Sample details: f0985f942cf8f32e81e98f7dbf19fac1 --

Hashes
MD5: f0985f942cf8f32e81e98f7dbf19fac1
SHA1: a0745a4c9b7268759ef051220e49cd06ac65dcf4
SHA256: 882a04265361d588801b3514a604182ce9b8271dd500728fa2897524a2f05a7e
SSDEEP: 768:PjPDrpRkXDPKyx+5828JAXaxIn6xTuI0G8AjQqRBKVs875t5J2s8755Wc:PjrFCXDN+SSglpuI0Gzg10Y
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Basic_v50v60 | YRP/Microsoft_Visual_Basic_v50 | YRP/Microsoft_Visual_Basic_v50_v60 | YRP/Microsoft_Visual_Basic_v50_additional | YRP/Microsoft_Visual_Basic_v50v60_additional | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/SEH__vba |
Source
http://pugrescueofflorida.org/Fed-Doc-US-201127000029.pdf.exe
http://pugrescueofflorida.org/Fed-Doc-US-201127000029.pdf.exe
Strings
		!This program cannot be run in DOS mode.
`.data
MSVBVM60.DLL
Ngayaba0
VB5!6&*
Clasper4
Ngayaba0
Sarles
Impartialism
Ngayaba0
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
VBA6.DLL
__vbaFreeStr
__vbaSetSystemError
__vbaLenBstr
__vbaFreeVarList
__vbaI2Var
__vbaFreeVar
__vbaStrMove
franzy.dll
Startiing
KERNEL32.DLL
EnumUILanguagesA
CopyMetaFileW
winspool.drv
EnumPrintProcessorsA
KERNEL32
GetThreadLocale
__vbaLenVarB
__vbaVarTstGt
__vbaLbound
__vbaVarDiv
__vbaVarTstNe
__vbaVarFix
__vbaVarAdd
__vbaI4Var
__vbaVarMove
__vbaUI1I2
__vbaHresultCheckObj
__vbaNew2
Sarles
Tachmonite
vqI85O|
>`gN{[
J!&f L
<s3W"^
G H._l
zZ;@1N
IZ-U-Hik
SveG5"k
jWR(s<
:6	z:=33
w/(Wb4
RJ9h}h
0;+Vnn
+)A@X.
HD!E.]
TfF.pA
e[3A:mX
+6>)$$%
,*#WT0@Gj
] io;)aW
zF)<U;20
o%I,fp:/5
a88PYk2=.
	kSAqZ
ONqQ.1
l`.Fs(,
/offtt
.thcPtb
XY :aU
_"Lc?c
ccccccccccccccccccccccccc
ccccccc
.RD#ccc
ccc&$	WT;
ccc&MJ"@
"F,P_8%O%?
ccc& B
cccc&hW
ccccccccccc
ccccccc
PLL xIA
,,,N--
6666666 6666666666V6666666666666666f
6666666666
6666666666666666
6666|66666666666666666666666666666666666666666
6666666666666666666666666
666666666N66
66____6666
66666666666_t,747n_6
666666666_4
6666666_V
6666_3
666666~
6666666fL
6666666
66666666cL
666666666{,
66V666666n$4n,
66666666yF$
h66666666y0
h66666666
666666
	h66666666
h66666666y(
/h66666666y
h66666666f
h66666
Qh6666666666
h666666666666~
dh666666666N66
Fh6666666666666666
6666666666666666666
ch6666 6666666666V666666666hhhhh66f
6666666666
gC|"B}
rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
rrrrrrrrrrrrrrrrrNrr
rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr rrrrrrrrrrVrrrrrrrrrrrrrrrrf
rrrrrrrrrr
rrrrrrrrrrrrrrrr
rrrr|rrrrrrrrrrrrrrrrr
rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
rrrrrrrrrrrrrrrrNrr
rrrrrrrrrrrrrrrrrr
rrrrrrrrrrrrrrrrrrrrrr
rrrrrrrrrrrr
rrrr rrrrrrrrrrVrrrrrnnnnnrrrrrrf
rrrrrrrrrrr
yjbNEE
rrrrrrrrrrrrrr
rrrrrrrrrrrrNM
jj[NEA:)!m
rrrrrrrrrr
yjbVNA:1)!
rr rrrrr
yjbVNEA5)
rrrrrrr
jb[NEA:)!=
rrrrrrrrr
oNNE:)3
rrrrrrrrr
rrrrrrrrrrr
rrrrrrrrrrrr
UI;/ f
rrrrrrr
rrrrrrrrrrrrrr
rrrrrrrrrrr
rrrrrrrrrrrrrrsD.
Ml?			+
rrrrrrrrrrrrrcs
rrrrrrrrrr
hrrrrrrrrrrrrrc?
lrrrrrrrrrrrrcc#
lrrrrrrrrrrrrc^
lrrrrrrrrrrrrlc
rrrrrf
rrrrrlT
trrrrrrrrrrrrlG	G
+srrrrrrrrrrrrlG
?prrrrrrrrrrrrlW
prrrrrrrrrrrrrlW
	prrrrrrrrrrf
p|rrrrrrrrrrrrlh
Tprrrrrrrrrrrrrrs
aaZ]YN
prrrrrrrrrrrrrrrl#
uXXX]M
rrrrrrrrrrrll
	Vrrrrrrrrrrrrrrrrf
rrrr|rrrrrrrrrrrl
prrrrrrrrrrrrrrrrrrrlD
cprNrr
rrrrrrrrrrrrrrrxl
6}rrrrrrrrrr
rrrrrrrrrrrrll#
rrrrrrVrrrrrrrrrrrrrrrrf
rllllrrrr
rrrr|rrrrrrrrrrrrrrrrrrrrr
hxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrl
.TllrrrrrrrrrrNrr
rrrrrrrrrrrrrrrrrrrrrrrrrrrlllllrrrrrrrrrrrrrrrrrrrr
Tachmonite
MSVBVM60.DLL
__vbaVarTstGt
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaLenBstr
__vbaFreeVarList
_adj_fdiv_m64
__vbaVarFix
_adj_fprem1
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
DllFunctionCall
__vbaLbound
_adj_fpatan
EVENT_SINK_Release
__vbaUI1I2
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaVarDiv
__vbaFPException
__vbaI2Var
_CIlog
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
_adj_fdivr_m32
_adj_fdiv_r
__vbaVarTstNe
__vbaI4Var
__vbaVarAdd
_CIatan
__vbaStrMove
_allmul
__vbaLenVarB
_CItan
_CIexp
__vbaFreeStr
gC|"B}
rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
rrrrrrrrrrrrrrrrrNrr
rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr rrrrrrrrrrVrrrrrrrrrrrrrrrrf
rrrrrrrrrr
rrrrrrrrrrrrrrrr
rrrr|rrrrrrrrrrrrrrrrr
rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
rrrrrrrrrrrrrrrrNrr
rrrrrrrrrrrrrrrrrr
rrrrrrrrrrrrrrrrrrrrrr
rrrrrrrrrrrr
rrrr rrrrrrrrrrVrrrrrnnnnnrrrrrrf
rrrrrrrrrrr
yjbNEE
rrrrrrrrrrrrrr
rrrrrrrrrrrrNM
jj[NEA:)!m
rrrrrrrrrr
yjbVNA:1)!
rr rrrrr
yjbVNEA5)
rrrrrrr
jb[NEA:)!=
rrrrrrrrr
oNNE:)3
rrrrrrrrr
rrrrrrrrrrr
rrrrrrrrrrrr
UI;/ f
rrrrrrr
rrrrrrrrrrrrrr
rrrrrrrrrrr
rrrrrrrrrrrrrrsD.
Ml?			+
rrrrrrrrrrrrrcs
rrrrrrrrrr
hrrrrrrrrrrrrrc?
lrrrrrrrrrrrrcc#
lrrrrrrrrrrrrc^
lrrrrrrrrrrrrlc
rrrrrf
rrrrrlT
trrrrrrrrrrrrlG	G
+srrrrrrrrrrrrlG
?prrrrrrrrrrrrlW
prrrrrrrrrrrrrlW
	prrrrrrrrrrf
p|rrrrrrrrrrrrlh
Tprrrrrrrrrrrrrrs
aaZ]YN
prrrrrrrrrrrrrrrl#
uXXX]M
rrrrrrrrrrrll
	Vrrrrrrrrrrrrrrrrf
rrrr|rrrrrrrrrrrl
prrrrrrrrrrrrrrrrrrrlD
cprNrr
rrrrrrrrrrrrrrrxl
6}rrrrrrrrrr
rrrrrrrrrrrrll#
rrrrrrVrrrrrrrrrrrrrrrrf
rllllrrrr
rrrr|rrrrrrrrrrrrrrrrrrrrr
hxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrl
.TllrrrrrrrrrrNrr
rrrrrrrrrrrrrrrrrrrrrrrrrrrlllllrrrrrrrrrrrrrrrrrrrr
PLL xIA
,,,N--
6666666 6666666666V6666666666666666f
6666666666
6666666666666666
6666|66666666666666666666666666666666666666666
6666666666666666666666666
666666666N66
66____6666
66666666666_t,747n_6
666666666_4
6666666_V
6666_3
666666~
6666666fL
6666666
66666666cL
666666666{,
66V666666n$4n,
66666666yF$
h66666666y0
h66666666
666666
	h66666666
h66666666y(
/h66666666y
h66666666f
h66666
Qh6666666666
h666666666666~
dh666666666N66
Fh6666666666666666
6666666666666666666
ch6666 6666666666V666666666hhhhh66f
6666666666
ccccccccccccccccccccccccc
ccccccc
.RD#ccc
ccc&$	WT;
ccc&MJ"@
"F,P_8%O%?
ccc& B
cccc&hW
ccccccccccc
ccccccc