Sample details: 97d9948e87a94058efb392d6d32a727f --

Hashes
MD5: 97d9948e87a94058efb392d6d32a727f
SHA1: f450b9600cb89ed9150e454e794a18c066190946
SHA256: 278369ec30ec9149cfbc95d6f58570b0422fe02dbadea9988b9d09e93d592cd1
SSDEEP: 3072:4yZGuB4ZWMs5lVfomNubRK3s3mNaCorMbbwTscOXYHy9j77Q7+:TlBwWnlCY9arMATsJXYHajnZ
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Basic_v50v60 | YRP/Microsoft_Visual_Basic_v50 | YRP/Microsoft_Visual_Basic_v50_v60 | YRP/Microsoft_Visual_Basic_v50_additional | YRP/Microsoft_Visual_Basic_v50v60_additional | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasOverlay | YRP/HasDigitalSignature | YRP/HasRichSignature | YRP/domain | YRP/url | YRP/contentis_base64 | YRP/SEH__vba | YRP/SEH__vectored |
Source
http://acmep-tech.com/de/lan.exe
Strings
		!This program cannot be run in DOS mode.
`.data
MSVBVM60.DLL
Tautoousian
Recumbent6
Forsigtigpeterens
						
gffqehe
ooonrqq
ssrXwwv
|{{I{{{%mmm
Forsigtigpeterens
Ombytters
Diarammen
Uddatafelts4
Dusinmenneskers
Ragnhilds7
Hermelinskindets5
Gimmickenes
Nipsgenstandene4
Skumningens
eBnZi_
v$H>hBc3
KIwp	^
*M.G3|p
[Umd<9
/bd@SK
6_*GA6a
/kE.)wT
4:-HOEE
J7G	YT
3:+n_3h
OdK:Ee
{vo/PTR 
]>yD{2
5AxCiQ
-ZXh1(
C^^C0tA
E]#{j{p
S$.kg5
[5BB;Fp
`Li?Co
{2b2@\
H$Ke?ml
eMfXh-=9
S&*Qk\
V8B*=6)
a\6h1l
8rH%xQ)@
J?%$8.
yzS!z%h
'?Wy<J
-j|6#v
A45c,+
@QDj*w
iD@%p 
ww=[eE
*0{k<W@d[G
Z=<;#|
9}QNfd
W9`}t?
)V0:Gf
/aIL1,x
zwdu?\?!{
ya{ ^v
oO8Az86
CU"LRr
K\yq`}3
\NDU?Y
D\46)E
MER{_=RB
sI)7u-pK
Q:DsnA
TG#wRt1
nk#Pb2cbS`
:. {cU
EW0#T]]
i>#h^{R
xaWiYtLp7
zBMhFGL
*!n~Y!
-aU(]wE
f8Z6KG
0@!zs9
,XnXGG
yiw^p>
`$[TamD
D=-9yt
j<G"vK
/va5w$
]K8PrVrp
75c8F(4	
WV`^$aK&:
!;k{M&
#SROo;
t\|n3V
E$/4(|
w[M9fUW
:j]U}3f
_4MjL&_
wGzP>J
Ej2Ts`
h'e*&9
gz{F+y
(4Fg<0sM
o<,($z>
P"2:g5
KYuG\haq
. x|IWod
F7<},$
txAfp	
NP!^~0,
xq!J?I
3aFD8J
8RWnn'
.tz`kS
&W>;: 
55	tz;w
Cx|`O1
?VGV6*
h7=(h(+
*5Wn:w
o`|Qxi
Mj{bz7
$/";0O
::Q_uo
BREKDabt
PV; tW
`=&Mo'
l7jS60ZtB1#2
Xr/J(h
fx>sCZ
[FpUV_
(GBTYG
'we/cb
<Sz.k 
SifP#%	
S%E*k{
,2@e5O&
:W9hZi
u"@"&=%|n
ZC"1l<
3v%7zc
=)kWHz
M*Z)Vftc
-37~/3~
{pbyI>31
F1-8g*e
^Rd&<]
V3IYZ8u
qdBEbB
=5m=s@yRj
$q\TP+
q.PQP1c
csiJQ#kD
 r781	
u5Vs:)
s54MFP
UNc{NQ
pQ!9PG
sJTT"8dL
"c#$8c
Cuj%Gc
<13owK
*' 2DQ
*kl>;w
byb\Nc
N11XlZV
V8Lo/M$
{*w:l[
KB#<jr}
:n-9Dz
uV1 :a?
CXYUXm
HTn4$6
T@w3kg&
}}bJ/j*\
JZfUUgd
q`4(mYr
"7,:F%A	c
9oru/ 
CY*ShY
-)|}kMy
.$X/j@qeo
d#5cv$
*~Kq'	
~];)xhe5j
WbD_y:
,Q6a;R
q{qSN,p$
DPLg>wAR5h
A2(jZ{
9S4?f4
BZ<\*$
<`FzoL
z:!{om
+cs-X<
VxHY;{
)nq +v
X=QQJ/
1b~B*~
rU}[N	5
@?RZp$#J
skn<(>
SHELL32.DLL
Shell_NotifyIconW
PHeapAlloc
KERNEL32
9o"UD%
D<sC:?
ON Z$H&
VB5!6&*
Militrattacheerne
Unaccessibly
Tautoousian
Tautoousian
Recumbent6
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
Hermelinskindets5
Ombytters
Gimmickenes
Dusinmenneskers
Uddatafelts4
Skumningens
Ragnhilds7
ADVAPI32.DLL
MapGenericMask
StrokePath
SetBrushOrgEx
AddAuditAccessAce
user32
EndPaint
SetBitmapBits
winmm.dll
waveInClose
GetSidSubAuthorityCount
GetClipBox
CloseDesktop
AbortDoc
IsChild
ToUnicode
SubtractRect
kernel32
LockResource
SetEndOfFile
imm32.dll
ImmEnumRegisterWordA
SetConsoleTitleA
GetMenuItemCount
TrackPopupMenu
waveInPrepareHeader
waveOutWrite
PtInRegion
CheckDLGButtonA
waveOutGetErrorTextA
SetSystemPaletteUse
FindNextChangeNotification
mixerGetDevCapsA
midiOutGetNumDevs
joyGetPosEx
BroadcastSystemMessage
PlayMetaFileRecord
SaveDC
winspool.drv
DeleteMonitorA
midiInUnprepareHeader
GetTextExtentPointA
CheckRadioButtonA
TextOutA
SetDebugErrorLevel
waveOutReset
GetKBCodePage
__vbaExitProc
AddVectoredExceptionHandler
CloseWindow
URLencode
VBA6.DLL
__vbaErrorOverflow
__vbaBoolStr
__vbaSetSystemError
__vbaR8Str
__vbaFpI4
__vbaOnError
__vbaFreeObj
__vbaNew2
__vbaFreeStrList
__vbaHresultCheckObj
__vbaStrI2
__vbaStrCat
__vbaStrMove
__vbaStrCmp
__vbaFreeStr
j(h$BB
j(h$BB
j(h$BB
j(h$BB
j(h$BB
j(h$BB
j(h$BB
j(h$BB
j(h$BB
j(h$BB
MSVBVM60.DLL
__vbaStrI2
_CIcos
_adj_fptan
_adj_fdiv_m64
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaBoolStr
__vbaExitProc
__vbaOnError
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
__vbaErrorOverflow
__vbaNew2
__vbaR8Str
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
__vbaFpI4
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeStr
__vbaFreeObj
gffqehe
ooonrqq
ssrXwwv
|{{I{{{%mmm
						
Western Cape1
Durbanville1
Thawte1
Thawte Certification1
Thawte Timestamping CA0
121221000000Z
201230235959Z0^1
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
http://ocsp.thawte.com0
.http://crl.thawte.com/ThawteTimestampingCA.crl0
TimeStamp-2048-10
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
121018000000Z
201229235959Z0b1
Symantec Corporation1402
+Symantec Time Stamping Services Signer - G40
http://ts-ocsp.ws.symantec.com07
+http://ts-aia.ws.symantec.com/tss-ca-g2.cer0<
+http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
TimeStamp-2048-20
VeriSign, Inc.1
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
161128000000Z
180303235959Z0s1
Baden-Wuerttemberg1
Goeppingen1
TeamViewer GmbH1
TeamViewer GmbH0
HEgpE>\
http://sf.symcb.com/sf.crl0a
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0
http://sf.symcd.com0&
http://sf.symcb.com/sf.crt0
VeriSign, Inc.1
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
100208000000Z
200207235959Z0
VeriSign, Inc.1
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
https://www.verisign.com/cps0*
https://www.verisign.com/rpa0
[0Y0W0U
	image/gif0!0
#http://logo.verisign.com/vslogo.gif04
#http://crl.verisign.com/pca3-g5.crl04
http://ocsp.verisign.com0
VeriSignMPKI-2-80
VeriSign, Inc.1
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA
http://www.teamviewer.com 0
Symantec Corporation100.
'Symantec Time Stamping Services CA - G2
171103085055Z0#
_2'k-vX
Symantec Corporation1
Symantec Trust Network100.
'Symantec Class 3 SHA256 Code Signing CA0
161128000000Z
180303235959Z0s1
Baden-Wuerttemberg1
Goeppingen1
TeamViewer GmbH1
TeamViewer GmbH0
http://sv.symcb.com/sv.crl0a
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0
http://sv.symcd.com0&
http://sv.symcb.com/sv.crt0
VeriSign, Inc.1
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
131210000000Z
231209235959Z0
Symantec Corporation1
Symantec Trust Network100.
'Symantec Class 3 SHA256 Code Signing CA0
+ojr\`
http://s2.symcb.com0
http://www.symauth.com/cps0(
http://www.symauth.com/rpa00
http://s1.symcb.com/pca3-g5.crl0
SymantecPKI-1-5670
Symantec Corporation1
Symantec Trust Network100.
'Symantec Class 3 SHA256 Code Signing CA
http://www.teamviewer.com 0
20171103085056Z0
Symantec Corporation1
Symantec Trust Network110/
(Symantec SHA256 TimeStamping Signer - G2
VeriSign, Inc.1
VeriSign Trust Network1:08
1(c) 2008 VeriSign, Inc. - For authorized use only1806
/VeriSign Universal Root Certification Authority0
160112000000Z
310111235959Z0w1
Symantec Corporation1
Symantec Trust Network1(0&
Symantec SHA256 TimeStamping CA0
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0.
http://s.symcd.com06
%http://s.symcb.com/universal-root.crl0
TimeStamp-2048-30
Symantec Corporation1
Symantec Trust Network1(0&
Symantec SHA256 TimeStamping CA0
170102000000Z
280401235959Z0
Symantec Corporation1
Symantec Trust Network110/
(Symantec SHA256 TimeStamping Signer - G20
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0@
/http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
http://ts-ocsp.ws.symantec.com0;
/http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
TimeStamp-2048-50
\Z^ k;
Symantec Corporation1
Symantec Trust Network1(0&
Symantec SHA256 TimeStamping CA
171103085056Z0/
/1(0&0$0"