Sample details: 7cfc6c7e531a5a96f05a192d056bf87c --

Hashes
MD5: 7cfc6c7e531a5a96f05a192d056bf87c
SHA1: fcd911a678dc1b6a2fd0558729868f6ebf83fd4b
SHA256: 183e21cb0aceb87f0721202e9f9b7ef44bfe666db5955909e2d61cbcef843e68
SSDEEP: 6144:wi9OvjHf683jfDJjzraN+60Ttrz3bkH0:wi9OjCCaN+6WvQU
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Basic_v50v60 | YRP/Microsoft_Visual_Basic_v50 | YRP/Microsoft_Visual_Basic_v50_v60 | YRP/Microsoft_Visual_Basic_v50_additional | YRP/Microsoft_Visual_Basic_v50v60_additional | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/SEH__vba | YRP/suspicious_packer_section |
Source
http://b.reich.io/vschzv.scr
http://b.reich.io/vschzv.scr
Strings
		!This program cannot be run in DOS mode.
`.data
MSVBVM60.DLL
Beili7
VB5!6&*
Ruttier
Grogs4
Beili7
Xpress
Beili7
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
Command13
antipasch2.dll
Cassabully
kernel32
EnumResourceTypesW
winmm8.dll
waveInStop
ADVAPI16.DLL
UnlockServiceDatabase
auxGetVolume
VBA6.DLL
__vbaI4Var
__vbaFpI4
__vbaVarDiv
__vbaVarTstGt
__vbaVarAdd
__vbaSetSystemError
__vbaOnError
__vbaGenerateBoundsError
__vbaCyI4
__vbaCyAdd
__vbaI4Cy
__vbaVarMove
__vbaVarDup
__vbaStrVarMove
__vbaFreeStr
__vbaFreeVar
__vbaStrMove
__vbaStrCopy
__vbaFreeVarList
__vbaR8Var
Sprunger6
0<u!LrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrLrJr
xdg_x.
(dg_H/
8dg_x.
8d-_x.
f5DNo@
Q	7ucx
e 4_3F
e 4?x}
FB:-R:t
 YIR5h
haKGOJV
zo_<[|
oe~J49we
#,Qe @
,{JG=L
8dg_xq
T!8dgb|/
> {FPjSU8
R![HL:`X
PboFLI
FeSssi
p@3u6H
f5DNoX
0D`5J]U&
Y5]NHDg
aOH7D]
aHhO6S
rcoF>y
*NNH\p
 YI;>h
%mkxA_
];nbRq
-AQ4cDW
e;QeH6
hTcoFL
	FO6{S
B$ dK@e
&{9)X5
K]oOF$Z
=9QeHJ
F^U&b?
FPbSVK
g4Yu^~*
\Lp77y.
f*oNH\p
tfe6|L
 YIysh
jFfJ/,
'{96L"'
VL?hgU
-AQ@0DW
x96L"b
XmBGO6NTh
qMHt{9
'{96H5
fe6|L6NPh
m^x.c5
",JG9L
qZ\(s9
tfe6|L
XyBGO6NPh
^.-a4\\
CD%JbCh
NYi#TQ
)a7Jm?s
	HGOJF
X5KGO!v&
;Th6>.
]oOF$b
[APboF
'3f5DY
T)ae:O6
I7bfJ/;q
_Do#,3
Q	7ucx
VL?hgM
SmV<3^
CDI0>1Xn}zpVV%
ZVieP+,
n4YOO6;(
yjeqZb
S![LLNH\p
R}30x&
R![DL:
IFPnSa
{</j [
IFPfS8
	t46sF
[g+?FeJ
-0JGO6
]'At_N
`S<GU-K@}
IszH~=f
	*%e ?t:
:(NAPi
YOO6Q\
,5mO"j
VL?hgU
qZjet1
Yh^L?"
%.FJ1.
6e ?tAr
Q	7ucx
zeJfK@e
g_xFRE
&.D;[{
#	7eP/,
Q	;ucx
'{. v5
XyBGO6NTh
	7eP7,
,tDvg_s
-/AhJ*.F>y
f5TYdvg4
%m:}A_
5n*.F>y
+3(R;w
>,]FPfD
{O6NTh
Y5NZ^<
nn.-a4sp
7.iJ/,F
0)[V$O+
g4l+k1q
j74mub?
[Qj/7E
@$LbgF
/4MUV7
NE)rIN5h
/OX$xY
;,FSID
d?qI["q!
xb*(8@
TP8yWM
21XN}mjzA_
jLF]U&
u/h+P<
8dg_x.
8dg_x.
8dg_x.
ad~oeK
8dg_x.
52cVZp
	8xFj]
TmVJgC
]%	;1@b[
8dg_x]cJ
ag5b<#
8dg_x.
mn#b)/
&JnIJ9
E8`O_v
8Kg(xY
7_$`n[
URi@hJj
etqb<)
!0b:Jv
ms$Bff
8dg_x.
8dg_x.
<ef_|.
9dc[y/
BoVA,h
8le_x.
8t'_X.
:lg[z.++
<d'Ox>
baZAvZz
3<TlI2u2px
d  04mg-
8dp^?K
8dg_x.
8dg_x.
8dg_x.
0<u!0<u!1Ge*
8dg_x.
fWewRf
<$n4<$n4<$n4<$n4<$n4<$n4<$n4<$n4<$n4<$n4<$n4<$n4<$n4<$n4<$n4<$n4<$n4<$n4<$n4<$n4<$n4<$n4<$n4<$n4<$n4<$n4<$n4<$n4<$n4<$n4<$n4<$n4<$n4<$n4<$n4<$n4<$n4<$n4<$n4<$n4<$n4<$n4<$n4<$n4<$n4<$n4<$n4<$n4<$n4<$n4<$n4<$n4<$n4<$n4<$n4<$n4<$n4<$n4<$n4<$n4<$n4<$n4<$n4<$n4<$n4<$n4<$
7N09!]
|,=!k1
&w'k19
3+a;3+a;3+a;3+a;3+a;3+a;3+a;3+a;3+a;3+a;3+a;3+a;3+a;3+a;3+a;3+a;3+a;3+a;3+a;3+a;3+a;3+a;3+a;3+a;3+a;3+a;3+a;3+a;3+a;3+a;3+a;3+a;3+a;3+a;3+a;3+a;3+a;3+a;3+a;3+a;3+a;3+a;3+a;3+a;3+a;3+a;3+a;3+a;3+a;3+a;3+a;3+a;3+a;3+a;3+a;3+a;3+a;3+a;3+a;3+a;3+a;3+a;3+a;3+a;3+a;3+a;3+a;3+a;3+a;3
.Ba19W
|H5!k'
tl&|tl&|tl&|tl&|tl&|tl&|tl&|tl&|tl&|tl&|tl&|tl&|tl&|tl&|tl&|tl&|tl&|tl&|tl&|tl&|tl&|tl&|tl&|tl&|tl&|tl&|tl&|tl&|tl&|tl&|tl&|tl&|tl&|tl&|tl&|tl&|tl&|tl&|tl&|tl&|tl&|tl&|tl&|tl&|tl&|tl&|tl&|tl&|tl&|tl&|tl&|tl&|tl&|tl&|tl&|tl&|tl&|tl&|tl&|tl&|tl&|tl&|tl&|tl&|tl&|tl&|tl&|tl&|tl&|tl&|tl&|tl&|tl&|tl&|tl&|tl&|tl&|tl&|tl&|tl&|tl&|tl&|tl&|t
,k1Eah
d|6ld|6ld|6ld|6ld|6ld|6ld|6ld|6ld|6ld|6ld|6ld|6ld|6ld|6ld|6ld|6ld|6ld|6ld|6ld|6ld|6ld|6ld|6ld|6ld|6ld|6ld|6ld|6ld|6ld|6ld|6ld|6ld|6ld|6ld|6ld|6ld|6ld|6ld|6ld|6ld|6ld|6ld|6ld|6ld|6ld|6ld|6ld|6ld|6ld|6ld|6ld|6ld|6ld|6ld|6ld|6ld|6ld|6ld|6ld|6ld|6ld|6ld|6ld|6ld|6ld|6ld|6ld|6ld|6ld|6ld|6ld|6ld|6ld|6ld|6ld|6ld|6ld|6ld|6ld|6ld|6ld|6ld|6ld|6ld|6ld|6ld|6ld|6ld|6ld|6ld|6ld|6l
 k1MY 
%=w-%=w-%=w-%=w-%=w-%=w-%=w-%=w-%=w-%=w-%=w-%=w-%=w-%=w-%=w-%=w-%=w-%=w-%=w-%=w-%=w-%=w-%=w-%=w-%=w-%=w-%=w-%=w-%=w-%=w-%=w-%=w-%=w-%=w-%=w-%=w-%=w-%=w-%=w-%=w-%=w-%=w-%=w-%=w-%=w-%=w-%=w-%=w-%=w-%=w-%=w-%=w-%=w-%=w-%=w-%=w-%=w-%=w-%=w-%=w-%=w-%=w-%=w-%=w-%=w-%=w-%=w-%=w-%=w-%=w-%=w-%=w-%=w-%=w-%=w-%=w-%=w-%=w-%=w-%=w-%=w-%=w-%=w-%=w-%=w-%=w-%=w-%=w-%=w-%=w-%=
'!kG8_R
'V k1G4
j08 j08 j08 j08 j08 j08 j08 j08 j08 j08 j08 j08 j08 j08 j08 j08 j08 j08 j08 j08 j08 j08 j08 j08 j08 j08 j08 j08 j08 j08 j08 j08 j08 j08 j08 j08 j08 j08 j08 j08 j08 j08 j08 j08 j08 j08 j08 j08 j08 j08 j08 j08 j08 j08 j08 j08 j08 j08 j08 j08 j08 j08 j08 j08 j08 j08 j08 j08 j08 j08 j08 j08 j08 j08 j08 j08 j08 j08 j08 j08 j08 j08 j08 j08 j08 j08 j08 j08 j08 j08 j08 j08 j08 j08 
,v~f,v~f,v~f,v~f,v~f,v~f,v~f,v~f,v~f,v~f,v~f,v~f,v~f,v~f,v~f,v~f,v~f,v~f,v~f,v~f,v~f,v~f,v~f,v~f,v~f,v~f,v~f,v~f,v~f,v~f,v~f,v~f,v~f,v~f,v~f,v~f,v~f,v~f,v~f,v~f,v~f,v~f,v~f,v~f,v~f,v~f,v~f,v~f,v~f,v~f,v~f,v~f,v~f,v~f,v~f,v~f,v~f,v~f,v~f,v~f,v~f,v~f,v~f,v~f,v~f,v~f,v~f,v~f,v~f,v~f,v~f,v~f,v~f,v~f|
Sprunger6
Command13
Command13
MSVBVM60.DLL
__vbaVarTstGt
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
_adj_fprem1
__vbaSetSystemError
_adj_fdiv_m32
__vbaCyAdd
__vbaOnError
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaCyI4
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaVarDiv
__vbaFPException
_CIlog
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
_adj_fdivr_m32
__vbaR8Var
_adj_fdiv_r
__vbaI4Var
__vbaVarAdd
__vbaVarDup
__vbaFpI4
_CIatan
__vbaStrMove
__vbaI4Cy
_allmul
_CItan
_CIexp
__vbaFreeStr