Sample details: 9f1c93209306b2a205720a66482c8f31 --

Hashes
MD5: 9f1c93209306b2a205720a66482c8f31
SHA1: 6d1a4853f52144b540b54caef7b614d5a858197a
SHA256: ae63adc5d5b5df03b3c3bbd665bb7b9393a7905592b0530990676abae78b559a
SSDEEP: 3072:aFbMcXWgePwvSO8SX/3VmsMo2+P7EaSxDYpadUjVZzeqxu2ZnFNmcwFbPQ7+:aFYcXICdmvsTEjDYpN/zeqxuEmcwFTZ
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Basic_v50v60 | YRP/Microsoft_Visual_Basic_v50 | YRP/Microsoft_Visual_Basic_v50_v60 | YRP/Microsoft_Visual_Basic_v50_additional | YRP/Microsoft_Visual_Basic_v50v60_additional | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasOverlay | YRP/HasDigitalSignature | YRP/HasRichSignature | YRP/domain | YRP/url | YRP/contentis_base64 | YRP/SEH__vba | YRP/SEH__vectored |
Source
http://acmep-tech.com/de/sam.exe
Strings
		!This program cannot be run in DOS mode.
`.data
MSVBVM60.DLL
Forlagsboghandlerne2
Nedplje
Kossaean
qG@|vF
qGg|vf
(zlmGmmlllqzz
gghhhGGGmmllqzzp{llmhl(
@gghhGGGm
lqzt(Iv5gG
G|||||5
hGGllsxGvB@@Gl
@vvvvvv||||5
@@ghGGtw^R^`
vvvvvvvvvvv|||
@@glxx(A
|vvvvvvvvvvvvvvv||
@ptt(FG
vvvvvvvvvvvvvvvvvv||
qpppIW
gvvvvvvvvvvvvvvvvvvvv||qqqq
lvvvvvvvvvvvvvvv|vvvvvvv
lmmqG\v5gl(
vvvvvvvvvvvvvGmvvvvv|@
mhh@llggq(
vGzpvvvv@
\\fFgGqt\f\\
v|||v|@G
\\\\\FFFFvg5GphFFFB
\\\\\fFFFFFF55
@lmvFF
G\\\\\FAAAAAAFI
\FIlG\\m
h\\\FF
Afv5|vv\FFF\g
I@Glzz|FFFFv
Fv5glzzGvFFFFF\v1vvmx
FFFFFFFFF\sttxtu
<<<<<<<<<<
AFFFFFFF\txxtpty
AAFFFFFFvlttppqx
AAFFFFF
gGppqmp^
AFFFFF\v5gmmhG(
ceAFFFF\fF
v5gg@t
/ULWVVYcnAAFFF
5JCLMNNNM
|rr#[co
yjyyyyjyyj
QQQQQQyQ
[ZuL{6
QQQQvr[zvQ
ovbXvq[fvXM
]ooo'XXh_
114__h_X'@'[
'X__;___@op
;;;_or
rvXYbY
o;;;;;^;;;_^`
XXYYQ[[me
A;;A;;^;;`Ia;;XXYQc\sf
oAAAA2232STUV'hXX'o
0hA22;4
DEFGHI;J|Lxx
*	+,-./
rstuvVwxy
cdefghijklmn
WXYZ[\]^_`ab
RJKSTU
BCDEFG
789:;<=
,-./012345
!"#$%&'()*+
+-E8_d
%35Q/{
Kossaean
Hastening
Tykkerter8
Forstning
Lrlingekontraktens
Injurier
Smutterserne
Psykofarmaka
Relubricating
Jowliest1
Ethnogeographical
M]"ka@
yrb.ob`
=eJ]<	K
*=w>;4
!2QoQ;.C
}FfoL^f
!@26N!(9
iwL,Nn
aGpoK>
8gg-|6 
T@k_%b*a>i
/m*.[U
( I`"P
IaYT.X
{'R%=V
KV+ehn .^
NX61},2
h2b]`&
&~CGC&n
bX=kmB5
 Fn\FKw
NG_9e+
zr8Ax>
"70PP$
|Rgq"P
N*ocT;
\D?Y!H
Y1Txd2J5k
Y	Hw^8
Sqz+l~z
%Sx:,[
X0=jTz
CSer%4
|3XxrA
22f0I8
W#	i;?Z
$h_1i-
Hy,dek{R
W^Zk!|a
gYlsQI
h|@))#
*W27$4-wd
F]7Mbx'P$
S=8fA!
?`5w4z
C~\}8c
:*08tM
(:MWga?iR
d)VfNp
nSIhOnm
}K;>NW
M`:Iw(
4'StjI
>?j,RY
gi<2QUs'
X8r9sx
	K-9^)
0HHRqq
QOe	?C]m
*z?VXv
@%-]0v+
%$)*Qds
#/T+!h?Fn
h;#0ot#
U[A5QJ
~	CN"m
*toL]`
K0ABYC^D
2ZPXF2
R6k!j3
Nv:}i*F
vC|2dv
W 'UGr0!
(;IhOn
^9%u/ B
w7Xxr%
g{wLU3X
\DQ[bt*y
8,+MCN
_drH+F
RAUh<m
zB;hVF{l~
1":-)Ge
ox8!:(@
4#N w7V$s
@	/iK2
1=I"XM
ss`-S5
`YyxuS6gH
]}6C^IG
B$AYi(%
lFnx&/
']~Xj7
mr0kHI
~%#rq@t
IH$M-<
{KL[>J
G:8-8x[
_\e}Yk
L$}@Q*=
o1*zdo
YC(:m<
mV$"G?
l(K{n>m!
_$xw3{g
pN ls-
\tPKwN+
jVs)C$
	(_rG<$E
Fc},@94
uS>o3d
UWDaw<
CegrB_
*]p'0+
b:CR.eb
(;Ezrz
K{-ak'C\
*#v'LrV
	qDM.*,$
ON](jd
g'OL"_
,`=/6T
ex|m-"
vQl[VVb
''ZSW1zN
Z+HH;s6
$"<M&I
m[c/M6
^	h]mAh
kY!vLU
y54	o'
Bqqa(P
y(ao#H
]h\J>K
MFrp+F
k&".my
dR7.R6
Q9!{0H
(_dO>O
eGTRne
^\['/?Sh
yQ%\)0I
?F%5B/i
7Bn"_31
x]fyjG
bRjatM
b&+jQm
Lll0XjS
@5>YbW
GL)ew-4
8n3XZU
`%,}45K
Henh%@T
mT^hz2
l+yp.{
trNu<$?l
]p<tn/CJ
&+\nZO
b28E8$A\a
cV(1r@J
zE@kE$
o:rl)f[
=WtL;0&
jNH@Rx
<]+=%N
~JwoZz
qYjn-h
8mL$)s
AE31z\
c+6#=5
q@{PjY
QA|\D\yR
Ls/~kJ
AUaH[8
O 8>q{
x'EL7=
@.~6pY
]VduN@
[[O\Qjz7
_F=C,%
8TCygf
9= rf$P
n1_LO~
n,o0+-
!B#J<oY
,3wW"=#
p59i_aF
Su~NVr
7yI<ln
2~niD&
-d^o;_>\
#CCo5b
SHELL32.DLL
Shell_NotifyIconW
PHeapAlloc
KERNEL32
Forudsige2
VB5!6&*
Tulkepaia4
Bugfinne3
Forlagsboghandlerne2
Forlagsboghandlerne2
Nedplje
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
Hastening
Ethnogeographical
Lrlingekontraktens
Relubricating
Smutterserne
Tykkerter8
ADVAPI32.DLL
MapGenericMask
StrokePath
SetBrushOrgEx
AddAuditAccessAce
user32
EndPaint
joyGetPosEx
SetBitmapBits
winmm.dll
waveInClose
GetSidSubAuthorityCount
GetClipBox
CloseDesktop
AbortDoc
ToUnicode
SubtractRect
kernel32
LockResource
SetEndOfFile
imm32.dll
ImmEnumRegisterWordA
SetConsoleTitleA
GetMenuItemCount
TrackPopupMenu
waveInPrepareHeader
waveOutWrite
PtInRegion
CheckDLGButtonA
waveOutGetErrorTextA
SetSystemPaletteUse
FindNextChangeNotification
mixerGetDevCapsA
midiOutGetNumDevs
BroadcastSystemMessage
PlayMetaFileRecord
SaveDC
winspool.drv
DeleteMonitorA
midiInUnprepareHeader
IsChild
GetTextExtentPointA
CheckRadioButtonA
TextOutA
SetDebugErrorLevel
waveOutReset
GetKBCodePage
__vbaBoolStr
AddVectoredExceptionHandler
CloseWindow
URLencode
VBA6.DLL
__vbaErrorOverflow
__vbaSetSystemError
__vbaFreeObj
__vbaNew2
__vbaFreeStrList
__vbaHresultCheckObj
__vbaStrI2
__vbaStrCat
__vbaStrMove
__vbaStrCmp
__vbaFreeStr
MSVBVM60.DLL
__vbaStrI2
_CIcos
_adj_fptan
_adj_fdiv_m64
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaBoolStr
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeStr
__vbaFreeObj
+-E8_d
%35Q/{
rstuvVwxy
cdefghijklmn
WXYZ[\]^_`ab
RJKSTU
BCDEFG
789:;<=
,-./012345
!"#$%&'()*+
|rr#[co
yjyyyyjyyj
QQQQQQyQ
[ZuL{6
QQQQvr[zvQ
ovbXvq[fvXM
]ooo'XXh_
114__h_X'@'[
'X__;___@op
;;;_or
rvXYbY
o;;;;;^;;;_^`
XXYYQ[[me
A;;A;;^;;`Ia;;XXYQc\sf
oAAAA2232STUV'hXX'o
0hA22;4
DEFGHI;J|Lxx
*	+,-./
qG@|vF
qGg|vf
(zlmGmmlllqzz
gghhhGGGmmllqzzp{llmhl(
@gghhGGGm
lqzt(Iv5gG
G|||||5
hGGllsxGvB@@Gl
@vvvvvv||||5
@@ghGGtw^R^`
vvvvvvvvvvv|||
@@glxx(A
|vvvvvvvvvvvvvvv||
@ptt(FG
vvvvvvvvvvvvvvvvvv||
qpppIW
gvvvvvvvvvvvvvvvvvvvv||qqqq
lvvvvvvvvvvvvvvv|vvvvvvv
lmmqG\v5gl(
vvvvvvvvvvvvvGmvvvvv|@
mhh@llggq(
vGzpvvvv@
\\fFgGqt\f\\
v|||v|@G
\\\\\FFFFvg5GphFFFB
\\\\\fFFFFFF55
@lmvFF
G\\\\\FAAAAAAFI
\FIlG\\m
h\\\FF
Afv5|vv\FFF\g
I@Glzz|FFFFv
Fv5glzzGvFFFFF\v1vvmx
FFFFFFFFF\sttxtu
<<<<<<<<<<
AFFFFFFF\txxtpty
AAFFFFFFvlttppqx
AAFFFFF
gGppqmp^
AFFFFF\v5gmmhG(
ceAFFFF\fF
v5gg@t
/ULWVVYcnAAFFF
5JCLMNNNM
Western Cape1
Durbanville1
Thawte1
Thawte Certification1
Thawte Timestamping CA0
121221000000Z
201230235959Z0^1
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
http://ocsp.thawte.com0
.http://crl.thawte.com/ThawteTimestampingCA.crl0
TimeStamp-2048-10
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
121018000000Z
201229235959Z0b1
Symantec Corporation1402
+Symantec Time Stamping Services Signer - G40
http://ts-ocsp.ws.symantec.com07
+http://ts-aia.ws.symantec.com/tss-ca-g2.cer0<
+http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
TimeStamp-2048-20
VeriSign, Inc.1
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
161128000000Z
180303235959Z0s1
Baden-Wuerttemberg1
Goeppingen1
TeamViewer GmbH1
TeamViewer GmbH0
HEgpE>\
http://sf.symcb.com/sf.crl0a
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0
http://sf.symcd.com0&
http://sf.symcb.com/sf.crt0
VeriSign, Inc.1
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
100208000000Z
200207235959Z0
VeriSign, Inc.1
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
https://www.verisign.com/cps0*
https://www.verisign.com/rpa0
[0Y0W0U
	image/gif0!0
#http://logo.verisign.com/vslogo.gif04
#http://crl.verisign.com/pca3-g5.crl04
http://ocsp.verisign.com0
VeriSignMPKI-2-80
VeriSign, Inc.1
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA
http://www.teamviewer.com 0
Symantec Corporation100.
'Symantec Time Stamping Services CA - G2
171103085055Z0#
_2'k-vX
Symantec Corporation1
Symantec Trust Network100.
'Symantec Class 3 SHA256 Code Signing CA0
161128000000Z
180303235959Z0s1
Baden-Wuerttemberg1
Goeppingen1
TeamViewer GmbH1
TeamViewer GmbH0
http://sv.symcb.com/sv.crl0a
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0
http://sv.symcd.com0&
http://sv.symcb.com/sv.crt0
VeriSign, Inc.1
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
131210000000Z
231209235959Z0
Symantec Corporation1
Symantec Trust Network100.
'Symantec Class 3 SHA256 Code Signing CA0
+ojr\`
http://s2.symcb.com0
http://www.symauth.com/cps0(
http://www.symauth.com/rpa00
http://s1.symcb.com/pca3-g5.crl0
SymantecPKI-1-5670
Symantec Corporation1
Symantec Trust Network100.
'Symantec Class 3 SHA256 Code Signing CA
http://www.teamviewer.com 0
20171103085056Z0
Symantec Corporation1
Symantec Trust Network110/
(Symantec SHA256 TimeStamping Signer - G2
VeriSign, Inc.1
VeriSign Trust Network1:08
1(c) 2008 VeriSign, Inc. - For authorized use only1806
/VeriSign Universal Root Certification Authority0
160112000000Z
310111235959Z0w1
Symantec Corporation1
Symantec Trust Network1(0&
Symantec SHA256 TimeStamping CA0
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0.
http://s.symcd.com06
%http://s.symcb.com/universal-root.crl0
TimeStamp-2048-30
Symantec Corporation1
Symantec Trust Network1(0&
Symantec SHA256 TimeStamping CA0
170102000000Z
280401235959Z0
Symantec Corporation1
Symantec Trust Network110/
(Symantec SHA256 TimeStamping Signer - G20
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0@
/http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
http://ts-ocsp.ws.symantec.com0;
/http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
TimeStamp-2048-50
\Z^ k;
Symantec Corporation1
Symantec Trust Network1(0&
Symantec SHA256 TimeStamping CA
171103085056Z0/
/1(0&0$0"