Sample details: b296219b7c64d51400f0abc551b594e2 --

Hashes
MD5: b296219b7c64d51400f0abc551b594e2
SHA1: 7f33dd573fd14f3d68631aff69e1838fad275f21
SHA256: 2acea48050c953dad75d6316e03c637b9d82b2e4298c677594447f0c2d43eb31
SSDEEP: 6144:hTNzU5gdilHSLMai7taiqKG52KK5L5LDrPT+6FjLhLdt3+NTs4mQIsp6:haIWOMai7t3qDE5lDTTPFhLdt34
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Basic_v50v60 | YRP/Microsoft_Visual_Basic_v50 | YRP/Microsoft_Visual_Basic_v50_v60 | YRP/Microsoft_Visual_Basic_v50_additional | YRP/Microsoft_Visual_Basic_v50v60_additional | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/SEH__vba |
Source
http://office.erlivia.ltd/adobe.123
Strings
		!This program cannot be run in DOS mode.
`.data
MSVBVM60.DLL
Mentch4
VB5!6&*
Noctuiform3
Mentch4
Jozadak
Nobbles
Mentch4
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
Label4
Check5
USER32
EnumWindowStationsA
kernel32
GetVersionExA
shell32
VBA6.DLL
__vbaVarCopy
__vbaStrCmp
__vbaStrVarMove
__vbaStrCopy
__vbaI2Var
__vbaErrorOverflow
__vbaFreeStr
__vbaNew2
__vbaFreeVar
__vbaI4Var
__vbaVarTstGt
__vbaUbound
__vbaVarAdd
__vbaVarMove
__vbaVarSetObjAddref
__vbaFreeVarList
__vbaFreeObj
__vbaVarDup
__vbaHresultCheckObj
__vbaFreeStrList
__vbaStrCat
__vbaStrMove
__vbaOnError
__vbaRecAnsiToUni
__vbaSetSystemError
__vbaRecUniToAnsi
Jozadak
Archbishopry0
?sa%w2N
!=%(S=m#
gEprBgX
#+J2F~GS
fW>M04
?mtw)e
s9`]B69
C2FxOo
yt;}-m
v y'X0
<%( 8<
>f8<2-
	#Fw|#
'Rwjky
^H-@,i
sF:R20
UU$pSC
|kZAD#
E2NELE
#s+N?]
$pWGk8
v	mw:-
]3\xo(
4K~`1tEM%l
K;}=0x
A) 8e4lA
>#YXJ|
5.(0dY
8v{HH*l
7b@oyD
D9Augm
P0NR:T%
' E$pW&
#uu2FxF
Ul?'+(B
79@6CX
  8MDO
u:-gi_
}4O&f=qA^
8|[na(fj
S{BqOp
)SBK>z
@J1(JESa
Hm%v%Y
TnorhL
uFv+`w
O2JVi{89
T[|g&z
"@))UEm
~Rs',i
U5:zX:
=M) 8n$
(0lE<&8=o
"tyq	W
JJK]M)
YHlE)|
<E[ jg
\ld,+(
&pKzLPS-R
 8cA/E
K4!v2F
[nxfIjyM
}xY"gP
TkxOx?
AD\jY Ih
gp~.c'
3& IpK
1;( I1
1K- I0
R*$y2(
VKO2F4F
ET@ZE>
2<=h/}
6BVQ(f
B1B[li6E:{
|*F.Kr
)B[lh6-<{
tR1b([
eV,TYs
m0l+VA^7,
bA`/r5
>(HABgp
Em0d!h
| s~k;
q%Gk$g
PA97,`3
\}BP^g
ZR*^cO\F
x`$~mG
8FgOP[
bW%B P
*("04B
6yBviJ*
 -gRzf
F~`:!Y
\rq?bu
7M(&cSa
DTVzA1
1G/ IyI
NBHkjjP
_93xe\7
{[I0+??
O0B	.x
QZO+}P
2i6=y{
WK[DpVz|
T'R+*)U"
qeOG~R
L}HH_^
8NQOPK
#;t8=O
#A@`,L
;tW#i!
YHl%CwO
$RL/8d@96
z#gTj	
)<Y"?B
`z<!'b
Y~l>,y
D3>_Hx.
NXHoNjP=
b<$09J
BX"h0*k
"0^j]^
u	@u:-V
DESEM%w
)9A;c%
VGfia5\
V KiJmV
J(T1'X,y
=F-ZvE
OMnk3i_
os:J{T
t~-}i:
gz*_|h
tN-fi5
tU-|i4
t^-Zi	
tJ-}i>
szv_,h
tH-Si+
tV-ji4
fzO_\h
t[-fi7
Nzn_Ih
tV-ci:
Ezl_(h
Ozv_7h
ty-`i6
Kzx_9h
sz*_|h
~zK_ h
tU-}i:
yz*_|h
tI-ji)
Gz~_,h
ti-ji)
tj-ni(
dz^_*h
tX-|i"
Zzv_9h
tN-Di2
t[-}i>
tU-ii/
xz*_|h
tS-ai(
$zy_1h
t\-hi[
cz*_|h
tV-ji(
t^-!i1
ozY_Qh
tN-xi:
dzC_|h
tf-Ai4
t|-^i[
t_-|i(
tU-ii/
cz*_|h
ts-ai2
tI-fi4
ftafS}7
t^-ci7
z*_|hPy
hj>22n
%4?;!n
hj>b<n
`:>^3n
%/Vc%l
%9Vu%o
XbV]=c
`:Tb%aR
%nTb$aR
ervTb%aR
CaxCCo
%nT[-?\
Tb%aR##n
%nVY!l
!aSg$n
hj>Y+n
%aS|%n
`RTb%aS
XbV]%j
XbV]%l
9f7k{1^d
%n>g/n
%n>^,n
qWay)T['
`6>}%n
sP/TY _
.T{ S{
0Uz'Qx
%Oz!Oy
*#'=CKLLKA..
_"TNDADSL*-
#__X@)L_X____
___ZNBBMM&
N___________Z9
3YSBBT/(
&.__a_______H
8R_L@NB&
#_________E
E__N?M>*
#=________;
W___M@S%
Z_______F
4____ZBBK#
,_______V
3______N@S
	<___GV_______X@K%
5_____*________@C(*
Z______7
Z______________@Da)
Y______
O______________Z?L
%K_____Y
 O____________TAD
+____iP
____________LB,
T____Z
6___________YBK
%Z____1
W__________ZKC'
*Z___U21
I___________LX*
'T___O*Y__________XDB%"
$@Z____________TaD.
$.N___ZYXTSNMC,
($'->@@>-&
,+--/;
*).>EED+;0/.
0E<-;HOOOKA415;0.+
 KO;OOOOG'
EOOOOOB!
$IE00)
 JOOOOC
r%JOE// 
<OOOOI#
@OOK=/
HOOOO3
?J3'AOOOOD.))
6OOOOOOOOOH.*
 KOOO?
'KOOOOOOOOOH.3
(IOOOOOOOOD/
?OOOOOOOK=-+
#GOOOOOOOH0
:OOO;OOOH0
,DKFzAOOOOOOJD.
*->HKOKKJH>/
,*,-.-+ 
 0881,
#/=OOO+'35-
@OO93$OOOOOOO/
)?OOOOO@1
+OOOOO8
7O4+%AOOOO=.
,O:OOOOA8!
Archbishopry0
Check5
Check5
Label4
Label4
MSVBVM60.DLL
__vbaVarTstGt
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
_adj_fprem1
__vbaRecAnsiToUni
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaOnError
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
DllFunctionCall
_adj_fpatan
__vbaRecUniToAnsi
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaUbound
__vbaI2Var
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
__vbaI4Var
__vbaVarAdd
__vbaVarDup
__vbaVarCopy
__vbaVarSetObjAddref
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr
555/|||x
UUUW)))"
```e>>>:   
^^^d;;;G111.
WWWq333I
OOOn"""7
NNN#IIID
___h===;
ZZZe999E&&&'
UUUt777[///F"""2