Sample details: f31695d8b6d07ad8d06ac57d8c84dfc6 --

Hashes
MD5: f31695d8b6d07ad8d06ac57d8c84dfc6
SHA1: c72fa9dc04d85d441710f190b66f56e406daea40
SHA256: cd1a0c00f8010a5cd3de65542506426156fbc3f5a1a77d025f5424ce84453542
SSDEEP: 12288:5t5XepaUU3RrhYi4dB2gR/NEHw3PNnx2XaIVw5:/5Xe8UcFF4Ks3PNnx2qIy
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Basic_v50v60 | YRP/Microsoft_Visual_Basic_v50 | YRP/Microsoft_Visual_Basic_v50_v60 | YRP/Microsoft_Visual_Basic_v50_additional | YRP/Microsoft_Visual_Basic_v50v60_additional | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/SEH__vba |
Source
http://www.ambao.bid/alpha/ultraebu.png
Strings
		!This program cannot be run in DOS mode.
`.data
MSVBVM60.DLL
VB5!6&*
Worldcoin
kloreret
Reparationsarbejdernes
Kurveundersgelsers
Sollyset
meconium
articulus
Megalodont
beggingwise
Alpen8
kongebrev
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
polymerizations
Ugekorts1
Beturbaned4
obsolesce
intertriginous
Omlgningerne
User32
IsChild
mpr.dll
WNetGetConnectionA
ValidateRect
kernel32
LocalUnlock
winspool.drv
ConnectToPrinterDlg
DlgDirSelectExA
LeaveCriticalSection
GDI32.DLL
EnumFontsA
ExitWindowsEx
advapi32
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
VBA6.DLL
__vbaEnd
__vbaStrMove
__vbaFreeStr
__vbaR8FixI4
__vbaStrVarMove
__vbaFreeVarList
__vbaFreeVar
__vbaR8Sgn
__vbaVarMove
__vbaObjVar
__vbaFreeStrList
__vbaHresultCheckObj
__vbaStrCmp
__vbaFreeObj
__vbaCastObj
__vbaObjSet
__vbaNew2
__vbaObjSetAddref
__vbaSetSystemError
__vbaCopyBytes
meconium
Wichita
Wichita
Sollyset
Podgier3
Podgier3
beggingwise
Demaree
Demaree
Megalodont
regular
regular
Alpen8
slagbnkene
slagbnkene
articulus
Slusevrkernes
Slusevrkernes
Kurveundersgelsers
Srgmuntert
Srgmuntert
kloreret
Frstegradsligningers
Frstegradsligningers
intertriginous
polymerizations
Principled3
Omlgningerne
Ugekorts1
Trachyandesite
obsolesce
Platyrrhinism5
Beturbaned4
Reparationsarbejdernes
vippearm
CPc!a:
%+zB~n
" mSsd
-3#lhc
?_h:E7C
VY2NE0
H~gC3V
>vu>%J
sH,^aA
,X	])U|PE0C[
hB[o7y
?/(4T&`
3$NrC1
cvo9f{
 Sh`{ 
%H$,zX
''Umq%1Z
=]&is"
;-`o9/z
${= \3p(1
(70qb^7w
rVX%;	
&+GsL@
qe51:X
tO,QK_
g9n9/V,I5b
f7-<yz*b`
Pg>$[o
x)$jQvA
kjrV6mn
j*D	2wi
VcnUvF
ih5j4J
oaa8iLf-F
U'-\p	
s _F12
&GepxlIu
V7lwXt=
LiP|,6
`L]e"V?
{,9>ye
^0l9wt
<Bxx`kY
 #B8Q& 
b0Rty7~
!E~b~l
kQ&3h:T
|;H(e8k	
,R`{@wZ
/u+-2up
<E8h9	
"w)rvK|
vq9X	-
PJR5M~
Vk8`cF%
(`r#";
2,8:U/
G>O@W/S
!4^!$W
;n#Wh'
cVX =T
 qqxpuk
*7hQ~w
!P7yiy1}
TM^wJV1
d8_%iZ.3p
7R7ec?W
< [T-~
N	/HLQ,_L>p
x@Y4/]
N><|;zr6
"ULs~]
+]h5M-
_&MQD2(
/[BXet_
erRt>/
9I#uPRK
XE>vMd
"p'GNy
(Y>*F-
W  ~um
sFPZ>E4
1C*62A*
jxomL+b
t,f{v`
qD:]u5
h'AVuFe
AEZ $~4@
BG 6>l|
h!6VT7>U
j&{`0O
vS qin
2R')}I
V='Kw:
avNSBo
?snj9A
c4\z\FU	
MMUY(>
mso1pCv
&?Ld/9
~Hb4m_
!|D	{O3
m@4%D -
6mSU[D)D
9BkGi$V
9#"~7x
2fKD/W;
(a`<]O1
q~U]{@
Dw,R 1
V"[ndtbk"`(
|B4:D~O
aCvR{0
dW2eoWfY`
q"im2U
2>Orw%
rJoQL5
H\:)M4
'FC>1^
iYk/IPH
5/l=H	
kc1G %
cQ$1##
 6Ya*q
,&V&-V
XX[,v7?
3AKJ3)
j^k3k.
1xI:O2M
,Y0r1-
.Hbr[t
R@h$Vl
e8Ap2IN
u	S(y(4
cHVD{>ySB6'
?CLU{#a
8e`8i1
X.G~iL
xzbr^6b
eK$y/%
/P:{hY
yQ4zMFf
>PkUW|
x>&T=P
U}b(RG
'.5@={
{7lhv:
2W<5$wt
miG7n1Z
 10PFx
x>-X!m
|6{@pdhgO
M	Tl?m~
S~a9um{
e6^rh_
E}UZWl
R}QKva
	u]S	zH
1<[q5,
RcV7$!^
n\&$V:
Fe&XFk
9]j<4m.
F6Y"+z
	{ec(a
6v?%ZY$
`Q>7Mv
lFO"'v
\<HLAGx
,=Xi7+u
JA,iY)ow}!
dKtx:X^
c%#lWQ
ZxG;a,
MjDB x/Ep
uy1VE%Z6
R~Rh2\
SX=P_,{
SA<s4l
czcnNO
` KsY*it
RZY~30*V
O_S;*1I
BA8{Tb
j=Wu	b
WU)v'L
(mUH]X
d*,64,f
-C%\j<
{pkh	O
S2G	b7s
swa*h\~[
`#g+K:
O1*"nN
jjmp:<p|
xbKh.&
nq?)	t2
WU(L,@)
49K[pX
, 1Oo?
xl0o2P ge
BT!e(p(
n(@-0qS
xptiQ1n
.!4xRa'
/_Fh4}\B
t5+y;aK
~_wNkK
v	&j3~
qyKK!E
38lSELZ
'!z]R~
\fj%d&C&a
QD.])jq
."VkEd
,'([}_
2%k+/K_
I]H}=P(
Pf\]l#
Ja\%'@[[
Rm<xtU
PyJ3 eG[
,%_v42
#!)71q
OImXk0
ei6viK=
K^#^\Z"
}i'gh&
16P<-G
3Ly++W
FSh_(m
|0&p0ez
VY21jm
coLr"O
d^S}23O
82jQNQ
rm1{@3
N@T?sc
w/pPKX
9$,B=1
{3es0.
3T&i(Rk
xL@:Za
Pr~2l/
px zHF{
l72Au9N
NtPy8$D
L)`;/a
i=c>L,}RD4&-
X:	b~,
$!js!{
4>2I>$`D
G&qQ4PNV
fyeo$p
?S-VO?
<ONjiB#9
 x4<Q;
zoQcx!
g1m(yAg
} ]QLy
<14AX#U7
jX]b[X
cvU|:3
)LPq*d{
;B0g+{
SOy<B<
B9:'nx
Shell_NotifyIconA
shell32
aKERNEL32
ACreateFileMappingA
MapViewOfFileEx
S +o`"$
R!$SP!$
QI$kQ!N
Q!|hi +o
s@`\9$
Q!$)Y!E`,-
Q!$k%#
9'tQ)$
Z!$h,y%
Y!$b!9'\
Q8h,y%
dp-QlN
n4,P&$
5,cE*eh,
+cU>ej
	L;V!$
)]!@Ja!$
9@Ja!$
T<ae/m
e`E*n`
TT"SP!$
@@@ddddO
2X33X,;
ooR_2222Ap%%X{~
+HHHH+Np%_&
{zzHN,&O
0#Q,{@
^w00{}d
q=bb*Y
un.5ccafM
D5bqVV
aaaa..
ae.C??
\)q`	|4
vippearm
MSVBVM60.DLL
__vbaR8FixI4
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaStrVarMove
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaR8Sgn
_adj_fprem1
__vbaCopyBytes
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
__vbaObjVar
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
_CIatan
__vbaCastObj
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr
;;3333
j)q9q)
9)j9aHK
9z)jzH,
///////[
mmmEEEE''E
^xEmmE
'''x^^^^^^
>Z''Emm
WWWWWWWWWWW
WWW;;;
;;;WWWW
WWW;;;;
mWWW;;;
W;WxmmAZ;WWW;;
>xW;;;;;;;
o;;;;;;;;;;
"bxo;;o
255555
TTT0tt
,,,,,,,,
*zYYY]_:
==??AS
##QQQ9
vu]:Q##gQ
HHHHHH
H222H#
j$gttH
9y_2H2
qq`22222
{VVJkl
'''ii'
Woo,,,DZ 
+lXXJJX
\\\\\\\\08\\\\\\\\\\\\\\
+6D\\\\\\\
KN8\\\\\
\\\M+U/G2G
22222GV
3[ ,\'<$	
#>C";-SZ
,\':H!UQQQQ$-
)4RP,\\'X
,\\\\'F1J
,\\\\\,P
9,,\\\\\\\,
,,,,,\\\\\\\\\\,\\\\\\\\\\
]118{FFO
V//6xDDM
G006jEEN
477?YHHR