
j@h\<@
j@h\<@
jphl<@
jdhl<@
jthl<@
jphl<@
jph|<@
j@h\<@
jPhl<@
j@h\<@
jdhl<@
j@h\<@
j`hl<@
j@h\<@
jdhl<@
j@h\<@
jdhl<@
j@h\<@
jPhl<@
j@h\<@
jPhl<@
j@h\<@
jPhl<@
j@h\<@
j@h\<@
jPhl<@
L$(_][
T$(_]3
j@h\<@
jdhl<@
j@h\<@
jPhl<@
j@h\<@
jdhl<@
j@h\<@
jdhl<@
j@h\<@
jTh|<@
j@h\<@
jThl<@
j@h\<@
j@h\<@
j@h\<@
jThl<@
gdiplus.DLL
oleaut32.DLL
MSVBVM60.DLL
user32.DLL
kernel32.DLL
LoadStringW
GdipDisposeImage
SysAllocStringLen
SysAllocStringByteLen
SysStringLen
GetProcAddress
VirtualAlloc
VirtualProtect
RtlMoveMemory
WideCharToMultiByte
GetSystemDefaultLCID
GetModuleHandleW
__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaAryMove
__vbaFreeVar
__vbaLenBstr
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
__vbaExitProc
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaFpR8
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
__vbaI2I4
__vbaObjVar
__vbaLbound
_adj_fpatan
EVENT_SINK_Release
__vbaUI1I2
_CIsqrt
EVENT_SINK_QueryInterface
__vbaUI1I4
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaI2Str
__vbaFPException
__vbaUbound
__vbaStrVarVal
__vbaVarCat
__vbaI2Var
_CIlog
__vbaErrorOverflow
__vbaVar2Vec
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
__vbaI4Var
__vbaAryLock
__vbaVarDup
__vbaFpI2
_CIatan
__vbaStrMove
_allmul
_CItan
__vbaAryUnlock
__vbaFPInt
_CIexp
__vbaFreeStr
__vbaFreeObj
__vbaI4ErrVar
bcw!sd
.-Srwk
>rd|<+2
xqJVp$
I{/Z"D
|V~HM5
513hrJFfl\O
+qPR1 
Uo=c`s
:YOA.cK
b!98d>
1YviBB
V|>RwG-
4r[w6O
j3F[s/
6Qrq&'
^^2mx8|
q_E0\0
cSqX+~
wI(S}a!NC
%Dd).P
B*B`bi
;G$Vpj
ZMu=)+
8XQp)w
$yGVk,]
*QILW%
+Qd`.X
lA.W4"
zN0@$fw.
IVfgI/J`
Y.$A ?
g/3$c\N~
VFe2p7
W2_/M2~E
@3 1|@
#P[Cx<
$UYr*L
H2^<_2
~X{Npo
iq{-U=
?VyN-<
OU-C,{N
2Sj,ym
&=~Z&(;
[^vbg4+C
tg06FZFU
Fdi]m[?
<Xf\,q
RnY^e3
"{oA $.
*loK[%
n1\U=%
RYBn`g
!iizRR
JA<aod
B,<FK m
ac%3.f7
'9VZ`p
$-KbY@9
C>La&$a
g"Su6T
VZE7mMr
c@}9Ro
0	SLva.!
8h>:LVK
Q4?8&@jTh W
(?rb!-
=D}r$eS6
P1EN@Q)
>Otw<a
{=P3(F
8`:@oa
lTuTQV
t5UjvT1m
z%F+"'%GR
&J[\fF[-:U
G1XcZ"
 dMQt%p
d,9mk,
1mOwT:
'W"PD,
5(-9SD
 vqk~`
T0eaZx'v
R:jNJ,K
C@<I	o;
/MXd9~
 :g`J2
euX,h]2j
7{_\D*
Ew\_Cq
xUOVP3d
xGv9J^]
N+wBSf
	id*i}h`X|w
F[%BR:
$B	&+/
\6?{MRNk
JEWQIRi
qz}y\1h
o([ip9-f3F
35#p7d
CAP3e`4%9{
X:=AjM
v4%^CF
yOMFt}t
;O*ZbKj
hAIQ^*
/-kqmAi
]Oajo7
2y"1OzA
l~1} EbmC
CkKT"{?6
!pu#{Oq
%!0;gt
{}V4N4
u6%4+X
(WhIi=
'.}Cv^
Q9?67pA
AD>)|bpg9
.,pK61
Tt%nO 
?@S>Zo
klydj}2J
|tWrW\
`4$BV@
#()?S^
lWNIV[
2Va$=:
N[Xl?aqc
",Js*F
.0A)}X
N%f=2}
&8QuW^I
gDng=Bbd
R&lJ91
vm5xZk
H$t.KN4
Iuees&
ZhW$/p
zVsaw(
jDDyFsL
&c xq}
UP"9[9
q\C.wb
>EW%SJ
IVr%^z0
1Is&j>
dOv.bk
"v)#w?
?f/99Fk
Fb;$fY
.:)<Yt
?k^,[)
p	WO,eUY
tP_.?%
1y2F5-@
Vo194u*
AVK"Bp
X{|4_NC
|N3sV@Rl/
UdP$?U
7OWM8R
En}QE5
t=5$hm
?f4K80
LUK#ha
1;%R&N
9[&zNh
I# =47P
lJ:}@v
=]Fs= G
FcW]1"	
 zdu^y,!
fNC<Bf
"dG%'6
q\TchI9#
+]0cPqq
tze=6c
D~6fj^
6<A-] 
VOkE\~
?7EDbt,P: dH
A 	Xs?|
"nyUm~
Ax/d$D
5?P$4:S
\BUFZI8
sb`z3,
L$6kqb
+k`Lr7
R8V3QF
$Pj{'d
eiqna!
O>0rYFf
T#|008
 3[zg-C
kgZr1M
Y'*4Wt+L
Pf{O~3
`,L3oK2t
 };	~oD
<k_ux~4
VC{a{{
(v}&$q8A=l
aH&W	l
pcx71&
Ed:E|U
)k(kOP~
bYlViW
`K:oe4
8+t4Jpi
)B[rBF
!;}6{&
%l:o?]
'Ui47[J
Ktvd+'
wW}|&9
&L%E%Qw
?zM	}|
-svu-|WM
bs_:j;
?)-8OjI
"-?'H&
LE`Y[/Skq	&
%Ya<X{
QM$+HT
Xiz {6
FYr_(e!
nSN){L
UB+u+'
Wg__!=
	f=F8{s
g`$xJf3
`Vl|a@
\'J	"-
w':4ry
e'lbqX
o+G/}v
E-XCSjS
sb|'#Cr
j~o`A(7y
;/a+6i
w{~8S3
2q-4	)T
EXDTMBeZf
S!>D_"
X	"s|w0N
LlDGQt
~c9[p	
(leX$ew
oT(=rf
>9wfPr{2
Y^|e&d
hn'T`E
V+'bZA}
PbBk1!>
^Avq3Z
l&SI}#ez
'!Sd94GdaU
L?xu^`
va@Nja
`# /{(T
7%8XCA-
}Dg;'o
9`"GIy3b
N9Qt]:
WCfqSx
!`&cO7x
6[bhm'
VM8"{?
[qbSH W7
.c~e&6
>FXvPm
dab-z@V
6ao\;i
.93@Yv
TBZ*VU
v9J'?C
^#@TT$
KnXunl9
Br@8|Xk
o[Sq>#
t|Q_6A
:!#H*\x>
WbKU<_
V:7lxA
*h$~)H
YSzl/vG
wZ"I'#
o&q5ZT
5tnLe2
i&bJ[L
[OL{ wUT
O(	KD	.
Ph>+/L
),q47U
KkJ48i
l&'M#6
]3v]6r
@t""AB
0UGWN<;
h@Q^ v
:c9|+c
K;f\;?Gm
(L|`7b?
{^NwT8
r]xk9d
Ge1WW(
uP\/1A
]C>c/L
4 U3TF
u C}9HD
.'/pO4
uE-_~J
F;s#GZ
_v%I6F
M-5(!Y[`
l4E1=t
teNUPVfb
2R#!sh
+]p{mj
C@vZqg
V	Oo(X!
raum_C5
cCr6:Cv
eBMP.q
K_:LC1
9	12]6
F5%O4x
6+	@%_
2%n:!I
Fkq0$c
PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD