Sample details: 908c179f0844005d8d061f585d379e9f --

Hashes
MD5: 908c179f0844005d8d061f585d379e9f
SHA1: c994ed755a1b3fea776abc795a70b100e9fd2e03
SHA256: 28fbb12b5737173cf2211d0fe0cf317297abd741bd141dd5515997dc37be0af3
SSDEEP: 6144:ilzL5oJQiUZja+UJooUwFHrO9F9QVW467qymm0gwvtSKI:6ZMN3gwFLiQrIKU
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Basic_v50v60 | YRP/Microsoft_Visual_Basic_v50 | YRP/Microsoft_Visual_Basic_v50_v60 | YRP/Microsoft_Visual_Basic_v50_additional | YRP/Microsoft_Visual_Basic_v50v60_additional | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/SEH__vba |
Source
http://utasarmsinc.ru/live/dew006.exe
Strings
		!This program cannot be run in DOS mode.
`.data
MSVBVM60.DLL
Comtesse6
VB5!6&*
Fortmckavett8
Wapella
Comtesse6
Tutelary
Tonetically
Comtesse6
u[:=3>L
C:\Program Files\Microsoft Visual Studio\VB98\VB6.OLB
Label1
Check1
user32
GetClassNameA
FindWindowA
ShowWindow
PostMessageA
comdlg32.dll
ChooseColorA
KERNEL32.DLL
EnumUILanguagesA
VBA6.DLL
__vbaI2Var
__vbaErrorOverflow
__vbaI4Var
__vbaInStrB
__vbaStrCopy
__vbaNew2
__vbaVarSetObjAddref
__vbaVarTstNe
__vbaFreeStrList
__vbaVarDup
__vbaStrToUnicode
__vbaSetSystemError
__vbaStrToAnsi
__vbaFreeVarList
__vbaVarAdd
__vbaStrVarMove
__vbaFreeVar
__vbaFreeStr
__vbaStrMove
__vbaVarMove
u[:=3>L
Tutelary
Hollowest3
ij}c37.
]sEB~N(
yzNa{e
?j7wNF
T]--<m6
3g}?<%)
"m4sUm
_qV.ue
;b7rNF
-Zx=x)
v:	hHt
}7Tk1?
"h`y,I
ah`J9^
"mN{*3>8
YJ}cs$e
;z+wNF
qNFl	JX
`*2v4i
"	b=f&
`-:SPc
]B^X9d
xr~T[#
i!16VxMg>
fNp	;W
z'"nD!
1@d(AZ
fb_.;8
}'@k1%
W!E,tG8m9	
bT=<~j
6<~~k["
0N%I\(I
FZ`L$f
Sf]('3
ysE}+Q
5q`I8:
stmngw
QcpGJH
-kUrum
p0r!"cH
/P[6Il
:IP[VU
z'&hD!
?U[h<EwyzX
w#L/Aq
V>&>$X7B
g_$z|K
sum>=]
}=TkQ	p
a0[,~n
xDEH1/
}'Pk1)
sN:#D(
yaN;ze
u!%;n+
ydh`*`Q8
{]2^lt
fWAM9bI
PB\=xt
g{]:$],
o9555&_6n
!]<t_(m!
K9:U$ka
nHR{]:=
^B^Q|`
+qV.uE
`@*9d8
QpVRY!
$Bm1fh
>fab&)
djSR]_C
6nPC~8
payfvp.1
Q{9Mbp
dpG+- d
YB#\BP
 AM9jY
E2h`*vO
kkp)Oj%
DEH1'4
"mNK.2>=]
Qc!!JXis
=z'sNF
9gh`y`J4L
<)GQ(z
``yfE0N@
Mc"(V.
/{]<+@
o)}7Vp
-"J!KL!
0}N5k~
]--x81
IfYJ7kk)
}?Jk)?
AVR)%f>
Z:Pm#C
O1kr=U
=u`q8F
#!]Pt_L#!]H
QrYJ7c?(
wj_E+1
TQN)f1
zd%)=(
Im%)-j
U1<=gn
75*76n
v4u ol
qj/sNF
}?Jk)?
>{fSzT
;/=bmz
4u?dZ{
,C}cg|e
WL2PJN
`FsU6cd=
Q-*^Fg
<P/<fV
pVRY)=7>
-i`q$HQ	S
T*]SJl
T]p-,7
0ovp.f
<HbWC%
c!$@7A
a)LF	 
# T]=Y
0`&0DlZ
h[3J B
n"`;6w5	
	{+CUq
;@r'p3
q>:3YP
3IS6;b
'p:AtF
235b=i
;cFTFF
pVRY587=
?UrGav
:cp~T]
4xf%LP
?-G7k{)5v
'WXF'CE
@D;iesn4v
@rn6,`
=@)`I,
H#] vJ
='(IW8	
Sz~T[H
oP}eL-.0E
9['gL&
M8U[j&E
g['z|D
oP`Md8
dmIcN\
5+GO!)
0!<q\`n
|2;?p<
q+NbXu
3fG~IpQ
$MHVmS
^mXm*r
_):)"|
R)h Pcc&
u9fh`!(Y
J;`"@4
!ebw$Y
ED{q%Bu
K?,]i{lg>
ybK>h[
~[a_~G
Nr]~x6
qOsZ|o
&U@B>8.K+P
ZYn0f-)
~,Ty~Y
LZ.\YS
J1a$`)y
s,fQ]p
^uU1UuH
LKO$nY
.|VZ|DM
 -1&fI$x
pl?hms
BX*xPD
|4IM]+
?Vx{6s'
msJ8/2	
e#rG2>
t+RoSvi
_6P;#[
XDKv!#
iqe10z
oW|UO*[
NNUVFq
('36_R
*f9bzBd
^Ui,X=QX
PO1P{]
~:W'a=zdd
hPc-kx
:~\?`8E`
eS8W	/
~a_w7Z/U
7c.pPo
2WXb;>
Gh2j/s
~qD/tm
}55([pgF
j.hU'~7
:2RcXF
4G5=`5
 J`#.|
C_a!<R
=.K#8r=
{6GC}V
p$wq+T
q^:r!o
nw]cbe
^}7\V}
KC?{Bq
qgKe-_
9ctyDMr1H
*ZcK"(
lcd^eV
l@~j :
	z	|pz
#h1Af	
[i4;Qv
G^] #zk
`dAB,T
=G,"]>$
R'U%Bm
nZ	P\:}
k){1((
SdW@	gX(
7eEZ@e
^,/lT^
N.j<;@
j C1z@y
.}kNI2
3aRJv9
.~	>M_
HXs'n{c
Lqndf~J
JQtAx$
[>[&5\:
wLN,84
2}J.uAK
R><:dg{
dpY7UO
de_0<,
I:k'X9
n!	{v%
81j8,y
FSX~t[
mAeOc]
=g* <g
sW>eQ!
bT=vBl?q
6xn[zxn[zS
Q/Rl$s
rXa"	5
o:whOq
]CA=<<
B:658<AD^`bbaa`^DB
5<Dbq}}}qponopqxyyqaD@=\
yxpnba`bcpy}xcB<>
xbB<;C
}xoba_a
py}oC9;
xob__aoy}oA7>
}qc`_aoy}b
~mT4.-1Lfz
xc__bp
}qb_`cy}_7<
								
}n`_bx
										
			E			=			
												#N
qa^`x}\
								
^ayy=5
												
o__c}c
	E			=
}b__p}>
p__a}a
}a__pq7
n__cy>
q_^ayD
y`M_x^
}a__q`
}a__p`
}a__p^
}a^_qD
ya^`q?
x`_aq9
}cabp:
ycabc8
(LJ&N~
}naac>
W(+GR3"Gv
|jUF)'Mu
yoaab?
{R4Oi~
xnab`<
ypbab\7
}xpccnaA5
A58Bny
yxpnnon`?5
B75<\nx
}yxxqqpqpobC:
<559?\aoqyyyyyxxqpn`\>
579;<>==;96
DB>9:86799;AC^
wwwlll
,jj|||
nnnbbb
aaaxxx
ddd~~~
qqqnnn
vvvkkk
mmmqqq
oddkkk
)uuiii
}}}hhhbbbsss
|||iii
ccciii
gggeee
vvv|||
Hollowest3
Check1
Check1
Label1
Label1
MSVBVM60.DLL
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
_adj_fprem1
__vbaSetSystemError
_adj_fdiv_m32
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaI2Var
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
__vbaVarTstNe
__vbaI4Var
__vbaVarAdd
__vbaInStrB
__vbaStrToAnsi
__vbaVarDup
__vbaVarSetObjAddref
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeStr
y___9B
OtD6H/FW
T+555|
n7(U>u(
RZRxZWW
gJ>G]]
^cc#[@.
89YF_ 
KBRu}b
M)3o8RN
$C}Itl
M~J	|-
wdYFo0
zq[WmE
"Wb#P%
~rJ	f.
9l}a8;
>+<uV8k
)##'1p
B-Cb@2
BpKAHe
[;aJdF
$'2===
0eRH9|C
e)v%Le
Ass3:::
bWRD[R
f-N$\u
3!H6iX
C(>lJ)
t6?iTTH]
<#www)J
RW`A/@	
( g.<?
h:Goo/
Mx#dA&
B)]H)}
H*D1'5e=
@CS#ZZ[
MMhnm)
?A)-^J
oPJ_(k
Z'M{{;_
#Z'YWW
%tEXtdate:create
2015-04-13T15:28:33-05:00
%tEXtdate:modify
2015-04-13T15:28:33-05:00