Sample details: 83817b68025b71133fba07a696cc26db --

Hashes
MD5: 83817b68025b71133fba07a696cc26db
SHA1: 5c70f452660e926eba5b3f4a042f6805a78804ce
SHA256: 567e25bae379894aecfd9a5beb973a503027b66b84ad227e22b7bf4e3389500b
SSDEEP: 3072:wurewzaqbARrTCVmAFULiu+MQkeHs4wx/tgK6RUwY+RhpN7xJF7wQ7+:rvzaqb8HFgw+Mis4wT6RURsR7tUZ
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Basic_v50v60 | YRP/Microsoft_Visual_Basic_v50 | YRP/Microsoft_Visual_Basic_v50_v60 | YRP/Microsoft_Visual_Basic_v50_additional | YRP/Microsoft_Visual_Basic_v50v60_additional | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasOverlay | YRP/HasDigitalSignature | YRP/HasRichSignature | YRP/domain | YRP/url | YRP/contentis_base64 | YRP/SEH__vba | YRP/SEH__vectored |
Source
http://acmep-tech.com/de/dan1.exe
Strings
		!This program cannot be run in DOS mode.
`.data
MSVBVM60.DLL
Acromyodous8
O7>u:O
Stimerende
Etikkerne1
						
mmmCjjj
ooonrqq
ssrXww
|{{I{{{%mmm
Etikkerne1
Smvaskene5
Sankthansurterne2
Restauration
Provender6
Kelyphite
Diskettepakker6
Lotussen
Modposteres
Landbrugsregnskabet0
qpA$/:f:
D-w+E8
0G4{{@;
x, IZv.
|puJaFI
K~J 5B
6e'Q\a
W~HQ4fA
f1T_M8
WXtd18l
PQAkRm[
5Hf`J\
L:BauT
(2H >-
'F5I/F/
O?iM3{'
"rY7>pH
86S+ic
SO}@pmu"
X	 jM\
=B]"0n
|&2t=&rE'^
kp(Yu+/
S*sd#G
Q9xxrP
9D;b3T4V
*=QBJb
lS2,!{
'rc*\}
iQ<Goz
bW\[mmTH]
3]DZDd
xhxN0M
rBBwX5
tN[b':oRH>
T{n`4	
zAr3p#
e#5HUwW
eEEqY6
Q%3-F!
7]1:p7
Ap-D@]
	+00|r^
 8nm>G
3OO"=Ji
~/@WL~E
 Q]0nd
@~ToZ S
xGVQ;=
qG_S))`
_:6&wK
~s0*e5
WTR_Bc@6U$
l$-aa7
!C*8Sv
}7"8i}S@
hrF;*w
>N1Tr}q
G2LPwr
hY;';R|w
4\uI`4
kfvB7"
vik0Mqv7
e;X:yv
:N2F4M
,RWGM.
GpOwnw^6,-"
+8XNc1
|bv@Co:
JK*E6D
LQ|3t6
(nXa;k{g
^x.,5lP
K^Wn-*
.W05JQXT
ki:Jga
82#x[k
4;Oo-aL
\6il59
o++@,RK
rf0K	X@
bf4	7K
Y+Jv:D4
rT5IBCS
T&u4!0
:Dy,U.w
qz+:H)
ZL^:f)
#/Gf'E(l
lVW,x@
iU"PRb
WN/	t"
MKB`gN*
,4^]{9B?
,5ue9(
 \D:jD
cdhUCi
!R]hHp
:"J72I
"mZN4k
\q!:mR
E[o'g3
&CB{Af]
%:O>u+W
e!A!6y
<DC##tF\
-r<;R|9
w[M]=Ic<n
*aVZt`
zA|W'~
JkeLHx
/eKfM@h
xy.iGsA
.}tEpXi
v"XZ!1
NLwxy4
1841ec
'.kNhT7
2=?9zV^
j[]W8}
VgOyNQ
n}GrMZ
-jKdDjZ
huQ:Y2
`#//h',@
?(\$^J!
k,+p78
FH[Du<
*3&]ht
	{,/ 7
C3P:;g
")srVA7
D#XT_"e
ZbOe14j
>hrF,8
HyfX.9:Z
&7frIe
\+yR-T
K|<\]Q)Cq
Ue},,;
ty-E+[
N"st"F.
?9tyv}
W$>HWl\
j@*R"h
%?H=VX=!4e
\Z>"+T
{s]5~V
"C_wpa
O6&q@9
"k&0;|
Zh0Z(9
i~(UG*
vz\..by[n
59sqK/
]Z?0`5
o!cCLX
}gA	H~
* %unzN
*b"<(^
,HqkH^
=lmG2Ra
8y js]
8l9Grp5
[%^7c4a
Ca2{/<$
j'#CpT}
s},`s&
o^L5Xf
@p|>+8
yaj^EI
$[yvG-
')mF-c;
^R1G`It
#l6_yr
'ejt%<
l`*rO_r
mYuPew
C4&0Qg
.<%W3 
TG'4;H
8iHuEf
K]}9~kgk
]}{}56)
qk\{>E
y3G2\2
+l$9CFE
8'RiK*
SWAMWEDnK?
ID;Nca?A
CL_*ILo5
l<hM@'ev{LI
vpCtO9*
&{62qE
+$9A`rO>
-rZX]%
Rod|t^2Z
|a:F:)i
"]atOQ
ZSv:/JG
{lV&}|,=
{0)$iy|
oeU[q.T
V.662/
Cv[6F1
jb(YCR
NI/mEg
]tr73T
c".*jf
:vwdtH~S
C_;!HL
@|O"IE
}"oW{w
stqZ9l=
bcyymX
c-2p\)K
ZKH|nm
gVd[	+
,GECqMF
W]$Xt3$
$rqA)9
/953BO
}1uI^"
r^^mPS
ZA2a0B\
'=PcBx
VK<Wn&
yjSL>,w-?
?ZU?iX
iOD>%V
m\yZ\J
U+>Xzt
 .lf3? =
&Z1[,@
gx5`.p
qzYR$Z/
*M=+gn
! 7,HK
JhCc#m
XRA6@P\
~rTU(j
g#N T&M
pa!@)y
li> rP
`tv"t0
25)#	.
"@}IM[
aZ2_#(3E
CY,od:-
e(<Hq]%
hz]1hFi
q:Hbr&*
8oZ-u.
G3(5I^S
[k,FLy
LV!&4Y
{e#-?^
{YSqU}
1N?2zJ
)&?bj"
6u%9)^
<z/Lm+7
l>F)	J
<SyUy7
"abO#j
xO^nzi,
>ri8:P
)B#}7|F6
Pn;Fcu@B
{t|VxZ
Vt6kU_\q\
Y]H;`E
FA~R'e
$Ag%a-
QSq#9m
SHELL32.DLL
Shell_NotifyIconW
PHeapAlloc
KERNEL32
oW;I:	{
88{4CU
W<]pWGY
Verdensmestre
VB5!6&*
Bjlkehus1
Flexible8
Acromyodous8
Acromyodous8
Stimerende
8\`0k6
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
Lotussen
Smvaskene5
Restauration
Provender6
Landbrugsregnskabet0
Diskettepakker6
ADVAPI32.DLL
MapGenericMask
StrokePath
SetBrushOrgEx
AddAuditAccessAce
user32
EndPaint
SetConsoleTitleA
SetBitmapBits
winmm.dll
waveInClose
GetSidSubAuthorityCount
GetClipBox
CloseDesktop
AbortDoc
ToUnicode
SubtractRect
kernel32
LockResource
SetEndOfFile
imm32.dll
ImmEnumRegisterWordA
GetMenuItemCount
TrackPopupMenu
waveInPrepareHeader
waveOutWrite
PtInRegion
CheckDLGButtonA
joyGetPosEx
waveOutGetErrorTextA
SetSystemPaletteUse
FindNextChangeNotification
mixerGetDevCapsA
midiOutGetNumDevs
BroadcastSystemMessage
PlayMetaFileRecord
SaveDC
winspool.drv
DeleteMonitorA
midiInUnprepareHeader
IsChild
GetTextExtentPointA
CheckRadioButtonA
TextOutA
SetDebugErrorLevel
waveOutReset
GetKBCodePage
__vbaExitProc
AddVectoredExceptionHandler
CloseWindow
URLencode
VBA6.DLL
__vbaErrorOverflow
__vbaBoolStr
__vbaSetSystemError
__vbaR8Str
__vbaFpI4
__vbaOnError
__vbaFreeObj
__vbaNew2
__vbaFreeStrList
__vbaHresultCheckObj
__vbaStrI2
__vbaStrCat
__vbaStrMove
__vbaStrCmp
__vbaFreeStr
MSVBVM60.DLL
__vbaStrI2
_CIcos
_adj_fptan
_adj_fdiv_m64
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaBoolStr
__vbaExitProc
__vbaOnError
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
__vbaErrorOverflow
__vbaNew2
__vbaR8Str
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
__vbaFpI4
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeStr
__vbaFreeObj
mmmCjjj
ooonrqq
ssrXww
|{{I{{{%mmm
						
Western Cape1
Durbanville1
Thawte1
Thawte Certification1
Thawte Timestamping CA0
121221000000Z
201230235959Z0^1
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
http://ocsp.thawte.com0
.http://crl.thawte.com/ThawteTimestampingCA.crl0
TimeStamp-2048-10
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
121018000000Z
201229235959Z0b1
Symantec Corporation1402
+Symantec Time Stamping Services Signer - G40
http://ts-ocsp.ws.symantec.com07
+http://ts-aia.ws.symantec.com/tss-ca-g2.cer0<
+http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
TimeStamp-2048-20
VeriSign, Inc.1
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
161128000000Z
180303235959Z0s1
Baden-Wuerttemberg1
Goeppingen1
TeamViewer GmbH1
TeamViewer GmbH0
HEgpE>\
http://sf.symcb.com/sf.crl0a
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0
http://sf.symcd.com0&
http://sf.symcb.com/sf.crt0
VeriSign, Inc.1
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
100208000000Z
200207235959Z0
VeriSign, Inc.1
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
https://www.verisign.com/cps0*
https://www.verisign.com/rpa0
[0Y0W0U
	image/gif0!0
#http://logo.verisign.com/vslogo.gif04
#http://crl.verisign.com/pca3-g5.crl04
http://ocsp.verisign.com0
VeriSignMPKI-2-80
VeriSign, Inc.1
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA
http://www.teamviewer.com 0
Symantec Corporation100.
'Symantec Time Stamping Services CA - G2
171103085055Z0#
_2'k-vX
Symantec Corporation1
Symantec Trust Network100.
'Symantec Class 3 SHA256 Code Signing CA0
161128000000Z
180303235959Z0s1
Baden-Wuerttemberg1
Goeppingen1
TeamViewer GmbH1
TeamViewer GmbH0
http://sv.symcb.com/sv.crl0a
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0
http://sv.symcd.com0&
http://sv.symcb.com/sv.crt0
VeriSign, Inc.1
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
131210000000Z
231209235959Z0
Symantec Corporation1
Symantec Trust Network100.
'Symantec Class 3 SHA256 Code Signing CA0
+ojr\`
http://s2.symcb.com0
http://www.symauth.com/cps0(
http://www.symauth.com/rpa00
http://s1.symcb.com/pca3-g5.crl0
SymantecPKI-1-5670
Symantec Corporation1
Symantec Trust Network100.
'Symantec Class 3 SHA256 Code Signing CA
http://www.teamviewer.com 0
20171103085056Z0
Symantec Corporation1
Symantec Trust Network110/
(Symantec SHA256 TimeStamping Signer - G2
VeriSign, Inc.1
VeriSign Trust Network1:08
1(c) 2008 VeriSign, Inc. - For authorized use only1806
/VeriSign Universal Root Certification Authority0
160112000000Z
310111235959Z0w1
Symantec Corporation1
Symantec Trust Network1(0&
Symantec SHA256 TimeStamping CA0
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0.
http://s.symcd.com06
%http://s.symcb.com/universal-root.crl0
TimeStamp-2048-30
Symantec Corporation1
Symantec Trust Network1(0&
Symantec SHA256 TimeStamping CA0
170102000000Z
280401235959Z0
Symantec Corporation1
Symantec Trust Network110/
(Symantec SHA256 TimeStamping Signer - G20
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0@
/http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
http://ts-ocsp.ws.symantec.com0;
/http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
TimeStamp-2048-50
\Z^ k;
Symantec Corporation1
Symantec Trust Network1(0&
Symantec SHA256 TimeStamping CA
171103085056Z0/
/1(0&0$0"