Sample details: 775fd2bc3cbfbfd99dc71581db139fa0 --

Hashes
MD5: 775fd2bc3cbfbfd99dc71581db139fa0
SHA1: 7d6033ee787e2af61306d9dfcaec1cb3ea62baa9
SHA256: 6f482ccba3e43f223f04c245c3294a3edcc2ae5d84ff6cbecb471171309e022f
SSDEEP: 3072:lAH7ug/uEQZc7L+MKjcz/XNLZVawqT/46cVLUR6HcFowe:6aJqFFVlqYq
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Basic_v50v60 | YRP/Microsoft_Visual_Basic_v50 | YRP/Microsoft_Visual_Basic_v50_v60 | YRP/Microsoft_Visual_Basic_v50_additional | YRP/Microsoft_Visual_Basic_v50v60_additional | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/SEH__vba | YRP/suspicious_packer_section |
Source
http://www.asiachern-tx.com/steep/00045653.exe
Strings
		!This program cannot be run in DOS mode.
`.data
MSVBVM60.DLL
Hereditative2
VB5!6&*
Dulseman
Hereditative2
Greenwich0
Hereditative2
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
Command4
VBA6.DLL
__vbaFreeObj
__vbaFreeStr
__vbaVarMove
__vbaHresultCheckObj
__vbaStrVarMove
snot.dll
__vbaVarDup
__vbaFreeVar
__vbaStrMove
Halted7
GdiFlush
GetWindowExtEx
ADVAPI32.DLL
AbortSystemShutdownA
psapi.dll
EnumPageFilesW
__vbaStrVarVal
__vbaLenBstrB
__vbaStrCopy
__vbaStrCmp
__vbaFreeVarList
__vbaI4Var
__vbaI2Var
__vbaR8IntI4
__vbaDateVar
__vbaErrorOverflow
__vbaLenVarB
__vbaVarTstGt
__vbaUbound
__vbaVarAdd
__vbaLateIdCallLd
__vbaObjSet
__vbaSetSystemError
__vbaFpI4
__vbaNew2
Greenwich0
Labyrinthine
 <hkmd
<hkc{1
<hkc{1
<hkc{1
<hkc{1
gxLo#{1
m+:AL _
z$8>=T
X_('le
>`D]}E
`C<]|t
<hkc{1
1_esE{
#*7m#8
:v0&>p'udv
p#Cx)'
FJ\518
#*7a&8
>`D]}Q
zL\/pT
z$8>=T
:^0*p0'
L [fsJ
:!T"`7
FB\=18
QB\yWV
#j7ghy
>`D]}Y
7H%4"K
k:*GIxS
Dr\	} 
?gk:*G
N2Cd _V,
%Vwj{v
~)'(C3
7D%4"K~
]rFC57
*nF0y<
/(_l"@]
	?)ga5
t?e9"9`
V<[]}Q}
u+"CL g
BL G%K
+ Dtsl
!Wr./h
*Gfc($73
+g8L"c{1
gxL!c{W
:v0*>0'
e8p=Tr
,0ResJ
i$8>eTZ%
`K<u|t
Fr\={8
wp/&  
Ka{1Tl
{V(<hk
=214}`
KJD]}A
}2m*7m
g8Ljc{1
#*7y$8
#*79$8
p#C~)'
DO<}|t8
2zgtl'
LU">0'
>`D]}]
i$^p}T.
rF8t~?
H(aYK3y
W@=64>
`K<u|t
>`D]}Q
:F0.>p'
%x}=|9
<<}Tj%
IPCK'/
[I@[bp
gxLcC{1
E"DD]}]$
gxLoX{1
#*7m 9
,e8>}TVk
#*7m%8
lycb`]
0}v1Rk
p#C:)'
gxLcK+p
7 .YEl
[IE_Zq
S*C>E6
gxLoc{1O
p#O~-'
g8LE1:1
LDf,Lg
gxLoC{1
gxLco{1
,rF9to
#i$8p}T:
p#c~)'
L WEsJ
tv,LOy
^DX[[b
>`D]}A
i$8>=T
z,$\k7
`/<U|c
"pp'rv
s}tT.t
<t#a3}
>9x]	8y
oa:`^?W=
Me%T;d
G62JL<
#wz)'`
YJ}:!T"
ic$8p=T
2rF9tEzD
oG&dN2 
gxLoc{1
("wThh
Dj\M1x
DOrE|~
#*7m&n
<Fjhk#
rFCKEBD
#j7i$8
 >32J-
ResJL|
#*7u$8
<<}Tn%
:F0&r0'
K~+(m|.
gxLgcz1
#+|)'`
 3fsJLL
cFr\=}8
#*7a%8
K~)e:F*A<
:n0&p '
$>}TV'
Fr\u{8
+k$8<}Tzk
Fz\518
h$8>uTV/^
gxL{b{1
M+Bv8M
#*79$8
!`1RDL
'5|.>}y
:N0.p8'
&<kp8'
gxL7c{1
,,SesJH<
0<}T~%
Fr\1{8
0#C~)'
D$8>%T
>`D]}}
92ym)_
TkCKEzD
l9hk8%nR
4~FK%wx*
f(^J[,
OM'9\6
#*7I$8
:F0&r0'
p#S~)'
p#S~)'
y$8>%T
:v06>0'
#*7m$:
#*7a$8
L [esJ
:F0&r0'
gxLc'{1
V'7}j#
 ResJ-
Mc$8\ 
>F0>pp'r
gxLgc{1
Z.k4gN
i$8>%T
,N0jA}
8v0>>0'
SesJLd
z4P`IF
ZATd7-
^D^[[N
~)'j])
;P$<}TJ'
Q0p}Tf
gxLocy1
DU"p '
=]dd6>dbo
$v/&l!
0_CKGzD
=k* F!
L WesI
`Tph'rM1
>^06>0'
p#C~)'
/_=}'I
<hkc{1
<hkc{1
v;?6-fWk
,k(a3 
{! bV9
c)kI$p
#:2JTO
$4{i>)*
<hkc{1
<hkc{1
!yWK[Z{
%CrR+(
Fap{2!
YPC,~X
\	13?w
'!7EVd
3S'*)Nu
_oqe{8
TFD,&{T
l)vKA.
PcU}~)'
}8;':eN2
#DB/Kqu
[Gfe{B
Dyc{LM
aj4E ?
<_*O3c
[>v6{B
FkW)bkT
[GfeA	
DUD~=)
:Y)ekm
	+kc{#
)$3Ryp>
UU1R2$
Jgn"~jT
_47V:.
7]nK=Z
[m:e09
%M(Xf2
Uw"PMK
HHsm[`
:`i@]x
p! eV)
f@pb:!
k32UVE
_s775.
<hkc{1
<hkc{1
<hkc{1
h$N\8p,G
<5k 	H
Qu2(HK
Rhktztw[
gsyh7(
Ohk]ybjF
<hkc{1
<hkc{1
*&uCQ(
*&uCQ(
ry!]vx
ryWMvx
ryWMbx
r#@ruy
r !U~x
ry+ rv,
x+ sv-
r#@2wy
S?}A/Uy
ry!]rx
ry!]fx
ry!]jx
ry!]nx
ry!]Rx
r8)!r{
ryAfry
r.)7rx
&1Avry
+ rv-}{y
S?}A^dy
ryo_rq
S?}AGdy
ryAkry
ryA|ry
WS7E+ rv,_sy
rykS7E+ r
rz7$wy
ryAnry
'')Ak|y
r/)6r{
ryAgry
ry!EVx
Labyrinthine
Command4
Command4
j<jJj$
MSVBVM60.DLL
__vbaVarTstGt
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
_adj_fprem1
__vbaSetSystemError
__vbaLenBstrB
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaObjSet
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
DllFunctionCall
_adj_fpatan
__vbaLateIdCallLd
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaUbound
__vbaStrVarVal
__vbaDateVar
__vbaI2Var
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
_adj_fdivr_m32
_adj_fdiv_r
__vbaI4Var
__vbaVarAdd
__vbaVarDup
__vbaFpI4
_CIatan
__vbaStrMove
__vbaR8IntI4
_allmul
__vbaLenVarB
_CItan
_CIexp
__vbaFreeStr
__vbaFreeObj