Sample details: 83804b01321457bb6e994e2c7b17f815 --

Hashes
MD5: 83804b01321457bb6e994e2c7b17f815
SHA1: b93def8ea4f54b6560839257b504499acf6dafa0
SHA256: 7372ab1bf027a9a9d6e0b87a388defaa5fbde4000defaa00f1942c6fe2cc3f16
SSDEEP: 1536:kksY2tmQM5Y37q1rCMVlCwed7vqst1YxEjPft6i9sPv8R2aLbC851zYI6f+/avDv:kksY2ttM5YLqBfCwed7iSXJ4WrJM0O
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Basic_v50v60 | YRP/Microsoft_Visual_Basic_v50 | YRP/Microsoft_Visual_Basic_v50_v60 | YRP/Microsoft_Visual_Basic_v50_additional | YRP/Microsoft_Visual_Basic_v50v60_additional | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/Antivirus | YRP/SEH__vba | YRP/disable_dep |
Source
http://93.95.97.230/pay4.exe
http://93.95.97.230/pay4.exe
Strings
		!This program cannot be run in DOS mode.
`.data
MSVBVM60.DLL
DotPro
+'$$%#"]]]
"]""""""%
vm--p{
XY@@@YX
.....W33000W
:P:P:Ps
~jf------5555k
"]]]]#
qBaaaBr
'%]"]]]]#]%
V]]]#""]]##]#
|<G}O#"
|<J,,,KG
,,,,,J
97A(c//
%;4%](
U"%//+
+$)"/)
*%#]""]
3<F%""
"""""%
uvwxy&{|}~
pghijklmno
q32>dY
[Z]U.`a&M@
OPQRSTUV0
(CDEFGRIJ
56789:;<
()*+,-,[`J1
Picture1
Image1
Times New Roman
Times New Roman
Times New Roman
Times New Roman
Times New Roman
Times New Roman
Times New Roman
Times New Roman
DotPro
DotPro
DotPro
T+F	lk@
o>	85@
$s>	4;@
|,F	Xn@
Tv>	LJ@
C:\Program Files (x86)\Common Files\DESIGNER\MSADDNDR.DLL
MSAddnDr.AddInInstance
AddInInstance
C:\Program Files (x86)\Common Files\DESIGNER\MSADDNDR.DLL
MSAddnDr.AddInInstance
AddInInstance
DataSource
DataMember
C:\Windows\SysWow64\MSDBRPTR.DLL
MSDataReportRuntimeLib.DataReport
DataReport
DataSource
DataMember
C:\Windows\SysWow64\MSDBRPTR.DLL
MSDataReportRuntimeLib.DataReport
DataReport
Enabled
HotTracking
MultiSelect
Separators
MSCOMCTL.OCX
MSComctlLib.TabStrip
TabStrip
1|mGameLoop
mKeyboard
mDataStructures
AddInDes3
frmTip
frmAbout
DataReport1
frmLogin
frmOptions
DotPro
RtlMoveMemory
user32
GetKeyState
c:\windows\system32\user32
CallWindowProcA
c:\windows\system32\kernel32
SetProcessDEPPolicy
VBA6.DLL
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
Image1
zfBQaiZk0
'DAddinInstance
AddInDesignerObjects
GetDeviceCaps
GetVideoCaps
GetPixelsInch
picIcon
Picture1
BitBlt
CreateCompatibleDC
DeleteDC
SelectObject
DeleteObject
GetObjectA
LoadTips
DisplayCurrentTip
Int2Str
cmdSysInfo
lblVersion
lblTitle
lblDisclaimer
lblDescription
advapi32
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
StartSysInfo
GetKeyValue
DataReport
MSDataReportLib
]\:AZ*N
txtPassword
cmdCancel
txtUserName
lblLabels
wAtbsOptions
C:\WINDOWS\SysWOW64\MSCOMCTL.oca
MSComctlLib
cmdApply
fraSample2
fraSample3
fraSample1
picOptions
fraSample4
frmTip
Tip of the Day
AddInDes3
MSAddnDr.AddInInstance
frmLogin
txtUserName
cmdCancel
Cancel
txtPassword
lblLabels
&User Name:
lblLabels
&Password:
DataReport1
MSDataReportRuntimeLib.DataReport
DataReport1
frmOptions
Options
picOptions
fraSample4
Sample 4
picOptions
fraSample3
Sample 3
picOptions
fraSample2
Sample 2
picOptions
fraSample1
Sample 1
cmdApply
cmdCancel
Cancel
tbsOptions
MSComctlLib.TabStrip
MS Sans Serif
frmAbout
About MyApp
picIcon
cmdSysInfo
&System Info...
lblDescription
App Description
lblTitle
Application Title
lblVersion
Version
lblDisclaimer
Warning: ...
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
nnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn
IIIIIIIIIILLLLLLLLLLLLLLLLLLLLccccccnnnnnnnnnnwwwww
IIIIIIILLLLLLLLLLLLLLLLLcccccccnnnnnnnnnnwww
IIIIIILLLLLLLLLLLLLLLLccccccnnnnnnnnnnww
XXXXXY
IIIILLLLLLLLLLLLLLLLccccccnnnnnnnnnw
XXXXX{
IIIIILLLLLLLLLLLLLLccccccnnnnnnnnn
XXXXXY
::::::::::::unnnn
XXXXXY
::::::::::unnnn
XXXXX{
IIIILLLLLLLLLLLLccccccnnnnn
XXXXXY
IIILLLLLLLLLLLLLcccccnnnn
XXXXXY
XXXXXY
:::::uccnn
XXXXXY
IIILLLLLLLLLLLcccccn
XXXXXY
IIILLLLLLLLLLLccccc
XXXXXY
XXXXXY
)))))))))))))))))))))))ooooPLccc
XXXXXY
IIILLLLLLLLLLcc
XXXXXY
IILLLLLLLLLLc
XXXXXY
XXXXXY
;((((((((((((((((
))))))))))))))))))))PLLLL
XXXXXY
IILLLLLLLL
XXXXXY
IILLLLLLL
XXXXXY
XXXXXY
defffffffffffffffffggggghij
**********MMPPPPPPPULLLL
XXXXXY
ORDDDDDDDDDDDDDDDQQQQVVVV
IILLLL
XXXXXY
ORDDCCCCCCCCCDDDDDDQQQQVV
************MMPPPPPUILLL
XXXXXY
CCCDDDDDQQQV
XXXXXY
CCDDDDQQQ
**************MMPPPUIILL
XXXXXY\
CDDDDQQ
XXXXXY
CCDDDQ
****************MPPU
(((((((
((((((((((
(((((((((((((
&&&&&&&&&&&
((((((((((((
Image1
Colors
XResolution
YResolution
KeyRoot
KeyName
SubKeyRef
KeyVal
LoginSucceeded
MSVBVM60.DLL
EVENT_SINK_GetIDsOfNames
MethCallEngine
EVENT_SINK_Invoke
Zombie_GetTypeInfo
EVENT_SINK_AddRef
DllFunctionCall
Zombie_GetTypeInfoCount
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ProcCallEngine
sbhyvwswm
sc(xvssgma+schyvssgmakschyvssgmakschyvssgmaksc
W{yWgmakschy&6sg!`js
,ssgmaksc
yyrxfl)k]chyvssgmak>whyvcsgmaksch9vscgmaisciyvssgmaoschyvssg-aksahy)Vrgoakscxyvscgmakrchyvssgma{schyvssgmakschyvssgmakschyvssgmakschyvssgmakschyvssgmakschyvssgmakschyvssgmakschyvssgmakschyvssgmakschyvssgmakschyvssgmakschyvssgmaE
@aksshyv]sgmckschyvssgmakscHyv
sgmakschyvssgmakschyvssgmakschyvssgmakschyvssgmakschyvssgmakschyvssgmakschyvssgmakschyvssgmaksch
YA[(*cI
4b1`97
8/jIGe
hV>:lx
jZn!w(y
3k.cE8J'
kz,E_y)+
vO}y1v
mH+hgi
,@JDZL
"$F~!`Ni
2\AFl}
YI'^Ze
w4]>62
ksHy	F
+_G20z
Pkschyvssgmakschyvssgmakschyvssgmakschyvssgmakschyvssgmakschyvssgmakschyvssgmakschyvssgmakschyvssgmakschyvssgmakschyvssgmakschyvssgm15+2222253213445(
PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING