Sample details: a16813d7ff22a27e0c6504f404ff57d4 --

Hashes
MD5: a16813d7ff22a27e0c6504f404ff57d4
SHA1: 01b1415c4fc43b1dc6e21e933410295f9cd1b1af
SHA256: ae277db0e7b42198da46de050d1db5e66c01420f73572a9f4b39c2e12f8775f9
SSDEEP: 6144:ZWIy0H5t3Ewzra70CefBqic9/a6wBcx8DvFydhZ:Q0H5t3vGYCqwa62cx8m
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Basic_v50v60 | YRP/Microsoft_Visual_Basic_v50 | YRP/Microsoft_Visual_Basic_v50_v60 | YRP/Microsoft_Visual_Basic_v50_additional | YRP/Microsoft_Visual_Basic_v50v60_additional | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasOverlay | YRP/HasDigitalSignature | YRP/HasRichSignature | YRP/domain | YRP/url | YRP/contentis_base64 | YRP/SEH__vba | YRP/SEH__vectored |
Source
http://acmep-tech.com/de/dan2.exe
Strings
		!This program cannot be run in DOS mode.
`.data
MSVBVM60.DLL
	CaSkifteforretningernes5
Karikaturtegneren
Citadels0
						
mmmCjjj
gffqehe
ooonrqq
ssrXwwv
|{{I{{{%mmm
Citadels0
Strawier1
Ddsensfarligt3
Pegefingeren
Cohesible1
Royalisterne6
Silkepungenes7
Forlagslederne6
Outrigging7
[c<BdX5
{:y!pbG
{Xd_'F
4}I_Sn
Gqg_QE
n!>Yrz
ynuB[<
~Pd@!|
3CXA,[
>d^Mfl
|6a>m:
CHkvJG
4m'%f*
uy6!.T
QcrLm<3
Bs,E_k
<oyshSv.#
!W/a9&
!3[;,N
p&GGDk
gB^}`&<
1U4V0Ep
F*wohN7
Rkl_EwL
SdE5(h
.+SR7IK
j08R";
o=40=@
5K48(U
CX!irHn
[V1u0X 
-92^uv
C"?OMt
H{DJkNsq$e
>3]3DM
FcCq>oK
jCobHIQ
R(Gn<#
38LaiI
L-.JCA
a"y,Uf
W-o*#.
IX"\va
bf/x+]
7K@/-r
@.r	J)3
lk*Vh"n
E&i5$g
PW70xJ~
/({e]e
x0-A(K
]f5T;Zp
tqj'J))
V]u9bj
HDZ	B'
HP7`(&
[n.OCm
j{ni*P
p'[1|A
h!$CW-sb
:A]Io{+
C!xTZN
KHW]	o
RhsXoD
i5Gmd~
d@KVQb
"|OBy\r
`HUwg;
f$$BEm
$];s5Ij
t3eS7 
3r^-zE
Q\37.z
8me?|t
4rD	XL9!31f
7r:vrP
0GYBEG
[l-bJJ
Qw3$Sf?\
HZF3B+
NGyGgJ&n_;4
3Jf>12
r&#JUy
EX,<^_
n^uCQU
wkTron;3
#M!;_E
^=uaox
)4|w\:+
O.u$0j
7cK0mm
KyvlsO
?V.*y4i
`=V}^Q
qghziO
Jw]K<^
R[E]>U
-Q_6)sD
ktm'yOZ
nZ>txuW
>lvCLW
Z%m{hmRvc
M9U]fK
l0s9rS
0&UuDT
!,rV_@7<
Ajs00H
mRk9PU|
<R_qG8H
k#(c4e
Zu50Ye
u\'Z#,
|m>jTV
CO8\SWX
`k4Dd5
s&v0CjwXH
!S[o!b
qF3x/e,
mS0MK2
UFezG>
e}PV^N
=zRQ?u
2dd Y0
XRqWX	
NC+u)9v_
iBr^N3t
Lf:+CW
wAYbaK
WI*CXM
AT^}`#
786l0V2-
VI{'=)qe#
vr.COg
G%]k"g
eFv`$^9b
,Yd!g7
> LkZPRN
&Ih>QY
Oh~R87,S/AF
s`//4]
unti4s5G
_#:?~c]
mu{1~A
X#Y#G)
1C^EkN
r{^9mb
.$TcuE
5`48Km
:<K$0='
^=w-zx
4-X!8W<
}4>6{'AAtL
7	?NdbW
IG1T{+
)#|D$%
1vjCtK~D
 n^?)A
v{jxU!
A ;NRk
d3+{d}c
DKcp	g
sT=	/3
^.*4X1Br
()qm@0v
EP|2DbR
Zo"v2<)7
-))_{Q2
di|+Xi
*A&H'}
/o-_874
+I|AF(`
>Qve1,Z
GFv-,$
?A#/^1h
}WIpkk+
-YTpW'
 $mrzx
)\q:`9
B}eq8F\
~kL?&.cZL`
<c)	2y=
\{S!1ol
xDd`?<BN
kFr-U(
{<:,n~9
r'Sf76
oYD=(6
$iA[0BG
VLs#=~?J
@W$<"#
\y6\U?
J`%KUF
2q~T9;x#
Wem{s'd
pB'efZp
!or}-L
uAfI?a
Wm-{mX
oG+W&K@
ZxN:~+*<
|#YT:Pa
t?JXuc
>Q="=+
'!0eMs
1| h`OK
,#dsz<i
}BX2	'
#HtV5 f~G
Hu22&f@
+i)}QX
z[?.D'
%8R9"J
"Sr8nac#
[NIr#ue
>l	p/X
{wwR4C?
)	aCMr
|M^[Yg
A@zyAr
1./+@@">
[uL7e[
38'Bm}
4YIkItw
K)>}_m
!syo<V
a(@ZW:
5^27rK
2BJc5J
AH8K=i
2wO9S\
<M^+Gz
O,=u]H
nJI!PC
Q`mT=S
'v:9}P
J/` !f
n]'_hSs
v#`U5V
dx%M.mvZ
H,|WTp
5e%]+8
tj.d%z
*/	6cV-)
qsf>%u
Rj`O#`
_4\w0S
l)2};2@
{@|%`e
'C}slP
H'h Tl
iC[#-~
Ja^I}j
|{5c.Y
p-<9a\
=Ek0rmh
GZ}be1
)g}.cw
fs~CV!C
n-bwZ[
as'v}U
6w3iUR
~R,mz,}
HI@]Z}
X^$$t{
G'UQ8@8
x5j98}
0H-P~i~Fn/D{
,Wdt%3|e
aJ{!b{
Ttd~ZDQ
"b@Ec:b~vF
6s34jY
S	j 4-
Qy^l{q
Bt)NqD
RB*la0
wUyoa>v
u[g8"3
)]AFuP
q[9Y/O
1TLgY@,S
EOWj0K
]|eB*}2<
o5&,y(
{Yqeo 
*/,aT6
RCy>rms.
[RC>zk
rnkHbc
jH,HrQK
)VO*Dh
dK-X6b
.JvmSP
sw?Wf!Q
~S]tfv
n&X	L_Z;
m89cM%
Bq'L=P
Tf~$v5
SHELL32.DLL
Shell_NotifyIconW
PHeapAlloc
KERNEL32
vSLeMG
[KKraX
,]]ePw
KeIwLeI{
(["diU
LeIwLeI{
\S+Zh]
VB5!6&*
Gazettes5
Aetiologically
Skifteforretningernes5
Skifteforretningernes5
Karikaturtegneren
FNMzTm
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
Pegefingeren
Strawier1
Outrigging7
Ddsensfarligt3
Cohesible1
Silkepungenes7
ADVAPI32.DLL
MapGenericMask
StrokePath
SetBrushOrgEx
AddAuditAccessAce
user32
EndPaint
joyGetPosEx
SetBitmapBits
winmm.dll
waveInClose
GetSidSubAuthorityCount
GetClipBox
CloseDesktop
AbortDoc
ToUnicode
SubtractRect
kernel32
LockResource
SetEndOfFile
imm32.dll
ImmEnumRegisterWordA
SetConsoleTitleA
GetMenuItemCount
TrackPopupMenu
waveInPrepareHeader
waveOutWrite
PtInRegion
CheckDLGButtonA
waveOutGetErrorTextA
SetSystemPaletteUse
FindNextChangeNotification
mixerGetDevCapsA
midiOutGetNumDevs
BroadcastSystemMessage
PlayMetaFileRecord
SaveDC
winspool.drv
DeleteMonitorA
midiInUnprepareHeader
IsChild
GetTextExtentPointA
CheckRadioButtonA
TextOutA
SetDebugErrorLevel
waveOutReset
GetKBCodePage
__vbaExitProc
AddVectoredExceptionHandler
CloseWindow
URLencode
VBA6.DLL
__vbaErrorOverflow
__vbaBoolStr
__vbaSetSystemError
__vbaR8Str
__vbaFpI4
__vbaOnError
__vbaFreeObj
__vbaNew2
__vbaFreeStrList
__vbaHresultCheckObj
__vbaStrI2
__vbaStrCat
__vbaStrMove
__vbaStrCmp
__vbaFreeStr
jLh(YC
j(hHYC
jLh(YC
j(hHYC
jLh(YC
j(hHYC
jLh(YC
j(hHYC
jLh(YC
j(hHYC
jLh(YC
j(hHYC
jLh(YC
j(hHYC
jLh(YC
j(hHYC
jLh(YC
j(hHYC
jLh(YC
j(hHYC
MSVBVM60.DLL
__vbaStrI2
_CIcos
_adj_fptan
_adj_fdiv_m64
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaBoolStr
__vbaExitProc
__vbaOnError
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
__vbaErrorOverflow
__vbaNew2
__vbaR8Str
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
__vbaFpI4
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeStr
__vbaFreeObj
mmmCjjj
gffqehe
ooonrqq
ssrXwwv
|{{I{{{%mmm
						
Western Cape1
Durbanville1
Thawte1
Thawte Certification1
Thawte Timestamping CA0
121221000000Z
201230235959Z0^1
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
http://ocsp.thawte.com0
.http://crl.thawte.com/ThawteTimestampingCA.crl0
TimeStamp-2048-10
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
121018000000Z
201229235959Z0b1
Symantec Corporation1402
+Symantec Time Stamping Services Signer - G40
http://ts-ocsp.ws.symantec.com07
+http://ts-aia.ws.symantec.com/tss-ca-g2.cer0<
+http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
TimeStamp-2048-20
VeriSign, Inc.1
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
161128000000Z
180303235959Z0s1
Baden-Wuerttemberg1
Goeppingen1
TeamViewer GmbH1
TeamViewer GmbH0
HEgpE>\
http://sf.symcb.com/sf.crl0a
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0
http://sf.symcd.com0&
http://sf.symcb.com/sf.crt0
VeriSign, Inc.1
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
100208000000Z
200207235959Z0
VeriSign, Inc.1
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
https://www.verisign.com/cps0*
https://www.verisign.com/rpa0
[0Y0W0U
	image/gif0!0
#http://logo.verisign.com/vslogo.gif04
#http://crl.verisign.com/pca3-g5.crl04
http://ocsp.verisign.com0
VeriSignMPKI-2-80
VeriSign, Inc.1
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA
http://www.teamviewer.com 0
Symantec Corporation100.
'Symantec Time Stamping Services CA - G2
171103085055Z0#
_2'k-vX
Symantec Corporation1
Symantec Trust Network100.
'Symantec Class 3 SHA256 Code Signing CA0
161128000000Z
180303235959Z0s1
Baden-Wuerttemberg1
Goeppingen1
TeamViewer GmbH1
TeamViewer GmbH0
http://sv.symcb.com/sv.crl0a
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0
http://sv.symcd.com0&
http://sv.symcb.com/sv.crt0
VeriSign, Inc.1
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
131210000000Z
231209235959Z0
Symantec Corporation1
Symantec Trust Network100.
'Symantec Class 3 SHA256 Code Signing CA0
+ojr\`
http://s2.symcb.com0
http://www.symauth.com/cps0(
http://www.symauth.com/rpa00
http://s1.symcb.com/pca3-g5.crl0
SymantecPKI-1-5670
Symantec Corporation1
Symantec Trust Network100.
'Symantec Class 3 SHA256 Code Signing CA
http://www.teamviewer.com 0
20171103085056Z0
Symantec Corporation1
Symantec Trust Network110/
(Symantec SHA256 TimeStamping Signer - G2
VeriSign, Inc.1
VeriSign Trust Network1:08
1(c) 2008 VeriSign, Inc. - For authorized use only1806
/VeriSign Universal Root Certification Authority0
160112000000Z
310111235959Z0w1
Symantec Corporation1
Symantec Trust Network1(0&
Symantec SHA256 TimeStamping CA0
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0.
http://s.symcd.com06
%http://s.symcb.com/universal-root.crl0
TimeStamp-2048-30
Symantec Corporation1
Symantec Trust Network1(0&
Symantec SHA256 TimeStamping CA0
170102000000Z
280401235959Z0
Symantec Corporation1
Symantec Trust Network110/
(Symantec SHA256 TimeStamping Signer - G20
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0@
/http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
http://ts-ocsp.ws.symantec.com0;
/http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
TimeStamp-2048-50
\Z^ k;
Symantec Corporation1
Symantec Trust Network1(0&
Symantec SHA256 TimeStamping CA
171103085056Z0/
/1(0&0$0"