Sample details: b2d1b83d1311939542f3d2608fbec44b --

Hashes
MD5: b2d1b83d1311939542f3d2608fbec44b
SHA1: b8f2cd0248e8d9c85f019c2a3933a9c10b18e458
SHA256: 0f044e3cf2bcc534c35058aa7dc4a9ab06edcad4faa09a8deb4866f0b78b7fbb
SSDEEP: 12288:ANXNnLj4hTWNYa1vGr/vOZK8vI7VxS0Q4eo:AlNw0NY6+LGZK8w7Vx24e
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Basic_v50v60 | YRP/Microsoft_Visual_Basic_v50 | YRP/Microsoft_Visual_Basic_v50_v60 | YRP/Microsoft_Visual_Basic_v50_additional | YRP/Microsoft_Visual_Basic_v50v60_additional | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/SEH__vba | YRP/suspicious_packer_section |
Source
http://kikkerdoc.com/images/divver.exe
http://kikkerdoc.com/images/divver.exe
Strings
		!This program cannot be run in DOS mode.
`.data
MSVBVM60.DLL
Placek
VB5!6&*
Drabby6
Placek
Enrimmon
Damulian7
Placek
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
Label1
Check1
user32
GetClassNameA
FindWindowA
ShowWindow
PostMessageA
comdlg32.dll
ChooseColorA
KERNEL32.DLL
EnumUILanguagesA
VBA6.DLL
__vbaErrorOverflow
__vbaI4Var
__vbaInStrB
__vbaNew2
__vbaVarSetObjAddref
__vbaVarTstNe
__vbaVarMove
__vbaFreeStrList
__vbaVarDup
__vbaStrToUnicode
__vbaSetSystemError
__vbaStrToAnsi
__vbaVarAdd
__vbaLenBstrB
__vbaUI1I4
__vbaFreeVar
__vbaFreeStr
__vbaFreeVarList
__vbaStrVarMove
__vbaStrMove
__vbaStrCopy
Enrimmon
Nonadult
,n<MTZ
L GdsJ
		b`a!3
X)8}iG3Wv
4NXRci
Y_QR4G
r. ==[
X98}iG
Q41garKDa
		b`aQ0
?=~T4R
|% gFo
AXuZ%x
:*pREW
2jsJ,L
AXuc;x
disJ,"
AXu1:x
IZmZ}:
	msJ,E
c`sJ,;
no<n<hk
z7KM'V
yKDi#N
l{Corno
ei^S2d
lyOWM%
_`8K$u
 SesJNV
+jHP2o
x{\WqS;
%ofA:@
*ei*!A
3#nX5y
fI^CF(x
	[GL,ZNW
hkc{fIF
z#C^hx3
COL+^No
6wA`~u
XX(6cYE
!J7L%"F
L:Z8x}
-i&>g8
u(c .]
cjc{fYvA
*ka9[B8
v0;>=|
)(=#svX
]M	tc6
yConnc
8V02p<
vbzVJ?
+"C\ G^
_8tN}(
W{xka{
to:V02z
+"KwDSj
PzCo^m#
t{Co>"g
c`sJH_
#aK%KvMZ{
_8N068
@esJNW
|#6`K8
4+pLK&
$O{@,y
2i7tj%
sdsJNN
,Oo;+K
PmZGCe
exK(P'bk
ylu DR
fcS%w+>
)C\ Gf
<)fh*l
'Gg`C98n
9#]Z8)
zg"59.
/pRG@A
H[+>Q]zh$t=
.^>u4V
V`5w@?
\_. ckc
fcK%K+4
)zK+#N
}*9i-s
QU*9Ns
2URRuU
3J:4f]
;{2Jt$
`IkmR+_
vkc"dJ
<pRE&5
HJVkc"
ik?<vx
igS+g<~kc{
 (BnLW
M2 ,QSe
)Id =@3y0C
&C[&t<*o
,)7t_5
}#O(6E
0${wx	
GkHs9P*
0Y=4xF
I2x}	)-
b1CJ4Pt
<w7hk:
6z9[eu
f%^S+g<akc{nA>
O^K4Gv
M<;wxs6s"
k\ov]d
~h2G:N
ux&Vyf`T
W"Me4G
{2RGXA
lsJ:4n,
jb/oR>
i*<B&~@
%$/Dd@z
@V"r1[
R"V34Gy
!RH?hkX~Q3p
%`t}iLR
ts6s#do
8F06r8
HoVc;t
|-5l6R7E
Z(%O4}iLR
EG6%Era
jq+\{q
ydsJN%
k\+RyL
!C[v~\
<+_j>=5-*
{fxZA}
kctik3
P5p	Ao
~r 1O`
f<jS+)
X?<R^D
Yqb>**S
\Q)c@.{
vG\N2M
(C)83]
b1CJ4Pt_
*kb(fR
6Z/?6yF
0a=4x;7
lfB"p	
-`tCl	
nSWd$5
Ci>4(g
n[T^C[
%rutwH
l0|nS+
|)+|ma
<v@RJL
yxO:q|
&=#s6R
J+jkec
7g"~[@
*Nyn_b
	/_)9u=1
bxFAwK
D~- |O~>v
'BzW(-
hqkW*0
v<zlp{
4@kcr]
2<{lX{
4ekcs`
w<zlp{
ldPdZ'
w=akT{
r;g)'|
85dhyg
{	YesJ
mp6>.j
%*|UBx
$)}JC{
fj	@[M
hkc{8;s
<hkc{O
.53am%7
kt5?;$
puW&Dx
<6I>_:
q@n~is|.g
Bnr)R@
f-g.Dh}_
FzZf6Vm
G&OtU%|
oEj?Ml@
_)=#;$
:KM)	S
8iwF,?
Aq:FUv:@
"Z`Us/+
Ue{S8Lp5Z
]t>0:"
hA)ziQ
(5:I:-
JZ5.A_k
gF-dos]
|~0U 	q
g6O>8m
ec=.z/5
xM@}AD4A
)40A6.
M96*e+A
%>mh9f
hiE{kj
EgFg/M*?
8T`-O$D
q9p	iWj
,I}>is
WC\	Hmh
FB~mt$
Bt@*R&
XMEW~X
g[j&PX
YM)8l\
(lH'!x
 T6box
,$#8tUS
SWq~O0
f*IFjR
 N#eX{
:DPw#)l
~h|V;rg
%<}Z^Bn
cKS;k)
NG;7&_
~.nxI`
a/I9d_+
GXl{lm
N[:~/&D'
H!=%vuD
,D>al7
=L8CKT
z%migb?
)p2*U~R:F
F'U=B;
^/i`}eB1
>;2Wu)
 XU1=~P^
u5E2N=
WMmMn8
j3^VE6t
CS~UL!7
tHme^ST
5HfI7&
]p23=F
})gdxP
&"0[DQ
[/Q}IF
>]GOQ4
,9+TFj
>NY.F$
v:4_hI
Cb\+oRU7;jN$
&3l%>sa
n?A1r4}
)AC%oU
Fq|e,=
+[w#L0E U
u	18~p3
=uk-b~p|q 
\EXItA
VefF1"~T
qLk=t[
)aT_du4.
\`W7_$
D2B"><
z$C5bH
Bni2A"
pwOn@n
m?%aka
m<[:QP
^Pa'M85
JV4t(t
O(b,kN
i_e&%~g
ZM2oV[Z375
@1!_W;
Y)<y`S{
3F8/=T
/dm{ h
FPJ%TC
xnuh:u
&B@qkh%
*tU74/
x$<%cR
7J JQRW
n'rRbRS
EV{FPI
HHhR9L2
cYO0!H
7q yE&
h}Pj)OWw
$|iX&Y
3[O\D,9
f_]+f:
z3!W\"Z
o8~+i'N
=/W/(v
i|DI<d&
EGD*c2
2lbaXP*
eM*D&Ct
myV	IMd
fFFg+_
BfCV'>
_Z~ rX
Ks1TIvB
9W\b'.
FkK_!n|3
G{c	35
^={-3t
NC=KqZ'
Awz8VC
`d0vSpr=
W'c=Vh
YGalzwy#?
 IMocV)>*
AtbPYd;X
2^tsv`L
XcI0&-
s.z~aM
jwyt)B/
prk'T7
`4\*?77
{1Q)LF
.9h0bl!;F
_M`Ww9&W
D	1git
;vNQbH
Y$\CF -"58u8
q;nJM}c@
Hpk<INqp
5 r%(q:
3vA6_O
oR3tsC
*k~.UG
q2=fw:
(@1>DrZ8	
.\&0lN
VgWj`k
q}cOSRFb<`
sE3`%G
0yH'XV
bt2yCQ
O:Xn5?
MD4:$n#aJ
=RMWlbS
|a4FO`
+@2*8%
zKSK"}
N#Q3&h
l%Fdc+cm
A]1L0}TB
y#]B8(
qk}2oG2
OJLQFMAq
.pPqOv
Dm=j" 
STmr@q1
/s1m%4W
P7qLVv[B
{8szW_
"&n\5#
vKrlN0.-
d*W6/H
x!.JTe
%6!CTJ^
G_Da<,
/Z7c33
5&[g1#Di
p7iv_t
dD#k2t
]_SMrs
=0=Q7a
Gy-}.,U
fS85OJ
_R3v\Z^
v*069p
+,0#t.
2F"7pN
Ky+CH8
Tdtt/X/
Hxt)&&`
tQWVim
@qF%&t
AB	53m
Q_lt(3
(Z%{;X
JW< yaF
Q3WX]HF
hmp.R{
XEf s~
a8]>YaA
_R6j+MmmTu9W
$x@zfI
p-7x-l
H06E}(
(fmKeu{
,-29;BD
^a>Xs4
W}QXhd0
'-x:,W
d}M5 S
S3!:r^
vYg}+" q
].?pw9
l3f-qS
/%j1fk
X0#a&)
T(M+fl
A@3BD`
rD|skw
+|&+7.
c{$r>3*
]9l(e>
PXd.AqI,A
FT"HSu_l
/:`&zR
Faj6s}
M1z T}N
4<nh J
	r-oJHV
F|XiV	!
)sC9f<
iT8{ G
jr	i@,
~,O;m/I
 uI^KQL
Uh$(aea
0LHa}'
PWSqi P
iaRQ%N
qc"6<x
{c(y<7M
1/3CX]
2Y|	;]
\O>{ 2
q~Y0ec
vYYe#k
d>rk7T%
"y<8p^
[P;v/o{t
CylO5!
k5%rI*4iC
gG;C(>
84cUSz
)f=z,f
Kf=~Nf
o~qN%q
;p+zA	~
z_M6zb}~
xP}v0[
	zj}t7
jR~t;p
A=<<=>>B\^
B:658<AD^`bbaa`^DB?A
5<Dbq}}}qponopqxyyqaD@=\
:aC;9?
yxpnba`bcpy}xcB<>
xbB<;C
}xoba_acpy
xob__aoy}oA7>
}qc`_aoN}b;7\V
~mT4.-1Lfz
xc__bp
_`cy}_7<
								
}n`_bx
									N
											
									
qa^`x}\
												
q`^ayy=^
					N					V
o__c}c
}b__p}
p__a}a
}a__pq7
q_^ayD
y`__x^
s"				
}a__q`
}a__p`
}a__p^
}a^_qD
ya^`q?
x`_aq9
}cabp:
ycabN8
}naac>
(+GR3"Gv
|jUF)'Mu
yoaab?
{R4Oi~
Nnab`<V
ypbab\7
}xpccnaA5
A58Bny
yxNnnon`V5
B75<\nx
}yxxqqpqpobC:
<559?\aoqy
yyyxxqpn`
579;<>==;96
DB>9:8N799;AV^
wwwlll
Vjj ||
nnnbbb
aaaxxx
ddd~~~{
mmmqqq
qqqeee
dddkkk
uuuiii
}}}hhhbbbsss
|||iii
ccciii
___o,o
gggeee
vvv|||
Nonadult
Check1
Check1
Label1
Label1
MSVBVM60.DLL
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
_adj_fprem1
__vbaSetSystemError
__vbaLenBstrB
_adj_fdiv_m32
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaUI1I4
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
__vbaVarTstNe
__vbaI4Var
__vbaVarAdd
__vbaInStrB
__vbaStrToAnsi
__vbaVarDup
__vbaVarSetObjAddref
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeStr
|||iii
ccciii
___o,o
gggeee
vvv|||
wwwlll
Vjj ||
nnnbbb
aaaxxx
ddd~~~{
mmmqqq
qqqeee
dddkkk
uuuiii
}}}hhhbbbsss
A=<<=>>B\^
B:658<AD^`bbaa`^DB?A
5<Dbq}}}qponopqxyyqaD@=\
:aC;9?
yxpnba`bcpy}xcB<>
xbB<;C
}xoba_acpy
xob__aoy}oA7>
}qc`_aoN}b;7\V
~mT4.-1Lfz
xc__bp
_`cy}_7<
								
}n`_bx
									N
											
									
qa^`x}\
												
q`^ayy=^
					N					V
o__c}c
}b__p}
p__a}a
}a__pq7
q_^ayD
y`__x^
s"				
}a__q`
}a__p`
}a__p^
}a^_qD
ya^`q?
x`_aq9
}cabp:
ycabN8
}naac>
(+GR3"Gv
|jUF)'Mu
yoaab?
{R4Oi~
Nnab`<V
ypbab\7
}xpccnaA5
A58Bny
yxNnnon`V5
B75<\nx
}yxxqqpqpobC:
<559?\aoqy
yyyxxqpn`
579;<>==;96
DB>9:8N799;AV^