Sample details: 9ac10f769516e99c9311b2f556de1c55 --

Hashes
MD5: 9ac10f769516e99c9311b2f556de1c55
SHA1: 14febd739d4ce366f6b4047edcc241807b1b9391
SHA256: 87a2b7a0ba585fc200e30941fc725e1e9cfa796a8f71b08cfaaaed66289452cd
SSDEEP: 12288:vtHFCbXc4fR1p1pgBab9/brQS1GzHRT8VSH:l4MInToa
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Basic_v50v60 | YRP/Microsoft_Visual_Basic_v50 | YRP/Microsoft_Visual_Basic_v50_v60 | YRP/Microsoft_Visual_Basic_v50_additional | YRP/Microsoft_Visual_Basic_v50v60_additional | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/SEH__vba |
Source
http://b.reich.io/jpbqpm.exe
Strings
		!This program cannot be run in DOS mode.
`.data
MSVBVM60.DLL
Copplecrown
VB5!6&*
Achipa
Pusto3
Copplecrown
!sY}0?
Pronative1
Hexidecimal
Copplecrown
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
gdi32.dll
EnumFontFamiliesA
user32
FindWindowA
PostMessageA
GetClassNameA
ShowWindow
comdlg32.dll
ChooseColorA
__vbaInStrB
VBA6.DLL
__vbaR8IntI4
__vbaLsetFixstrFree
__vbaStrCopy
__vbaErrorOverflow
__vbaHresultCheckObj
__vbaNew2
__vbaVarSetObjAddref
__vbaVarTstNe
__vbaVarAdd
__vbaVarMove
__vbaStrVarMove
__vbaFreeVarList
__vbaVarDup
__vbaOnError
__vbaStrToUnicode
__vbaSetSystemError
__vbaStrToAnsi
__vbaFreeStrList
__vbaStrCat
__vbaFreeStr
__vbaFreeVar
__vbaStrMove
Pronative1
Glaucously
$\?i|x.
C(6#%|i{7
,_e=5!Pb#
"q3#3"
:Nh-)wJ
xrZ^u7@r_6YSW
\OxhMy
[jTz*)
"kHvnu
$D%H:ul
w4L8[^
$]<Y	>v
?rhKR_a
H_ @rC
%U_Fy&p
M+4Kv(T
k&7%^LT
`TU+(-
"kHrlu
\UG$c`
kK8ZD3
ko8ZD3
=4;Cdy&
=@PqTg
A*X	aY
_HLI0K
h?v<?$-(
yBo2'_
tNQ_62B 
{Icvj,+X
i%#9ZD
W'	WO0
Au(DWO
[OhL<Z@
Si)gw(.
!GZT}sdQ
r7ju\9
iw|f.i
+*IIr@
eE}"z!<
#L2nD'
]V_Fz&
Xa0L)YE
VsH7A`
w4To[6
9#%|i{G
EN'c3C
sr BR_,
K	b3;>
ot&H6-*
JBadI'
Lr!@rL
#N!h<g\
V9seo3
2dd!oI+
y$y7\uY
{*aT|j
hR_6p:
5mA3\E
s!eRc`
zQH3sf
7. f\1
I1GJ6'
= tUg.i
Z-`yNw
	vnd6y$}=
347aoZ
.D`J1d&`
Idun,co#
 GZWzwo
iVo*'\
g,.D#U{
5oGW_2
EW\J=N
,4lt(T
%>5'Lp
hMy2%l
2R>6vy
mT0<,{
P#>2{i<
_U_Fz*
[jQGrL
6%'LpU/A
)[%lNvK
`sEe&`
2{i+W/1
mu6e8`o
c 5-*k
J-GSM/
 3#R z
P~+2{gh
k1>Nex
BR_g<i"t
BR_f<q
)TWO6C8
od6y$u
eA'vX8
J,.D!U'Np
	H-d6w
s>z_95
\OxhKx2
B..`T9
\dFld6
$IsTgZtrnd6
ZlBld6
$>W%hN
t&B&"b^
.Zz#}k
y|&toP
tSB.[`TD
io<\+H
f	>zZx
/SaYGF
XH2R_6
?W_2^@
X!XW_Q
tzB.r`T
 PrK2{
PgM2{o
V_F{&qoE
kM-!P<U
"^W2T$Z
=341r&
sAZz%y$
"kH2ou
h!R-6v
YWEhxrJP3
:4?$-(t
C?JbbR@
E16ceR)
	(nd6qvu
)e&$,+
PK^2{i
Hk Xv"
P2R<6v
%y^U oQ
dg@jy^
d6y$m;
iS72,}R{
CUg.jog
$GZgn{
u)pQmq
a,GX2f
X\SM)YE
9\P+ U
O1k.N)
0n@KB]3J
{:oR	"
w}@acD
HGR_d<
U<'%[`
m0)qU>
`$ve&`o
wTgR%:
`E1*k\
9SMEpX
arZt.<%cl"
+ZW#}7
#Wyb+x
2-*kBz
na,+;O
(yV;N|rG&
g,.D#U3
347_.0
<&||cKP^
.*;7Km2-
LO&/sI
CT>H ~
 !=-`Dv
#u4@d 
v.xq]_}
\WO;Hpj
8pa8z\
(`Oxh	~S
V>'vZ((
@5FtW_4
r?gR08
45(TWO
De()q\6
8^q h4
`o.e&h<
oCJDuMKp
~>u%hOv
0vqvh,
UFtLA[?
0n@KG]3DH
nd6y$9
U_FA~&R
fuq##;a
arZtf4
[,.D!U'Mp
NPysI t
d6WWO	
FPV =H
~OFs/XU
5Nvj&l
,Z"_/_
bN{H+UOJ
'vE	,}F
2X8il=y
y!s>"}
#e&hnR
B%\s1\
[EZ!1N
+8jv	N
\Kl/ZE?
):)$J\
yL)*\=8
k4^2D4
_um&__
WO[;;a
V-V:<~_
.X($e<
l@+cF1|1M)
|T^/Mt-Fx2
ZRXW_2
8d<	ve(LK
tT:~kZ
Z&@`x;
\MiXyj=
	ylw]0
[WcQ+Lp
HS[<lg
tOcFcp
GDxkr5K
SE13B)
OM0d-#f
/i&>f<}
4$:(3lWHo5
"#0,==
jyjNJ#
u:Yv ~+t,+
WFmANj
+tO4}O
OCv[<q
G7%8P'I
i=i6Nj
8}I9p6OS
_y&x4=
3cLGmG
8=rr^e
m,/?jw
H:{*zi&
IY_AWx
tzsznjn
Br%/}h
HIGR/2
PuQY*X
J!b$;Q
wZZPf7k$
2f@h4+
_1{JF?
f^&f3R
rM0=>Xc
}KcoY]
8Y|~qT
3	GyyZ
.v_Y{J
+_E-o+
NT<CQ4r
Q^`@FW
^$fm?7
X\Tls i
ei0OX{
@}Ih2 
=10`Lju
	e|Z\P;/
6Y`29L
=gw.He
p@m,,D
MOk po
5uso!5O[
KRy?^U	
VM&MQ-
9O#{!-M
W&:~M7
vO]<I0
G#@X3j
wd@Vp<
b<T)fch
%d@@&2
k<`-H%
	!_:ebj
\`bSF~&c
}GC@A( 
<kd{LrZ
1d,p!:
>pHO#4
fUQE~v
P\g&[V
F_V=mZ
E|4D)g
,\tP+L
?xz>!)
)	z-VqC
[,W]3Jz
|PuE~+
#4TZep
<kJ4Pc
n+/ln+/l
'#rAN&
P]	;_f
'#rAN&
N:O# 2
N6OA!2
=<<=>>B\^
B:658LAD^`bbaa`^DB?A
5<Dbq}}}qponopqxyyqaD@=\
yxpnba`bcpy}TcB<>
xbB<;C
}xob]_acpy}oC9;
xob__aoy}oA7>
}qc`_aoy}b;7\
~mT4.-1
xc__bp
}qb_`cy}_7<
								
}n`_bx
										
										
						#N
a^`x}\
												
q`^ayy=5
												
o__c}c
pL_a}a
}a__pq7
n__cy>
q_^ayD
y`__x^
s"				
}a__q`
}a__p`
}a_]p^
}a^_qD
ya^`q?
}cabp:
ycabc8
(LJ&N~
}naac>
W(+GR3"Gv
}oaac@
|jUF)'Mu
yoaab?
{R4Oi~
xnab`<
ypbab\7
ypcbb`>
}xpccnaA5
A58Bny
yxpnnon`?
BT5<\n
}yxxqqpqpobC:
<559?\a
qyyyyyxxqpn`\>7
579;<>==;96
DB>9:86799;A
jjL|||
nnnbbb
aaaxxx
iiiggg
ddd~~~
qqqnnn
vvvkkk
mmmqqq
rrrhhh
dddkkk
uuuiii
}}}hhhbbbsss
|||iii
___ooo
vvv|||
Glaucously
MSVBVM60.DLL
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaOnError
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaLsetFixstrFree
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
__vbaVarTstNe
__vbaVarAdd
__vbaInStrB
__vbaStrToAnsi
__vbaVarDup
__vbaVarSetObjAddref
_CIatan
__vbaStrMove
__vbaR8IntI4
_allmul
_CItan
_CIexp
__vbaFreeStr
|||iii
___ooo
vvv|||
jjL|||
nnnbbb
aaaxxx
iiiggg
ddd~~~
qqqnnn
vvvkkk
mmmqqq
rrrhhh
dddkkk
uuuiii
}}}hhhbbbsss
=<<=>>B\^
B:658LAD^`bbaa`^DB?A
5<Dbq}}}qponopqxyyqaD@=\
yxpnba`bcpy}TcB<>
xbB<;C
}xob]_acpy}oC9;
xob__aoy}oA7>
}qc`_aoy}b;7\
~mT4.-1
xc__bp
}qb_`cy}_7<
								
}n`_bx
										
										
						#N
a^`x}\
												
q`^ayy=5
												
o__c}c
pL_a}a
}a__pq7
n__cy>
q_^ayD
y`__x^
s"				
}a__q`
}a__p`
}a_]p^
}a^_qD
ya^`q?
}cabp:
ycabc8
(LJ&N~
}naac>
W(+GR3"Gv
}oaac@
|jUF)'Mu
yoaab?
{R4Oi~
xnab`<
ypbab\7
ypcbb`>
}xpccnaA5
A58Bny
yxpnnon`?
BT5<\n
}yxxqqpqpobC:
<559?\a
qyyyyyxxqpn`\>7
579;<>==;96
DB>9:86799;A