Sample details: a7079e7dd0b1b0664871121b55ea2254 --

Hashes
MD5: a7079e7dd0b1b0664871121b55ea2254
SHA1: acdd92d54fed14d94e55bce81f39db87cd5f7517
SHA256: 90fe1629a2d3993627505c97744dd89d406fbf47415d799929a3b58f6980bd99
SSDEEP: 12288:1zhZzw+Nc8O1iOLYIlMokrozXFVHSTSOsDw+:1zJ5nICoBRCSO
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Basic_v50v60 | YRP/Microsoft_Visual_Basic_v50 | YRP/Microsoft_Visual_Basic_v50_v60 | YRP/Microsoft_Visual_Basic_v50_additional | YRP/Microsoft_Visual_Basic_v50v60_additional | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/SEH__vba |
Source
http://kikkerdoc.com/images/mav.exe
http://kikkerdoc.com/images/mav.exe
Strings
		!This program cannot be run in DOS mode.
`.data
MSVBVM60.DLL
Dilkie
VB5!6&*
Middenstead
Singhala4
Dilkie
Autocrator
Yarpha5
Dilkie
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
Label1
Check1
KERNEL32.DLL
EnumUILanguagesA
user32
GetClassNameA
FindWindowA
ShowWindow
PostMessageA
comdlg32.dll
ChooseColorA
VBA6.DLL
__vbaErrorOverflow
__vbaI4Var
__vbaInStrB
__vbaNew2
__vbaVarSetObjAddref
__vbaVarTstNe
__vbaVarMove
__vbaFreeStrList
__vbaFreeVar
__vbaVarDup
__vbaFreeStr
__vbaStrToUnicode
__vbaSetSystemError
__vbaStrToAnsi
__vbaFreeVarList
__vbaVarAdd
__vbaStrVarMove
__vbaStrMove
Autocrator
Buprestidae8
oXJRk!@f
OnXZRk!Bf
oXZRk!Bf
mPqfS:
RfAdei
r9VT.z
h\>;O@]
;-Rk.(
~UMt	9g
h)*9W8]
nfA~fi
e?VTJz
ba3'5L
jMNln[
2*]S]O
RIPoAb
yK*)DJ
g]V-A{
S~`Bub
Nc`Bui
rFV-AE
La`Buk
Kf`Buj
!FE^92
.e`Bu	
1k`(bb
uGO4/K
VH$(CD_e
msd%fhx
nQXWUg
dQd_mk
L|cl\BSy
qI	[QL
) sRV-
o`Z|+(X
U4<,}/V%JX
\{u)a	
9Mk61n
%g]#2$1L
QWa</V!B
AWm</T
Rk!qr*;
U2Tm%xsdpx
fihk!PW
)*;V$.
Wi)V2R
PA1a.3ga]zm/i
EcaipB
N1}DIW
zm%y~c
vY-t2k
^Z'bpo
iyp3y~
@	_W6p
~}6e!$
UETL@xo
({Y	wW
2&jk#6XV-k?E
7t0X$@
A1a.3 
bp! _4w
"IW..a
KHYRk!
y@nwaBc
N1a.3 
3)TnQd?Z
K6;J~}-
EY#ME^
z7gt-$
37%';n
24'6Em&
4Uc:5|
l&@BNl
,7 1F4/
>P=EFB]dn
uY[MG^
7K.)DV
G3+{gQdWTU
.9B[||
c`)Drar
}v)by@a1
)DZRk!q
RK8X8S
[||<Kx
awf\V-!
gTiM!fI
PA1a.3 
MwFmdJ
K&y~m=
xM7>ko
c"G#GH?
#r[ HVK!Cv
LRk *r<g
]T	VC+L
PA1a.3
,-Vdw}>
TgT3y~c
qb\V-#}
]@X)tB
=DIjQd
Z?7,iV
C:.ey0W
+IWG.a
UZ);PW
!Ic@=/X
aB*U{8
NX!^ s
DP).f!
%m^UueU
L(]fpJ
ST\{rYs
0$;6na&
 D2nQd
\d4zh)sO
&)cW\!
04?4um&%
02?4jm,04 x
bTp(po	f
jj>*!Bi,
vK>"Bw
b!lJ"bWeA@
SKYoa7
K1VOsQ
nQd<7q
%y-Wg$
hoo7.:
9ny~k+
o>U=mGM	
>&	#%V
czck((s
S{YoaC
BL4c^C
VE@Tj&nl=@n
k!6B=:
jh)*=~<
y|^]n~
mra3dGD&d 
uq1&_;`
DXUq|H
H2jycB
[i $3w
\N+7B<4
&2|^{D
)Fy86S
$3:)z?
ha3~{J
jBVIl#
KkM/[/
>_;	f#u
.a!O5w
6]UxKX
"z,Qu.
A>'R=v%o{
]VT(D+
@\]n'z
2Os3GJ
$5I;~\=f
@v,OoJ$
[ZJ?}T
Wh!:^Az
6b2,y4x
}'Ri&F
3j]Zg.
/O/Gu	
WB.V)n7
Q3"XKk
!Bf<LP
xIeg"I0
[5s(sy
YdbR o
gL-iay8
5X$CfT
nt%;5N
[9@H>T9@O
=:~>9u
i?) b?
o,xok!Ff
yZ8`y=
'B^eP!
.3t0LH
]ME^8b
n}/V'N8
zgB^qP
b>~ x 
G>TiHU,
vSwG>;
'c.Xc/
P!1iL,
2W$:znY[
Tbfc* 
?g5U|!
3N_CQQ(
oXZRk!Bf
oXZRk!B
<e!Cz0
Sz}=v/BL
@+T;.E
]`: EA
b?b1?Q
'Xlwqe
J-48bB
ns<`YZ
mi71H4j
}h?xv!
XZZ/!Bo_;(
ZRcgBf
;1iUs=
$2inYS
Gy3@:|
oP_Rk)
|oXRUk!J
ZRc3Bs
.0DUp=
oXZZ;!Bn
h[ZRcsBf
(oH]Qk!J5
XJWj!Uc
oIZ@k3Bt
kXZRo!Bf
ZZkmBn
38JUk:
l Kf0;1
XZUkaBa
Ny3X=U
j]\Tm'Ea
k]\Uc)Ko
oYZRk#Bf
15<KI#
,??k!B/
$:*:_v
\ZRk!Bf
w?)uGL
9(6L!"
oXwok!i[
oYXQo$Da
oXZRk!Bf
4:on	[
l:on	[
h-U(ez
XJR{!Rf
l{$@p/e
oz#As.j
/>*T%5
EB3Z0P$
 /XZRk!
s@jh)*
\oQd+(q
Rk!B5I{8
k!Bf\'
0X$>VT\
$:'RX[
WT\CrOs
E3P=vx0
XZRk!Bf
$7|#v?
AN>-I[
oXZRk!Bf
oXZRj!Bf
oTZRk(Bf
oXQRk!
oXZRk!B
XZRk!Bf
oXZRk!Bf
oXZRk!Bf
oXZRk!Bf
oXZRk!Bf
oXZRk!Bf
oXZRk!Bf
oXZRk!Bf
oXZRk!Bf
f\ZRj!Bf
(tr0[3
zY'lYG
YF!zhk>
iD)OD1
A{ka''0/{!
Y_8A:<
;\,i.a
|g7/1T
	*|wF7Y
A/gG78
!ojCGf
j7<rDm79
TLqs`g
bgl)g8
z&<+3{W
{ hyhw?
sv\HP`E
tZ5E	m
TUf{}9
iNTP|U
JtbJ]VHq;
*%EaW"
-R.@e	
K3nwB`%
9kk`gQ
t/qJ?z
.Fzoob
n8es~4
=F3SBCxV
:CM-UC
!*d-q3
oM}Lhyrz
2iZKVE
Hez"Sjk!
:wrh6i
c$UFMte
Bam7xV
T=ov<I
qUr@?\
R&OnSat
K=80zr
q0p8UYMZ?
(QM\2qP
9n0#10
u1O^IQ
uF0LFl4
."$>_*k20*
==y1#7A
,H=eN=
Hns&O_
{[!!rw
Z!%_=	
]k5kiW
=vE[Xl
*-?5.Qh`
@[%0\,
@z/ZuO
X2K@^l
W]BVlt
ts9ShU
K31	4>p?
O&AW}%
3>amkd
BOKLX=N
9l?$y&\
7LZ.&I
VLg+F]
ErW$	q'
r5=E6J[vP
HgQ0'zT+
	Rf,rI
cI`,YA\
7DvK@I
d5@{8$
"=	lam
kuutdc\
g`hEQJi
zB[d#`
gDM>:]
%}D}l+ 
dWXOQCYg
~qN;r8
]#pL+*?O
ah{VLn
mEx<PlB]
{P$j6w6
q!2GPq
R|/Y	kD#
`4h.Jp
HAF[a@
k74	rB
%	?mc,6
45k(3.
`qZC)<
gNt_0Y
fG%b\33
NU/)E`
W|7^C]
5\c[4G
3$.qY7
`*&%JYlE#
d}u%<K
(s\A$XO
(nxanL
n*N+FE
	7r?`[+s
*)o(QahN@
VAnw[d
] FP6:
!.Eoe@&
8%]	*nd@3a%j
,j<'sg
\gF=X+
0H6J2_
|Q"ft~
zBw~	!=
r_p0y1F
fg;3NI,
WJ;BR:75po
$Q-*.]
s#``{s/
92zG-C
(i$.Y,}?
;5zS9o
{t	wt\
d`[P_@
Bcn#c+D
X=S$NP
&WmJ<a
l=d	km.#
ZnI`QH
bSt$[Y
WIG&CJ
3h	]=H
?BoPM^ 
eK8H.SL
=rFk&	
UOr8fN
zTCN_'`
*Uk#S^
Y7G|kl
~j#X<u
&2A!@E
teJ||p
}4WwXb
gj$1rC
Qhd;]>
l?01@af
2r5K^S
Zg@'sx
QLwV5>
,.^_cH
mj	{~`0
ngrr41
4*T^u+
{;ApN*Qb
[haBH|
1YZ[0>p
S&;(zJ
o>X8_V
0flkQy
UfO{b:
#*Fh>?
4=<b!f
1=)3#=
H+2d]}
GK{njq
GI52Eg"Z
*	LaLXP
V'l+#[^
{~.V=Nm
|PaX_{
)=*p#b
4xS+^P
!j^	,6
-S9Gds
;p}P@k
k`:t$b)
iI:VFYk
Mww;*\
5.vtdqC
M-[J#S
_uI4M@
`Auk?a
B6g<!;
fQ^H]	'
 h`%aD
E26V	^
,Lh kA2
g[s{pX
w=tvLY;1B
N`H{W 
m:$}0Y
C\&!uy
.]=:/i
T6;>YW
8m\v3{
'2.$,|#
54~s&n3
+vhIP`
4\r%)zp.b^
hz"NHQ
mJ!5-^
'Bm n0(
RcA><9U
~2< |]
hd)hES
xH._0r
fd6nA,
S |+BH
L;3 g]
z:`vD!
5p#;kQi
M%}Tx`<
#{^&??
e~vl\o
K;qK|2
kCp?`D
PhH>G2g
0[SX\@
uR'05b
X[(]g`
UZ,]\3
^v35<^Q
g9:$o%
,6hH/X
1/cKOv
1CQ7y%j
ePT;INcG
&(J1VIpIK
QtNLj,
 O]9WD
e)vEn|
:Z13LCE
~.kftL
%1".kGF
7^ICn[3
} c7,)8 
e^VQop=
?|~7}!
M1)"5'
m utg{
nz+t?~~$
04'+0B
/ "AI'
EN<!tr
^EY9yvP
<C{QDn
e`)}x{
`pC7%^
:57S+W
&a"G=A
WjJ'oCi
N.U;9z
{G!*r0
+7%l3Z'
VB_b-u
,<B2K>0_
>+*"wW-
0A8=rJx
=z23jO
nda/{E
p	i5{r_
BN	CyD
-@+U|v6_
VQ]l!TR
Bh^&uh
P5&&!\
}m(EBx,
r*11#N
[26_s+k
Q#T \]
B{ CQ<
'viKRn
f	@s=H8
n[GwMbL0Z
*d5W?,
uzV)Rh
T8L:I1ph
]0E1w^
SoGvE%
4iLdC9R
^5eyT0d
]g42n+
vcHdWH.
yFW/S8-
2|aTR0#o
4E t/y
b!%Rr~
#*DKD[
{=9k{=9km<A4'
oXZRk!Bf
8Sf=aU
DWX,J^
p/2*By[X6ZSF
C^E!/2*BZAO0
*Bj\_/x[D&@EYBl@O#[W}+AVE5jJkB|ZE5x[D&@E*B|fk
]CA=<<=>>B\^
B:658<AD^`bbaav^
5<Dbq}}}qponopqxyyqaD8=\
:aC;9?
yxpnba`bcpy}xcB<>
xbB<;C
}xoba_acpy}oC9;
xob__aoy}oA7>
oy}b;7\
~mT4.-1Lfz
'xc__bp
0qb_`cy}_7<
								
}n`_bx
						
				'						
							0				#N
qa^`x}\
												
q`^ayy=5
										
o__c}n
j&'					
}b__p}>
p__a}a
}a__pq7
n__cy>
q_^ayD
s"				
}a__q`
}a__p`
}a__p^
}a^_qD
ya^`q?
x`_aq9
'qaan`
ycabc8
(LJ&N~
}naac>
W(+GR3"Gv
}oaac@
yoaab?
{R4Oi~8
xnab`<
ypbab\7
ypcbb`>
}xpccnaA5
A588ny
yxpnnon`?5
B75<\nx
}yxxqqpqpobC:
<559?\aoq0yyyyxxqpn`\>7
579;<>==;96
DB>9:86799;AC^
wwwlll
jjj|||
nnnbbb
iiiggg
ddd~~~
qqqnnn
vvvkkk
mmmqqq
;qqeee
dddkkk
uuuiii
}}}hhhbbLsss
|||iii
ccciii
___ooo
Lggeee
vvv|||
Buprestidae8
Check1
Check1
Label1
Label1
MSVBVM60.DLL
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
_adj_fprem1
__vbaSetSystemError
_adj_fdiv_m32
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
__vbaVarTstNe
__vbaI4Var
__vbaVarAdd
__vbaInStrB
__vbaStrToAnsi
__vbaVarDup
__vbaVarSetObjAddref
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeStr
|||iii
ccciii
___ooo
Lggeee
vvv|||
wwwlll
jjj|||
nnnbbb
iiiggg
ddd~~~
qqqnnn
vvvkkk
mmmqqq
;qqeee
dddkkk
uuuiii
}}}hhhbbLsss
]CA=<<=>>B\^
B:658<AD^`bbaav^
5<Dbq}}}qponopqxyyqaD8=\
:aC;9?
yxpnba`bcpy}xcB<>
xbB<;C
}xoba_acpy}oC9;
xob__aoy}oA7>
oy}b;7\
~mT4.-1Lfz
'xc__bp
0qb_`cy}_7<
								
}n`_bx
						
				'						
							0				#N
qa^`x}\
												
q`^ayy=5
										
o__c}n
j&'					
}b__p}>
p__a}a
}a__pq7
n__cy>
q_^ayD
s"				
}a__q`
}a__p`
}a__p^
}a^_qD
ya^`q?
x`_aq9
'qaan`
ycabc8
(LJ&N~
}naac>
W(+GR3"Gv
}oaac@
yoaab?
{R4Oi~8
xnab`<
ypbab\7
ypcbb`>
}xpccnaA5
A588ny
yxpnnon`?5
B75<\nx
}yxxqqpqpobC:
<559?\aoq0yyyyxxqpn`\>7
579;<>==;96
DB>9:86799;AC^