Sample details: f46344f6fa60f49f5dea2e2b20337178 --

Hashes
MD5: f46344f6fa60f49f5dea2e2b20337178
SHA1: 385d6804fc1b484dc327348fadc245cf7d2afdc1
SHA256: 937a3ec66587f239f1ffe0a17719a7681015a815c4b13775e2caa5548af68dc1
SSDEEP: 3072:RVO4RuorRyCPsdx+GzRjpfAF2goPvEz6qEZVH:P1uorNGYuB3EY
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Basic_v50v60 | YRP/Microsoft_Visual_Basic_v50 | YRP/Microsoft_Visual_Basic_v50_v60 | YRP/Microsoft_Visual_Basic_v50_additional | YRP/Microsoft_Visual_Basic_v50v60_additional | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/SEH__vba |
Source
http://unifscon.com/R9_Sys7.exe
Strings
		!This program cannot be run in DOS mode.
`.data
MSVBVM60.DLL
Rehospitalization
Laconical3
rrrrrrf
rc	hrW
r6Z7rF
rkkkkk
kkkkkkkkk
kkkkkrrrrrkkkkkkkkkkkkkkkkkkkkkkkkk=====rrrr
kkkkkk
kkkkkkkkkkkk
=rrkkkk
kkkkkk
rrkkkkC
rrkkkCCC
rkkkCCC
llllll4:""
rrkCCC
22EEEEEE
,,,,,,
WWZfkkB
kk$$W~
kkk$$-~~V
XlCkkkk
TCCkkkk/
CCkkk////w
BCCkkkkAjw
CkkkkAAjD<
CCCCCkkkkAAAA
CCCkkkkkAAAjjjjjjj
kkkkkkkkkkk
kkkkkkkkAAA///kkkkkkkkkkkkkkkkkkykkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk
rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrMrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr*rBv
r-rDrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrra=
ArrrrrrrrrrrrrrrSrrrrrrrrrrrrrrrrrrrrrrrr
rarrrrrrrrrrrr
rrrrrrra#
frrrrrrrrf=
rrrrrrrrrrrrrr`#
rurrrrrrJrc!
rrrrrrrr` 
r'rxrrrrb
r*rLrrrr]$
rrrr}$
r+sXrrrr~(
a?sprrrry)
Krrrrrrrrx.
rrrrrrrrrrr{,
rrrrrrrrrrrB{,
rrrrrrrrrrrrz
rrrrrrrrrrrru
zrrrrrrrrt
rrrrrrrw
Drrrrrrrrrrrrw
rrrrrrrrrrr
rrrrrrrrrrrrq
rrrrrrrrrrrrq
rrrrrrrrrrrrrrrrp
rrrrrrrrrrrrrrrrr
rrrrrrrjrrry)
0rrrrrrrrrrrrrrrrrrrrrrJrr
urrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr|%
Drrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrs
mrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrarrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrqrrrrrrrrrrrrrrrrrrrrrrzrrrrrrrrrrrrrrrrrrrrJrrrrrrrrrrrrrrrrrrrrr[rrrrrrrrrrrrr
rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
rrrrrrrrrrrrr
rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrArrrrrrrrrrrrrrr
rrrrrrrrr
rrrrrrr
Command4
Command4
Command3
Command3
Command4
Command4
Command3
Command3
Command4
Command4
Command3
Command3
Command3
Command3
Command4
Command4
Command3
Command3
Command4
Command4
Command3
Command3
Command4
Command4
Reumatikerne4
qo#9f	P
@9k(hc
Nnz{*ws
Ng9Lb}
+d'eH/
aTBND\$(
7pT|z8h
qHjb'/>
=#ll3S2
R#6W}Gn
:4\-c-
hEWuH7
?f:kKX
8DWpxYSn}
>&8mZ:XI
D)T<)T
gm=r$/D
=IwxAE
-mO5"R
5pyt8Z
>bAbo2Q
d d4<]k
^8\03'!
k`Ps~G
zwC+R" 
=9mIh<FRC
Ef,LSW
|U4RLg]
(]X6Ik
`{`lx`
7n\*<4
4-TS-E
?2B&8?S
3)sroi?c
`qB4Q2
INKH)icpc
m'"dv3
Bv>r,>
c$:<IS
v&moe`
zOQe:Q-
PX`~}S<
w[/y*+
1 ikwL
Of\.O~
H6f]$-
b*j%2Bn
&-cvo(
$^AA1S:<l
-2~BBo
?H"E@w
:l0'h\
X+lg	B&gG7zLB
b+4kjw
_N.zme
@~gN4KO
<V<!E=
B=H#xt
1tnSt:
dZ-@t8xN
e]nAA4
0S5S"@
,1UbX|&+
2	-Kw#
-stORyV
c=y8Yt]e
)0s@XE]o
(272Rw
M^vh!P
&jmxXGM
4Jh">H
J?PZfC
#=%49'?V
_3FLgC
*hK!Pu
k-Z+SD
	twneG
xE;}N#
>X z1H;
,U,E 6
PV~&kd
c{<5qO&
Q>m<\y@Y
.*-9I|	
bHMw[|
<pnMJ%m
 O1i:O
 V{Pg8
z:a~}X
&4*Q'#p
GZo":xB
.Tg&V3
%*a<`K
Rfe,vF
Fr~i#k
,sZ5;.
R	i#*(=
-'8sKyha]{
aD*>6AiNi
:hG~?h
e-Z.{ 
(" Ov?e
Oa<I@@0
"Q]+,1g
mIZN>B
YDa(<m
wjo2'q
[f6$0U
$KL@]L
	W5sDO
sww6"#
wZIp|\
VO6WB`
B~(ePd
XL>;S>
a0:u~HA
@d 0!+
`dw^K*T)
,!G#)S
6yIIcyT
SISCB$
9\SjX-
0:kNi2
dQ%cWd
901	^.
OKqj&`
K$x<{'p
Iftikm
"8g06m
6mh'R2
7,+$V]
c`1xSR
N.kb>S-
Ps&]5$
ld?(!"
DTBU	D
/7n!i:
VMK7jI0.
^\|W9c
)sf]Mv
2YdLNZ
)t22A0
)hk,j0
>A,!^Rg
	HA ZR
RoKr)>B
K0BWhv
xlstm/
&>Y5287~
>BwNKn
cwYG!()34
:Dfk)	
 Gn0#,\
vdHk84
G[dP4-E
^\n:7F
,8OkgI
7ms7x?8(
6+"	Uo
Dt'0b#v
+Z_Z S
@lC}NU
dVf|!v
kernel32.dll
CCreateFileMappingW
MapViewOfFile
shell32
Shell_NotifyIconW
/HH9/A
./SH+/ZH"
y{@ox.P
EHkk8{
/Z:p%Q
M~a|"$
Paracoele7
VB5!6&*
Pfyldningen
Supernumerously5
Rehospitalization
Rehospitalization
Laconical3
Command3
Command4
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
Reumatikerne4
Kernel32
CloseThread
BeginUpdateResourceA1
UpdateResourceA1
EndUpdateResourceA
StoreRes
VBA6.DLL
__vbaAryDestruct
__vbaExitProc
__vbaVarDup
__vbaStrMove
__vbaAryUnlock
__vbaAryLock
__vbaStrToUnicode
__vbaSetSystemError
__vbaStrToAnsi
__vbaFileClose
__vbaGetOwner3
__vbaRedim
__vbaFileOpen
__vbaStrCopy
__vbaStrCmp
__vbaOnError
__vbaFreeVarList
__vbaCastObj
__vbaFreeVar
__vbaVarMove
__vbaFreeStr
__vbaHresultCheckObj
__vbaFreeObj
__vbaObjSet
__vbaNew2
__vbaObjSetAddref
SourceFile
DestinationFile
DataToAddPath
ResourceName
ResourceSubName
OverWrite
MSVBVM60.DLL
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaFreeVarList
_adj_fdiv_m64
_adj_fprem1
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
__vbaExitProc
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
_CIsin
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaStrCmp
DllFunctionCall
_adj_fpatan
__vbaRedim
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaGetOwner3
_CIlog
__vbaFileOpen
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
_adj_fdivr_m32
_adj_fdiv_r
__vbaAryLock
__vbaStrToAnsi
__vbaVarDup
_CIatan
__vbaCastObj
__vbaStrMove
_allmul
_CItan
__vbaAryUnlock
_CIexp
__vbaFreeObj
__vbaFreeStr
rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrMrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr*rBv
r-rDrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrra=
ArrrrrrrrrrrrrrrSrrrrrrrrrrrrrrrrrrrrrrrr
rarrrrrrrrrrrr
rrrrrrra#
frrrrrrrrf=
rrrrrrrrrrrrrr`#
rurrrrrrJrc!
rrrrrrrr` 
r'rxrrrrb
r*rLrrrr]$
rrrr}$
r+sXrrrr~(
a?sprrrry)
Krrrrrrrrx.
rrrrrrrrrrr{,
rrrrrrrrrrrB{,
rrrrrrrrrrrrz
rrrrrrrrrrrru
zrrrrrrrrt
rrrrrrrw
Drrrrrrrrrrrrw
rrrrrrrrrrr
rrrrrrrrrrrrq
rrrrrrrrrrrrq
rrrrrrrrrrrrrrrrp
rrrrrrrrrrrrrrrrr
rrrrrrrjrrry)
0rrrrrrrrrrrrrrrrrrrrrrJrr
urrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr|%
Drrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrs
mrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrarrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrqrrrrrrrrrrrrrrrrrrrrrrzrrrrrrrrrrrrrrrrrrrrJrrrrrrrrrrrrrrrrrrrrr[rrrrrrrrrrrrr
rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
rrrrrrrrrrrrr
rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrArrrrrrrrrrrrrrr
rrrrrrrrr
rrrrrrr
rrrrrrf
rc	hrW
r6Z7rF
rkkkkk
kkkkkkkkk
kkkkkrrrrrkkkkkkkkkkkkkkkkkkkkkkkkk=====rrrr
kkkkkk
kkkkkkkkkkkk
=rrkkkk
kkkkkk
rrkkkkC
rrkkkCCC
rkkkCCC
llllll4:""
rrkCCC
22EEEEEE
,,,,,,
WWZfkkB
kk$$W~
kkk$$-~~V
XlCkkkk
TCCkkkk/
CCkkk////w
BCCkkkkAjw
CkkkkAAjD<
CCCCCkkkkAAAA
CCCkkkkkAAAjjjjjjj
kkkkkkkkkkk
kkkkkkkkAAA///kkkkkkkkkkkkkkkkkkykkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk