Sample details: fb98810f186c353272853a8bf78da03f --

Hashes
MD5: fb98810f186c353272853a8bf78da03f
SHA1: 45383d70fec77f9bc59cbacaf08250c6835ffa12
SHA256: f395acb3bcab2dd4132ef41008d05b497188410477ae11c2bca13ba9da752b79
SSDEEP: 3072:qmgRb41DhbGfmp9emcnEQuMNojf1OTzReHJh+sU3bDGiEfq+nx8Q9kW:fgRyDMydQuMNQISLGLDGiE9X
Details
File Type: PE32
Yara Hits
YRP/contentis_base64 | YRP/domain | YRP/Microsoft_Visual_Basic_v50v60 | YRP/Microsoft_Visual_Basic_v50 | YRP/Microsoft_Visual_Basic_v50_v60 | YRP/Microsoft_Visual_Basic_v50_additional | YRP/Microsoft_Visual_Basic_v50v60_additional | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasRichSignature | YRP/SEH__vba |
Source
http://sewolf.ru/inc/dam.exe
Strings
		!This program cannot be run in DOS mode.
`.data
MSVBVM60.DLL
Vildnisserne2
Fetichistiske
Holdnummer
Holdnummer
Hylomys6
Sidevej2
Chittering2
Fastlsninger
Tolerancetrsklerne2
Udkmpnings
Protozoan
Trdormen3
Multimillionrs2
Steppeulven7
Nejedes2
Udstillet
VB5!6&*
Blowball1
Stenklverene5
Vildnisserne2
Vildnisserne2
Fetichistiske
Feltherrerne3
Petuntse2
Produktionsmde
Pimpinella1
Resubscribing5
Sangsvaners
Eloise
Kreoplevelse
Eversporting
Fredspiber3
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
Hylomys6
Multimillionrs2
Protozoan
Chittering2
Nejedes2
Tolerancetrsklerne2
NTDLL.DLL
RtlEnumProcessHeaps
user32
CloseWindow
URLencode
belbosi_1
VBA6.DLL
__vbaSetSystemError
__vbaFpI4
__vbaEnd
__vbaLateMemCallLd
__vbaVarTstNe
__vbaNew2
__vbaFreeObj
__vbaObjSet
__vbaHresultCheckObj
__vbaStrCmp
__vbaFreeVarList
__vbaFreeStrList
__vbaStrCat
__vbaMidStmtBstrB
__vbaFreeVar
__vbaFreeStr
__vbaStrMove
__vbaLenBstrB
__vbaStrCopy
Unitages5
[pqMnQ
/=s|K1"
Produktionsmde
Blods2
Blods2
Petuntse2
Pourpointer
Pourpointer
Sangsvaners
Fagottone7
Fagottone7
Eloise
Chemawinite8
Chemawinite8
Fredspiber3
Yderstes7
Yderstes7
Pimpinella1
Canvaslike7
Canvaslike7
Resubscribing5
Stlwirerne5
Stlwirerne5
Kreoplevelse
Mountainously
Mountainously
Eversporting
Uncontrovertableness
Uncontrovertableness
Feltherrerne3
Fragmentist7
Fragmentist7
Unitages5
Zh|3vN6
s&3Ed~)
c!29^q
8*CcHnfH
C3<IZ#
hQLPmn
wg(Gu	
_PS}Yu
}a]C#8
V={[&8B
rP60Cp
]%Z3FP
no9(Im
I8I>)5p
\K]^.i
?<cIn7
=<kd1%c
$x'5X)
-<M?4&
JLPsXG
^Q8bKT*
BK8sKs
.CQ.Fi
O^3LBo
a2`R3_
!pq7\B
){/W?wt
)3$"c\}_u
4'7\	N
:~w*9w
C^	;H>2
t,n'gd0
zD>Kc?
rd6M	TN
	892}2
!?i$-o
sk^V8q
%ID)?	
$	9Rk=
88~#<S`)
nw(/VV
RYuNKyt
	en;n6
.{a_L^
R(8j.s6`
xSka^u
>4z},}
6"O!_$^s
i8Z>O+
gQh;]CP}
s0U]ue
G[CLS%1
Jy#9 ee
'5/_#G
n~59;A
7F<j'_'
 h,c &
&FDMcE5{
w?uU4V 
<#(k*Et
KbH9:F
#:yM08
yY1$(r
:r+M%@AUj
Mnl*#,
N{;qY?
-c8LRGJ7
<=H9.	
lO4v\/k
RlL'Yz
F@/wBT
FbYRzhc+
`yW!3	"
x@F1T L7i
R9	L)tS
'jeBCy
$]I07B
99@hv\6&
yS7ZmToB
[-	Y'K
`rscJe
weesml
YJW1;^Rt
4~yPKE
s5E|ci
<OpM=T
/l63I)
S!.X V
[zmEj"
o=s)i,
d[x{ [=
]B"\Sl
~$]Y-N
RLo|=c
(LKG2$*
Ii~:ZSp
BUw`P1
k TW>,
.	Ieuy=
5}r4x4
u(u^`1
?#L>UL
SMgmGw
WsatOP
ukK5]P
4q	&%	
e-&[|1
Ye]wi&e
3g r!p
%>3	z4
U?'M;W
SULG8{
L'iYr$;
~{[Q,B
[^&!Pc
,Mc>ig
~7UDta#y
"jK<qi
bNFqI9.
hZSgw/
7}=t"T
^s(vCe
b;{&?)
!.=Toz
,5 i{\
gvc1NK
gygy#>8O{oPZ4&
isvvX#@
V3(oVc
o@sI-:V
P;tIVCX
bQ^61IH
yeaR6{
mB~[fI
H A**/
sk$ 87
gpS?1M
ZY}w(=x
/(LpV<g
ZXLx=eC*
:yn`5V
dvI35b
nJ"	r(Vg
mAqjw0:
*@*sJ4)
j~V6a'
p58:+Z6
^5Lz-Y
3$ff:54Z
GDccR5
g`8qGTW
z};@act
uow2{gQY
R_2VE	y
WQd3k;
}iapHq
P].z	v$
X,xe.D
d[2 3z//
*R2}MW
:dXKMp
8&$hYxe$
j?LQ2k
/1Y$&_
nU	=Nm
P-]s9	kzd,Y
<j]Q5(D
39>#q;
+Z-E( 
I5k&Usz
A_>)	u
efks:*C=
B6whEt
Tjz.MQ
c "IBs
Bj#8nx
,2K>V=T
6lMk!#
w6%JNi
s<HD-=
Twe6Tpv
=,e-oE
2taIE5[
@UK-)m
[f^0xB[
i4u=t<
I E4Gt?
hc&7&}
HQ}#=y
,3(C``
SHELL32.DLL
Shell_NotifyIconW
PHeapAlloc
KERNEL32
c03Ca03
Dh{[0<
b03p-4
`0jr-@
`0jr- 
o03r%,
]n03r%|
n03r%`
IXc8`0
`039h0
`0k{X1<
bp%<69!03
;g03p?
?g03p?`
k03<% 3
(0L083
5h03r'(c
ug=`}Y
B#p:$0
c03p'(Y
Sa03r%,
$;st;rx
1F/;i<
<sd/rz
a03p-<
`069!03pT8
ipt{X0F
`03p  
`03p <
`03p <
hsr{[0F
s6A`03r36sx
Xeex:=,
PWSh42@
jDhT2@
MSVBVM60.DLL
_CIcos
_adj_fptan
__vbaFreeVar
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaLenBstrB
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaObjSet
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaMidStmtBstrB
_CIlog
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
__vbaVarTstNe
__vbaFpI4
__vbaLateMemCallLd
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeStr
__vbaFreeObj