Sample details: 7b19b2b8aed0285eb2b2c5cb81313569 --

Hashes
MD5: 7b19b2b8aed0285eb2b2c5cb81313569
SHA1: e0a536ed1b6c6f202412079e1213305543b533a3
SHA256: e54bbabcaed8ace734f53234a44ad1e697e9cd2252255b59906fc5e3322c1be6
SSDEEP: 3072:/lh+mENvtRR3FmHmpF+CklMnQIKAWNBlm/XBq6ciFCdaNdVOvs:9h+NNFRRCmpF+CklMYuFciFC+Ok
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Basic_v50 | YRP/Microsoft_Visual_Basic_v50_v60 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasOverlay | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/SEH__vba | YRP/Big_Numbers0 |
Source
http://94.130.104.170/WORM_VOBFUS.SMA3
Strings
		!This program cannot be run in DOS mode.
`.data
MSVBVM60.DLL
dicyclist
Metenitrieniline prosperovo
vbkTitle
VB5!6&*
nomanerete
dyogndmcob
dicyclist
suprarataanalasm
vbkTitle
unelective
dicyclist
OpenIcon
SetTextJustification
SetCaretBlinkTime
GetPixelFormat
GetActiveWindow
user32
DdeUninitialize
SetWindowsHookExA
SetMapperFlags
VBA6.DLL
C:\Windows\system32\msvbvm60.dll\3
UserControl
C:\Program Files\Microsoft Visual Studio\VB98\VB6.OLB
SendMessageA
ReleaseCapture
Picture
FC:\Windows\system32\stdole2.tlb
stdole
dsgfdfhgcgfbnvnvbn
BackColor
ForeColor
Enabled
BackStyle
BorderStyle
Refresh
ObjHWND
DblClick
KeyDown
KeyPress
MouseDown
MouseMove
MouseUp
MSVBVM60.DLL
dyogndmcob
Qc8nQb
+*-&f/
30ZGAq
x"L]9b
:%Y.Ru
vbkTitle
Metenitrieniline prosperovo
New_Picture
Returns/sets a graphic to be displayed in a control.
New_BackColor
Returns/sets the background color used to display text and graphics in an object.
New_ForeColor
Returns/sets the foreground color used to display text and graphics in an object.
New_Enabled
Returns/sets a value that determines whether an object can respond to user-generated events.
New_Font
Returns a Font object.
New_BackStyle
Indicates whether a Label or the background of a Shape is transparent or opaque.
New_BorderStyle
Returns/sets the border style for an object.
Forces a complete repaint of a object.
New_ObjHWND
KeyCode
KeyAscii
Button
MSVBVM60.DLL
MethCallEngine
EVENT_SINK_AddRef
DllFunctionCall
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ProcCallEngine
-,))%#!"
----,,)%##"
-.$*2=<;6543
#..$7?SSRQQPP
0GG@OUVVVVVVVP
-EE0OUVVVVVVVP
/FF@OUVVVVVVVQ
8HHANUVVVVVVVQ
8KKCNUVVVVVVVR
ALLCNUVVVVVVVS
BMMDNUVVVVVVVS
'BB+7ITTTTTTT>
(( 1:IJJJJJ?9
FFF*&&
BQ,,,+)+$$!!  
Adspppppppppppppppppps(
BPG,,,,'''###"  
HeeeeKY\}}}|zzwwvv]]]4
BQ++J%Z^
DSn..nQ~
6CPc--cR
6CRf//fR
7CRoOOoS
8CUqTTqU
:CVrWWrV
:CVtjjtV
<Agummug
LlxxlL\`
DMNNMEX[a
$LL*++''''##
$P(&&&"!"!!  
n~nn~nnnnnn~nnnnnnnnnnnnnn
nnnnnnnnnnnnnnnnnnnnnnnnnn
Koo___^^^^^VVVUTTTNKKJJIJIIEI
NttttttrRbe
F\)),)(P$ai
G\~.....~Y
5GOm%%%%%nO
7HZp-0-/-pZ
7GZp00000qZ
8H]qXXXXXq]
S{|||||{Sdk
JWbbbbbWSch
fffffeA%
fffffffffeA%
UeVUeffffffffeA
wwwwwwwwA'
wwwwwwwwwwwwwwA
-------------------------------------------
<G=D=<<=812=8<8=DEEeDE
<:<<<=<===eeEeeexhehhhhiei||
=2<:<====ee=eeeeihyexehuh|~
8122288<=EEehhhhhuuhyyyyy
6/<679;;;;==deexjjjxxyyy
./63335559AGGFeehffhjuy{
444>??A@@Baaagttmrvw
(()+++
SccoooQQ
 MMMMO##%TbbZZZKP
IO#OOOOOYYYo
IHR\W,NXKIJ[
!LRW`kn
!L]qns
"CCC,,V]pnp
$*Cllknp]
*CnkU\W\
*CUS*WW
_________________________
^^^^^^^^^^^^^^^^^^^^^^^^^
;"/"/"/"////00/"/"""/"/"/""/"/""""7
|QQNJJNJNJHHHDEJD**''%%%##
ttruvx
pqppqqf
T_`	>``aaaa
=UpprsoA
X___mfBBAc\^apU
kfU^`?
N'#22({
''552+
no^[mZS
jPh@q@
MSVBVM60.DLL
__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaHresultCheck
__vbaStrI4
__vbaVarVargNofree
__vbaFreeVar
__vbaAryMove
__vbaLateIdCall
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
__vbaEnd
__vbaPut3
_adj_fdiv_m64
__vbaPut4
__vbaFreeObjList
_adj_fprem1
__vbaResume
__vbaCopyBytes
__vbaStrCat
__vbaError
__vbaLsetFixstr
__vbaSetSystemError
__vbaRecDestruct
__vbaNameFile
__vbaHresultCheckObj
__vbaLenBstrB
__vbaLenVar
_adj_fdiv_m32
__vbaAryVar
__vbaAryDestruct
__vbaVarXor
__vbaVarIndexLoadRefLock
__vbaExitProc
__vbaVarForInit
__vbaVarPow
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarIndexLoad
__vbaFpR4
__vbaStrFixstr
__vbaBoolVarNull
__vbaFpR8
_CIsin
__vbaErase
__vbaVargVarMove
__vbaVarZero
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
__vbaGet3
__vbaAryConstruct2
__vbaVarTstEq
__vbaPutOwner3
__vbaI2I4
DllFunctionCall
__vbaVarOr
__vbaCastObjVar
__vbaRedimPreserve
_adj_fpatan
__vbaR4Var
__vbaLateIdCallLd
__vbaRedim
EVENT_SINK_Release
__vbaUI1I2
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaVarMul
__vbaFpCmpCy
__vbaExceptHandler
__vbaStrToUnicode
__vbaPrintFile
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaInStrVar
__vbaStrVarVal
__vbaUbound
__vbaVarCat
__vbaGetOwner4
__vbaI2Var
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaInStr
__vbaVar2Vec
__vbaNew2
__vbaVarInt
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
__vbaDerefAry1
_adj_fdivr_m32
_adj_fdiv_r
__vbaVarTstNe
__vbaI4Var
__vbaVarAdd
__vbaAryLock
__vbaStrComp
__vbaStrToAnsi
__vbaVarDup
__vbaFpI2
__vbaVarMod
__vbaVarLateMemCallLd
__vbaVarCopy
__vbaFpI4
__vbaLateMemCallLd
_CIatan
__vbaCastObj
__vbaStrMove
__vbaAryCopy
__vbaStrVarCopy
_allmul
__vbaLateIdSt
_CItan
__vbaUI1Var
__vbaAryUnlock
__vbaVarForNext
_CIexp
__vbaFreeStr
__vbaFreeObj
__vbaI4ErrVar
67<-,)22222222222222222227<<<7
ko__h`XZYYYZYZYYZYZYYZYYk
k]__`_]XYZYZYYZYZYYZXYZksrssro
2OTXX]]]52222222222222;><><>B3
YZXV_`ii]hYZYZYYZYZXYo_i
VbVROT]__XYYYZYZYYZYk\_``i]bZ[
2222GT]_iX322222@@2;XXTX[XRA22
bbbbb[_ikikXYZYORVXr___XXSRJRZ
bYbYhRT]_i_khXRRX]__u`]TOGJJJY
44242GOX]`]<2OGOXX]]7<RJA@@@22
bYbhYdX_ii
rkXXX][_rrkYYYKJZYV	
dhbbbbb\[`irosi__irrkZYZX\XY\h
4445552OXii`imi`_]X52222222222
bdhbbbRV]eoooii_]XSGYZYZXYZYXY
hqbdbhVV]ooooo`\XRJJKYXYXY[Yhb	
:666665R]iorrmi]VRJJJ222222222
dddbbhdreosusooiXRJRbhYZYZYYbh
ttbtbtr
oomrOA@AYhYdZVYhYd
66:6:BP``CQ^UBC[OA?AA222222222
mjkiss
i\VRKKhbdYZYhbb
ooojjhhs
oi[XRRYYhYhVYhd
6:CDCii`i\\WCQPi_XRGA222222222
nie\ZW\`s
smhYRhbhbbbbd\b
i_\Z\Z_es
k\bdVbXVZYhbV
PCPCCC:ZXVSSW\PQPCXS5552222224
qtbZ\ZZZdsmimm\V\Vbbdddbd
rtqttbZ\Zht`mmloi\SbdVbbhVb
DPC=\[9::::::WW_imm`XRG442424*
teeedbttdth\\_ilmii\S\bVbYY1
teeeeb\bttbtb\\\`ol`\jbbb\VM0
=:Z\Z`\Z:::::::VW\ijZG82442+ 
tteegggee`\tbtbZ\hkjM/
tttqqqqqtrtqthtpjjqgN'
tttttttttrrrrppjjkqrN(
tttttttttttqpppjkjtbM.
ttttttttttrqqpppjfjbb%j
tttttttcgrqdYdffaZdtb$
tM"cttL
YttMHMdaNFYhb%
tIaaEd1tb.
tL"\ttL"YttM
HDBB?==<<<<;;
srZ8Vo
nhW3Wjrrtm_9_
Yid63bpkkjfZ8eo
PTi46pihgfp
dqruum_Ul
TiTdcY9
2gppqqq
C4Tiip
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%&&&&
dZXdX,.
/9WYW_WWW_a
XY``ZdZddZ`be__b
9011;`Zbe
4-0488]__bbbeppppq
'+--444:::<[\^^^^aaarrst
(((()*
237777777TUcnnno|}~
"""OOOOPSSSRRRgivvvVJJVEEAA
??CCCGGGGGCBGhhuHI=II@DL
 BFFFFLLLLuuwx
>CKljHy
>BFjkkkm
BClkmmjm
66$##CKlxmx
!Qkjjl
$fmxmx
NNNNNNNNNNNNNNNNNNNN
NNNNMMMMMMMMMMMMMMMMMMMMM
`usSUy
NF=ILymY
MNGCCB]Q_o
JKLHC655
 (8<?IEB6322
(--7@@B32&&
'--79:62&&&
('--?@43&&&
'(-7?I63*&*
'(<-8E@6***
#(-88??43*7
 (f9<?E:4+8
#('/<IE:77
#(/-<KIE;>
$f)80AJJD
!#a//0
C:\Users\UserXP\Desktop\duskingtide.pdb