Sample details: 9c3222523444ace89b59d67cd6a8a2e9 --

Hashes
MD5: 9c3222523444ace89b59d67cd6a8a2e9
SHA1: 82d90c83119a1a74b2aeb815c0deac785e7d15ab
SHA256: 80d2e3f2b56516ac1ff46e381a10ceb4b1d58310f70989338a1c298256e96c58
SSDEEP: 6144:sW+vNAtjQmIWA3KVrFxt33AZ0Ze7Ag+d5hwHfbUOjw37R/U+XHrDgP7:wA2zWAaftgKZeZ+/XAStrXHrD
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Basic_v50v60 | YRP/Microsoft_Visual_Basic_v50 | YRP/Microsoft_Visual_Basic_v50_v60 | YRP/Microsoft_Visual_Basic_v50_additional | YRP/Microsoft_Visual_Basic_v50v60_additional | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/SEH__vba |
Source
http://enemobodoukpaka.com/stub/DD1.exe
http://enemobodoukpaka.com/stub/DD1.exe
Strings
		!This program cannot be run in DOS mode.
`.data
MSVBVM60.DLL
Uninsured
VB5!6&*
Zephyrus1
Unwordably
Uninsured
Alpinia
Matzohs
Uninsured
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
Command15
copaivic.dll
Oarswoman8
KERNEL32.DLL
CreateTimerQueueTimer
KERNEL32
SleepEx
VBA6.DLL
__vbaStrCopy
__vbaStrCmp
__vbaI2Var
__vbaVarTstGt
__vbaStrVarMove
__vbaLenVar
__vbaVarIdiv
__vbaErrorOverflow
__vbaFreeStr
__vbaFreeVar
__vbaSetSystemError
__vbaI4Var
__vbaVarDiv
__vbaVarAdd
__vbaFreeVarList
__vbaR8Var
__vbaStrMove
__vbaRedimPreserve
__vbaVarMove
__vbaOnError
Alpinia
Mahjongg4
Xy$H r
$@.PC%
$A.PC%
$A.PC%
$A.PC%
$A.PC%
$A.PC%
$A.PC%
$A.PC%
$A.PC%
$A.PC%
$A.PC%
$A.PC%
$A.PC%
$A.PC%
$A.PC%
$A.PC%
$A.PC%
$A.PC%
$A.PC%
$A.PC%
$A.PC%
$A.PC%
$A.PC%
$A.PC%
XTraH\
&2Wgy 
..>CC	<9
	%4+.:Cu
{~c""C?
o]LWVDl
LoPyit
$ADP)-
!e|C7J
{Wl-/A
ge|Mv2f
!I}P7h
O5#PU0
i]4"-C
Vm}#p+
<<QnG6
$@.PCz
zo[mT^
f.GUe<
WrK+aE
H>!bO"
/SLVSb
`t0@rH2
lE[Hzm
e"GTed,
'Xh-)w
wP-p@	U
*xf@6,
AxC/fn
0e!-vh
e3.Vd	
W3Wga$ 
i=FKi!>
_(A.P7z
3Waa$&
J84P3`I
@{%pQrn
)@-J xRl
6kduEX
t'~U$A
	s]FGx
(*cX8J
.+V:3sh
n@:1a4
954*(	
#0Z`zr
d|M~Za
jg,cz\U
VG9@7\
>{o#jH
Yt=+is
-Kvkvq
-Q5Lg;
<htR#x
{ZqH\_
oxSQo	
Tfi[9e
m./ cv@
#idQID'
3	>1dy
ia#^#0
@	.NAD
VG9@7\
B3+Ovp
R[j;sFK
,y&|!x
u'J!$A
VG9@7\
I2@f"k
?UxA.P
N@ZD)+
uA`ppx
s'^6$A
g|M~Za
V3ljt9w
$3$hPn
M[zn=}
iujtrYc
& IE<ST
xjtY+e
]@:1a4
I2@f"k
Y{6HH\Q
Q3Wei 
GWC|Bk
=Y).:&
|j>I_\
	sbFGA
gg,V3=
jpC%	,
VG9@7\
3A4HrK2
W`LokDT
K1/CG4] 
}.0%y~z
7{YD9J
L";KyH
r'<K$A
30Jw}E}X
>G+Bay
Z(0cnU:
"A:[QA
__nTrqEV
i=FKh! 
4-k1IosZH
	F<@7\
VPB>Q'_
q&hRnI
pMABp [
zOtAOP
-Z'o]-
F:{;XQ
i=F;g!;
V{n3lK
'+UO>z
PC&@pgE
2l^C}y
9wLKWs
A.PzPT~e
0j~C.P
L%hq+E
_A:oZN
0y&h!x
4wm?L4
NRKz9q
&ZC%	4
U$hFf>,B
Jg+obi
<YTM-<
UD{gY0
;Vg++2
tz^Ao	
5+J>Y/
 }ne==
)Z'o]$0
Sz`r?B
%ja+ 	
O:]pFl
d	xKtyy3
Os!=O2
D0hs[OXu
EAfJGjP
1*ZLCp
]BfC-|jS_
	M3zH|
0T,UI'n
3MpH`<
(*g8|VQ
e y?Ia
:CuF4!M.
H-xR p?#
KID<m8
CPT?562
GPC:ck
3l|:}yC
~W~&{+
8l4I@:1k
cl 9}y
9F;:I:
{J3VYr
R(pE:.
U@:1c4
htR%LI
#{M)EW
}7%k{.
4-k1HA;
lXIRP7
65@:1k
#xu) 9t@
<Xj7@>
B#:0I`H
{52lnQ
1+fdK'
PI;O/p
rcu8J:
\Xf!qY'
"n*G44%
 ZJ#GT
1"u\X;
b<?fn9
j~G@=}y
=eQnp^	7
;-	Z`L(
pa2*?9
91]`~\m
23k|$o
{iJ-^g
p/&ep:
c`xsZX
J-hYHR
|y[ip,
]UHz6p
t+r\{_
?a o.&
#R5y"[
4S?R<!|r)
QT8	nDPS
bQTWc]Di
<Gg$o(v
 Njas7
_h(	[,
[Y	"#W
c\`7qM
e	_4H]Ql
}.aJ+K
qLku%/
~ONK3#
ISkj>g
-#9+'C=
L.iiCU
pntzZu
AVMyUN
E&cct-
ERSm1\J
amw|Iz
=;PPC6O
>MP)vY
,F&GfFu
c;:(1Y>
R6E[tC
efikqU
CpW($#
;'~^nl
"RwbDW5
$+	n(Z9
iK>I&T
,L?ZvQ
y\Sc"L
[*/Fm\
jH}TQ$
C	W*c-Q
?K I[q
yv#4pq
}qx[k_n
SR4Yra[K
\oGN[w3:
{Jo_.~
K7z0pW
Dchl';
nE&`z&
q\9;_8
aY-q9y
1P:^<,
v?^"Hc
3`j{<Q$
}>1RD]
R9vk	@
e@aX	Sjo2Q
#CVpe6
96DZm#
:nBR!DJ
+S^Lq,H
pUI,Ib
"u{F&s7|=u
nU	)dp
;"s87v
 )Im<cv6
msOC|Ej
ypaS~N
!QrEd}
Wihnc1q
rW^[Iza	+
rP|zQ%
/QL]*;eu(g
"P`>z:
LCPl'Ze
Hqe ^s
JHpH%V
"OuzcFg
 w1a`Lo]d4
k_d$6E1
W49upXd{j
M2FWs05Z&
Zpv7`8&
FgS~`^
ftcZq);
g&=9D?
lsfa.KN
$A.PC%
$A.PC%
$A.PC%
$A.PC%
$A.PC%
9;SEpByPC%
$A.EpBy
<6=@j%
E++UU*
E+!(@$'
E+KFk+
EqJ!B+
EqJ!@+
E+!(D_
s!(E$&zQ+
k!(E$&
s!(E$& G+
E+]EQ*
b!)E^V
!(E$'(
^RQ=/N
E+]g)*
3!(E$'
E$&:D+
E+eWE#
E+]G9*
!(E$&\
E|]E]*
!(E_U[
d[8'+(
y*z[=#)
JM!(k_
E+KEP+
)"+E^N
a!*E^V
E++Ma*
E+)]i*
KPW\`e
ddd|||
uuu~~~
sss}}}
zzzzzz
rrr{{{
mmm}}}
mmmyyy
kkkrrr
hhhuuu
Edd|||
yyyccc
iiihhh
sssddd
eeewww
tttggg
iii|||
mmmxxx
nnnwww
uuummm
kkkyyy
vvkkk~~~C
vvvmmmuuuz
|||tttqqqvvv
jjj|||
MnnnbbU
aaaxxx
iiiggg
ddd~~~
qqqnnn
vvvkkk
mmmqqq
rrrhhh
dddkkk
uuuiii
}}}hhh
|||iii
ccciii
___ooo
gggeee
Mahjongg4
Command15
Command15
MSVBVM60.DLL
__vbaVarTstGt
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaStrVarMove
__vbaFreeVarList
__vbaVarIdiv
_adj_fdiv_m64
_adj_fprem1
__vbaSetSystemError
__vbaLenVar
_adj_fdiv_m32
__vbaOnError
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
DllFunctionCall
__vbaRedimPreserve
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaVarDiv
__vbaFPException
__vbaI2Var
_CIlog
__vbaErrorOverflow
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
_adj_fdivr_m32
__vbaR8Var
_adj_fdiv_r
__vbaI4Var
__vbaVarAdd
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeStr
|||iii
ccciii
___ooo
gggeee
jjj|||
MnnnbbU
aaaxxx
iiiggg
ddd~~~
qqqnnn
vvvkkk
mmmqqq
rrrhhh
dddkkk
uuuiii
}}}hhh
ddd|||
uuu~~~
sss}}}
zzzzzz
rrr{{{
mmm}}}
mmmyyy
kkkrrr
hhhuuu
Edd|||
yyyccc
iiihhh
sssddd
eeewww
tttggg
iii|||
mmmxxx
nnnwww
uuummm
kkkyyy
vvkkk~~~C
vvvmmmuuuz
|||tttqqqvvv