Sample details: dc6f4f0cf058ddd94af66db1a4078fe2 --

Hashes
MD5: dc6f4f0cf058ddd94af66db1a4078fe2
SHA1: 2e28b41c75cc3851c10fa62c69ee08205b73b814
SHA256: 0b2c80811e2821a17b0f96258abe69484ed14f151788824f692aaa3ffcde95b9
SSDEEP: 12288:/ayOcR7BQ/IzpZaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaV:SyOcR7BiIzc
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Basic_v50v60 | YRP/Microsoft_Visual_Basic_v50 | YRP/Microsoft_Visual_Basic_v50_v60 | YRP/Microsoft_Visual_Basic_v50_additional | YRP/Microsoft_Visual_Basic_v50v60_additional | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/SEH__vba |
Source
http://utasarmsinc.ru/live/dew007.exe
Strings
		!This program cannot be run in DOS mode.
`.data
MSVBVM60.DLL
VB5!6&*
Antidinic
Tellyvision
Similiter1
Label1
C:\Program Files\Microsoft Visual Studio\VB98\VB6.OLB
Check1
user32
GetClassNameA
FindWindowA
ShowWindow
PostMessageA
comdlg32.dll
ChooseColorA
KERNEL32.DLL
EnumUILanguagesA
VBA6.DLL
__vbaErrorOverflow
__vbaI4Var
__vbaInStrB
__vbaNew2
__vbaVarSetObjAddref
__vbaVarTstNe
__vbaVarMove
__vbaFreeStrList
__vbaStrToUnicode
__vbaSetSystemError
__vbaStrToAnsi
__vbaFreeVarList
__vbaVarAdd
__vbaStrVarMove
__vbaFreeStr
__vbaFreeVar
__vbaVarDup
__vbaStrMove
Similiter1
Nondieting
1QLdUJ
bx#4I<
vD(h.Q
A>|xVM
_u,xSS
FD1B]z@
8RZ2]}
q@"mO8
C"%Y0'
QrLH3#
#]Ba<G
@I.>vw
N.xSUD
+@>r9*
<^`IrA~
I/Uw,Ht(R
WiCaV~
A9@M_!c
X-JAQ<
C0$Mz*
w5J3EZj
3J`urNj
@,+Ckk
2fn/70(
)]mFDV
XL>@MIY
Br`H]^
F.1\)tkH
HKke-A>
p_^#KX
q"p'nt
Z_F6(1(
.>vjGx
F=pl8	
Pu7	Y7
Bc50()
%#:2KW
A>|xRIwy
dgb`JR
e>XxH\+
oM=TJ(>Z
om0\M$
J)jY[y
iC0$M"
mo.1xY
g: ZEj
&:6@WN
WX2`Vp@ov1
Ux2g	$3u
94I&kF8
l#REh5
qfIWd]njD
\%:6g1
Cl0:Wx
o@>|xN
fG<`D$
1:SM[h0
qlY7`@5>
kNaf!R4}A
n[U2S[a
;X&Z.1x
T~ lQ^
gZUSEAI
.`VvIr
GQ t8W>
1x6y*M
QL:X8j
$Qgz~G
<"KQrJ
IWNv+^
KF.[ +
i&KeRJ
]'EFOw
ZfEQt#
d	!] Z&x
c&(+]K
]nJF5)A
qd1e2p
&8W;mZN.1~
t:Sn&M
h<_HqWx
m?0:Qh
O*2x6E
0p<6@)O
U]^osD
g7$M~)
{Q]^o{@]b
wF"%Y0R
a	C= Z&
 ?SnrM
\(N=M=
N(.X('~
@=>X<IAj
D:w4mSx
0 ?SlU
(Az@(p
4aFqmt
="KC J
z@G_;i
gZxi5l
OXG	hm
2jS#p	
";S8IM
AGOckz
wF"%Y0
~!2wmjS
1>!E8`0
8W^=)F.
@'4w]u
mH1z3C
>bx{4Ida
4WsDo%eR1J_}
IWbI+X
:K+b]S
Xo<HUC
]nJH0<Y
@Q.>zy
4bx!4I>a
4H|BVb5:a+N
-7`x16A
ii$*ZE
CAT'k@
Ek=BCz
!(so{T]9Z
]^g	HU
2[Zp<}
H!U6._(
2$MHx|
_i,xS<
Y7bx58
<O=6XsN
Htg2hj;\
v<S<^\
K/1D}yW
<H|n)w
C0$M}/
}14A-g 
1^H6.>
B/e</.
OEss@F$/Q
Z8IRS_X,
\9ZblL
,0/Q&Z
~2$9Xt9
"mS{`h\-
Z)QP_v
SUj2QV
c3o"UH
:},h]h
NoK@]9R
qGj,a9
m.z+Sh@
kPA7!(
X_x.@bx=-
lvAJNkk
^'7QZb	
'JN c`
BL_AcN
oKD]'\
9'XkKx
[U2 fBA
B={`y$
{O3$?h
@E>XDIA
K2$9Xt
XUF.1{
uGId*S
elz1w'
WMPkxk
]?@<{=I
v?1\ao
v x^{1
7`y#2J
@m3m.n
wcpo6U
@.c2'o]
Aj)7d:
=p	ho5
 Tu>>"E
b-vi^38
\<Z|'L>
O67	J?
+?)I{tnF
uau->LQ
JK42l]
q|8xcs
p7>%Pbv^
FmRwW8
BG~w]FC
Qb]W|X
]KiCyC
|6)*x5
Xxl<`[A@
YX\ta5
~xEBbQ
#,H !i:
d-XK:G
2&!pu9
/\moL)yP4
"B@Kgl
]@RF~t
ZkpW_ln$
e^PID/
Ks['o=
h14lrC
8N*4=Yg
Ydqphd}p
urF;]o
5-}$#"A
@X|phr
RrTYzD
SyD])!
_V?LDAv>M
x"F~_J/
hUVqhO
CT/whga
Gn	P9U
e5"p0-'
=Kd-de
FH6!=1
DM55%/
G ,[C`
G	>=aw
Oh)b44
'-ed^G
)M$o6:
9-wqe~
~75bi`
5UOB[d
]	J8A!P
Nb%zO{E.
f&XW1Py7
Wcz,+$B
R%"n[	
te@8~D
F;#KG`
SfY6),
jdS	tv
Zodh<_
y8BBee_
,V:?y	
HF7\# 
"T~g5^
x+~hb;Ax4+
EP@wcE
Fvm2%U
j5g=CJX
Jw_+g+
'GTK+ger/
y"4dk~
2:}{iA
YO;\6Z
Brx9P 
G5G2"t
D\FRvN
Y +4X2
Ml0mgg
RYS?m<
6f1!u3
+gVbD:
$Gg09B
y?2)EP
G%&~Wr
M<,%H;R
*t;^P~k
z{-]2y
cvE|RvE|RlBp(
	y)]zg
	y)]zg
Tha(Pi
ikUUgm
T0ijTi
T+&)dc
pkUTgm(Dh
2gGt2i2R&xc
kUTgmL[h
ThinTj
TkUTgl
km^Y!.
L&)dijTl
&)dijTj
.&)daU
ThijT`
%HgklV
T0ijTb
Y!'HfhVT
%K/klV
ThkkP>
Tha0pi
Thc xi
1&	taUQh
D!)knQY!
]CA=<<=>>B\^
B:658<AD^`bbaa`^DB?A
}\}qponopqxyyqaD@=\
:aC;9?
yxpnba`bcpy}xcB<>
xbB<;C
}xoba_acpy}oC9;
xob__aoy}oA7>
}qc`_aoK}b;7\
~mT4.-1LfzT
}qb_`cy}_7<
								
}n`_bx
									K
				T		
												#N
												
q`^ayy=5
					K						
o__c}c
p__a}a
n__cy>
q_^ayD
K`__x^S7
s"				
}a__q`
}a__p`
}a__p^
}a^_qD
ya^`q?
x`_aq9
}:abp:
ycabc8
(LJ&N~
}naac>
W(+GR3"Gv
}oaac@
KjUF)'Su
{R4Oi~
xnaC`<
ypbab\7
ypcbb`>
A58Bny
yxpnCon`?5
B75<\nx
}yxxqqpqpobC:
<559?\aoqyyyyyxxqpn`\>7
579;<>==;
DB>9:86C99;AC^
wwwlll
jjj|||
nnnbbb
aaaxxx
iiiggg
ddd~~~
qqqnnn
vvvkkk
mmmqqq
rrrhhh
qqqeee
dddkkk
}}}hhhbbbsss
|||iii
ccciii
___ooo
gggeee
vvv|||
Nondieting
Check1
Check1
Label1
Label1
MSVBVM60.DLL
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
_adj_fprem1
__vbaSetSystemError
_adj_fdiv_m32
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
__vbaVarTstNe
__vbaI4Var
__vbaVarAdd
__vbaInStrB
__vbaVarDup
__vbaStrToAnsi
__vbaVarSetObjAddref
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeStr
y___9B
OtD6H/FW
T+555|
n7(U>u(
RZRxZWW
gJ>G]]
^cc#[@.
89YF_ 
KBRu}b
M)3o8RN
$C}Itl
M~J	|-
wdYFo0
zq[WmE
"Wb#P%
~rJ	f.
9l}a8;
>+<uV8k
)##'1p
B-Cb@2
BpKAHe
[;aJdF
$'2===
0eRH9|C
e)v%Le
Ass3:::
bWRD[R
f-N$\u
3!H6iX
C(>lJ)
t6?iTTH]
<#www)J
RW`A/@	
( g.<?
h:Goo/
Mx#dA&
B)]H)}
H*D1'5e=
@CS#ZZ[
MMhnm)
?A)-^J
oPJ_(k
Z'M{{;_
#Z'YWW
%tEXtdate:create
2015-04-13T15:28:33-05:00
%tEXtdate:modify
2015-04-13T15:28:33-05:00