Sample details: abecb7c4285366bffd50dea265f20127 --

Hashes
MD5: abecb7c4285366bffd50dea265f20127
SHA1: c71a95b7313c35ea1ed404835cbe0e83a3726af0
SHA256: ab92e57aa504edb2aeaae6836f5ddfa022707fcfe9057d8a845eb8089f05c84d
SSDEEP: 6144:yvmg+Wcb5FLHKlOCx6kwlLPBQp5FLyOLu7A5WjL3:yvm71FeTx6xQpDLyONK
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Basic_v50v60 | YRP/Microsoft_Visual_Basic_v50 | YRP/Microsoft_Visual_Basic_v50_v60 | YRP/Microsoft_Visual_Basic_v50_additional | YRP/Microsoft_Visual_Basic_v50v60_additional | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasRichSignature | YRP/maldoc_find_kernel32_base_method_1 | YRP/domain | YRP/contentis_base64 | YRP/SEH__vba |
Source
http://0-day.us/img//exe/7.exe
http://0-day.us/img/exe/7.exe
Strings
		!This program cannot be run in DOS mode.
RichSM
`.data
MSVBVM60.DLL
andendagstjet
bogmesses
havbiologerne
havbiologerne
DeepHouse
DeepHouse
DeepHouse2
DeepHouse2
VB5!6&*
Greypate0
andendagstjet
andendagstjet
bogmesses
Vagtlerne
warmedly
Prinsgemals
Nereids
Untouching2
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
DeepHouse
DeepHouse2
VBA6.DLL
__vbaFreeVar
__vbaStrCopy
__vbaFreeStr
__vbaHresultCheckObj
__vbaNew2
__vbaStrCmp
__vbaFileSeek
__vbaInStrB
__vbaStrMove
__vbaVarMove
__vbaFreeObj
__vbaObjSet
Nereids
tillav
tillav
Prinsgemals
Overindulging6
Overindulging6
warmedly
Farmakognostisk4
Farmakognostisk4
Vagtlerne
Masha7
[c`nK*
](b'IW
*>#&Mp$%
U8mNN?V
3rB*M@k
C\@b5.
)zyP8Ch
eAS}cuq
vJ6!-bo)
(~v\aJ
SB{nu$
u+	v{_
29Hwnv
u266#6
KSMy-w
j7Y*1Nv
)(`F=k
YFX\(d
*Lc`4G
$aUtih
q~ao4&
2_j]:Q
!mu|rWd
|k^k-k
giP/vZE
Y-K\_g
dRzi=~
cdJU)L
AoxbT;oc
c5JgQofFdI
)zJ985
Hr"dj]
sy'YS_?Ert
Vh8{5 
<B8KE\
sm RBb
._@t#j
};I^gB
A_UrQH]
=3&Ynp
F>4k&v:^
rPb@Hk
Z}Em_UTzyH
GKxP3T
[{rAW#
URvbuB
	JEiHs
'Npz){v
SXFk4n
aWk{ I
BR*yEVW
_>?nEF
 L<^n2D
I2n\k0B
!Hj8~:
V)VUP<
]-Sz8c
X\?iPM
O&SwMD
^<6*=N
:d\P:h
WxLlFYO
mi=3<|	q
 {`0!E
%SnX[O<I
kDGLAN
,CiERJx
I:a]zI
e";;AQm
HX5i7Z
G*k@Y`
uW\CE\
v&QV[D
ksRX	k`g
!`DD9_
V]Wg2q
0ih<XU
u*}D%S
 O749 R
ne5jR}
1;q$9]
\7r~f'y
(9%5\g
TM@*#=
 ^}x<n:V8
Ls/06+
Qah#kdz
M2#MO"
hf=#xn
`w)PG>
"84O:qn
L=Hr:w
g=iXHaK
H*$P's7
xNuj~j 
/wC`/g
)b2c} 1!I
.wF="2k
nIqs/E.a
JUB}GB?
+cG"_5O
P,4Wt>
I/fO<w
'9vs`4
"[YSXxm
R("<qC+
&Tu?y^
024\;B
`0?d;u
>euOdg<m
asLyX#!
X-uLa|
76l`at!b,G~
XScntM
B0Ah^c
c?Sa#.L
=({a&r
@h;ctCI+
Y	C& 8
,'$ :.
XH(>Lfa
\pIkB7E
s0MLE+
`8`!8"V
!7t>N,
+_w0Ah!vh%.
%-264?
JSd?p#
:OdsvN^
.G?-m3
g8	qLl={
9Y{R~:
6ScVJ%0"
C*e	K|`0|
,EvZ2WJ
3@9vh@
m4Q4KlQ
rFum:f,
oRcwY=
kH76-$mA
hy:S;<V
q6GW7K^
L kG30S
}UT~6LH
ZOJJ?5ez
5VM/k[
\^dQBW
OkQlJ	
LxsyY5
->e;BD
;aoH	(
I?K'0|
d`PU}}
$*-$0a
/~>=+E
s2vQc,
Q0(7]$cv,
vKjxPzS
=HTk^0
[KL1sG<
WhChM!,
's`PmP
NZxE06v+
M.z79W
/wmg-v
w0-!}_j
n#6?9 q
B4`pwg'o6
\Gh8L iV@
gdJ5qr3!
;_I2Z/
z6mC?,
Hs`u[y_
j-y|Oz#b
"Ud#d6
"&`dJ#
|IZ		i
\l& {I
E=|i84U
(nNHFsU!
mCC	KhL
j49sq]y
%\QtCw
movqEi
icDN*WY
yqG~:0
>f%8T8
0<&U4&
cu<?~<X
c{p/E{
oB2#ot
7q B-?
YA3t4d
#wDDB8
24wSCE
$XcMZGO
gir#D~
Nz$d]3'4UxVF
k$$	t|
dMyk_u
l6nO@A
ujdX %#
"$?3`6
waI_!}
yO$e:|
KBxfLS
%Bz3tr
ILWP1}>
19b!|&
P.b?g('
/he%0:
,\\k)e#
$Xj&8r
u]0oCS
)ZNpue,
;G?)TE(+u
g/x4gM
qp2|DC
vwBZ	K`
ZDD/T<
a93/<7pm
iyQJlu
8WQL'i
	Q5\QL
-#Fzi"
gM/8;t
[)2BF@\
[((NyU`S
3P'{7R
ygieo6
]jt+vl
o	Co^D
<\'$}0Np
>:V\6?
<\,2M[
\O2;6F
i3Q2(!%q
 _4ul'
3%WO`D$
	lF=zt
~61cbe
waACS$
Tk2\U-'
}7E0z%l
oC~3(K
ik-LuE
-SKRaZ
F%|_k'P
I1P-*<
w>cjNc
sl~`[C
KfRws+
8:;jyvr
Hom8#=
YYWnTV
X?!Z%o
BMQY	:
?@\U'8
SPiPk~SQ
!ZP",t
E"J&ed
&3'	 E	v
XSyB:ufB
/e!Ag9N
YcS5/`
`%}VDQ
&f&^=gpr
	x/Ys2
Y3>k#QB~
Jsh5d{	6D	
mFOzSS
bCOzJZ
1GeH6P
=TXZTJ\
Q{[xtp
!,R}2u
J61(az
(|5+"v
*h9fgk-
H?*'mq
qkIufQ7
c<{cs3
St=.B)
n?S~tJ
UlvqjM
)EDi6[ax
8/O	c#
4!9FnmK
D8	sKB
]g3a3rb
6o9QX$
$v-z% 
oyOMyD
YnbBA=m
~bkN+<
SA?;tY
xFA-0D
IDvwwY~
X.:s\!m
6AvQRf
_tz_nA
|R#p6R
u@\+3s
cw)k3X5
`yz|zv
W$9Ywn
'=&nn*=s
H1[0K;YX&
'9A6y++
MF-*zv
R6Js:?
2_<x{F
/:}x%)
(ZMctL
dSzA,Z
6X'U}i
J%11Nz
M[hRvN
66~ml+
^J\92xa
n24k&U
PzSudD
<??kFY
!I6;:L4
TkfMHg
jB<~-3
0nLa&r-zP
dxz9?#
+%`&6$
^AC7;#
ux!iO*V
q#;@.K
&1+ItYA;
R_:j)y
/zA}'b
Y%4v*M
.7)[,+9
fZG8,h$`,
j=z(>ij
>ddLb?
0djYZ5
=r'"ooK
ZFwqW	
>,Zoy@
|-{C;.3
_;]EnAz
IA{^xg
Dnq`N|
q}}'z_ 
3Z&B2n
)<l-ch
lb =j9
jOsOpPx:r
UyJ3$MW
ro#OkcY
,2+GQ~
2Y6,7\
jbN2OR
!fLllj
QOEtTlK
S=!0G<
>YA?~H
BsaI	Y(
PvkrAZ//k=
;~h[tOE
w]hSy>
+hEHLG
L&+7At
t)''MH
`v)]+9
qO\M}*
QQ%U|Z
P<>ftPZ&,
Zb:r{=M
npvl&Bn=
V	pdn%
s/=?bn7=s8
;f*l)5Z
QFIL*=
4 UW.P
nXk;ZxZ
MR%)V}
=.JGw1
W1CIb9
s=GK(Jb
^9@I^F
-IE|/J
[_[.1P
N%)\w~
_!4NSL
<,+v>\
Zb	i#4
	F,mqA
5Y/;v7
;Kf|Rgn
wXFl9g
}L'w(4
rrS<Vr
Sq~L/T
9L]	!$
SHELL32.DLL 
AShell_NotifyIconW
X(fVf^
CLSfWf_S
TfVf^h
NARfVf^QfVf^TfVf^
CLfWf_j
4$HfWf_
CLfWf_fVf^
CLfVf^
CLfWf_fVf^
CLfVf^
NAfWf_fI
PfWf_Z
fWf_;}<u
|MBjGY
QUE}8F
&CSjZi
"E,kcK
BjCiBjCe}E
SUq4&M
|MCj`I
v<m?8c
ZWnB!j7;
i/`2+V	w
U2v'+)RD
Wk'THI
R/s$lj
$~8H4y
'qzwb@
^:~/31ZM
S:BN*	 #
:B@*	S#
'_s/\PR
[7{,tr
w1@,qy
Masha7
MSVBVM60.DLL
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
_adj_fdiv_m64
_adj_fprem1
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaObjSet
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaFileSeek
_CIlog
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
_adj_fdivr_m32
_adj_fdiv_r
__vbaInStrB
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr