Sample details: c065daa54075f48e4d1952c07c064521 --

Hashes
MD5: c065daa54075f48e4d1952c07c064521
SHA1: fc6407cff1c1e50ba29b5e8e7fbbcc3eb880abd5
SHA256: 71c5408057fb94aeab6422b786df30e432d28b20bac5e1bed96a66c1d6b1631b
SSDEEP: 3072:Sa/pNf2A6UIIBzHrdVXwbMOPb8oHvmayQ:Pt6UIIBLfXw18A1
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Basic_v50v60 | YRP/Microsoft_Visual_Basic_v50 | YRP/Microsoft_Visual_Basic_v50_v60 | YRP/Microsoft_Visual_Basic_v50_additional | YRP/Microsoft_Visual_Basic_v50v60_additional | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/SEH__vba |
Source
http://mpag.gov.my/eosconline/4DFF660.exe
Strings
		!This program cannot be run in DOS mode.
`.data
MSVBVM60.DLL
Mahongwe
VB5!6&*
Premilitary
Mahongwe
Underleaf
Sentisection
Mahongwe
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
VBA6.DLL
__vbaFreeStr
__vbaFreeVar
__vbaFpI4
__vbaFreeVarList
__vbaR8Var
__vbaLenBstrB
__vbaStrVarMove
__vbaStrMove
ADVAPI32.DLL
RevertToSelf
PlayEnhMetaFileRecord
gdi32.dll
EnumFontsW
thunderball.dll
Blenders
__vbaErrorOverflow
__vbaI4Var
__vbaInStrB
__vbaVarDiv
__vbaStrCmp
__vbaVarMove
__vbaSetSystemError
__vbaHresultCheckObj
__vbaNew2
Underleaf
Automatonta7
/7txhP
+r|u,#
7{PLKpm
lO#:"l
'_YUL/+S
s0[Z=i
-K7BtjO
q:X*o&
'[Wnof
GH82lJ
u?2;~b
y	W9;"
VK`z["3_
a%7hdR
\Y%?;a
(lJ3%R
!cM6YW
/7hxhT
-73';^Tq*
PCc@*`Z
n61@|{?
>W7zY+
F.Gs@o
E*Gith
^`'i$s7d4
t2?G^~
Z}I& 7u
[|*DJ(
`RC?H]
6'oBI2
V#f["M
8ezT:X
&Eh(8*
%dcW@b
_Apw| 
9*Sw^-
#%R^&L
*Y)~[=P
2{PLK:(
 jqVd&L)
alJ'_AU
4hZ$KT.
/7hxhT
e\7`rd@
SWE7wK
"os"lJm
Y52MXwB'
Ny1dJ'*
@tJ?H8
"gt"l6e
jDzm]Q.
,e2;"&U/
RB;h*S
 G52;hwB'
)Q@Jm`
==2;^.Q/
"-Kf0*^T
x0B?He
z6l|-K
Yg{PT\
)Q@1U`
CH,*lJ[
f[|jD`m
*Y)F==P
pDJ?HS
)%[,7E
OlJ'_]B
o60^+Bd
5-,mJ'
R^*L	)Ao
U*S,vB
7h';~T.g
U5Q>Y]*
U5P>Y]*
YTR63~
5xx#lJ0
V`{PHKe
CnApwE
8Cc&8b=
8Cf7\R
A#%R^6L
&Z.kIn
XM7`J7
Ip(*lJ
*]>Y]=
z}!l#:
"J$	)V
JK>EQP@
oB?E~zc
*S,v9Z
Y'_]Bi
%dcHPua}
kU0WB7d
K;i8^T
%dcWTuaa
}-$h=/
aEpI&8
"lJ'_AB
a:;jCQKO}
pxJ?H]
lJ'oUC
QCgPL%
<DPAJn
*-B!9*S
)kbNIB
cLuaye
Q7H/(d
cW\uay
f_#<cx
@A)dJ'z
+%dcW@ua}
oJ'zEU
4{1 %d
j0vU7$;l
I,#u~V3
f_;<vA
.XkEw'\$@r
*S,v8c
0G;lom
A1^8xIW9
qM.z9t 
!99bj+0
GmwN@wQ
S"'hof
0x(b_=
ztECix
60[(a_=
y7&G_,O8%
9"y3"l
WZtp<#
*s]}N~F
@"1gFZ
.wRVHuv=
ux0J-U
T1Ei	w*2
T	@>?`
Uu}jfi
=b}) [
0{E"%d
WnGjc(
&^pg^x*
<;3V	;O
j^Jf0=
jd;i" 
:BJs>%
PhJ ]~	
 O/"Vi 
j;E"l*j
+0DGyTn
#^Ej_:
$Xj;oY
zR"dI:
4Zvgke)
0YOi>Q
1HvGko=
JcFw)4
"^^%hL
xJGke)
1Ig;|c=
9XBw:5
:Wg6B`
6sOd,"
dK	Q~O
$cpG>"
v8*+ saS
9OgTgy;
j@Q`9"
ZqgGlc
i&;XD	
	BLv07
ye$5$:
bp~TF^
zl,.:vX6
'UO`0?
F$Ot21
	DLw&Q
,ds%/#
b|2i"=
$Ok	_yO
=Or7Wx;
]M$Ot43
PrO&h*
9^qgke)
.	y?1	7
KHwiwN
;nof{5
;lov{%S&
+3*vSzPg
PLk	Qd*
DTOi_Q
,BF`_Q
br2iwN
j0D`+9
TqAqM^AqM^w
pY[Sl"
4a({:hi'_
	m(a*e6T3h5v_
*w?gl6Z
m4q0s)
m4q0sZ
pY[Sl"
P"1Yyz
]A"* rC
xxxxxxxp
xxw7w7swswZ
3w7s7sswx
7777sw
73333wwx
w773s737s3333s7x
73s737773737777s3x
w7sw7sssss7s77x3w3Z7
7w{73s73w777
77{x7s3s7
sw7swssssw
3s733x
sw7s3w{
ws83s7ss73ww{
{w7sxZ
swssws
7sw373333
w773773s33{x
3s73733sss{
7sw7s3s7
3s73s73s7w7
w3377sw7sw{
s73s3w7
sw7s77{x
w3s737s3ssw
w3w773s77{w
3s3s7sw7;
sw7sw3s3s3w7
ws73s7s7s
$ssssw7
w;x7{w7{w7w
s{73s733s3s
w$sw37s7
s737{x
ssw3s733s3
w7s7sx
7737sw7
7737s73swsx
7s3wsw7sw{
s7w7sw
wsw7s7s73w77
Jw77773w7s3ssw7sw;
3$sww73w8
ww3s33333sx
7{w3s3s
31373w7x
w33333w
wss7swwwx
{w7s3333
w{w8;w77{
7ww3w3w
7s3sw333w
s3Zw737
wss70R
ws333p
s337wx
w333s7
ws3s7{
33s73wx
3s137sx
7s37sw7
w33s3s7sw73s3338
773w7sw33333sx
;s73337w
wws73sw
{3w33wx
wwwwwp
w73ss77w
77773s3377
ssss773s7773x
wsssssssssxbs3x
sssw777
{{sss3
ss7333w
377777{
77777R
sss73sw{s7
73s7777
ssss73sx{w78
sssw87{
773s78
77773s8
ss77777
w773ssss
3sssss77s3s
w733378
8{{ss33;x
87w3sw
sswwss
s73sss3C3s
{ss33x
C+UVUUUe3I
UUUeWwS5
vfzeUWweS`
vveUU6wwUp
vUU335wffp
UUUUUW
vgfUUWwvep
weUUSWweV
eUUSSVwUV
eU+UUg
gwxxrvf
wwgezW
US56wUV
uUUUUW
uUVVWx
3wvvfg
vfeUUWwUV
uUUUUUeU6
wwwww1
fEWggvveFzj
weVA5ffv
	S3STC1
	fgwe36
Automatonta7
MSVBVM60.DLL
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
_adj_fprem1
__vbaSetSystemError
__vbaHresultCheckObj
__vbaLenBstrB
_adj_fdiv_m32
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaVarDiv
__vbaFPException
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
_adj_fdivr_m32
__vbaR8Var
_adj_fdiv_r
__vbaI4Var
__vbaInStrB
__vbaFpI4
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeStr
C+UVUUUe3I
UUUeWwS5
vfzeUWweS`
vveUU6wwUp
vUU335wffp
UUUUUW
vgfUUWwvep
weUUSWweV
eUUSSVwUV
eU+UUg
gwxxrvf
wwgezW
US56wUV
uUUUUW
uUVVWx
3wvvfg
vfeUUWwUV
uUUUUUeU6
wwwww1
fEWggvveFzj
weVA5ffv
	S3STC1
	fgwe36
wwwwwp
w73ss77w
77773s3377
ssss773s7773x
wsssssssssxbs3x
sssw777
{{sss3
ss7333w
377777{
77777R
sss73sw{s7
73s7777
ssss73sx{w78
sssw87{
773s78
77773s8
ss77777
w773ssss
3sssss77s3s
w733378
8{{ss33;x
87w3sw
sswwss
s73sss3C3s
{ss33x
xxxxxxxp
xxw7w7swswZ
3w7s7sswx
7777sw
73333wwx
w773s737s3333s7x
73s737773737777s3x
w7sw7sssss7s77x3w3Z7
7w{73s73w777
77{x7s3s7
sw7swssssw
3s733x
sw7s3w{
ws83s7ss73ww{
{w7sxZ
swssws
7sw373333
w773773s33{x
3s73733sss{
7sw7s3s7
3s73s73s7w7
w3377sw7sw{
s73s3w7
sw7s77{x
w3s737s3ssw
w3w773s77{w
3s3s7sw7;
sw7sw3s3s3w7
ws73s7s7s
$ssssw7
w;x7{w7{w7w
s{73s733s3s
w$sw37s7
s737{x
ssw3s733s3
w7s7sx
7737sw7
7737s73swsx
7s3wsw7sw{
s7w7sw
wsw7s7s73w77
Jw77773w7s3ssw7sw;
3$sww73w8
ww3s33333sx
7{w3s3s
31373w7x
w33333w
wss7swwwx
{w7s3333
w{w8;w77{
7ww3w3w
7s3sw333w
s3Zw737
wss70R
ws333p
s337wx
w333s7
ws3s7{
33s73wx
3s137sx
7s37sw7
w33s3s7sw73s3338
773w7sw33333sx
;s73337w
wws73sw
{3w33wx