Sample details: e2a3e894e40f95cb26a6a316fb48a226 --

Hashes
MD5: e2a3e894e40f95cb26a6a316fb48a226
SHA1: cda582e4336fb5b26a1882a41e21003682fd5ffe
SHA256: 4abdaf019773a0c2c0cc7bc2ea11bdd786d596ca643cbffd15149d9890d782e9
SSDEEP: 1536:6usvpXtjmflIq1usaluUleIyh2P4Y8Yn1NN6HIrusvpXtjmfl6I:OvpkflIq7eew4uNN6qvpkfl6I
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Basic_v50v60 | YRP/Microsoft_Visual_Basic_v50 | YRP/Microsoft_Visual_Basic_v50_v60 | YRP/Microsoft_Visual_Basic_v50_additional | YRP/Microsoft_Visual_Basic_v50v60_additional | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/SEH__vba |
Source
http://93.95.97.230/pay4.exe
Strings
		!This program cannot be run in DOS mode.
`.data
MSVBVM60.DLL
Kingdom
Kingdom Lodge
666666
%GGGG%b
$$MM$$$
$$$$Mt
$$MM-MM$M$$
$---Mt
6xq22|
6YYx22q2u2
uxbybbxx
Picture1
cmdShuffle
&Shuffle
Times New Roman
Times New Roman
Times New Roman
Times New Roman
Times New Roman
Times New Roman
Times New Roman
Times New Roman
Times New Roman
Times New Roman
Times New Roman
Times New Roman
Times New Roman
Times New Roman
Times New Roman
Times New Roman
Label1
Turns :-
Times New Roman
Label2
Times New Roman
Kingdom
Kingdom
Kingdom
DataSource
DataMember
C:\Windows\SysWow64\MSDBRPTR.DLL
MSDataReportRuntimeLib.DataReport
DataReport
DataSource
DataMember
C:\Windows\SysWow64\MSDBRPTR.DLL
MSDataReportRuntimeLib.DataReport
DataReport
O	Module1
Kingdom
DataReport1
c:\windows\system32\user32
CallWindowProcW
ReleaseDC
OpenClipboard
DeleteObject
EmptyClipboard
SetClipboardData
CloseClipboard
SelectObject
DeleteDC
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
Image1
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
VFX4H6oEs
Picture1
cmdShuffle
Label1
Label2
GetObjectA
VBA6.DLL
DataReport
<MSDataReportLib
DataReport1
MSDataReportRuntimeLib.DataReport
DataReport1
666666
%GGGG%b
$$MM$$$
$$$$Mt
$$MM-MM$M$$
$---Mt
6xq22|
6YYx22q2u2
uxbybbxx
Image1
Kingdom Lodge
MSVBVM60.DLL
EVENT_SINK_GetIDsOfNames
MethCallEngine
EVENT_SINK_Invoke
Zombie_GetTypeInfo
EVENT_SINK_AddRef
DllFunctionCall
Zombie_GetTypeInfoCount
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ProcCallEngine
a`jubge|q
ch3eagjwbe%nqfgahudcglw`ecnsfaajubcelq`gchsdag
F#.;U	
	YmoGnsfaajub3 lq,fbh	Z
=jwbeenqf
agtobf$wNecnsfaajub.qlq`wchsdagjw"ee~qfgchuecglw`ecjsfaajubc%lq`ech,A`ghwbee~qfgqhudcflw`ecnsfaqjubcelq`gchsdagjwbeenqfgahudcglw`ecnsfaajubcelq`gchsdagjwbeenqfgahudcglw`ecnsfaajubcelq`gchsdagjwbeenqfgahudcglw`ecnsfaajubcelq`gch]
CqfgqhudMglwbecnsfaajubcelq@gc
sdagjwbeenqfgahudcglw`ecnsfaajubcelq`gchsdagjwbeenqfgahudcglw`ecnsfaajubcelq`gchsdagjwbeenqfgahu
XOK%1|^
*e;r0*
()nAQq
jS>?e`
cZb8c"e
>y,aI,Z1
r|)K[~+(
l\b{6|
gR8wen
*E^KJH
;0Lb2}Lh
$CWKju
Q_(GCt
y*J%01
<M^ ?x
F`ecnsfaajubcelq`gchsdagjwbeenqfgahudcglw`ecnsfaajubcelq`gchsdagjwbeenqfgahudcglw`ecnsfaajubcelq`gchsdagjwbeenqfgahudcglw`ecnsfaajub1142221242413544(
666666
%GGGG%b
$$MM$$$
$$$$Mt
$$MM-MM$M$$
$---Mt
6xq22|
6YYx22q2u2
uxbybbxx
PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX