Sample details: 7b3e50d141fe8fdd6b5d176c692efb59 --

Hashes
MD5: 7b3e50d141fe8fdd6b5d176c692efb59
SHA1: 110785cf94e1326487b7b6a593399ee03dc77bd1
SHA256: 793c476b81af35df17b42b740766d7af12ef6cf1aaa31caf8b37b45326b33d18
SSDEEP: 768:P7XINhXznVJ8CC1rBXdo0zekXUd3CdPJxB7mNmDZkUKMKZQbFTiKKAZTc:yhT8C+fuioHq1KEFoAm
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Basic_v50v60 | YRP/Microsoft_Visual_Basic_v50 | YRP/Microsoft_Visual_Basic_v50_v60 | YRP/Microsoft_Visual_Basic_v50_additional | YRP/Microsoft_Visual_Basic_v50v60_additional | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/Browsers | YRP/Sandboxie_Detection | YRP/Dropper_Strings | YRP/WMI_strings | YRP/Misc_Suspicious_Strings | YRP/SEH__vba | YRP/Big_Numbers1 | YRP/Str_Win32_Wininet_Library | YRP/Str_Win32_Internet_API | YRP/diamond_fox |
Source
http://hardcomng.com/doc/document.exe
http://hardcomng.com/doc/document.exe
Strings
		!This program cannot be run in DOS mode.
`.data
MSVBVM60.DLL
ance  
POS_TIME
RCount
LCount
INSTALL_B
UNISTALL_B
UPDATE_B
DW_EXEC
N_CONNECT
F_EXIST
S_EXEC
MY_PATH
FTPUPLOAD
A_ANUBIS
D_TASK
A_OLLY
A_SAND
DropBox
S_PROTECT
C_DATA
R_DATA
A_MALWR
A_NORMAN
A_WINE
A_FIREWALL
M_BYTES
D_PROTECT
G_BETWEEN
P_MAIL
P_HTTP
P_SCREEN
P_WALLET
P_SPAM
P_KEYLOGGER
P_DSPREAD
N_COMMANDS
PING_SITE
GR_COMMAND
LCount
C:\Program Files\Microsoft Visual Studio\VB98\VB6.OLB
POS_TIME
RCount
wininet.dll
DeleteUrlCacheEntryA
SHELL32
IsUserAnAdmin
KERNEL32
LoadLibraryA
FindExecutableA
ShellExecuteA
GetModuleFileNameA
GetStartupInfoW
CreateToolhelp32Snapshot
Process32First
Process32Next
CloseHandle
GetCurrentProcessId
NtUnmapViewOfSection
NtWriteVirtualMemory
NtSetContextThread
NtResumeThread
NtGetContextThread
NtAllocateVirtualMemory
CreateProcessW
VBA6.DLL
InternetCloseHandle
InternetOpenA
InternetOpenUrlA
InternetReadFile
MSVBVM60.DLL
MethCallEngine
EVENT_SINK_AddRef
DllFunctionCall
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ProcCallEngine
]niCCCCC_3
]{ggc)<<{rawp|~}t=p|~<wzr~|}w<_L3
]niCCCCC_%!3]_L%!3]niCCCCC_7
]VS_L7
]niCCCCC_.(
]vwfprgzev3_L.(
]niCCCCC_;
WZ"ST 
&U4_L;
]niCCCCC_6
"]#P"QWP"!V*'VQVW%$+U%%&"PPV V!UWV_L6
"]niCCCCC_"
]niCCCCC_"!
]S_L"!
]niCCCCC_"5.4]S_L"5.4]niCCCCC_"
]niCCCCC_,
]niCCCCC_!
]niCCCCC_.
]niCCCCC_-
]niCCCCC_4
]niCCCCC_4
]niCCCCC_1
]niCCCCC_7
]niCCCCC_"
]niCCCCC_60!]S_L60!]niCCCCC_'
]niCCCCC_*
]niCCCCC_*
]"33'"7"_L*
]niCCCCC_+(./]S_L+(./]niCCCCC_4/,$]S_L4/,$]niCCCCC_0%,/]R_L0%,/]niCCCCC_.&/7]R_L.&/7]niCCCCC_(
]niCCCCC_3
0]S_L3
0]niCCCCC_"
]niCCCCC_0
]ni_L