Sample details: f4e67e8bceb241b9dfce3bd3e14a2473 --

Hashes
MD5: f4e67e8bceb241b9dfce3bd3e14a2473
SHA1: 940930648ef7335434c8fb0eb3bfae9ff2018da7
SHA256: 38b8b2917a5c3bfdec48a6b024928c13647dab820743b9c041d027ba24de853a
SSDEEP: 6144:DAAhyW+2lVaxgmjMobc1t58yR3qpecutRS8YVugq8Ke1j:DAAhyW+2XPm61t58oap8RJ8+ZU
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Basic_v50v60 | YRP/Microsoft_Visual_Basic_v50 | YRP/Microsoft_Visual_Basic_v50_v60 | YRP/Microsoft_Visual_Basic_v50_additional | YRP/Microsoft_Visual_Basic_v50v60_additional | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/SEH__vba |
Source
http://b.reich.io/czpcge.exe
Strings
		!This program cannot be run in DOS mode.
`.data
MSVBVM60.DLL
Splitsaw
VB5!6&*
Jawbreakers
Cuddihey
Splitsaw
Keyboarding
Goliard
Splitsaw
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
gdi32.dll
EnumFontFamiliesA
user32
FindWindowA
PostMessageA
GetClassNameA
ShowWindow
comdlg32.dll
ChooseColorA
VBA6.DLL
__vbaErrorOverflow
__vbaHresultCheckObj
__vbaInStrB
__vbaNew2
__vbaVarSetObjAddref
__vbaVarTstNe
__vbaVarAdd
__vbaVarMove
__vbaFreeVar
__vbaVarDup
__vbaStrToUnicode
__vbaSetSystemError
__vbaStrToAnsi
__vbaFreeStrList
__vbaStrCat
__vbaOnError
__vbaFreeStr
__vbaStrVarMove
__vbaStrMove
__vbaStrCopy
__vbaFreeVarList
__vbaR8Var
Keyboarding
Eisodic4
38?r`W
JnyGWt
1v nF]
(WiwAM
y{s4Cd
RyElGn?"lBTz
!OY>b7
}^8*/zq$
R48B9Q
jP?&am
onfL8u
N?bgyD
jARI@M0C
pgLr^8
\-?anf
RyEbt<
:,twdQ
%*C0Cv
8E-KQGn
~:N%l%t(
|x["@;3
bs7uLj
.syyX4
FckfZ&_
`FRxjg
b^u7Ks
?|nf!2
HU\jkhm
[SyEl_
#=tVXV
v1vYF}v
I&!1R[
pUq^$7
c	E[#K2
:,twzW
_jP((z
GT;6F"
`#`KWi!
q]p@Vg(
m;D8SG
_PMii.
U;*Sv;
d4D:l`)
=Ram2w.
|::jF:T
s7qF&A
xk.wZ 
n5	UR~:Ia
>n7B>s
cLZP*\od
G%u#vX
;mnf-|V
lO@8"l!
d57]/"S
F-9Kg?V
5PMiE.=L
Z8j#	cK
M$Q;3ln
XvvNBI
O!8N/Ic
B%S"Qp\
e';?jyS
P0!bHR
1x1nG@
bHTguY
{?Z`Wkw
1i+gLr>
,0:|z>
\5kgnf|1C
`[KjPTg'7
Va7+:$yG=tV
<P6QyE
eni[o#
yKlP( 
ET$2:|
A!j31"
WiwN!pQ
MJ}&O/H
+:Nr7q
s;G2wi
'Y}9QE
a3q~2U
h$4^0g
_PMaM/
F-\dlo
||Z6@F
Cl[Yr3
E<*SvI
pV7T@,
	Xjq+1
mnq;W}
8tlQwn
<hC\_	
:!Cg# 
6 MX!?O
OYZb/|
i[fm dF
W\(;fnf
04#v2H
m28Rmn
$.3g/l
NZc/	;
4S	U#z
/V$38G
(7qqMN
zJgw2;"
,&yo'<M(h
uh:0pd
&HtFV<
*5%dX*
5=v3.a
CW2V@^
.:J%oPh
lO49"l!
r #`EQ
zH9S!	
b<[~yE
3"l!|U
K{^nf,|V>
?K,4Cd
`nq_l$
xuVixs
Y)6F-9
Vv,W|&
Tg730=
EX!#lp
;v/zV:
_]d!:Y
~E\K8*
A!v?wr
";Q3%|
vl[vVt
S!Q"0{
k39F 2
iHeep;
)ugLr^
)ugLr^
F-9Cg>3b
=4n<XY
	&Y'[+
{pQjG@
N(T#K>
N(T#K>
ViwN!0
]&_~sy
ywK;F)wBr
qA@DW&
0+3$N}
UaJ#<EE~
p3EF9sJ$
^zLl`_
I/f'1|*[
xz,/Atg
Kg@B{u
HPDjcws
S;c$D>
FJH!j6Q
(*|>&7hO
A]Q82">
xl[Xx[
XRe:tJh
%8p3s6
|}bX#!
QP,f2. 
+Y,oa,q
mS|j'g
I_ItS<|k
jd"%J/S
lTBceO+F
B;\#<S7
P!~C %
D{@bvb
:\;L?|
(?b8mL!
oTg<|Zfn~
	q;;^T
2F&n.w
MaVWUm
la	*Oz
MRO'K;
 %cLr9u
qW}32/
dzUPX#
(O*VUR
a,~Y]v
y%|y<+
wNLtj6
kH;|hAoW
Mx_st4
O#:swg?
H>$}Ry
j=eBQb3
hx:5uv'
A{l*RQ
@A,4mc
)tR|/=
sDdY[j
,#I-TM
"6UM_'
Ot-jvi
M(wh|ET|
M?$03?)
S:x&eF8
[S@9xD"M
*qbOq 
1@(Rjp
t{$84%YW
|OU>B>y|%
)+Q6"[4\_
[H}A?mp{
Bt4YSx
v:z[4o
3A3OTf
W	.k-\C
zD%]** 
Ojj" f)Y
}nD-V`z{
k	CMt5p,
:b8qf)t
Sc/W#B
42u\\d
)eCn])
Q&iGd<
I.A>q%>
roZc@yo
0m>)Wv
01p2|!9
I")p	i
];3F5+
mtA4Lv(
'Imw# 
Q"D/#(
m2UWvK
d?|w"n
~EL{UCh
6TbAY$
VQkJP;o
	}HO]$j
gy8,=0'
f._A}XB
{N^[KX
A*U2at
p6O~,m
OsO*@G
yR6UYQM
z>5uy]0~$i
(1Z0(1Z0l@fY
F}_z?y
N!_E>y
Fq_z*y
a9I2gx
qVtU&?{
<<=>>B\^
658<AD^`bbaa`^DB?A
5<Dbq}}}qpo
oZqxyyqaD@=\
:aC;9?
yxpnba`bcpy}xcB<>
xbB<;C
}xoba_acpy}oC9;
xob__aoy}oA7>
aoy}b;7\
~mT4.-1Lfz
xc__Rp
}qb_`cy}_7<
								
}n`_bx
						
										R
												#N
qa^`x}\
												
q`^ayy=5
									J
o__c}c
}b__p}>
}a__pq7
n__cy>
q_^ayD
y`__x^
s"				
}a__p`
}a__p^
}a^_qD
ya^`q?
x`_aq9
}cabp:
(LJ&N~
}naacR
GR3"Gv
}oaac@
|jUF)'Mu
yoaab?
xnab`<
ypRab\7
ypcbb`>
}xpccnaA5
yxpnnon`?J
B75<\nx
}yxxqqpqRobC:
<559?\aoqyyyyyxxqpn`\>7
579;<>==;96
:86799;ACJ
jjj|||
nnnbbb
aaaxxx
iiiggg
ddd~~~
qqqRnn
vvvkkk
mmmqqq
rrrhhh
qqqeee
dddkkk
uuuiiJ
}}}hhhbbbsss
|||iii
ccciRi
___ooo
gggeee
vvv|||
Eisodic4
MSVBVM60.DLL
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaOnError
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
__vbaR8Var
_adj_fdiv_r
__vbaVarTstNe
__vbaVarAdd
__vbaInStrB
__vbaStrToAnsi
__vbaVarDup
__vbaVarSetObjAddref
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeStr
|||iii
ccciRi
___ooo
gggeee
vvv|||
jjj|||
nnnbbb
aaaxxx
iiiggg
ddd~~~
qqqRnn
vvvkkk
mmmqqq
rrrhhh
qqqeee
dddkkk
uuuiiJ
}}}hhhbbbsss
<<=>>B\^
658<AD^`bbaa`^DB?A
5<Dbq}}}qpo
oZqxyyqaD@=\
:aC;9?
yxpnba`bcpy}xcB<>
xbB<;C
}xoba_acpy}oC9;
xob__aoy}oA7>
aoy}b;7\
~mT4.-1Lfz
xc__Rp
}qb_`cy}_7<
								
}n`_bx
						
										R
												#N
qa^`x}\
												
q`^ayy=5
									J
o__c}c
}b__p}>
}a__pq7
n__cy>
q_^ayD
y`__x^
s"				
}a__p`
}a__p^
}a^_qD
ya^`q?
x`_aq9
}cabp:
(LJ&N~
}naacR
GR3"Gv
}oaac@
|jUF)'Mu
yoaab?
xnab`<
ypRab\7
ypcbb`>
}xpccnaA5
yxpnnon`?J
B75<\nx
}yxxqqpqRobC:
<559?\aoqyyyyyxxqpn`\>7
579;<>==;96
:86799;ACJ