Sample details: faf3506fdc09928fa6576f88ec4f312e --

Hashes
MD5: faf3506fdc09928fa6576f88ec4f312e
SHA1: ea933db690eaf04d1ee3c842a21186747e1c2496
SHA256: ebb5465952733b5f8919eb6b155ebf5a751ca458305be00eb6577d29633ff6e4
SSDEEP: 1536:HnWbQ/gtaRoKvkIMGcE6edkgKs5nKywhWUzjHQ5cUNGkfL8Jk1yf/HOKbG+wv:2U4twzvMGD1XKgwsGzQlGkD0k1imp
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Basic_v50v60 | YRP/Microsoft_Visual_Basic_v50 | YRP/Microsoft_Visual_Basic_v50_v60 | YRP/Microsoft_Visual_Basic_v50_additional | YRP/Microsoft_Visual_Basic_v50v60_additional | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/SEH__vba | YRP/android_meterpreter |
Source
http://unifscon.com/R9_Sys7.exe
Strings
		!This program cannot be run in DOS mode.
`.data
MSVBVM60.DLL
Uddannelsessprgsmlene
Mainstreeter
Snowbelt2
ggggggs
g~~~~~~~~~
~~~~~~~~~~~ggggg~~~~~~~~~~~~~~~~~~~~~~~y~(((((gggg~~~~~~~
~~~~~~~~~~~~
(gg~~~~~~
~~~~~~
gg~~~~V
gg~~~VVV
g~~~VVV
yyyyyy!/77
gg~VVV
''PPPPPP
999999
BBOs~~W
~~118k
~~~118k
MyV~~~~
AVV~~~~:
VV~~~::::b
WVV~~~~T
VV~~~~TT
VVVVV~~~~TTTT
VVV~~~~~TTT
~~~~~~~~~~~
~~~~~~~~TTT:::~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ggggggggggggggggggggggggggggggggggg
gggggggggggggggggggggggggggggggggggggggggggggggggggggg
gggggggggggggggHgggggPgggggggggggggggggggggggggggggggggggggg
gggggggggggggggEgggggggggggggggggggggggggggggggggggggggg?gWc
g8gQgggggggggggg
gggggggggggggggggggt(
Tggggggggggggggggggggggggggggggggggggggggp)
gtggggggggggggg
ggggggt6
sggggggggs(
gDggggggggggggggggu6
g`ggggggggvN
ggggggggu5
g2gmggggw3
g?gYggggh
ggggh1
ggggj?
ggggj>
g>fM'gggk=
g*feggggl<
j^ggggggggm;
ggggggggggn9
ggggggggggggn9
ggggggggggggo
gggggggggggg`
zggggggggb
Qggggggggggggb
ggggggggggggc
ggggggggggggd
ggggggggggggd
gggggggggggggggge
ggggggggggggggggg
lggggggggggggl<
%ggggggggggggggggggggggggg
`ggggggggggggggggggggggggggggggggggggggggi0
Qggggggggggggggggggggggggggggggg
Ixggggggggggggggggggggggggggggggggggggggggg!ggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggg
ggggggggggggggggggggggggggggggggggggNggggggggggggggggggggggggggdggggggggggggggggggggggmggggggggggggggggggggggggggggggggggggggggggggggggggggg
gggggggjgggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggKggggggggggggggggggggggggggggggggggggggg
gggggggggggggggggggggggggg
gggggggggggggggggggggg
Snowbelt2
Command4
Command4
Command3
Command3
Command4
Command4
Command3
Command3
Command4
Command4
Command3
Command3
Command3
Command3
Command4
Command4
Command3
Command3
Command4
Command4
Command3
Command3
Command4
Command4
Arain5
Merengues
[K8H0*
F$2LWo1
{	nst9
$wun@<Z;
\dC3t'
T}OGc2
hvcXA<
C&`}NK
"C>bCyPWx
aA73nJ
uWqaCc
CK?2uVA*;
1){2Gz{
<3OW	>M
Z8H}?{
)I6L0s
}uO$B#
b{luw:
V<$C#3
Ki\ECj
ryprX.&$
AVZB5;
y._Bf@
;	ba'k
@A#k7 
,"sq+c
d[SHrtf<
k{`&wB7h
p.x^Ilr
2N#$	+
B4D	-V6OR
up8qyL
;;.qK3
cV^xG5~0
{FA#X=
.1SKOLf
ST'@M*
8YD<Sl
T>,{r3;_
4:8b3=yU
n	Xs73+
6+q8Wo
-OZ.e"RC
KG/_Q0
5W%B?e
?am|n%
G>QGY]H
	4<TMwjNc
[r <cl
q?ky:=9B
B6N^>}
XU"&	X
(`_$4_E
b`g}G~
{Aj4R{dF
iox4%3
S')orSao
6WqrOT
4%^{B	
x@*$1,
	;jg9p
<N9.|k
:d,Z_g
^H0\Ok
>)P|B6[
kzZX{VU
wX%7Q!
C$K,AA
WL~{H8#
IlKR8H
kW(M'A
],83r<
`pom+jR
QbSZp%}
?o.Tav
+=Kw_Q
N&6#6q
/jVUXik
vWxA$0
xcyt0n
kl4y"Z
zylpAY
'yvS]63
}O0&R,
	u^UywD
K2;oSk
HzG@ 4ar
AXt<JR
+%	2!2
ZB+>5Kn
SpIbK1
C><?U;
MiU;0v
XIV!ZP
ja%o~v
X$mJa$
vc)-+Z
@Fj=Ec
K	aXt@
F4[6wH
eDp':QP":P0 
%JC1AW
5u.>sC
NgA:	,v
v%U^!--
Dp|I<'"6
w*Md.v"
"~=lz'7d
|q^Pd\
qeY0%2
Cq9d#`k
9dc1ud
A@F*LIN
.ECPk6
*(_hXQ
Y(F-""
20)%R]
,<ceX7
Hu'e?fm
--nF_B
:lw4x1+
VnsaO^
It;DyV
i]~h8"
DEXH}:]
](auTc
E;$"NX
=Q8OYj
<.{3{t1
d|iUbn
>L)[V}
tM1"6m:
	raD'/
&ffe\0
-=q 1$
^\zI]W
1ey2gL
]aKBSI
7\_08W
(l}$a(}
Z#.zO.
0]8:~841<:,
}aB]a	
XF@	"f
Cjv|+i
#KRz]V
PwWkTb
w@(d3'{Z
gYnscx
e0A$e%
xE&I~y
:NU<sv
ZnDl~|!
|qbq~n
e/1'Xo
ibOGGo
TlkvB"
o.ad><Y
6+F#&}
;sVZ^c
x7:=K)
=`FgyD
W0 8S_
9(Q>g*
d3:?Dq
??#3y4
db*zYt
[{XmjM
G(+fqCL=7
*yNB#.
}*?C=?@
zBSmdihx
5XcQq~
+&YZ^4
zvn/B1
UrO130$
8,`	5~D
sd	#gX
:5aSeB`
>^,OSp
t&0:d2)
6k:,b\
k|u]:-
 `BJY}d
kernel32.dll
CCreateFileMappingW
MapViewOfFile
shell32
Shell_NotifyIconW
n1ce%)
6_)aeb
Y!em~l
e5q]5_	Y
N-Sg5)
e5yae_)ae_)
:Q>f{o
09*]qg
e5*MieC
|i_)ae_-ae_)ae
a%]);e5
Qq6t_6
eSpm,S
L}_)aa
e5zad])
A^6@5)
Ar6(zj
e5)6d5)
vY5](5d
1&	y#)
,)	e_)Y
w5)ae_)ag_)ag])
q=O0q>\
X6f}ce5-
ey[1])
e5za%])
W/E5)k
e5za%])
m/a6m/mv
etj0v@	m
x)Xec)Iec)Fe
)Oey)Ge
a)Nex)[e
fAn	Y	6Ev[n
PEgKtY{	\Jj
PEgKfAn	Yls
X*s}\$glW(\Jy
\Fe9pQ{	Z[n
YE+#ZEo
e5)[e5)
M2KQEge
XH{3\L|*Sob	P)
gLl*ELe.PPN
P[r3TE~
@Hg$YEd
@Hg5GF
#\En6\Sne
T]n5GFh
W\l CLe
W\l CLe
X	PL{e
PEg MLh
PEo MLh
A\j	xLf
Bfm6PJ
\_n5GFh
Ehg	ZJ
VB5!6&*
Fysikkens5
Rbareres0
Uddannelsessprgsmlene
Uddannelsessprgsmlene
Mainstreeter
/'- :O
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
Arain5
Merengues
Command3
Command4
Kernel32
CloseThread
BeginUpdateResourceA1
UpdateResourceA1
EndUpdateResourceA
StoreRes
VBA6.DLL
__vbaExitProc
__vbaFreeVarList
__vbaVarDup
__vbaStrMove
__vbaAryUnlock
__vbaAryLock
__vbaRedim
__vbaStrToUnicode
__vbaSetSystemError
__vbaStrToAnsi
__vbaFileClose
__vbaGetOwner3
__vbaFileOpen
__vbaStrCopy
__vbaStrCmp
__vbaOnError
__vbaAryDestruct
__vbaFreeVar
__vbaR8IntI4
__vbaVarMove
__vbaFreeStr
__vbaHresultCheckObj
__vbaFreeObj
__vbaCastObj
__vbaObjSet
__vbaNew2
__vbaObjSetAddref
SourceFile
DestinationFile
DataToAddPath
ResourceName
ResourceSubName
OverWrite
MSVBVM60.DLL
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaFreeVarList
_adj_fdiv_m64
_adj_fprem1
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
__vbaExitProc
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
_CIsin
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaStrCmp
DllFunctionCall
_adj_fpatan
__vbaRedim
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaGetOwner3
_CIlog
__vbaFileOpen
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
_adj_fdivr_m32
_adj_fdiv_r
__vbaAryLock
__vbaStrToAnsi
__vbaVarDup
_CIatan
__vbaCastObj
__vbaStrMove
__vbaR8IntI4
_allmul
_CItan
__vbaAryUnlock
_CIexp
__vbaFreeObj
__vbaFreeStr
ggggggggggggggggggggggggggggggggggg
gggggggggggggggggggggggggggggggggggggggggggggggggggggg
gggggggggggggggHgggggPgggggggggggggggggggggggggggggggggggggg
gggggggggggggggEgggggggggggggggggggggggggggggggggggggggg?gWc
g8gQgggggggggggg
gggggggggggggggggggt(
Tggggggggggggggggggggggggggggggggggggggggp)
gtggggggggggggg
ggggggt6
sggggggggs(
gDggggggggggggggggu6
g`ggggggggvN
ggggggggu5
g2gmggggw3
g?gYggggh
ggggh1
ggggj?
ggggj>
g>fM'gggk=
g*feggggl<
j^ggggggggm;
ggggggggggn9
ggggggggggggn9
ggggggggggggo
gggggggggggg`
zggggggggb
Qggggggggggggb
ggggggggggggc
ggggggggggggd
ggggggggggggd
gggggggggggggggge
ggggggggggggggggg
lggggggggggggl<
%ggggggggggggggggggggggggg
`ggggggggggggggggggggggggggggggggggggggggi0
Qggggggggggggggggggggggggggggggg
Ixggggggggggggggggggggggggggggggggggggggggg!ggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggg
ggggggggggggggggggggggggggggggggggggNggggggggggggggggggggggggggdggggggggggggggggggggggmggggggggggggggggggggggggggggggggggggggggggggggggggggg
gggggggjgggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggKggggggggggggggggggggggggggggggggggggggg
gggggggggggggggggggggggggg
gggggggggggggggggggggg
ggggggs
g~~~~~~~~~
~~~~~~~~~~~ggggg~~~~~~~~~~~~~~~~~~~~~~~y~(((((gggg~~~~~~~
~~~~~~~~~~~~
(gg~~~~~~
~~~~~~
gg~~~~V
gg~~~VVV
g~~~VVV
yyyyyy!/77
gg~VVV
''PPPPPP
999999
BBOs~~W
~~118k
~~~118k
MyV~~~~
AVV~~~~:
VV~~~::::b
WVV~~~~T
VV~~~~TT
VVVVV~~~~TTTT
VVV~~~~~TTT
~~~~~~~~~~~
~~~~~~~~TTT:::~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~