Sample details: 7d5f39496cfd51e7f2b6beeb0c17e735 --

Hashes
MD5: 7d5f39496cfd51e7f2b6beeb0c17e735
SHA1: 0b530dc3673dd5b10890decd8baf00d0e5bb96e1
SHA256: 7a3cc93a1d2d58308a3bc3dc42d3bcdba1c42daf9467181caabef1e23c551ffc
SSDEEP: 6144:UrpOpxJVVuEdEA0lW1CmFXf+5/gCziU/gdVwRO4:UOV8EdEA0lW1f+5/XziR
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Basic_v50v60 | YRP/Microsoft_Visual_Basic_v50 | YRP/Microsoft_Visual_Basic_v50_v60 | YRP/Microsoft_Visual_Basic_v50_additional | YRP/Microsoft_Visual_Basic_v50v60_additional | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/domain | YRP/url | YRP/contentis_base64 | YRP/Dropper_Strings | YRP/SEH__vba | YRP/escalate_priv | YRP/win_registry | YRP/win_token |
Parent Files
714a658c266c2a4e644e42d4a983a500
Strings
		!This program cannot be run in DOS mode.
`.data
MSVBVM60.DLL
rRs1hRs
PsbrRs
sPsEtPs?
Os&HPs
NsObOs
Bsl`Rs*
Qs&nPsI
nRssnPs*aQs
Ps2vRs`vRs$FPs
Nsj|Ps
PsfLPs
PsDROsk
Ns];Os'
jPsEjPsZ]Os
Psz_Os
PsE`Os
5Bsq`OstLPs%
BsYuRspuRs
lPstjPs
Ps^iPsD
PsfzPs
`Os0jPs
333333
tVer=0Setup1
rVisual Basic 6.0 Setup Toolkit
_'L?R.K@
frmSetup1
wwpwwp
@wwwwwwxwpw
wwwwww
wwwwwwwp
wwxpww
Times New RomanI
lblModify
To add, delete, or change the files installed by this program, modify your SETUP.LST file.  To customize the installation process, you can modify the Form_Load procedure of SETUP1.FRM.
MS Sans Serif
lblDDE
This label is used for DDE connection to the Program Manager
MS Sans Serif
setup1
Visual Basic 6.0 Setup Toolkit
Setup1
~C28+e
Setup1
frmSetup1
basSetup1
basCommon
basSetupRes
basLogging
frmBegin
frmWelcome
frmPath
frmMessage
frmDskSpace
frmCopy
frmRemoteServerDetails
frmGroup
modShell
frmOverwrite
frmStrongVault
frmOther
frmAOL
frmBabylon
Option2
_'L?R.K@
C:\Program Files\Microsoft Visual Studio\VB98\VB6.OLB
lblModify
lblDDE
vb6stkit.dll
DLLSelfRegister
RegisterTLB
fCreateShellLink
kernel32
GetLocaleInfoA
TranslateCharsetInfo
RtlMoveMemory
WaitForSingleObject
user32
WaitForInputIdle
GetPrivateProfileSectionA
CreateProcessA
GetDiskFreeSpaceA
GetFullPathNameA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetVersionExA
GetWindowsDirectoryA
GetSystemDirectoryA
GetDriveTypeA
GetTempPathA
SendMessageA
GetUserDefaultLCID
Command1
version.dll
VerInstallFileA
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
GetShortPathNameA
ExitWindowsEx
shell32.dll
ShellExecuteA
OpenProcess
GetExitCodeProcess
AddFontResourceA
LocalFileTimeToFileTime
CreateFileA
SetFileTime
CloseHandle
Image1
SystemTimeToFileTime
oleaut32.dll
VariantChangeTypeEx
VariantTimeToSystemTime
advapi32
RegCloseKey
RegCreateKeyA
RegDeleteKeyA
RegEnumKeyA
RegOpenKeyA
RegQueryValueExA
RegSetValueExA
lstrcpyn
GetCurrentProcessId
ExitProcess
Check2
ExtractFileFromCab
advapi32.dll
LookupPrivilegeValueA
GetCurrentProcess
AdjustTokenPrivileges
OpenProcessToken
mf&1S^
Check3
Label4
Label5
Label1
Label3
Check5
Label2
Label12
Label11
Label10
Label8
Label9
Label6
Label7
Check1
Option1
~C28+e
@Image2
AbortAction
AddActionNote
CommitAction
fWithinAction
LogError
LogNote
LogWarning
NewAction
EnableLogging
DisableLogging
imgWelcome
lstGroups
cmdCancel
txtGroup
Frame1
dir95Groups
lblGroup
lblGroups
lblMain
cmdContinue
GroupName
lblCopy
picStatus
cmdExit
lblDestFile
lblMsg
imgMsg
lblDestDir
cmdInstall
fraDir
cmdChDir
lblBegin
lblInstallMsg
*lblWelcome
lblRunning
VBA6.DLL
__vbaLateMemCall
__vbaObjVar
__vbaVarDiv
__vbaVarSub
__vbaVarAdd
__vbaVarTstGt
__vbaVarLateMemCallLd
__vbaVarMul
__vbaR4Var
__vbaLateMemCallLd
__vbaVarLateMemSt
__vbaAryDestruct
__vbaExitProc
lblDiskH
lblAvailH
__vbaResume
__vbaNew2
__vbaStrCmp
__vbaStrToUnicode
lblDisk
cmdChgDrv
__vbaSetSystemError
__vbaStrToAnsi
__vbaVarZero
__vbaDerefAry1
__vbaVarCopy
__vbaI2I4
__vbaErase
__vbaRedim
__vbaStrCat
__vbaStrCopy
__vbaFreeStrList
__vbaInStr
__vbaFreeVarList
__vbaStrVarMove
__vbaFreeVar
__vbaFreeObjList
__vbaLateIdCallLd
__vbaObjSet
__vbaI2Var
__vbaLateIdSt
__vbaObjSetAddref
__vbaNew
__vbaFreeObj
__vbaCastObj
__vbaOnError
__vbaErrorOverflow
__vbaPrintObj
__vbaI2Str
__vbaFreeStr
k__vbaStrMove
__vbaLenBstr
__vbaHresultCheckObj
__vbaFpI2
lblNeedH
lblReqH
lblNoSpace
lblReq
lblAvail
lblNeed
shell32
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetDesktopFolder
SHGetMalloc
lblRemoteServerDetails
lblNetworkAddress
lblNetworkProtocol
cboNetworkProtocol
txtNetworkAddress
lblServerName
rpcrt4.dll
RpcNetworkIsProtseqValidA
GetServerDetails
lblDrives
lblDirs
lblPrompt
lblPath
txtPath
dirDirs
drvDrives
__vbaGenerateBoundsError
__vbaNextEachCollVar
__vbaForEachCollVar
__vbaBoolStr
__vbaMidStmtBstr
__vbaR8IntI2
__vbaLenVarB
__vbaI4Var
__vbaStrI4
__vbaFpCmpCy
__vbaCyI4
__vbaCyI2
__vbaCyAdd
__vbaCyMulI2
__vbaVarTstEq
__vbaFileCloseAll
__vbaStrVarVal
__vbaDateVar
__vbaAryUnlock
__vbaAryLock
__vbaUbound
__vbaBoolVar
__vbaNameFile
__vbaFileClose
__vbaFileOpen
__vbaVarMove
__vbaCopyBytes
__vbaFpI4
__vbaRedimPreserve
__vbaStrI2
__vbaRecDestruct
__vbaStrVarCopy
__vbaVarCat
__vbaInStrVar
__vbaVarOr
__vbaBoolVarNull
__vbaVarDup
__vbaR8Str
__vbaPowerR8
__vbaNextEachCollObj
__vbaLateMemStAd
__vbaForEachCollObj
__vbaPrintFile
__vbaVarAnd
__vbaLineInputStr
__vbaRecUniToAnsi
__vbaVarVargNofree
__vbaLbound
__vbaRecAnsiToUni
__vbaFpR8
__vbaLateMemSt
lblVersion
lblTopInfo
cmdYes
cmdNoAll
lblFileName
lblDescription
FileName
Description
Version
ReturnVal
__vbaUI1I4
frmOverwrite
frmOverwrite
cmdNoAll
cmdNoAll
cmdYes
cmdYes
lblVersion
lblVersion
lblDescription
lblDescription
lblFileName
lblFileName
lblCopy
lblCopy
lblTopInfo
lblTopInfo
frmOther
DefaultTab Setup
Check1
By clicking "Next", I agree to the
Command1
MS Sans Serif
Check5
By clicking "Next", I agree to the
Label10
Terms of Service,
MS Sans Serif
Label9
Terms of Service
MS Sans Serif
Label8
Label7
Privacy Policy
MS Sans Serif
Label6
and consent to install InfoAtoms. InfoAtoms can be uninstalled through Add/Remove Programs.
Label4
and consent to install DefaultTab.
Label3
Privacy Policy
MS Sans Serif
Label2
Label1
End User License Agreement
MS Sans Serif
Label5
Decline
MS Sans Serif
frmCopy
wwpwwp
@wwwwwwxwpw
wwwwww
wwwwwwwp
wwxpww
MS Sans SerifD
picStatus
MS Sans Serif
cmdExit
MS Sans Serif'
lblDestFile
MS Sans Serif
lblCopy
MS Sans Serif
frmGroup
wwpwwp
@wwwwwwxwpw
wwwwww
wwwwwwwp
wwxpww
dir95Groups
Frame1
cmdCancel
cmdContinue
lstGroups
lstGroups
txtGroup
lblDDE
lblGroups
lblGroup
lblMain
frmRemoteServerDetails
wwpwwp
@wwwwwwxwpw
wwwwww
wwwwwwwp
wwxpww
cmdCancel
cboNetworkProtocol
txtNetworkAddress
Frame1
lblServerName
MS Sans Serif
lblNetworkProtocol
lblNetworkAddress
lblRemoteServerDetails
MS Sans Serif
frmPath
wwpwwp
@wwwwwwxwpw
wwwwww
wwwwwwwp
wwxpww
MS Sans SerifD
cmdCancel
MS Sans Serif'
MS Sans Serif'
drvDrives
MS Sans Serif
dirDirs
MS Sans Serif
txtPath
MS Sans Serif
lblDrives
MS Sans Serif
lblDirs
MS Sans Serif
lblPath
MS Sans Serif
lblPrompt
MS Sans Serif
frmDskSpace
wwpwwp
@wwwwwwxwpw
wwwwww
wwwwwwwp
wwxpww
MS Sans SerifD
cmdChgDrv
MS Sans Serif'
cmdInstall
MS Sans Serif'
cmdExit
MS Sans Serif'
lblNoSpace
MS Sans Serif
shpHeading
lblReqH
MS Sans Serif
lblNeedH
MS Sans Serif
lblAvailH
MS Sans Serif
lblDiskH
MS Sans Serif
shpSpace
lblReq
MS Sans Serif
lblNeed
MS Sans Serif
lblAvail
MS Sans Serif
lblDisk
MS Sans Serif
frmMessage
wwpwwp
@wwwwwwxwpw
wwwwww
wwwwwwwp
wwxpww
MS Sans SerifD
imgMsg
wwpwwp
@wwwwwwxwpw
wwwwww
wwwwwwwp
wwxpww
lblMsg
frmWelcome
wwpwwp
@wwwwwwxwpw
wwwwww
wwwwwwwp
wwxpww
MS Sans SerifD
cmdExit
MS Sans Serif'
MS Sans Serif'
imgWelcome
wwpwwp
@wwwwwwxwpw
wwwwww
wwwwwwwp
wwxpww
lblWelcome
MS Sans Serif
lblRunning
MS Sans Serif
shpWelcome
frmBegin
wwpwwp
@wwwwwwxwpw
wwwwww
wwwwwwwp
wwxpww
MS Sans SerifD
cmdInstall
wwwwwwp
wwwwwwwww
wwwwwwwww
wwwwww
wwwwww
wwwwwwwwww
wwwwwwwwww
wwwwwwwwwwww
fraDir
MS Sans Serif
cmdChDir
MS Sans Serif'
lblDestDir
MS Sans Serif
cmdExit
MS Sans Serif'
linTopOfExitButtonIfNoDestDir
lblInstallMsg
MS Sans Serif
lblBegin
MS Sans Serif
Iminent Setup
Option2
Custom
Option1
Express - (recommended)
Check5
Download and install the Iminent Toolbar
Command1
MS Sans Serif
Check3
Make and keep Iminent StartWeb your default homepage
Check2
Make and keep Iminent StartWeb your browser
s default search provider
Label10
some elements of incompatible software, notifying me of upcoming content and updating my search settings. Provided by SIEN.
Label9
consent to Iminent disabling
Label8
Privacy Policies
MS Sans Serif
Label7
Label6
MS Sans Serif
Label4
By installing Iminent, you agree to the
Label2
Learn More
MS Sans Serif
Label3
Choose your installation option:
Label5
Decline
MS Sans Serif
Image1
LEAD Technologies Inc. V1.01
 $.' "+"
(6(+/1343
&8<82<.231
!11111111111111111111111111111111111111111111111111
%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz
&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz
Jk7@`r
9>"x9zj
Label3
Download tons of fun smiles, animations and games for social networks and IM. Get weekly new content thanks to advertising on the pages you browse.
Label1
Iminent
MS Sans Serif
frmStrongVault
StrongVault Setup
Strongvault by Stronghold, LLC
Free Online Back-up for your Computer
Simple. Safe. Secure.
Strongvault will easily retrieve and restore stolen, lost or damaged content from your PC once a replacement device is ready.
 Allows you to set your preferred backup frequency
 Works seamlessly to backup the contents of your PC
 Uses a three-tiered security system to provide complete data security and privacy protection
 Allows you to backup 5 PC5 under I account
This software will launch after installation. This software can be removed at any time via the Add/Remove Programs Utility. Strongvault is a free application with a 500MB storage limit and is supported by advertising within the application. There is an option to upgrade to the full version for $5.99/month. After installation, you will be required to register and will need to provide a valid e-mail address. Credit Card info is required for upgrades.
Command1
MS Sans Serif
Check5
By clicking "Next", I agree to the
Label4
and consent to install StrongVault.
Label3
Privacy Policy
MS Sans Serif
Label2
Label1
End User License Agreement
MS Sans Serif
Label5
Decline
MS Sans Serif
Image1
~C28+el
frmBabylon
Yontoo Setup
Command1
MS Sans Serif
Label9
MS Sans Serif
Label8
Yontoo features include advertisements and are not affiliated with any underlying sites. Browser settings may be adjusted after installing. Uninstall Yontoo using Add/Remove Programs.
Image2
LEAD Technologies Inc. V1.01
 $.' "+"
(6(+/1343
&8<82<.231
!11111111111111111111111111111111111111111111111111
%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz
&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz
!	gVGm
#xsLko
M#Y"3	
Label7
FreeTwitTube is a feature of Yontoo, a browser add-on that enhances sites with various features. Along with FreeTwitTube, Buzzdock and other features may be auto-enabled in the future.
Label6
This safe, secure && free app allows you to interact with the videos you watch without ever leaving YouTube. Once downloaded, you will see FTT's easy-to-use add-on under the video player whenever on YouTube. The add-on lets you not only see tweets, but also reply && retweet whenever you choose. FTT combines the power of Twitter && YouTube to give you a richer video experience.
Label4
Privacy Policy
MS Sans Serif
Label3
Terms of Service.
MS Sans Serif
Label1
By clicking "Next", I AGREE to the Yontoo
MS Sans Serif
Image1
LEAD Technologies Inc. V1.01
 $.' "+"
(6(+/1343
&8<82<.231
!11111111111111111111111111111111111111111111111111
%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz
&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz
K_CXPf
mFjq,k
5'c,]gJ%_
!a*slaj?
PXziu)}+
Vra)Fu,
UrCi$j
$y"q>4
E6EYE+
kYUrVf1
/m X:7
rnV %a
r)X}F%
0iXvBO*C
A*);7g
RC$v1Y
a1i#r0Y
Label5
Decline
MS Sans Serif
Label2
YouTube Videos && Tweets at the same time with FreeTwitTube (TM)
MS Sans Serif
frmAOL
WhiteSmoke (TM) Setup
Check1
I allow my current homepage and default search settings to be stored for easy reverting later.
Option2
Custom installation (advanced)
Option1
Full Installation (Recommended)
Check5
Install the WhiteSmoke community toolbar and search protect by Conduit. Send me useful info from the Toolbar and apps (can be disabled later).
Command1
MS Sans Serif
Check3
Set the WhiteSmoke customized web search as my default search. Enable Search Protect to notify me of changes.
Check2
Set my home page to WhiteSmoke customized web search page. Enable Search Protect to notify me of changes.
Label12
for details.
Label11
content policy
MS Sans Serif
Label10
use your personal data, such browsing info. See also the app's
Label9
This community toolbar may contain apps that access, collect, and
Label8
Privacy Policy.
MS Sans Serif
Label7
Label6
End User License Agreement
MS Sans Serif
Label4
By Choosing the Toolbar, Search and/or any accompanying features, you agree to our
Label3
Install the WhiteSmoke community toolbar and search protect by Conduit. Set the WhiteSmoke customized web search as my default search, change my home page and notify me of changes. Send me info from Toolbar and apps (can be disabled later).
Label2
Learn More
MS Sans Serif
Label1
As part of the installation, you can also get the official WhiteSmoke Community Toolbar for Windows
, Internet Explorer
, Firefox
 and Chrome (TM) and search protect by Conduit.
Label5
Decline
MS Sans Serif
Image1
LEAD Technologies Inc. V1.01
 $.' "+"
(6(+/1343
&8<82<.231
!11111111111111111111111111111111111111111111111111
%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz
&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz
(Be}[Z
pXZKuu 
Qqn/tLZ
YR3#m@
 !;w,?*
AXn<qyw
M5-V)J.
jL^k6u
kW@ad1
fEpG=0
awi$3Cfn
NmL HLE
Rk[[o;
kJu%J\
t`r\d.G
->;o87
F9FNr=
gooouu
U(X+u<
K{}ql7
-ln4)4
iw-ZkvWh^
Ep%8U#
ogie2+;
<+3Gwz
Vm-!Ea
Visual Basic 6.0 Setup Toolkit
strDefGroup
fStart
strRegFile
strNetworkAddress
strNetworkProtocol
} jTh<
f9]$t}
SVWjEY3
j PjXV
PVVj j
f9_6t:h
f9s8u	
C8t>f;
f9s6t/f9s8u)
f9s4uO
f9s6unf9s8uh
uYf9^6uS
uef9^4ub
CFf95H
MSVBVM60.DLL
__vbaVarTstGt
__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaVarVargNofree
__vbaFreeVar
__vbaLineInputStr
__vbaLenBstr
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaRecAnsiToUni
__vbaCopyBytes
__vbaResume
__vbaStrCat
__vbaRecDestruct
__vbaSetSystemError
__vbaNameFile
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
__vbaLateMemSt
__vbaForEachCollObj
__vbaBoolStr
__vbaExitProc
__vbaFileCloseAll
__vbaCyAdd
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaBoolVar
__vbaForEachCollVar
__vbaFpR8
__vbaBoolVarNull
_CIsin
__vbaErase
__vbaLateMemStAd
__vbaNextEachCollObj
__vbaVarZero
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaCyI2
__vbaStrCmp
__vbaVarTstEq
__vbaCyI4
__vbaNextEachCollVar
__vbaPrintObj
__vbaI2I4
__vbaObjVar
DllFunctionCall
__vbaVarOr
__vbaVarLateMemSt
__vbaLbound
__vbaRedimPreserve
_adj_fpatan
__vbaR4Var
__vbaLateIdCallLd
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaUI1I4
__vbaFpCmpCy
__vbaVarMul
__vbaExceptHandler
__vbaPrintFile
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaI2Str
__vbaVarDiv
__vbaFPException
__vbaInStrVar
__vbaUbound
__vbaStrVarVal
__vbaVarCat
__vbaDateVar
__vbaI2Var
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaR8Str
__vbaInStr
__vbaNew2
__vbaCyMulI2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
__vbaDerefAry1
_adj_fdivr_m32
__vbaPowerR8
_adj_fdiv_r
__vbaI4Var
__vbaAryLock
__vbaVarAdd
__vbaLateMemCall
__vbaVarDup
__vbaStrToAnsi
__vbaFpI2
__vbaFpI4
__vbaVarCopy
__vbaVarLateMemCallLd
__vbaR8IntI2
__vbaLateMemCallLd
_CIatan
__vbaStrMove
__vbaCastObj
__vbaStrVarCopy
_allmul
__vbaLenVarB
__vbaLateIdSt
_CItan
__vbaAryUnlock
_CIexp
__vbaMidStmtBstr
__vbaFreeStr
__vbaFreeObj
wwxpww
wwpwwp
@wwwwwwxwpw
wwwwww
wwwwwwwp