Sample details: dde4ce4c39afb37ef13aa98cdebf542a --

Hashes
MD5: dde4ce4c39afb37ef13aa98cdebf542a
SHA1: 0c8279fe3fbe425caea59aa78011c7286caa87ca
SHA256: b53391a7428c3c5bdb68483fa446c92c42e7ea952df2b4d7bd0ed0b0ab367749
SSDEEP: 6144:pD6pxPVfAWv65tFLoAJ+2FjzaJJ07XrXa3rU1c1afTux+xBi0+TCy:d6p1VTUnJQJJ0Dr6kpy0BV
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Basic_v50v60 | YRP/Microsoft_Visual_Basic_v50 | YRP/Microsoft_Visual_Basic_v50_v60 | YRP/Microsoft_Visual_Basic_v50_additional | YRP/Microsoft_Visual_Basic_v50v60_additional | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/SEH__vba |
Source
http://dhm-mhn.com/sunday/buggs.exe
http://dhm-mhn.com/sunday/buggs.exe
Strings
		!This program cannot be run in DOS mode.
`.data
MSVBVM60.DLL
Denticeti
VB5!6&*
Londonize
Crassamentum0
Denticeti
Natrons8
Denticeti
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
Command12
winmm8.dll
waveInStop
ADVAPI16.DLL
UnlockServiceDatabase
auxGetVolume
puppethood.dll
Ochotona1
kernel32
EnumResourceTypesW
VBA6.DLL
__vbaErrorOverflow
__vbaI4Cy
__vbaI4Var
__vbaFpI4
__vbaVarDiv
__vbaVarTstGt
__vbaVarAdd
__vbaFreeObj
__vbaHresultCheckObj
__vbaObjSet
__vbaLateMemCall
__vbaSetSystemError
__vbaObjVar
__vbaObjSetAddref
__vbaOnError
__vbaGenerateBoundsError
__vbaVarMul
__vbaVarMove
__vbaVarTstNe
__vbaFreeStr
__vbaFreeVar
__vbaStrVarMove
__vbaStrMove
__vbaStrCopy
Natrons8
Mastadenoma4
-Z]Tm#
-ZYTm#
qDj-v++
-0^>mI
y*kEJi
Sj6~\MM
FEU0R%
7o[|*V^r
S3$+$Z]T
_]4~K@
ke &uX89@\
Xa)o,b
`o[|:$n
d\*Yr^
dHw!p#j
W&)cCO
J<e&]0
tojxin
L3B~r?Ex
r<R$ks
M<eE[N90{
yDM1We
V}0]>m
Bsf#Da
S&*VnD
fE[N='+x
xz0He 
SZ5~\.
1GDZL9
P!O4~\s
3Y/!je
PZA0Ru
cQZAEB%
#PhaDT8v7~
Xr JK/
vGDM4s
oG&+Ob<
WE4~Kd
q>BjC&9
v\9Ht	TJ<q
DM44O1
kcGD{	
o,F{eVK
z\LM4~
`o[|*$n
XV(j (
?ODM#>
83Gy8Ob^c
xzb!e 1
F9mGZ5'7b
01>n<~\E
\VYFBf
PXQ+'k
So5~\9m`g
Gb(kje
9m8Z]T
R$P9C_q
08uaK-
B#w#Da%
aWIr}[
'],M4~
9mXJ7L
*;b(!ja
cgn0/m
el_]Sp
o-r{eV
f31[#%
MVBRu[#a
W8iW_Y
o6t{e {
L4~KWt
6JfF:I
-ZA`:u
Y]xm**
G-aBZR
rZ[q)E
rlm 1)DM)@
	AYFBq
dbIBS68
G27'v\9
0o++hQ
*z10_v
9*,Z]T
!G~.Hr
/oQ]eo^
(jM=MFp
uFb(eRa
v{0Grp
YFBf0S
6WIrbO
za{e 1
14fYif1{
YFBf``
dbMB!f
6|#rG]{
BZI2<C
:7PocO
B<eE[N
aWIr}[
r{M=v++
a?XDf_
Hj}BSp
	w.><(
z\LM4~
wAYFBf
dt0G27+v\9
P$O4~\
yS)S	b(
3Y3kje
cpCQNdxq>
$'lGM4~
~\9m`g
CbDq.hP
p~J<e}
B<eE[N
aWIe6`
KQ2cg.w
zHLM4~
R<~\9m
2lObb6
zuye 1
Q$%>/ "+
-2W:,#i
 1r{Lc
aLj&_	
$%:/9m+
0(0`@H3O]p
"I3*h^
#o|Hw1
zPX]Tf
,K^;HV
5\ve]x
m;IgPl4
Y53 W.
;%sM$"
#{sh2,
0i)/[1
-q	p=r
=D6{Oi(
qMJtN?
k;Z4$fR
V"$y49
-Z]Tm#
-Z]Tm#
'WWTm#
-Z]Tm#
U u<|p
Y(4,mS`W
\7uc*/
L78'mBr@
_.$em@sA
-Z]Tm#
-Z]Tm#
E?6n93
_]Tmnx
WhUb/"
U&;j?.
L))t>FsR
`r;j=.
~;1 m`sA
C&4o94
DR&d-3
D:uO*3
D7FT(+
^t7'mPhC
]`r{mK
CR<e83
}?<?1amE
*Y^T>LgP
`r%j84
$SP^`)
-Z]Tm#
-Z]Tm#
-z]Dm+
)Z]Pi"
-Z]\m!
-Z\T/#
0RuIKF
4R}+KG
-ZMTmc
-JYTm3
-Z]Tm#
-Z]Tm#
-Z]Tm#
]5	U`T
BZ]T*Fus
z391.K`V
_48 .Q`G
DRuh$)
-Z]Tm#
-Z]Tm#
!vp%!vp%5KuF
-Z]Tm#
n9 gW5
Mastadenoma4
Command12
Command12
} jLh8
MSVBVM60.DLL
__vbaVarTstGt
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaStrVarMove
_adj_fdiv_m64
_adj_fprem1
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaObjVar
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaVarMul
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaVarDiv
__vbaFPException
_CIlog
__vbaErrorOverflow
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
_adj_fdivr_m32
_adj_fdiv_r
__vbaVarTstNe
__vbaI4Var
__vbaLateMemCall
__vbaVarAdd
__vbaFpI4
_CIatan
__vbaStrMove
__vbaI4Cy
_allmul
_CItan
_CIexp
__vbaFreeStr
__vbaFreeObj