Sample details: a8057863ec8e0e09bd3efb9b8a11e3ed --

Hashes
MD5: a8057863ec8e0e09bd3efb9b8a11e3ed
SHA1: be278fffbc19eaf741d109ac7afb6d59eaf1a727
SHA256: f149fbf403f5ee204e1a14611df7ef10cdea44bc989c7ef9d831fd2b375f32bd
SSDEEP: 12288:7Hf37ndaSQiwV7VOJREQDn09vBcN5q115d:7HvZaFBiRzeK5M1H
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Basic_v50v60 | YRP/Microsoft_Visual_Basic_v50 | YRP/Microsoft_Visual_Basic_v50_v60 | YRP/Microsoft_Visual_Basic_v50_additional | YRP/Microsoft_Visual_Basic_v50v60_additional | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/SEH__vba | YRP/win_registry |
Source
http://www.metroopm.com.my/level/ress.exe
http://www.metroopm.com.my/level/ress.exe
Strings
		!This program cannot be run in DOS mode.
`.data
MSVBVM60.DLL
Phangnga1
Zweibrucke
Autret
Autret
Diatriba
Filamento
Eighties
Uucpgate
Geoglyphic3
Subround2
Quotes8
Cmuccvma
Rodionova2
Fustic2
Dentiscalp
Ghostier
Lucible0
VB5!6&*
Altarist
Moringa8
Phangnga1
Phangnga1
Zweibrucke
Dewayne
Sharename
Editchar
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
Quotes8
Eighties
Diatriba
Ghostier
Geoglyphic3
Rodionova2
Dentiscalp
NTDLL.DLL
RtlCompareMemory
shell32.dll
ExtractIconA
user32
DrawIcon
kernel32
GetWindowsDirectoryA
RegSaveKeyA
brechet8.dll
Oculonasal3
advapi32.dll
RegQueryValueA
RegQueryValueExA
RegReplaceKeyA
RegRestoreKeyA
RegSetKeySecurity
RegisterClassExA
RegOpenKeyA
RegOpenKeyExA
RegQueryInfoKeyA
RegSetValueA
RegSetValueExA
RegUnLoadKeyA
RegisterClipboardFormatA
RegisterEventSourceA
RegisterHotKey
RegisterServiceCtrlHandlerA
RegisterWindowMessageA
RegLoadKeyA
RegNotifyChangeKeyValue
kernel32.dll
EnumUILanguagesA
LookupAccountNameA
VBA6.DLL
Editchar
Listtv
Listtv
Sharename
Kwandu2
Kwandu2
Dewayne
>d^QkY
?*-@.g
?k%A.g
9t7k 4
Ztozdkw
g)aNoK
#X&hvc
-t?:C_
hHzJ	2
ZRDq9f
%17d"JD
Xx$B} p
o.wg*)!
f,myX~
FA^i%M
0%A.>x
KG+?lA
-B SYYv
F1bcI~6P+
[wDq%c
klyl^a
:?0\YB
S@Z:^`S
0u!E>@
e.`5\~
E~|/d/
s(AZ9\
kO% Y}E
(+JD}Tzq"T
'}uAb=
Rtmm7wD
1,)DVLD
D[QL>;
l=Pb>J\
!k y&z#
hG8B=9
 q=H#(
v09t7j L
6nYM.g
pmm7wD
:yiRg;
6$cZgGi
Z`!B}.
u+br8A
Df6I=`	+
$^[\+I
PDo\sq
smeulm
Cm+>WD
Ed0de,
smeulm
9}7OT@jc
QU}0Dq!
q"\UZ}K
fW5oW"
= =}yB
d81U h@
2qd1*f
 x&p%x
Rpmm7wD
smeulm
,x>|%9F
^h;9}6xC
>)3[-B
r(@)bPa
#^V'.w
x6l"amPI 
6$k{*n
0PQ KT
05]"kB
Q[Yv3?]|
D5<m)6
 "	c@o
?TG%"H.
<}yJ~xE
f*-T\}
15Jep\
.)!r @
/ 5}fn
15C+~3
*5lqj|
=C	7yn
?w\="`n
klq!2ED
"B2os@>
xTWP'pvf
e-hqzR
,1_W~G
]@3m</A
l)PQ`KT
Z**cvo
AZ&_)E
4wy>!t
e.dyQN%
coME!!+
2}f|G#
Hpmm7wD
nYM.gK{
ZfE]U/-,
melt?Yt
(U.gwo(!E
?SH@>\
A.gCj(!
A.g3`(!L
??A@>[
t mFFW
Buk[WMK
ctW=}y
8l;)1_
H\$qAH
0_^3JTb
XS0%Z7XP
EU!#w1
tUQC2(
h@i5Cu
_s)$;K\66s3
n<oqE9
\rRT;7
lpm!Gm
?#%A.g
	7Jk$A/B
hi!6<#.>
B%L].8
)%_S!KS
M1{x\I
;UKD$A/m
&uPK.g
F8e7L)1^v
`~7[?}
2,Ntj]
5oQA.c
)chA.f
hh!3=#)
CgzH00
?g%A.q
BZ$A*LL
BG$A*e
,Zr4wH
1*xg\Rv1
Wu7n+n
227E= 
=-N:+1
.LLp;p
m$A.g:
;|$A.g
3L$A.g
OI$A.g
_C$A.g
?RPA.c
6k$A,g
bK$A/g6
FlJ6e*
b"FV=_fm
{J|ZWr[g5D
P 6OI*r
4quyQl
2ZgDb]
ic?q7A
f+}6W-
l6x+40
(0NTvNT
o*~smR
s,I3v;
-mEG)e
@/u8-/
(A.g/3)1_
?o$A.g
Gg]r.6
	ghPX.
oLB1H.
/t,YSG
j'q()wY
)O*/HD
HwrLtJ	B
>0r|1>
aNBRb]
E6}trz]
O$6DDl'
,0G0;<us+W$8$
Xh(2]h
&cJ@2p8J;
_y>SB\s
V/M#Sx
^DFQu7
CE.r	nK
v<6w3V
^i5/t@T
%[T7P 
s	rBkg
Z[@Z:\
ru/V^I})
1>c<M(2.
B;obL22+nb
}dodRb
Bc\Odt
`1$Sur
x*qas(
\?D2`3
8p(SN&
ZgcL*	
(,_&9P 
BnbheEG
miZ5*?
Z>O%M7
E6B&dl
s*>=Z<
mimXf(
j_Kt!5#
#$!A(D7
S[yF[v<9
ZzjH$x
YF`*Hl
hw]+f"
(i_^j3 5X
VzhQPpk
;.wB(>~
;qre 	
_+giu'Dd
%kB4(*)
)X8z1g
ussf~lX
M;r`k)
`adE-.u
.Md?/9
LCX(g@
^r/+0\
YU*C'~Ui?
jv?D.e1
&]k<4$
O,bhc%9W
/U;ZXO
_aY>7\
bMDz7p'
Zb9L8:N
Au$y,K
nhJE,C%>
?;L.%0J
se}bS0
q2fB2]M
ZlSi6T
Qh_cF<
qq;ms\
M,S=rZb
2F ILp
]]	tnv
"@0!.5|h
>@()RHU\
m[[L'D
vaC-By
xzeg6mC
`ky=`c
'<&kGX
).Bp}	
BH"p$?>
[XZcir'
kQk#`2
KC7QHbL
FaZ[qt
r`	4>TuD
){*$BD
}KL=2j
Pq9/D:
V:B!<B}
1Cc\C?%
WdUbPss
=$u` j
)B4Haj#
Y+i cs4}
5tb=%[
#J>t"7!
a;ggh|
2!Wt'6
TMwf81v
]<@mG.(
njaU0ZR
#T%p'{
 EZ^!{
5!8tDY
w/a$9L
$<):$1
a%j	\|^
5IHT81
FM%jE.
P@z]j+
"!a;Q[
Z--\#n
&s)\sN
|LEY$r
UF:/o%
;$Ye5|	dx
'G \!]
Aaehp5y
Lo5-Z-XY
Zj,?c2
E^w6BT
d$frA#h
@>J=fr
Le$zF2
(Z?LAK"
s	2rzf
KSP Kf;
aqm){t
n2T]&1
RH!F3-^
H)%'RUgs
M&	d@'
VA7h|p
DTH!xA
;Kt4S7
aV{<y1fO
%!E=o*
V+s'Vqh
PHrR8}
$+iCQj
g4h,^+a
"0b&"d
	|M)Om
0+3IPU
jg'qiS
@4'Nrl
Bk67?*]
"(5Gf(5GfF
wcZs)Kn
w`cZs)K
|x6t"y9
Rx9}1|
;?~}1|
x9}1,q
|8n	)0
{t0?yc
&A}x\8.
dx9}1p
|x_MTx_
!\j}&t:
}x9}1p
F|x9}3|
B|x9}+p
F|x9}+p
~yx9}1|
}x9}1|
}x9};|<
v}x9}#p
|x]Wdx9
4<D=x9
|3~xsx
|xx1xs[
|xx1xs\
|xx1xs9
|xx1xs9
} \=}g
|x_}Hp_
d1~`ox
=a4xx6
MSVBVM60.DLL
MethCallEngine
EVENT_SINK_AddRef
DllFunctionCall
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler