Sample details: 9aed70a63a9b5ba11bd1f44177f1a1ad --

Hashes
MD5: 9aed70a63a9b5ba11bd1f44177f1a1ad
SHA1: 3dcd99b61503cc69cdcddeb783f746da5f167edb
SHA256: fa580f04db69517d1b9f7f9e1d88367e89645f90d8eb0698c4793389d3aabda8
SSDEEP: 3072:VuH0Vy0up0NMjbcORKCwNETwoWqcFysVKHxnIZJpS9eqsqcD4JoMf:EHmy0dNMjQDCwNETw359axnIZb6sMJh
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Basic_v50v60 | YRP/Microsoft_Visual_Basic_v50 | YRP/Microsoft_Visual_Basic_v50_v60 | YRP/Microsoft_Visual_Basic_v50_additional | YRP/Microsoft_Visual_Basic_v50v60_additional | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/maldoc_find_kernel32_base_method_1 | YRP/domain | YRP/contentis_base64 | YRP/SEH__vba |
Source
http://thronetradlng.com/temp/shopdoz.exe
Strings
          	            !This program cannot be run in DOS mode.
`.data
MSVBVM60.DLL
vb4projectVb
Diadema5
Ansoeger
Ansoeger
Trningens
bxNhuP
Pqcp}o
#Ub_Si
DH,(`s,
,dt$aQ?
MM8n+O
0c*9H"
y[B=|3
g67"(*
T,HG!m
jQLB;e@
OgEg_=
SKC:-o
xne`:%
:4aT	o^
timwim
	@&&)"x
ggdCI#
'WBk:F
,W]]h^Qg
R$R3i#
zkBB?gf)
| .Q{r
L)R9Y2N
}(HePSQ
`w	h=`i 
@Wy7ud
4o98i$
D_~wuCJq
.Kp["\
r A&i`
l)[EC!
s8Luuc
PM&7_xm
Y(G:-#CM
xN4cpC
sCruCF
4jM!>a<
T)sgJ0N
5*3KvWH
3/Z>nF
4I}'aF
d]dJ*7
y[|`)J
*ANVkZ
hT(2#gL
U)>;}@H
EZ2DrO
%lV'=fc
@0t_6=
bi9SZV?
H.Za0&\
G:5LW2
luB(#l
O;:=zZ
}P-yz5
aL2X;#g
%X'5/d
$nA@* 
x_zxd`
nI2IRc(
F`^g"t
k@OOC]
O;_69]
/`B|\%c
7aqWi*z
t>ev53
Yz6(Tj5
@TYbcfH
ZzG":!
C.a8<l
tt?ACH}
F_zsu*|#7
2l&s('
\izX}n}
-8)OJ&
^:%Bnx
{-Zr]T
|jbw5['
5M}S9_
hFFm;a
}(5Fz^S23
*9y0Cor
TS^\E`
vHC+_cJnq;
P/e|+1
kwK3^\)`
t*T(Z	
pZf!)pgQ#
yZq(?y
Tb\o9,
$g={Lx
	,@7N=
vcsHJ,
NQl'$z
QW(Ea.
JXQ1@\
m^h.ti7
)\ed! 
7*{+<Y
+_WH2O
3amj:@
zMb?Qu
E,>e~|
9!_|gF
h1;#ep
Ul0`p$
\s>C0R
lC] ws
D7eld=*RF
xY]K}a
b!a}ghY
i{|.]l%w
~Tr91&
Ay>-*u]%o
kKr;DzvG
Qpd`/7
RqY:GC
DE#/[,9v
im>3+]b
![<)\oe.9Z y
[/f~1]
3\Hty4
-kAkfA
PbsB#y
g;LJ5V
<IKiC%
M`bF&%
OkF'6:a
md0--DyPn
V37\q_
}"wFax
eALt'M
;KT6`9
G;BSmZy&8J
l|S1kLD
=9kZ420
ok%e06
$@	(q5
O-7l#&
{.6	y((%
ox7A67<
K^p(.D
vYsI0vMW
K3r;G*
ge8Y4u
Ohv:60
6}YDu\
rTARYG
Jpx oI
 5wej5
zB(z	-
uT>{NY
&r1@lp,
rNB^:B,_
>_k1&?
j,@LOK
m){RLu
"7J{<@@T{n
5Nb_M@
)dg4K7
;0>!q<
'<+M/ND
p_Sh)B%
[HRYd[
%5S?'z	
X$7Q/M
,)U~Dj
QCS.3`
-;^Ce3
^tyHfe
&2P30i
:},;i(
THFSs4
}+r([%
NQ($Z\
}'i4=5
rj!T-8R
b_	=_e
rST>+?
xS.HUFo
6Faq1@{
co,	3)G
5Gv_8f
:_K.siM
Rt.:f]n
7wo^+I
Cak"0R
a->=k)
Hx)(@_
}KHlC7
LR>5ei~
sT5|D>2R
=`uVSw>5
z/v'^V
d4hhym
M"f,,@
-Q[I.M
H\2>gjB
(RU)PK
fh)N'#
r("f(<
RKVTM`
V=?$U`
3nBbk#6;
;'Q~zV49
icE&}J
^^<9D$\
cGYe6!
gd$W?T
q6L(IL
TNH.RXH
Y,l	q-
z)oJRb
GXJ*,5f
~Q;:Po
N'3j[^
?-[{|O
H Otok
\RrJ	-N
BTy.k#
	-7d\ 
]c8l2&(
^Qz;Xk
__HZMC
".A(n	>
[n	7 ~J
yLVei|
jSy74$=
+~**sN
mqsVxj;
&jTdF"A
 iXm*)
Aj?vn}
UDDyJ!
cAzdO`
YaVgH7
Bc	^o)hZ
VWPg(X
7Q'71-1
c7~K><3
Pnvs"_:
-4e +2
@{!Nk=I
_;okYAC
.>oF,'I
0!W`#V
Nw{w%G!zY
0@R3BE
 >$o"`
@I/32Z8
pKKoCK
<}6n'8
m:e.u#X
S1g^b"
!Zkio[)
oZccj"
3i\30g
<hN:RJ
10w7UD
3SR*r^
4ngJxs
mNd)no
(Qs;!@O
iIVA}`-
J,.^eV9H-
Js6E\?
CgyX1g
6b%Xv?/;]
2)CNzG
eX`TS>
V~QR(S
o!\M_Gcw
[nsDmA
7|{B}A8
\Dy/fm
Fm %Q1
'{v;qgz
o>!bmC{
PVBY-vJ
W:!"k7yp
%]q2t	
;2U1Iv
?g$KLB
8A\`%NUY
ivDR>\/
<$eWb/
8.>s%?-36#
B8tIWw
	,~+6%?P
XEe3R#
H"aK_(2)
cb.nw0
C9RwXZ/
QyQt%m
7T,mqhtT~
c%`)xm
b^RZs3^4g
h|6R)UH
EE~	u|
F^id`1
4jkh@/
xRPDqy
s=C,$P
5`1<Adf
RD1F\.
GIxx*7
(lPm:A
@4Y)8Hj
CG%H,N
ntdll.dll
8:5'w:4
M0d(f.2
VB5!6&*
NvTmRep
Snufflier
vb4projectVb
vb4projectVb
Diadema5
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
Trningens
Form_Paint
__vbaVarForNext
FVBA6.DLL
__vbaFreeStr
__vbaAryDestruct
__vbaFreeVarList
__vbaStrMove
__vbaFreeVar
__vbaVarMove
__vbaVarXor
__vbaBoolVarNull
__vbaHresultCheckObj
__vbaNew2
__vbaVarForInit
__vbaAryConstruct2
MSVBVM60.DLL
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaFreeVarList
_adj_fdiv_m64
_adj_fprem1
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaVarXor
__vbaAryDestruct
__vbaVarForInit
_adj_fdiv_m16i
_adj_fdivr_m16i
__vbaBoolVarNull
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaAryConstruct2
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
_adj_fdivr_m32
_adj_fdiv_r
_CIatan
__vbaStrMove
_allmul
_CItan
__vbaVarForNext
_CIexp
__vbaFreeStr
C?O?O?O?K
C?K?O?O?O
w]k\g}o