Sample details: c4dfd5576bd9485d083d5705f99f005f --

Hashes
MD5: c4dfd5576bd9485d083d5705f99f005f
SHA1: 86186b083b6153c9828ff8e8b58d84417d76d564
SHA256: a93bcae03583670c2aeaa59314d486f2968d1e9df8ea329497658d471aabca68
SSDEEP: 6144:ud0ZrMOOfBfSc7aBR0L37ad2CHsPE6qgrbXzN6niMh1:uKMOOf8cC0LLadQPE6qgrrZci
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Basic_v50v60 | YRP/Microsoft_Visual_Basic_v50 | YRP/Microsoft_Visual_Basic_v50_v60 | YRP/Microsoft_Visual_Basic_v50_additional | YRP/Microsoft_Visual_Basic_v50v60_additional | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/SEH__vba |
Source
http://dhm-mhn.com/sunday/charhuey.exe
http://dhm-mhn.com/sunday/charhuey.exe
Strings
		!This program cannot be run in DOS mode.
`.data
MSVBVM60.DLL
Password4
VB5!6&*
Sanious6
Orchella
Password4
Dionkor4
Yalena
Password4
Command13
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
winmm8.dll
waveInStop
__vbaFreeStr
ADVAPI16.DLL
UnlockServiceDatabase
auxGetVolume
kernel32
EnumResourceTypesW
berwind8.dll
Sahinalp2
VBA6.DLL
__vbaStrCmp
__vbaLenBstr
__vbaStrCopy
__vbaStrVarMove
__vbaStrMove
__vbaFreeVar
__vbaFreeVarList
__vbaI4Var
__vbaFpI4
__vbaVarDiv
__vbaVarTstGt
__vbaVarAdd
__vbaLenVar
__vbaCyI4
__vbaVarIdiv
__vbaI2Var
__vbaSetSystemError
__vbaOnError
__vbaGenerateBoundsError
__vbaCyAdd
__vbaI4Cy
__vbaVarMove
Dionkor4
Jeremejevite
B*-%>C
X?n9T|H-
(*G&VC
c*HAVT(
$zkmbl
VB*-%TC
%N[j},a
?23[rk3
`IW"En
r/n}-I
(y7F+[
ILTABM
Vy"Z2}
,%>C=X*Ibi
|iH$tO
S@H${p
1;6yP`
. #zJb
hH$ XaH
;v+.nd~
YcX:>~
2yl%VA
JcG*)L\
),T|Hg
+73.ev
sg8$7V
j*HAA[&
TG&WYP
+73.9n
E%YB^c
>| QIR
+73..b
4`H\;a
dOs"CY
c\;a|Y4L/
iR?[L*
SA]9T6
M#+d&t
R0U)O3
N/-!>C5{
>CQIut?
\;a|Q:t?
xP\VBqu
^>B*-ME
|{-M%Y7
(*G%TC
WSGTqG
BN<-<HO
%Y0.G%TC
_|&!M%Y7>
BFYZaW
y^NO,:
Kipzh7
Wdz`P_
pz` Lo
9T|Hgm
UD@yGa
K:9!zc$
2|w*-.
i_07OS
+-%HD3
kM>k_xQ
i[iEI2l
&_8WO&4pp
Xb*HdZ
sg}n7V
`PCsbp
!Tbwlm
C(k-rh
J!o7 A	
fD\R-6
s.9T|H#U
c!Tf`P
&UQ9T;
%Y(*EeS
!Tbw8]
4Mth,)
gro7Vn
GkAN9[
S R.-%
zd;VK7&G
=T|c'@@Z
BW-%BJwd
)-iH:K{/d
T\enK 
6f%J%g
B*-%>C
B*-%>C
H*-%>C
Kbi\[*
B*-%>C
5E_A>3
7^HW>3
%*JLP$
+D-B_7
/O-M[/
B]DKP&
6BXKZ&
+AH%Z"
0*EJJ'
BkIOK0
*k-%N0
+DIJI0
-XHuL*
1O /},
B{nmW0
6Okqnc
b~TU[C
%KYJLC
&KY%O6
#GH%n,
%v~@M0
BnDW[ 
'O~IQ7
3FDQ[C
+D-c_5
*OnW['
$*L%]C
-GHuR6
-KI@LC
,ONQW,
x*XV[1
6CLIz*
6^DKYc
0\HWr*
ByBCJ4
1*y@]+
!IBPP7
!KYLQ-
B*-%>C
B*-%>C
B*-$>C
C.-%?G
B*-'6K
B*-'6K
,6V9U\H
b*m%>S
Rj=%.C
Bi_@_7
B4.IM7
6XHDSC
B',vJ1
-ZY%>b
B*-%>C
B*-%>C
B*-%>C
e!yur!yurO_:?C
B*-%>O_:?
a9[9Rf
0,{JW/
(E2k{-5c
0,{JW/
c/k>hu
c/k.ku
&%jlUu
.qj*Su
.qjVVu
.qjNVu
&Ij`bu
Y7=j|bu
N0%|A/
.qjPDu
&Yj Lu
@4cujkbu
cuETb/jYbu
LPak<c
QopAUcu
Jeremejevite
Command13
Command13
MSVBVM60.DLL
__vbaVarTstGt
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaVarIdiv
__vbaFreeVarList
_adj_fdiv_m64
_adj_fprem1
__vbaSetSystemError
__vbaLenVar
_adj_fdiv_m32
__vbaCyAdd
__vbaOnError
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
__vbaCyI4
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaVarDiv
__vbaFPException
__vbaI2Var
_CIlog
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
_adj_fdivr_m32
_adj_fdiv_r
__vbaI4Var
__vbaVarAdd
__vbaFpI4
_CIatan
__vbaStrMove
__vbaI4Cy
_allmul
_CItan
_CIexp
__vbaFreeStr