Sample details: f28789f301a6c7f043dd9ae309e321fb --

Hashes
MD5: f28789f301a6c7f043dd9ae309e321fb
SHA1: d086ead33387717c9b639a062e923c0a4d09d02c
SHA256: 26ea4af0264374975cef7063985f49eb8da28ea50dac1186ae53b0ab25658a5d
SSDEEP: 6144:aqGzg3mOBljpKmQ1RqPmPdm8qbGO4Ny2NeyFAFQARW8NEWTRSKI:XUDwNpc32mE8EGzNAFvo
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Basic_v50v60 | YRP/Microsoft_Visual_Basic_v50 | YRP/Microsoft_Visual_Basic_v50_v60 | YRP/Microsoft_Visual_Basic_v50_additional | YRP/Microsoft_Visual_Basic_v50v60_additional | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/SEH__vba |
Source
http://utasarmsinc.ru/live/dew.exe
Strings
		!This program cannot be run in DOS mode.
`.data
MSVBVM60.DLL
Holiday
VB5!6&*
Maumet3
Jingle
Holiday
INonwestern
Newfiles
Holiday
C:\Program Files\Microsoft Visual Studio\VB98\VB6.OLB
Label1
Check1
KERNEL32.DLL
EnumUILanguagesA
user32
GetClassNameA
FindWindowA
ShowWindow
PostMessageA
comdlg32.dll
ChooseColorA
VBA6.DLL
__vbaEnd
__vbaVarTstEq
__vbaErrorOverflow
__vbaI4Var
__vbaInStrB
__vbaStrCopy
__vbaNew2
__vbaVarSetObjAddref
__vbaVarTstNe
__vbaVarMove
__vbaFreeStrList
__vbaVarDup
__vbaStrVarMove
__vbaStrToUnicode
__vbaSetSystemError
__vbaStrToAnsi
__vbaFreeVarList
__vbaVarAdd
__vbaFreeStr
__vbaFreeVar
__vbaStrMove
Nonwestern
Characterist7
1<\ @7/
4cR;b%
T'`7|.C\
_<ff 	S
F!8\s1
\Y8&3\
d5<D6{
P7@GQV
Os8_mxz
9ny1&`
szAe0Q
0KJ^U@
[}#6jA
Z"]-e+
2v*Ix;{%
c1D3ZM
_x9~Avu
\_k+('sx
dda\J\
C7Bww{
U@0B7~
P}9t1[
$i5JT7}A
E7e91kP	
fAEq]0
 F0U:6
}@jb(a
ch1xV1
D#ja1}
&$)rXt
cbv]@B
_-mAFt>
{mwWbD
+jKVqr
)77^M9
h`\O^R 	S
%Q}9s0
+)]$nch6q
cX2L`9
$xdx\v
L	46/G
wYx+rz*
*_4CH6
@D&0SF
'O|7aIJ
}@	AKL*
F/`Q;j
&$)HYt
s&?^(:
&	S	iG
&`\M&(X
16 (57}
d5G"-X
e3gjPe=
Pl8)]U
V-'jZ8\
AVAvy<O
I,vs PH>
lb,dEG
[45aYZ
s)AetQ
5@5f*[
w:Jywz
)7heR&w
67/tV{
}@r:P`s
/p#Mvx
*&`7|.
otdfA{
wqAz S
3;^zs 
}@t:``s
9hA}*{
G7\GQV
GA	syi
0&`7|bCXA*
@DiIU#
76o-gh
")X$txM
VkJDze
t!Yh~s
Kx5~	sz"
N>c|+Aq
p.`rgY
wqy~ _ip
9:W{bp8
J?^d}2
]?^}|B
SqPU6(
VQJT@+
]?ddVo
?FirZ3y
/O52aaZ
3S<Biv
&\y#6z
$L:&&7|.
FZL::m
	S	i_N9
![^RuR*
i!R~lt
di6/SZF
l:z%LN
x	-W?nq
t@xu?/
a_,H[6r
5nce5k
7gOUXz^*B
pXxGUM
o/(,Dg,
m]\_M!
EB*)X	Cx
LVPBuo@
	S	iWD
dJs{?>
TBv$;P
of8I\Z
:o.'mI5zz
*T.'m{25y
X("pai
;_=^G2
|^^&EG
,v1Kj|t
w5p7\0
|U.'m`4
VeHDpg
8\y#zJ
Siz~g[
.PP`&`
#\TG.<
F}9rT 
6g#Q}9
w2&7{2
G5	kr9
9IELdR
-1A,.'
uyGLuf*
?Q.9u0
'E"^+T
]2l7=c
@K_SHUW
LtSuh)
F=$O!b
	)8X<M
AzSabN
~'B{4zF
J_LY99
c7O[8X
	*4RL7r
av-b`)
rHYF];DT
zyKo2{
e*RM]^
0VYd=(l
I$U+mG
-CbU$Z
ZgMsmzne
zBMu8*
VA,}6k
hFg91OeC=b
J;p*OH
vAK<c^5
H["3AJ
4d{4cBw
#%AyV.E
Nc(QrG2
0OQ|BV
X'ckf*OT
wu<\"Q(
^ZuOO8
O'~.34
&H!f|(
B\Ll T
5 R;eW
v0,~L7
9r|w@<a
Kr0UVs
u\0;b 8
(`_sBr
 Ii(xS
Yfi>^YL
vyZ;&`
ooGH>J(|
8u(=,Y%
Av?unb
Lc.40D
l8Uj}}Buc
R``Y$w
K`k}z$
W0<#8\
"drWX}
-t;.3E
]_PB8<1
jf0/=$P
w]6v<s
LZ?QF1
Z[FNe!
n2>Sn3
u#a^TF
	QBS.<(
:*khbJ
KG00gs
`.(1W%
Sq!o@1
z[bH}n
W	OpCY~
:	L{[3Q
o'bCtK
{	_TpF
2qYh*|??
Usp`y^
>_a&js
6CNK;RW
a1~sFL
_h.Fc9H
i&`WGNm
f_ZnwA
$nb0X3
/'	L^t[
btHKT5
AwP&rod0
%F_\Sr;
7;FwXq
JTDH_x
a4}-m4`
N>9GL(
47/G9GL(
zV=}Y)
r-ABy[
b'f=26
Jyf=G|
r-ABy[
 &@NVk
d)@NVk
s.@NTcD
/@NTcD
/@NTcD
/@NTcD
/@NTcD
xv7D[N
'/4B7sAN
.@/TSL
.@& .@N^
1@N6onN
@AZyQN
/@N YD
.*O [d
k/@NTcH
o.@NTyH
_.@NTcD
.@sP.@
.@A[9BN
M3#?Z!s
_/@NTqH
.@*~6@N
/5UTcD
.@NTnH
>@NV{\
N@NV{`
TrdJU-|
.@K#/@NT&
G4N6SAN
]CA=<<=>>B\^
B:658<AD^`bbaa`^DB?A
5<Dbq}}}
ponopqxyyqaD@=\
:aC;9?
yxpnba`bcpy}xcB<>
xbB<;C
}xoba_acpy
exbB<5
oy}oA7>
}qc`_aoy}b;7\
~mT4.-1Lfz
xc__bp
m}qb_`cy}_7<
}n`_bx
										
											
						m					#N
qa^`e}\
												
q`^ayy=5
												
o_'c}c
}b__p}>
p__a}a
n__cy>
q_^ayD
y`__x^
s"				
}a__q`
}a__p`
}a__p^
}a^_q]
ya^`q?
x`_aq9
}cabp:
ycabc8
(LJ&N~
}naac>
W(+GR3"Gv
}oaac@
|jUF)'Mu
yoaab?
{R4Oi~
ypbab\7
ypcbb`>
}xpccnaA5
A58Bny
nnon`?5
B75<\nx
}yxxqqpqpobC:
559?\aomyyyyyxxqpn`\>7
579;<>==;96
6799;AC^
jjj|||
nnnbbb
aaaxxx
iiiggg
ddd~~~
qqqnnn
mmmqqq
rrrhhh
dddkkk
}}}hhhbbbsss
|||iii
ccciii
___ooo
vvv|||
Characterist7
Check1
Check1
Label1
Label1
MSVBVM60.DLL
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaStrVarMove
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
_adj_fprem1
__vbaSetSystemError
_adj_fdiv_m32
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaVarTstEq
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
__vbaVarTstNe
__vbaI4Var
__vbaVarAdd
__vbaInStrB
__vbaStrToAnsi
__vbaVarDup
__vbaVarSetObjAddref
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeStr
y___9B
OtD6H/FW
T+555|
n7(U>u(
RZRxZWW
gJ>G]]
^cc#[@.
89YF_ 
KBRu}b
M)3o8RN
$C}Itl
M~J	|-
wdYFo0
zq[WmE
"Wb#P%
~rJ	f.
9l}a8;
>+<uV8k
)##'1p
B-Cb@2
BpKAHe
[;aJdF
$'2===
0eRH9|C
e)v%Le
Ass3:::
bWRD[R
f-N$\u
3!H6iX
C(>lJ)
t6?iTTH]
<#www)J
RW`A/@	
( g.<?
h:Goo/
Mx#dA&
B)]H)}
H*D1'5e=
@CS#ZZ[
MMhnm)
?A)-^J
oPJ_(k
Z'M{{;_
#Z'YWW
%tEXtdate:create
2015-04-13T15:28:33-05:00
%tEXtdate:modify
2015-04-13T15:28:33-05:00