Sample details: b54df4e2d50af8dddd06591c2c4e6e66 --

Hashes
MD5: b54df4e2d50af8dddd06591c2c4e6e66
SHA1: 30729022af662e479a5706da834dce01d5c2cb29
SHA256: 2652cf930f08d8fb76285233435b4821762a6d1f9827adec7951e226a80b6a9f
SSDEEP: 6144:xFKk8O1ddM4gqfv+UJkPMsNpgBWUmxQFTaKI:mGddMMfv+UsiBWhWv
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Basic_v50v60 | YRP/Microsoft_Visual_Basic_v50 | YRP/Microsoft_Visual_Basic_v50_v60 | YRP/Microsoft_Visual_Basic_v50_additional | YRP/Microsoft_Visual_Basic_v50v60_additional | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/SEH__vba | YRP/SEH__vectored | YRP/android_meterpreter |
Source
http://www.centerweb.es/soporte/.eval/en/sys/aj3.exe
http://www.centerweb.es/soporte/.eval/en/sys/aj3.exe
Strings
		!This program cannot be run in DOS mode.
`.data
MSVBVM60.DLL
Herreds2
Superego
Havana0
DqG@|vF
qGg|vf
(zlmGmmlllqzz
Gmmllqzzp{llmhl(
G@@@@@@gghhGGGmllqzt(Iv5gG
G|||||5
@@gghhGGllsxGvB@@Gl
@vvvvvv||||5
GGtw^R^`
vvvvvvvvvvv|||
@@glxx(A
|vvvvvvvvvvvvvvv||
@ptt(FG
vvvvvvvvvvvvvvvvvv||
qpppIF
(gvvvvvvvvvvvvvvvvvvvv||qqqq
lvvvvvvvvvvvvvvv|vvvvvvvhlmmqG\vegl(
(|vvvvvvvvvvvvvvGmvvvvv|@
mhh@llggq(
vGzpvvvv@
fFgGqt\f\\
v|||v|@G
\\\\\FFFFvg5GphFFFB
\\\\\fFFF
@lmvFF
G\\\\\FAAAAAAFI
\FIlG\\m
h\\\FF
Afv5|vv\FFF\g
I@Glzz|FFFFv
Fv5glzzGvFFFFF\v|vvmx
FFFFFFFFF\sttxtu
<<<<<<<<<<
AFFFFFFF\txxtpty
AAFFFFFFvlttppqx
AAFFFFF
gGppqmpr
AFFFFF\v5gm^hG(
ceAFFFF\fF
v5gg@1
/ULWVVYcnAAFFF
CLMNNNM
|rrf[co
yjyyyyjyyj
QQQQQQyQ
QQQQvr[zvQ
ovbXvq[fvXM
]ooo'XXh_
114__h_X'@'[
'X__;___/op
0X__;;;;;_or
rvXYbY
o;;;;;^;;;_^`_XXY
A;;A;;^;;`Ia;;XXYQc\sf
oAAAA2232STUV'hXX'o
0hA22;4
DEFGHI;J|Lxx
'33Y56789
*	+,-./
rstuvVwxy
cdefghijklmn
WXYZ[\]^_`ab
RJKSTU
BCDEFG
789:;<=
,-./012345
!"#$%&'()*+
+-E8_d
%35Q/{
Havana0
Iatrology
Gravelroot
Boulderhead
Lrebger
Collyrie7
Rumprogram
Keckle
Marmorgulves
Vrdigenstande
D@qM^sG
]o;*z#F
1)a6Q@
|EtX++1
-IR!%R_
Kl_Mm7
53u0_<
g-{HeL
H66sJU
i{B"<Ok
; 4bHy&
`rWZp8R
(G>jF;
w536.uI
u_>7h?G
zpR(>	
Oc)w`+
:<iGPY
M]1Gh!@-m
Qju3/	
e70S!{
$po&3m
({X$>2
*4*?Q=
B"0ofP
vE:I?4e
>Vr3.Z0
UPF .	5
nObsm5X;}R
Ei-91lgz7H&
Qf:aaa
Rg)K_7,lc
~,JaLC
 Y&hLa
f%,Hf+
T9`{3Z
IdX+qNYk
tMvS8EG
QAjqm3
#m-=(K(
h2.R4x3V
dGIlA:o
;<W6Rx
g}wl3>c
IDA#;W)
^{|!5S
#sdkQE1
sL;]{.4
`Q,!{99,
!g%eFg`7v6
R/'RC6
FBrjiN
^oq{0v
V6jOIi9_
cH\^z.^v
 Ts94-3
+vs%3`
lgT_r0
HCNSAd
8+~>/8
'"W-;m)TA
)>&BK	
:kAx^=[
.n+:wG
hGZ%DP{
vk	swqL
jOoJ15iK
+Kw/T#s
Il$K?7
v/kP0H^
ah[5>i
(^:Y_]
l5RXAp
hsLEfN
pB!.W%r
r|YBf=K
8m(m[ 
LNuXE 
spy5lb
]N	 )L
'It@?'o
Q\=V:r
\o<AEX,a
iXH~PF
JiqaPX
yD<9"c
,voQo 
gp55Rk,
bI]	_0{
TzUTOv
q4o9\$&
$eC}(p}8
I!|k/b
"fnPHbhxZ
w6JKrW_
*"M	w\cE
x2^3_H
,Q&$1w
M:jtX@
BQ0[:1t
9z#M\}-0
$nL:6Z3
`4\t/k
]87Le$
\4tk=KnY
#V/@M6
Q&lXwxR
#$xPa>Q
R&x".$o
KK`:Co
`U(hsg
O=9;32
8JDeQ`
T1N/a.
T<}R77
k"U:V~
<`go4nw)X
x*\R1[
^ A<UK
'A-5-Q0Oz}
-+]Cu}
ppVdVO
-UZ{)o
Ad2;D4
qGtOLs
{V(k|m
\*k<H3
iL'N/5
KK}f|<
MPsF#_
xclHsc
";aw0W
s"^l_A
X.|"VN
muxf4s
3O$#D4
LgJC72
>/G2|?
L/_}BvUr
pB0M\L
La}rEi
dso2bU
b>Y-P7^
+Swg\M
7%I;{qH:s)/
X `:(Yl
P=X\E?uTz
9t~xu`
-;]03B;a
TzIh/M
PCl_z~
HybZik
ycXzQ9
P]<0j!
rr!+[2
`fh"@'
uCUS9o
@$O8D>A
|,b{S)$
65gDpy
F^'r\U
75AMV?Xac
4JTb8g
Cz&ry6T
}{Eg\k
RZz.U:
_Cqd!C
+yw9&/
3MWPd'
G_jN0	
lV|G/@X
v_z?F,
s8jk/(
W)Lewu
yzgsgy
F,_&J~
RT#h}Gwl
$.5vuK
K4YZiX
aba1! 3
	KnL6yE
$	B;go
hrow8E
<sbGah
4KA6{-
HCr6;/u
G4"o]!n
Y&zxSUdB
94J0N0Mf
:e.7^y
eVue7j
l=n!0'R"z
"@Q"tbo
2A|(d_
w6N_AS
WH}_dK
Ih_QDM
}BmJFnO7(n^
RC59Ny
l&q~1_R
!WZj>l
kNHn|=i
(.0|C=7
a+eF+{+
rxV9Q5
u#X1@(
^=>-~=f
?*4B t{DH
( Z79u
klb+	A
(Z_|*qi
F6Ql:J
M6bPEmQl
J[fjL_
qi	ICX
==McWp
D0<VUvrt-
wCIU9)
~9YM_	
shP #cn$i:
Xtwy]7
]Xlf&M}
~Wc5L[
!:Q&n~.(
xOi+B-
-(Rt-N
!#"+/X5
XlGs	r
 ^h3jp
hg;2Z.	
scOp3}6
/}92_*;
3V3\S%
a/{A}0]
jtJo6	n
=42H}_
s}}9\9
B8aD&Q
'<X$5D%o
B9%`Z{
N(KfnHsX
lZYMTCA
;G;%1I
 ]uuY!*
d-%hkoucs
!(P7.8B
]TKOKxI
]5L:dDK.
?1+RbJ
>WTji&3E@$z
BU0#zh
/^Rv~>j
bjy:0#
yI+4p(
yZHRLE
)nhAf%
^MA/V@
<f~K_R
Sk^33R#
| LLT(
{zCier;
Eu`iMa
`f*2rF[
KvL/3O
kr^6=6
rV;FIk5
Ep?C$$
	9^`)g3
JJu~OX
toZS]'<
D@E;$w 
p-:7;a
6%8z:}
SPx5#~
 b4i>u
d]3l~&uy
:wiJ]0s
<yl0!VY
!r'HBf6
k]f4UU
idfq<xg\
<w>HY'
#&0]g2g
'&LyydH
Cup5p!,:;
&azp\.
R(h90r
`KS9~^
<u1N_`
SHELL32.DLL
Shell_NotifyIconW
PHeapAlloc
KERNEL32
U-S;Ew
U-SwEw
U-S7[w
U-S{[w
U-So[w
U'SO]w
U/R!@w
U.8(}6
UwDY9v
Ux>XVw
U-S/Sw
U-SCSw
UwDy)v
UwP&=u
@gQ}8/T
 7StWw
 3ShWw
|e {:(Uk
|e {:(Uk
qs>'!|1
Oe {:(Uj
e {:(Uj
VB5!6&*
Nytegnede
Gunnes
Herreds2
Herreds2
Superego
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
Keckle
Iatrology
Vrdigenstande
Gravelroot
Lrebger
Rumprogram
CreateDCA
kernel32
HeapCompact
user32
OffsetRect
WaitMessage
ADVAPI32.DLL
GetSecurityDescriptorOwner
GetTempFileNameA
winmm.dll
midiInGetDevCapsA
ExitWindowsEx
GetMetaRgn
SetConsoleActiveScreenBuffer
FindResourceExA
GetSystemDirectoryA
imm32.dll
ImmGetCompositionWindow
SetServiceStatus
CascadeWindows
ActivateKeyboardLayout
LeaveCriticalSection
ClipCursor
AddVectoredExceptionHandler
CloseWindow
URLencode
VBA6.DLL
__vbaErrorOverflow
__vbaBoolStr
__vbaSetSystemError
__vbaFreeObj
__vbaNew2
__vbaFreeStrList
__vbaHresultCheckObj
__vbaStrI2
__vbaStrCat
__vbaStrMove
__vbaStrCmp
__vbaFreeStr
MSVBVM60.DLL
__vbaStrI2
_CIcos
_adj_fptan
_adj_fdiv_m64
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaBoolStr
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeStr
__vbaFreeObj
+-E8_d
%35Q/{
rstuvVwxy
cdefghijklmn
WXYZ[\]^_`ab
RJKSTU
BCDEFG
789:;<=
,-./012345
!"#$%&'()*+
|rrf[co
yjyyyyjyyj
QQQQQQyQ
QQQQvr[zvQ
ovbXvq[fvXM
]ooo'XXh_
114__h_X'@'[
'X__;___/op
0X__;;;;;_or
rvXYbY
o;;;;;^;;;_^`_XXY
A;;A;;^;;`Ia;;XXYQc\sf
oAAAA2232STUV'hXX'o
0hA22;4
DEFGHI;J|Lxx
'33Y56789
*	+,-./
DqG@|vF
qGg|vf
(zlmGmmlllqzz
Gmmllqzzp{llmhl(
G@@@@@@gghhGGGmllqzt(Iv5gG
G|||||5
@@gghhGGllsxGvB@@Gl
@vvvvvv||||5
GGtw^R^`
vvvvvvvvvvv|||
@@glxx(A
|vvvvvvvvvvvvvvv||
@ptt(FG
vvvvvvvvvvvvvvvvvv||
qpppIF
(gvvvvvvvvvvvvvvvvvvvv||qqqq
lvvvvvvvvvvvvvvv|vvvvvvvhlmmqG\vegl(
(|vvvvvvvvvvvvvvGmvvvvv|@
mhh@llggq(
vGzpvvvv@
fFgGqt\f\\
v|||v|@G
\\\\\FFFFvg5GphFFFB
\\\\\fFFF
@lmvFF
G\\\\\FAAAAAAFI
\FIlG\\m
h\\\FF
Afv5|vv\FFF\g
I@Glzz|FFFFv
Fv5glzzGvFFFFF\v|vvmx
FFFFFFFFF\sttxtu
<<<<<<<<<<
AFFFFFFF\txxtpty
AAFFFFFFvlttppqx
AAFFFFF
gGppqmpr
AFFFFF\v5gm^hG(
ceAFFFF\fF
v5gg@1
/ULWVVYcnAAFFF
CLMNNNM