Sample details: 81d6e902713d19e6a020de496a32f8f9 --

Hashes
MD5: 81d6e902713d19e6a020de496a32f8f9
SHA1: 9cbeaa4ee273efe6765b75e47ba1acc9595655f3
SHA256: 58e3b0ca2bfb71c1aa79085f966ef0f7bd9723b34da4e4482d078122d0d570dc
SSDEEP: 6144:ggfmMOSI+lx7lrBtr5ih20An/nHos1Fd4JbbNs4P4hXrSG6qnG:ggfmMMK7lvw20An/HjBMbbOfZSB3
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Basic_v50v60 | YRP/Microsoft_Visual_Basic_v50 | YRP/Microsoft_Visual_Basic_v50_v60 | YRP/Microsoft_Visual_Basic_v50_additional | YRP/Microsoft_Visual_Basic_v50v60_additional | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasOverlay | YRP/HasDigitalSignature | YRP/HasRichSignature | YRP/domain | YRP/url | YRP/contentis_base64 | YRP/SEH__vba |
Source
http://cryptovoip.in/trhdf/DDF_output22229B0.exe
http://cryptovoip.in/trhdf/DDF_output22229B0.exe
Strings
          	            !This program cannot be run in DOS mode.
`.data
MSVBVM60.DLL
vb4projectVb
Edmondo
Paranucleus
Paranucleus
Frullato
Bionico
Blooddrop3
Kinyaanga1
Unattainment2
Ungroundably
Morvin
Hiddenness
Cubiform
Shuwaykh3
VB5!6&*
zbatter
Monostich7
vb4projectVb
vb4projectVb
Edmondo
Undispensing8
Preinfer7
Anarthria0
Hiddenness
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
Ungroundably
Kinyaanga1
Blooddrop3
Frullato
msvbvm60
GetMem4
Powrprof
GetPwrCapabilities
mcminnville.dll
Truecolor1
Earthkin8
Ndombe
Albaicin
Magari5
Silimo
Graphotypic
Serpentize1
Stillatory3
Grooveless3
Pavonia2
Formylation
Kwarafe
Antaiva
Burnies
Progenerate7
Astakiwi
Albedo
Skepticism6
Cornballs
Disown3
Tickeater8
Quadrivalve0
Acrider7
Soothes
Tulisan1
Zorites
Jezira1
Misrealize0
Poundmeal3
Adamantly
Celesta1
Nonrevival
Mesocoele1
Enterorrhea7
Axumite
Feasted
USER32
EnumDesktopsA
advapi32.dll
LookupAccountNameA
VBA6.DLL
Preinfer7
Classifier
Classifier
Anarthria0
Cercariform
Cercariform
Undispensing8
Legaspi1
@evXvn1n
|k(Qw~
^^:i2Ui
d|Ws_]
;@'M1q|W
vZqUSa
~OJcI 
'Dk 6x
l]V2w~
wFJeXG
kv|"R}:
51:CqC'
,4kTVd
&iUL'G
;^^ryA
5 ud.M
*$U=;jt
5(td.*
	b~C-|fI
u./4m)G
p'YCt^
bFg_[$U
d+.&>B
pyYR6(.
JbKdO5{
h]<+dP
e=yJwXGr
ApE+,\k)
JFKjGCK
PUw=Hz
x#4Gsr
P#@$\(
i?=zv.
I=~pAk
ZOv$-V
(Wx@5s
To6wo*>
"*`!uX
1;fII6?
@+Gye[
:}34e6
{#WqS<z
Z<v)68
Ecm! ZF
z$@A,T
'Gk 6x
cG*.&>
k$K,v.n
iKn*>S
Q'.Y);t4Ds
VhM_~Z
u@733}~
whPKXQ5
D4(hPJ
F"DBnE
02dN'U
>+d3Qz
*=jKoawn
K&\_Qg
c\6sK*7
k<Ck-\[
h}_>+WGjj
|*k|rtf&p
F;Hg 6
zCIbKANEW
.(]jM$
mB%@!D
i>+d8w
Q<@KRGCK
k-\SsD
)>_LGv&
=,Z~Zd
]9;j6B
Xh>\L%
(3W>}(
7RKXQ5
c*>|Y 
G%6|	q
^{-&>LY1
]FjM^_
S,/TjUV
}T6EeT
O?I_	E
A~E#-m
t/Wc87
6%`Z=zv
Yq#Ley
M<vAZG
)&>HPga>
Qw~Earf]
AsW+BrK
8[:zvE
k\zA=Q
!J-	bz
?e!Fdz
`C Mr(
{M,	t4/
dhAb5HBs
,:6yp+
lFu 'y
d->O] 
XJ,LUw< z
+yu\q_(py]4z
L`_sw 8
3PyHn[
@qd.^UP
m|VbM$
93=F?i
N-}M"Q
k=-k-\[
P	Y~Z:zv
UM~,wZ/
4dhoim
\Jb8>O
EOV@M\~Z
\!nSXY
unYj8t4D
" "*`!
&8_Vs48
,&>8^s
lbPWg$
fN)h9k~
wgIA	T
Ix'yP5
AeM()QG
}MH')C
~t4D6(
;j&-r`C
*Fp:Q39i
WWgPo$
V~>+dQ
HQq!x|
=A:m`x
/m.orE
%e2+dS
}>>A%l
E~a>wZ
R<h25MN
t]_Yw~.
lUxXKLO
Ry	PPg
R#dvt(
j:Q>f"
j-\S_S%
xRjiZz"*
}oxf^~
n*Ap`cV
k\P#~,
KbGAKa
1S&&y`
P"a,d(O
t3DN!o
/Y.~^f2&nL
>	HSeH
	(FcfU
	\f~vkm
c?#.&>
-"Bq|Z
lm>Pg^
M)<H5)lz
|EjPg}
|=mPgk
|YaPg7
|a`Pgw
|acPgt
|ubPgr
l ~v@D
l>	QwV
ls	Qwv
0;~vPD
>AV7B_
}ZNhA4r
&vnM8Z@
!jC15P
+.&>N-	t48
's.@J~S
R:W-lk
P/p|& O
fO{q<bF
|M~Pg2
+.&>O-	t
+.&>i-	t
+.&>O-	t
+.&>O-	t
+.&>O-	t
	}v+Hr,:
	Qw~? 
_FE'gt2
nB	Lz9@Fa
J/?E@Y
 lv/_Q}K:
^G-4:Aa2
SD&Gs5
B|LK9UFq
\Q/$8kc2
#w5:nc
qxY0{q<
IUGk5^J/
Sqrb4o
SK ,7Gl*
\O/(8Cc.
P## 4[n>
|5	Qwp
	Qw~-"
>r"`FN
	QsUc	g
(j^EfQ
JQ?TDnc
$o[F'Z
).)><N
e>-D2!
[~Z:yF
p!JGhc
PWc#9 O~	
:3w$}=r
x	Q}Vc!
<e>!r"t
{5<Qwz
g?+nf$O
	QwVr!
8]#Zp|
 IxNgD
N~'Gn^
TJ	QqV
jS\LI3!_
T,	QqT
|2	Qw3
v|`/T O{M
|}	Qw-
>m"	^f
Nj^EcQ
*-LH$Mhp
 OyNbD
 OyNBD
3],W_N
Th	QqT
asc.&?
	Q}VJ!
e: r8`j-X
>TcgzO
z O{pfF
PQe#Q O~N
{eRf&>
r(=~5rj-]
4]#Zp|
[O;I/5
 KncmO
5^.f1N
9581]#Zp|
/CyVT!
	Q}FH#
isf.&?
!Ou	^E
>{"=u3l<
	UtV+!
>{"=u3R<
 I}	TE
|/	Qf|
~kDS`g
CzBJRD
|	+1-s1
0B}nIV
"[GB82
lX,B]D
:>#em/
tu%I:f
C!I:8%
 Ove7Dm
|}<Qw~
R>gcO O
|MSQw~
Vn*]$2HQ
;j|fk	sv
 Oif.:
6Uq}!=r
;j|f[	
j/\M6HQ
j.\u)HQ
UL._>5x
.O;p~	
%O#ewA
OLgqC`
3OkfCD
X).&?$
	h}xEi8;
	}vxAu*#
kj,mo3+
kvxVn1:
Pp['Pl:	
TDr)tN{~
X`w6<D
:cR"`b
lF/GY'
(sQ	JN
6IZ-H?
*3v/qS
DCc0Bv*y
7fz 0Xj
XzNqmi}
]vrALT2
]vW20b
Xkj1U}8
W\*2N&#
Xd@K}V*
fQ66/bN
(_QNsX
4uKPHh
0Eu^78
V3|Mcs
&>B; l59
]vjIgC<
+VV4U&_m
]vJ5CC'(
]v$M6r&y
1:.x'&.'
TF.x'&.	
1d.x'&.
C:b)vY3(
1:.x'&.!
&ai2=P8(
27e-Or.
&tF7wI
Pm!2QN.
WB&5=U.
^v4U(k4
dG02o0
?Ig,~s
$Pz0<?;
MY7oCh
.5Z!Np
+MP/[P
+svLm*0;
%c@*o.1
1:.x'&.
%274Pu)	
C:b0<]
5K&'AZbN
5?"35s
C:b/gB
.5a\E&bN
!:.x'&.=
C:b@Ja::
?2p7c&bN
&VA+2]
LF0vDn
/cV)c&bN
7L{\<h
W}W*s&bN
(7e=|+f
YCW3AZbN
`J\OR3&
j&+WLh
WLF:Bn
(Py<]Wnx
C:b;ch48
*Px7E&bN
!:.x'&.=
	TxIPoh=
0K@Lc&bN
!:.x'&.
C:b,el
8ij/p|bN
)nv*g-gv
UZ2~/(
C:bNGol
:.x'&.
%iy3J\4
C:bMqm+
"Hd"pZ
Dh+	J+
-VY.]r
F%/tY>#
T7,=Oo%
C:bHTV<
C:b/wa<"
aF!SlbN
Si\OIBbN
/IJLFD8
T5b!qwk&
!:.x'&.;
PfK=Q)
C:b(cS
C:b6^M
^K-U&bN
1:.x'&.z
42b(=]
2D}0p~>
C:b3kb
a_@utbN
?f>NJbN
WC#'|pgN
!dv73Z
)`i6~o
)s](s_3>
`+	 *+
X}$7eV,=
F+=4O>>
XNv5|S
4wDx'&.
3hA5eU
*?.x'&.(
*~v!6Q
0Uy7Wa
C:bMi\
1:.x'&.?
C:b@`#.
D1t!g&_m
KF:s&_m
YQC>cb
WJ#-4&_m
]v&;[~,~
8Pa2GJ
>@=f~7
	> 5jm84
R?_Kc&_m
2hw"im*
5U~I]in&
+j+'0Q4;
!v`6cs
j%:RL.<
YQc33K	
7NI7<}i
)4P9IAh9
]vQO\L
>i99&_m
,UWLhY3(
]v#	HM
Rlc<]&_m
3O"Ht+/7
#W%=P*
J^A0R-j
4k 'r)
Dpv>1hbN
5?\@ s
?I@(JW
0X%/JO
0S%32-
94X(@I
SF"/Cr2
TwV>U&bN
`$.	@/1v
tv3ab_
cw'Qu7/
bg'St-%
m4(YW|
 N}tu)
 k,NPSNq
 h,NPWZ
Q)!V65oN
q~;$!:
2u.t"I
2iD	o[
#33/1w
/NRZMS
(MP{UT
 j0NRZNV
kTzoX^
_Y738ag
aJ{gHW
ggA8Mz
@"p5sn
LNk+\3n
>QF3,J
l_<<e~
C7~t1[
o@8o=[
QtlOQXg
 g(J =
J_+:^Z
zd Z`RF%v
ff<40p
Qd7fNL
y20Kz@L
%zYArG
vR/n=T
ZTp$i,Q
E?Cz&T|
qT`M	/Zd[%
\0,#a"c
|Ysx~M
MQWGC'
4j\26u
U=]!}z
t||(>;'
J9ByGc
7LPb,)
1HIqm,
k)]	5?
*VPZO2
K$fA;r
W(&(~6
ofB`#h{
mra*pU
Lrb898
7.p `{
Cj"u)j
KW#X3\
/_fMo]
oTA,Xe8
HyVWo@
w[*>K*b
I=!$]~
>/r	XU
+0^Xa`
qVaf^Y
Y@_Z"S
$mCr;%
hAs>64
:$b:G'
FtDAMyD;
78mVu	}
xDa*Y	
lXL5;C
`N|@SV|
?-b@h+
}`JE%P
9K=%2sPmf
3TBsN;%
&`t=(H
6KCS.G:
V-/]*O
JNk?*"
N1Yc2K	
$;X*Ie
<TSwb?
t`*|KN
DGToDr
LcWVmn
FzC|,.
qrV&K+g8
^g5f*g
342-0YFv
U 'QR0
MFq_r~
%D">9:6
?AE[?R
0F?6YA
ps-fJJ?
+[>1`FZ
>Ck__rD
JL']!{
Ge5\V;Fgrs
Orb"l$w
x@}:Ms
0VAP#	
_7cpfF
RD|^+u~x
=0GX o|:nn1
w.v/g`
%D0r8:
  	9,CH
_3v!OK
D'ZX}? 
E]Gd6ZV
UZcWr%}-
4q$ULj2
y!UPn	
id:K0	Y
X;6z2V6
ajlBk9SV
EYHBo: 
	VDAy$
>y`{Ga
I2%p6a
r.zb<s
yCgcB@
>ky6@x
c#k>g	k
az$j{"K
C.C~f"
YrWNh3
j{c4R+?P
4@HxfM
"%LF/}
G'u4ia
`EouE]N
)?qI?j
$K9FHZ+
83z_$4 
	V~Z+l
i5\8[6
"=8E1Z
M(A+T5
_!]kHP[
_[;TtC
?~&$T]
0c3d#"Y#m
#c<Ea\L
8jE{'	
eIDC]<
FA.&Dj2
1xHLEHB
T5\1<!5
Vq4YE8
TY<Jb E
oQ ImY[[U,
;M~XkzFL
/of@bb}
P&l9j&l9jlp
?SP}:\Vr?S
#S~O\W4
RP}>\V
zo:=?S
?SP}>'
?S:'?S
?S,2SR
zhKP}?\V
?S:L>S
?SRF;Q
r[:r+S
?9,zjk
?SP}/\Wg
?S:;?S
zoP}?\W
B_RB?W
b_RF?V
?S:>?S
?PLy:S
?\Vo?S
?5P{?'
4\<Dn\
KS:A?S
Legaspi1
MSVBVM60.DLL
MethCallEngine
EVENT_SINK_AddRef
DllFunctionCall
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
 IDATx
0!#>K'
Western Cape1
Durbanville1
Thawte1
Thawte Certification1
Thawte Timestamping CA0
121221000000Z
201230235959Z0^1
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
http://ocsp.thawte.com0
.http://crl.thawte.com/ThawteTimestampingCA.crl0
TimeStamp-2048-10
GlobalSign Root CA - R31
GlobalSign1
GlobalSign0
110802100000Z
190802100000Z0Z1
GlobalSign nv-sa100.
'GlobalSign CodeSigning CA - SHA256 - G20
&https://www.globalsign.com/repository/06
%http://crl.globalsign.net/root-r3.crl0
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
121018000000Z
201229235959Z0b1
Symantec Corporation1402
+Symantec Time Stamping Services Signer - G40
http://ts-ocsp.ws.symantec.com07
+http://ts-aia.ws.symantec.com/tss-ca-g2.cer0<
+http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
TimeStamp-2048-20
GlobalSign nv-sa100.
'GlobalSign CodeSigning CA - SHA256 - G20
150817153231Z
181024080833Z0
	Stuttgart1 0
philandro Software GmbH1 0
philandro Software GmbH1!0
cert@philandro.com0
9 &Y%]
&https://www.globalsign.com/repository/0	
1http://crl.globalsign.com/gs/gscodesignsha2g2.crl0
8http://secure.globalsign.com/cacert/gscodesignsha2g2.crt08
,http://ocsp2.globalsign.com/gscodesignsha2g20
GlobalSign nv-sa100.
'GlobalSign CodeSigning CA - SHA256 - G2
Symantec Corporation100.
'Symantec Time Stamping Services CA - G2
170905214040Z0#
mNm>c\M
1{\.)(
GlobalSign Root CA - R31
GlobalSign1
GlobalSign0
110802100000Z
190802100000Z0Z1
GlobalSign nv-sa100.
'GlobalSign CodeSigning CA - SHA256 - G20
&https://www.globalsign.com/repository/06
%http://crl.globalsign.net/root-r3.crl0
GlobalSign nv-sa100.
'GlobalSign CodeSigning CA - SHA256 - G20
150817153231Z
181024080833Z0
	Stuttgart1 0
philandro Software GmbH1 0
philandro Software GmbH1!0
cert@philandro.com0
9 &Y%]
&https://www.globalsign.com/repository/0	
1http://crl.globalsign.com/gs/gscodesignsha2g2.crl0
8http://secure.globalsign.com/cacert/gscodesignsha2g2.crt08
,http://ocsp2.globalsign.com/gscodesignsha2g20
GlobalSign nv-sa100.
'GlobalSign CodeSigning CA - SHA256 - G2
l<T-OJ
20170905214041Z0
Symantec Corporation1
Symantec Trust Network110/
(Symantec SHA256 TimeStamping Signer - G2
VeriSign, Inc.1
VeriSign Trust Network1:08
1(c) 2008 VeriSign, Inc. - For authorized use only1806
/VeriSign Universal Root Certification Authority0
160112000000Z
310111235959Z0w1
Symantec Corporation1
Symantec Trust Network1(0&
Symantec SHA256 TimeStamping CA0
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0.
http://s.symcd.com06
%http://s.symcb.com/universal-root.crl0
TimeStamp-2048-30
Symantec Corporation1
Symantec Trust Network1(0&
Symantec SHA256 TimeStamping CA0
170102000000Z
280401235959Z0
Symantec Corporation1
Symantec Trust Network110/
(Symantec SHA256 TimeStamping Signer - G20
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0@
/http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
http://ts-ocsp.ws.symantec.com0;
/http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
TimeStamp-2048-50
\Z^ k;
Symantec Corporation1
Symantec Trust Network1(0&
Symantec SHA256 TimeStamping CA
170905214041Z0/
/1(0&0$0"