Sample details: e89ab398376cd8849b5780543e0c7621 --

Hashes
MD5: e89ab398376cd8849b5780543e0c7621
SHA1: 579f79747c72e87a80821f8b7a49a8258972187c
SHA256: fc8bceaf70b5b13c23ec09a963bde0c87f9a009e0ab5ebae7f06c85a2692284f
SSDEEP: 6144:0wlq+KcUwjBWedHRey1BRx+zSsZgWgAZCvx9dawH1Zv12Cw8ChZ:0p4U6BV0m0zSsOECv3dbv13w8ChZ
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Basic_v50v60 | YRP/Microsoft_Visual_Basic_v50 | YRP/Microsoft_Visual_Basic_v50_v60 | YRP/Microsoft_Visual_Basic_v50_additional | YRP/Microsoft_Visual_Basic_v50v60_additional | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/SEH__vba |
Source
http://www.metroopm.com.my/create/mec.exe
http://www.metroopm.com.my/create/mec.exe
http://metroopm.com.my/create/mec.exe
http://metroopm.com.my/create/mec.exe
Strings
		!This program cannot be run in DOS mode.
`.data
MSVBVM60.DLL
Hypaxial
Cutterhead3
Montelli
Montelli
Villaggio
Acetabularia
Inheritage0
Witworm
Induration
Percarbonic
Galoot7
Cracking6
Hillcity
Charladies
VB5!6&*
Elude6
Overrich
Hypaxial
Hypaxial
Cutterhead3
Cyrcolsw
Hillcity
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
Induration
Acetabularia
Villaggio
Percarbonic
Inheritage0
kernel32.dll
EnumUILanguagesA
advapi32.dll
LookupAccountNameA
Powrprof
GetPwrCapabilities
thistlelike.dll
Stonesmatch
kernel32
RtlMoveMemory
Hatusua
Hatusua
Cyrcolsw
Convictive
yk#[~o
H14_9q
{9e*q>
suw[2]
1h.-l0 
e"H14x
x)b'bO
(M(gx^}c
zL<9iB
{R8%o\
whm/sS
7&TMo5J
	lhR>3
 _	H+a&br
,6/x5&R
][1Z\IJ
2X|H#Xu
X51i&boVLR~
:jXCgH5
>,0}]z
YQS#Q)
^i1.Y?
\k}R=c
1R@KB*$#
gK)Li)
*LkDK	{
H*e8\y
G;ro5 
A9}r)o
0P5Na\
2k=0#>}w
5YGGu2
`.nG>Q3
A*}1.a='
(c)\bI
vYjv9!>
iX,)N"H'^
E/!]77V
$@/o57
XzZ2do
#{V:oQ
3.Ea74+
-j4~qu
K`IkdJ
?ueNH;
="dA{q
Ms7ZXKB
l7^PIK
em<4^.
LfY\##
pe	gO(
m<Q9y@bo^
2U*WHP
v'nzpR
~lbqp3c{
!~'51M
$m>IKX
RQJPP<
Np4b+o
3F/!8us
,H;,rq
VeM^P$C
4aavcdm
N'xARG
9[]Uo (
&TJmBr:|
"!bZ7d
H,u;ro
hQ{8Zw
aj&ynWKP<
?{V_Gi
EI5#]Mr
m ZM_]
E/!5MwVQ
S=^5*%
`$xHWg
.d]1Ak
f,"/{=
;A+q^FU
}ORh?=
mFp:g\
VH*LH0
q]:[/V20
UMK1RhICuY0
xe[?aF.
S=4$"#b
{=e4(7w
&IV;`&J
X@qE~I
V4cDtK
pU:5-.
m:YG$'
e>Ry5!
ZC?(f;
0YG4E(
eB]Uz!
NK}*$B
I14*g*GE>*
AuX.vch
hm/;U0
,dg	XbEB
.);;*MP3
h,_03g
5jZ1VX_
r!0 2s&
+<mA APJo
'=R}M`
h%ilLSZZ
e&r |c
Y!xN'Y
	EbYDN-
tdf\t!Bd
Xz4+D:
Yj]2ro
p0	nu"C
_\3wc&
_t;UqB
e5zpxo
sbh{d,;
;<W3/g
;^q|sk
b$5E^o_
EV-H2"
9Ada1}In
Fyw14+D
I#$/sz
H14\tQLG{4}
wj6g_\
n\#)2|l
h1ibV6
-H14%[@r
2d.6#Y
0{\%Ld
#ik6#\
~Qn2ro
4qZ(v,
Jyc$do
RH12U>
O 3:B`
k3n2?6
14-lR|
(tBM8i
6y7{Ul
14-lN|
!.mRB;\y
14-dwTEU
'4gTxd
^R@2ri
,~`z#]
36v|"]
 .ZUB;\
+:Yg){
UH14(t
~R(2ri
l@^d*D
H5+;$z
rW\N0b
<[+%1]
-~`~#]
^	\3ri
TjK)J@'	W
/g@A1[q
6\4+@t
HQh!}DH
K;{V#~:m
r14/+W}
+g@A1[q
6+DzT$J)F
^>N1$B
.H1%)]
(2rk0g
]FekP.#
/cn$WY
>K`~WBe
~pNv4P
2SoJ6"
G#6;Dd
HbH$>'C
	@jUNy
jXYa%v9)>
tOqqBl
y^14*Ep|
00S32+
L*JgL*
)UU&@I
=H14+U
=q0m*PK|
H15+V\V
5m96#_
5f)6#_
5MA6#_
	H17+i^|
JH@:EkG"=
N.Oe9F{
K&\7'y
M#<O]-P
6J^+K755
nzU0Ko
EYE53ro
?&FKBCi
b@K14#A
k'/MzQ
IL14+D
)a}L_S
CY3vgy
[IhqN"
?'%s\<-
!,l')\
X'ZdJD
2UJhC,
 m@d%#
(Zsfr/M
T^>/aL
}I8tS'
|l5p>i
A[@!qR
avkc	=
:SLivU
*-InQo
.g4J	7
h429(5[
"CF-Cs
HN#tvm
Lu/+U!2Du
|>5o<k
;Xw3{#
D3N;C/s
=^d\,*
#Q+^.y
 ~b2?b
OCribNs
sof#p|~
	yF~np
e_;b%sPC
.WEFuIR,
X5wxrb
R.MHvb5B
h:l{Gp 
tME})c
|VGQ'X.
-1v<R8^
p*4T=^9
,r\MQ[
9&|erk
JwEgo_
?7!^'Ih
53&55AD
j`R;		K
Jae&9[{
G8x;9oz
#Mn/nu
A:#p1P	
~SZeLq
L^6e["
XrQ(M<
}yd*r(
$){lVL
3$Btc J[
tFpt@c
LHbY%&
I@+/Y&j
i0R{%M
2!O>Rx
i UWG:>
'VY1F/
jw3/ua
m5sL?i.
P;v:^f
.(nr" "
*/UYSJ,
81(pU|
fiT&yP%
WH>)6i
mn_r.u
UPDQ5Ew'
Q au$$z
<z+c)W
:8>%z9J
Z<&:[E 
"eU+01
5D?vZ4
W.a4f_;+
e3r6Gu
vT~T *
iqZ'MB+k
h!4dT3
W&"t?o
$kL	eM
FW[aCE
3T:=vY
|R'\r"uDq
v}9~'eN
'<IwyJnZ48
V$yX\8
:J)-{|
J[X5(|<&
s1Aq|s
W"YtAYi)
~u_::Tith
;@GbQo
;)Pue3
u&+=cy
Ar?kl^
9?<Fl4
*dU$5%_
5x,A=F
XbQm>*
#yx*YZ
>A19|4
e"NZ+i
aCYG=v+
AX!M1~w
a}CkwA
;w{Oso
%RVD(F
	Palg5(
8nslzaqJ+
A&GsWT
'4;XL+o#
]y $j<
Ss80F.
V}'oTx
R#1A$4
*p"0Ab=
x8;1}P
I9r4t=
zIZ>=)(
8Tg:"j
Tzo6Q>
k# ^6T
*W	H$8D%
1<5N*A>
-<8>D}*k
-((Q^R
YpZ&\2
(%/sXy;
`6&X&oH
J6blAS?
C[18xZ
8kOUt 
4z_-#T
f:c9lFKz
:F-H u
QO.JH1{
/		_]A
)<?RV.
9+!Ty5
L}i|Q`E.
a5G%)C7
;Z!7PL
1ldNhl
~h%oBd
g+O382[
	K8`gS
tJS|N1
<S5Aj2
o%B;Tj
$A ]+I
.zEJ1D0H
T!:k_6hL[
i<Kw&$
W\	T@g
=x^6%#
dW`](=I
qGjxnP
pFQ[p{
xBbq|sD
hb,A+kU
XjG;x>Z
RbJZRbJZ>Zd
6zyTV/
]:Wt8R
]JWV8R
7zRAbT
]v5F,Sp
7zSAB4
z5'HS|
5k4V44,
5k4Vx4
Convictive
MSVBVM60.DLL
MethCallEngine
EVENT_SINK_AddRef
DllFunctionCall
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler