Sample details: 88cf967d1353cfd582fb2083d4b7e45c --

Hashes
MD5: 88cf967d1353cfd582fb2083d4b7e45c
SHA1: 810666f2c6c56ca8bc334c2e5169e98350f2add3
SHA256: e7d2c3bb7e623fe96203dd5da00a7e92d836bcfc77997ec96b6e5fd76888c950
SSDEEP: 3072:bvpkflBRaRjtq23wtN/e6eeA4uNN66vpkflCI:bvv6Z6v4
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Basic_v50v60 | YRP/Microsoft_Visual_Basic_v50 | YRP/Microsoft_Visual_Basic_v50_v60 | YRP/Microsoft_Visual_Basic_v50_additional | YRP/Microsoft_Visual_Basic_v50v60_additional | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/Antivirus | YRP/SEH__vba |
Source
http://93.95.97.230/pay4.exe
Strings
		!This program cannot be run in DOS mode.
`.data
MSVBVM60.DLL
   ' UKingdom
Kingdom Lodge
666666
%GGGG%b
$$MM$$$
$$$$Mt
$$MM-MM$M$$
$---Mt
6xq22|
6YYx22q2u2
uxbybbxx
Picture1
cmdShuffle
&Shuffle
Times New Roman
Times New Roman
Times New Roman
Times New Roman
Times New Roman
Times New Roman
Times New Roman
Times New Roman
Times New Roman
Times New Roman
Times New Roman
Times New Roman
Times New Roman
Times New Roman
Times New Roman
Times New Roman
Label1
Turns :-
Times New Roman
Label2
Times New Roman
Kingdom
Kingdom
Kingdom
DataSource
DataMember
C:\Windows\SysWow64\MSDBRPTR.DLL
MSDataReportRuntimeLib.DataReport
DataReport
DataSource
DataMember
C:\Windows\SysWow64\MSDBRPTR.DLL
MSDataReportRuntimeLib.DataReport
DataReport
Module1
DataReport1
Kingdom
frmAbout
c:\windows\system32\user32
CallWindowProcW
ReleaseDC
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
aLabel2
SelectObject
DeleteDC
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
]^R<:O
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
Image1
VFX4H6oEs
Picture1
cmdShuffle
Label1
DeleteObject
GetObjectA
VBA6.DLL
DataReport
qMSDataReportLib
lblVersion
picIcon
cmdSysInfo
lblTitle
lblDisclaimer
lblDescription
advapi32
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
StartSysInfo
GetKeyValue
DataReport1
MSDataReportRuntimeLib.DataReport
DataReport1
frmAbout
About MyApp
picIcon
cmdSysInfo
&System Info...
lblDescription
App Description
lblTitle
Application Title
lblVersion
Version
lblDisclaimer
Warning: ...
666666
%GGGG%b
$$MM$$$
$$$$Mt
$$MM-MM$M$$
$---Mt
6xq22|
6YYx22q2u2
uxbybbxx
Image1
Kingdom Lodge
KeyRoot
KeyName
SubKeyRef
KeyVal
MSVBVM60.DLL
EVENT_SINK_GetIDsOfNames
MethCallEngine
EVENT_SINK_Invoke
Zombie_GetTypeInfo
EVENT_SINK_AddRef
DllFunctionCall
Zombie_GetTypeInfoCount
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ProcCallEngine
a`jubge|q
ch3eagjwbe%nqfgahudcglw`ecnsfaajubcelq`gchsdag
F#.;U	
	YmoGnsfaajub3 lq,fbh	Z
=jwbeenqf
agtobf$wNecnsfaajub.qlq`wchsdagjw"ee~qfgchuecglw`ecjsfaajubc%lq`ech,A`ghwbee~qfgqhudcflw`ecnsfaqjubcelq`gchsdagjwbeenqfgahudcglw`ecnsfaajubcelq`gchsdagjwbeenqfgahudcglw`ecnsfaajubcelq`gchsdagjwbeenqfgahudcglw`ecnsfaajubcelq`gch]
CqfgqhudMglwbecnsfaajubcelq@gc
sdagjwbeenqfgahudcglw`ecnsfaajubcelq`gchsdagjwbeenqfgahudcglw`ecnsfaajubcelq`gchsdagjwbeenqfgahu
XOK%1|^
*e;r0*
()nAQq
jS>?e`
cZb8c"e
>y,aI,Z1
r|)K[~+(
l\b{6|
gR8wen
*E^KJH
;0Lb2}Lh
$CWKju
Q_(GCt
y*J%01
<M^ ?x
F`ecnsfaajubcelq`gchsdagjwbeenqfgahudcglw`ecnsfaajubcelq`gchsdagjwbeenqfgahudcglw`ecnsfaajubcelq`gchsdagjwbeenqfgahudcglw`ecnsfaajub4553422515151153(
666666
%GGGG%b
$$MM$$$
$$$$Mt
$$MM-MM$M$$
$---Mt
6xq22|
6YYx22q2u2
uxbybbxx
PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX