Sample details: da647220b453c0d921ca47143e60a812 --

Hashes
MD5: da647220b453c0d921ca47143e60a812
SHA1: 6f7deb88f61eb6d2bcc68f9dde237eed740c21b2
SHA256: 64c7e5aca3d059fff975f688868cd90ae6d30bdc538f8a3bad6f06903a4f7337
SSDEEP: 3072:KLD8OFpa6tmp+R2Z1QCetCOPARZqvqcPttac/yXzClRNa5DeCl8oyBZRJQXuefBH:24Qpqp+Qu5U8AR50ttf/yjR598oy4uy
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Basic_v50v60 | YRP/Microsoft_Visual_Basic_v50 | YRP/Microsoft_Visual_Basic_v50_v60 | YRP/Microsoft_Visual_Basic_v50_additional | YRP/Microsoft_Visual_Basic_v50v60_additional | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasOverlay | YRP/HasDigitalSignature | YRP/HasRichSignature | YRP/maldoc_find_kernel32_base_method_1 | YRP/domain | YRP/url | YRP/contentis_base64 | YRP/SEH__vba |
Source
http://phoenixcomtact.com/temp/powermannna.exe
http://phoenixcomtact.com/temp/powermannna.exe
Strings
		!This program cannot be run in DOS mode.
`.data
MSVBVM60.DLL
vb4projectVb
Ecumenics7
Afkalkningen
Afkalkningen
testButton
Yesteryears0
@s$oeC7
?f>b~~	
ATj seq
]+,!=n
?0$Zss
/a7gp?
b9`ie7Kew
r1/LDc
6zRI}|:
Nj!oj!
fC8qb6
~d<ts#
%Y[p1A
U_x8fW
r?yk&Y
<\\On9
`+{>0A
D#N+"7
i63Z>~
UzqF#mz
_?P$V.W
Z=1+KD
*$]6^p6
?zf)dm
>tzR_Nm
[+U{&CX
1cae@>
wmYE}r
p:"$;.3E
HM9s$k
Q[KXFV3
+HQO}1
7,oHF	
;7NX;eJmA
)7zm29{
ctMJu@6
!dwIf<
#_I'|l
<b?,,Ig@
bI d\Ce
v;}+Ko
:3t<&N
,	Sp(<
U#&Cwp
-|_zY.
%"\ li
7a.d@j
xWqJu#)
]D0h%/
3naa/D#
(A+K&F
j#'#"J1Hj
OH{aI)=
Hu	l@6
YujB%y
iN1n|Q}4
@C[n\Z5
];J}t@
.7gv&PO
*UH~)(
ZNH+!Ba
ooJt'E
TOg>AH
'U<dFr
p%>M^	
U'K-E	&g
d4-jw3^
sAl4x!R
%U_4;z
P4=U%wJ
!VM}d0
7m*uZB
d>cmY9
}gf*	A1
GY),OU
E"Zh<$
q%9)d5i
T( >G<J
[=YDy>
A>viv5
L'|&eG
gnjEA9
#dE1B`
awoXyC
pMeIW@
+Y7\i_
woW;Yg
{"/JaL
b KWb%o|
|m{[0ot:
"e>'mSSo
~&t^IO
&:pV/M
'NV8jP<
2Q@RYD
X\ x>k
+R{|i!
iI5+K-
{J}CMdPM
/gv1X~
h"SKm4
}tZ\wu
5Z[j[Q
Q=R#1|
_=wm&U2+
NnR` *
}<'U@74P_n
U'UsY]
9gn$$Vbc!
SJX"[>
a,)[?k?
^FlW:7
lMe6o*T
0IyB9x
POFCu@
Owu<pM 
JO&oH]j
M;/7 Nw
,NslFm
EzK>`&
<IJWM;
~<Bz%I
xD*V9P
YHbUjG
*S5;TT
-8!u	R
c,9z~n
h[yCnf
H/mynR
G\UGYe<
oBds^?
njl&,?
+?>[$9>6
&;6]Qy
5\<kw+:r
dI_Z);#T
b4DS}.Nr
hLIy6Y
M}H~M\
[ ex$RTy
jw+Wwj
~^Aju5p
j_Yf7E
nc,)Y$
<xgXe{
Z]r^	D
sa0Mcd
g4'N"k
=lX	KK
:_RW+M
9<n#mK
cZWJsjr
V72/UB
6X+Tc0E
#;s'In
B&9m{y
X>zm|9
AC|Ztfx5]
xOo=bHf
b*cFj%
Qw{ms.&B
r`vRHr9G^
UPJ!Xg
Ya!ifj 
ARbqaZ
Z0CW>:T
YZi~<hj
$zuy+L
0z5R=0
T#rq|*K
 A{`bG
a}&+mL
j5%K(\h
)3y=6(
yo!(M>!
Cw(|^s
t&(LIq
W h<Yr
|+@\G\
Yhy~8S
2/DTI53
S?Ar!S
Un*O$__
f'W/zeN
:{I)daH$
w_2]oDS\
<Dj@;8>\/
r)[jD8%
`2db	c
NZ<Cl 
"0u&-L
A[R&6:eC/
PZc|e.
/~eF	q
}sguCYl
DWj2]'~
6H_)J{
qv~pIh
ya\)c't
|Nk$=r
1Mi}GN
VB,~4_W
b)\")Y
ki<|{w
bH6^KG
?emztyJ
9/=it!
>-dcK!
d-`'1z 
 \^`f:J
VAr,&R3Q
+@*ZOt
3;\l$O|
8x@tGT
/[CldLS
G>~<jg"L
qxTAQ/"1
'i&B^k4
_1_9xs}O
O>ii^#>
8[$]MM
qx\}x=
B-E+8C@1
LZEES\g
hYcoV)ga
U?pvF)m
ej0fm,
b(dnyFb
mKKa)*
(^*B4|i
<\on.E
=S8uRB
>G?eC&
a7K6kB
	*]9&u
<e;~[(
VJiF=P
=r"Lu!s
g6=rS4
/(C^{G
L*E\1R5
CF^^:nO@J
as*]I5
d;=b~P
*}B%#n
tv]5N4(	7A
AEb6[|
1b7:!{C?cI
FOJ|^)
=]6MgaciO
uXyo~L
fjI5/'
xmusm>
:<Z,V6
B"4g.@@h
I3/.U[
@[P}v|
	\.SM;
7|"7=#
O~]^!w/
/l;+5r
0{1,#RE
-(;c4 
&r^O1q5
%@6 ":
Tm2+J`s
NhaFq	Cl
P\ii2jgi
\ G;s;;n5O
S#]ga*
{Z<dF"Qv
;$*]5^
P71fQk
RB)/T@k|
%nm8@G
HFmY8k
E=PW!`
^:I#?MOO
ERPdUL
zA]Z053Z
5ETQ6_@
Jvp)o)
E?cL$!I
4p_	u&
u	TSc"H
es(PJ?
9,ak:|X
OT#{7oU
N5@KV(
GsKI!@
#`2XBV
PK (ET
]v\gBb
ntdll.dll
VB5!6&*
Curableness0
vb4projectVb
vb4projectVb
Ecumenics7
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
Yesteryears0
testButton
Form_Paint
VBA6.DLL
__vbaFreeVar
__vbaFreeObj
__vbaFreeStr
__vbaStrMove
__vbaVarMove
__vbaFreeVarList
__vbaI2Var
__vbaHresultCheckObj
__vbaNew2
jTh<#C
MSVBVM60.DLL
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaFreeVarList
_adj_fdiv_m64
_adj_fprem1
__vbaHresultCheckObj
_adj_fdiv_m32
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaI2Var
_CIlog
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
_adj_fdivr_m32
_adj_fdiv_r
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeStr
__vbaFreeObj
DigiCert Inc1
www.digicert.com1$0"
DigiCert Assured ID Root CA0
061110000000Z
311110000000Z0e1
DigiCert Inc1
www.digicert.com1$0"
DigiCert Assured ID Root CA0
Western Cape1
Durbanville1
Thawte1
Thawte Certification1
Thawte Timestamping CA0
121221000000Z
201230235959Z0^1
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
http://ocsp.thawte.com0
.http://crl.thawte.com/ThawteTimestampingCA.crl0
TimeStamp-2048-10
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
121018000000Z
201229235959Z0b1
Symantec Corporation1402
+Symantec Time Stamping Services Signer - G40
http://ts-ocsp.ws.symantec.com07
+http://ts-aia.ws.symantec.com/tss-ca-g2.cer0<
+http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
TimeStamp-2048-20
DigiCert Inc1
www.digicert.com110/
(DigiCert SHA2 Assured ID Code Signing CA0
150925000000Z
181003120000Z0M1
Bellevue1
Valve1
Valve0
/http://crl3.digicert.com/sha2-assured-cs-g1.crl05
/http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
https://www.digicert.com/CPS0
http://ocsp.digicert.com0N
Bhttp://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
DigiCert Inc1
www.digicert.com1$0"
DigiCert Assured ID Root CA0
131022120000Z
281022120000Z0r1
DigiCert Inc1
www.digicert.com110/
(DigiCert SHA2 Assured ID Code Signing CA0
p1f3q>
http://ocsp.digicert.com0C
7http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
4http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
4http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
https://www.digicert.com/CPS0
DigiCert Inc1
www.digicert.com110/
(DigiCert SHA2 Assured ID Code Signing CA
Symantec Corporation100.
'Symantec Time Stamping Services CA - G2
171031021213Z0#
(e	}05