Sample details: fcc238f38d14cbc9220a8e52a89701cf --

Hashes
MD5: fcc238f38d14cbc9220a8e52a89701cf
SHA1: 12037c13bcd84272bae0567bb2f00cab1f40066c
SHA256: 83bd96f8f9a751c89fa8621827d09e749dd8545740d63da19a27be9c3bae96a2
SSDEEP: 6144:Ks/trNfyBu4LrqPDpaST47did232pW8YaLwH2ijPZdDI:Ks/RNfyBu4Lr0DUST4MnW/aLwNjPZhI
Details
File Type: PE32
Added: 2019-10-09 18:28:18
Yara Hits
YRP/Microsoft_Visual_Basic_v50v60 | YRP/Microsoft_Visual_Basic_v50 | YRP/Microsoft_Visual_Basic_v50_v60 | YRP/Microsoft_Visual_Basic_v50_additional | YRP/Microsoft_Visual_Basic_v50v60_additional | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/SEH__vba |
Source
http://193.26.217.230/sin.png
Strings
		!This program cannot be run in DOS mode.
`.data
user32.DLL
gdiplus.DLL
oleaut32.DLL
kernel32.DLL
NTDLL.DLL
MSVBVM60.DLL
CalendarDateSelector
;')x:O
Calendar
Multi Dates
FullDate
month1
September
BGSCalendar
September
LblDOW
MS Sans Serif
LblDOW
MS Sans Serif
LblDOW
MS Sans Serif
LblDOW
MS Sans Serif
LblDOW
MS Sans Serif
LblDOW
MS Sans Serif
LblDOW
MS Sans Serif
LblDOM
LblDOM
LblDOM
LblDOM
LblDOM
LblDOM
LblDOM
LblDOM
LblDOM
LblDOM
LblDOM
LblDOM
LblDOM
LblDOM
LblDOM
LblDOM
LblDOM
LblDOM
LblDOM
LblDOM
LblDOM
LblDOM
LblDOM
LblDOM
LblDOM
LblDOM
LblDOM
LblDOM
LblDOM
LblDOM
LblDOM
LblDOM
LblDOM
LblDOM
LblDOM
LblDOM
LblDOM
LblDOM
LblDOM
LblDOM
LblDOM
LblDOM
DOWBar
LblFiller
Calendar
Calendar
CalendarDateSelector
CalendarDateSelector
modMpicture2
kernel32
WideCharToMultiByte
BGSCalendar
oleaut32
SysAllocStringByteLen
SysStringLen
VBA6.DLL
__vbaI4Var
__vbaVarMove
__vbaErrorOverflow
__vbaUI1I4
__vbaGenerateBoundsError
__vbaFreeVarList
__vbaVarCat
__vbaObjSetAddref
__vbaI4ErrVar
__vbaFreeVar
__vbaFreeObj
__vbaHresultCheckObj
__vbaObjVar
__vbaNew2
;')xX{
month1
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
LblDOW
DOWBar
FullDate
LblDOM
LblFiller
GetResString
CalcShellParams
StartShellInit
XorBy64
__vbaExitProc
__vbaStrI2
__vbaOnError
__vbaVarSub
__vbaFPInt
__vbaFpR8
__vbaI2Str
__vbaStrCmp
gdiplus
GdipDisposeImage
__vbaAryUnlock
__vbaAryLock
__vbaStrCat
__vbaI4Str
VirtualAlloc
__vbaI2Var
__vbaVarDup
__vbaFreeStrList
__vbaStrVarVal
__vbaFpI2
__vbaFreeObjList
__vbaI2I4
__vbaObjSet
__vbaStrMove
__vbaUI1I2
__vbaUbound
__vbaLbound
__vbaLenBstr
__vbaStrCopy
__vbaAryDestruct
__vbaVar2Vec
__vbaAryMove
GetProcAddress
RtlMoveMemory
VirtualProtect
__vbaFreeStr
user32
LoadStringW
SysAllocStringLen
GetSystemDefaultLCID
GetModuleHandleW
NewAddr
pShellCode
ArrayCont
KeyTrace
j@h\<@
j@h\<@
j@h\<@
jthl<@
j@h\<@
jxhl<@
j|hl<@
j@h\<@
jlhl<@
j@h\<@
jlhl<@
j@h\<@
j@h\<@
j@h\<@
jdhl<@
j@h\<@
j@h\<@
j@h\<@
jthl<@
j@h\<@
j|hl<@
j@h\<@
jlhl<@
j@h\<@
jlhl<@
j@h\<@
j@h\<@
jxhl<@
j@h\<@
j@h\<@
jphl<@
jdhl<@
jthl<@
jphl<@
jph|<@
j@h\<@
jPhl<@
j@h\<@
jdhl<@
j@h\<@
j`hl<@
j@h\<@
jdhl<@
j@h\<@
jdhl<@
j@h\<@
jPhl<@
j@h\<@
jPhl<@
j@h\<@
jPhl<@
j@h\<@
j@h\<@
jPhl<@
L$(_][
T$(_]3
j@h\<@
jdhl<@
j@h\<@
jPhl<@
j@h\<@
jdhl<@
j@h\<@
jdhl<@
j@h\<@
jTh|<@
j@h\<@
jThl<@
j@h\<@
j@h\<@
j@h\<@
jThl<@
gdiplus.DLL
oleaut32.DLL
MSVBVM60.DLL
user32.DLL
kernel32.DLL
LoadStringW
GdipDisposeImage
SysAllocStringLen
SysAllocStringByteLen
SysStringLen
GetProcAddress
VirtualAlloc
VirtualProtect
RtlMoveMemory
WideCharToMultiByte
GetSystemDefaultLCID
GetModuleHandleW
__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaAryMove
__vbaFreeVar
__vbaLenBstr
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
__vbaExitProc
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaFpR8
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
__vbaI2I4
__vbaObjVar
__vbaLbound
_adj_fpatan
EVENT_SINK_Release
__vbaUI1I2
_CIsqrt
EVENT_SINK_QueryInterface
__vbaUI1I4
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaI2Str
__vbaFPException
__vbaUbound
__vbaStrVarVal
__vbaVarCat
__vbaI2Var
_CIlog
__vbaErrorOverflow
__vbaVar2Vec
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
__vbaI4Var
__vbaAryLock
__vbaVarDup
__vbaFpI2
_CIatan
__vbaStrMove
_allmul
_CItan
__vbaAryUnlock
__vbaFPInt
_CIexp
__vbaFreeStr
__vbaFreeObj
__vbaI4ErrVar
x!"gDVE
ZA!P_\
_.W 7>
\2:]3<
[Z]lS 
=P;LG|+~
9p\o	G
oB\PJhb
 (V-L,
3)7[U=
 V*0^\
h :	{X
I)4g${
-d3Y~!;
U)XP=K
-XehXm.2l
A/3ym&
8:K6l/
P+`x^)HVI1
]n ,R.
sjv)i-
D2D"\f
z6IFD_M)
o~-3eT
n<aGIr~
g*aWrW8
SRtdWj3-
 NU@UR
X;!/xd
`@&fO7
0gIeb@
ngF,&7
Inb.o9?
	fcw{Q
  PEb:
N]@e3[7
.SkPQ%
Py;2f6D
xPpfQOr
?Tj(^2W
	9t0\dE
C#~Gp=\
`O4G2T
FdJ~R>
`]"|iP=m
$?TT#_
G;a/G X
dVNcMvS
Z6#0oUI
f,fXVH
,s#(ZQ
;na.Kr
Bvj|;e>
H|K	28y
HOfu-O
(i`@pe
	45{[n
#^@x3pG=
.+\!O2
Dc,BRs
P-H7];
qdKg~d
1hIW5-?
CJ} ;#
N[C+<i3
[=JfI6
E`G)U1f
zT5e;]
YRj1Wz
GXg(#I~
Z~3H0)
&]#M:a*.
!b"^ZYu
7X/P@EZ
B6sL={
H6%10v
n1EjzP
8mzt-i
3z}nqC
vRI6&T
kU"PwoO
$q@D=^
2LJh6'
-uUjWp
|o@{z4
1@#?Nz
Jv-XKR 
\1=MBM
8q<SH3
U)2wF+N
u>gn}M
M`U\hRl
Q|; f$j
g}9e{eS
K,=n>M
YIv/Q(
o,~O1!
 Qh8[w
v:.eI1
w@<I#X
l^ Ls(
HUDU-|
R,,WAH
vRH`vW
(C+k8]
g#$N.VI
NZxfyo
z",%	{
@b,wCO
-j9`my
75nex {w
I;j}ap
2Ae"! 
\,2Nz?
76L8)\
_wH@;(
\Q!dz-
43uwh<&
E>>UTHa
DLA f?
U07[5/-
.GjQ;9
,6?]?	
..xkm}/
$0>G+'
sv*d>1b
%k?CzU^Q
kq.P76
"5P#RU
!yO nJkE
iHEj?q
Y$P7UlXe=(9
oAw]InQyo
toka(H
/YX&BJD
l/.0jF
lF_r>!F
o]KS>R
\C4"3P&4
~+q;FO
qaX)*0
#Ak=NL[So4^
Ar4xVWU
u -v5l
!dr{DE
0<zH	{
X%{|k(-y
VY31>Sc&
=Q*aL6\Vc
gA~>X3
@~[d}I
ZMJGOeMC
|*hjgK
'_9'aP
5qeEnc
y.er[,[@@
Kcg\Xek
#<s.:QK
PbSPBx
US5'7#o
6(j&X_
<1OHKG
	q2>yv
Ge5i}R
dAG#:G
.(-.p{b
oX!##~
J|o{	3
aVwRdM
xtV-r!
uARxE*N
?\]sIQ
UWmbT*
w>o6hGz
EM{P G
0y&dVI
f;w!qFaJ
P\_oUK
b+,@I`a
eKuni_
(!Mw=:
!H48Neg	s]Y
?]0;\|
6g PA<
EU @Fru
n-'gs!<
D8Kw7V
U2%z.D.
Z]5yrW
[[aYB@
`]G~#X
${gn1W\E}+
$XT=_B
pMNtx(&
x6hdNf
:@i(q*
{+V05G0|
5o]^gHC
g9P#6aH
/C;{*z
BL(~<I
kuprv+t[
M5;Ee{
[	Tz%JU[|
1g*F5IKF
Rqz>h6
"wETx+
7Ub}g@:
jC}M81:
03"zN=
j/V3p\
uA*VvQ
T"qWx<`
>m,'?H
rcgk{c
]`4[if
)W?<L>p87
u	0^vY^0
d'HP/cw
/Bw2L<B
A0PG(+eWX:
Vpik?_
Q1bXx7S
NN(rb0Pt
sl/vun+
jtJk-=FU
+(v.ga
N?~Q!=
*?[l#u$;
E;`H<u9
92(+qE
kv./35
jCbg4	mdCu
ih@y<|
\DAV6A{2
C)f8(U
2#,--j)B
!M%31oP
lD@$JR
z6|bQP=s
7(4WW<8
mq`01[jdik-:
el!E0Y
B{t2gD]y
\|tl;OE
E:fAieoe
l/dWE;
nGT<wy
_fJ&Jo
2:ao#SJ
J	l?Iv
s)^VWXj
<g&e=Pz
X^1b/Yxp
9p\h<`
fry;KU~\
a%~}u	T	%
7sa6i=f
oup( >(
4C[19m
i~vR8U
GzA~@O,
u_c]'*
xOz;16
=`O7Eo
.K0pkvz
Q)4	``
Re#07R
{c"Tluy
g&ho;H
nKw?^ 
H($oan
aE='zG&
4W]\APS
5&e!6i
nRIS1J
q"d9.rv
dO$moG@f5
t[e6Wy`
pkq@?_
ye4fHr_
H&$f\S
G\gS3.
]sxUW=
vSs@]j
VG	HP#
so<{v>}
ic738[
8?.g'd
}q8;}3
B%3S'p7r
{l1,$r
R-#'	/
AgFYII
6juXuM
+Pvmw*
P{v HR-
t!&1Wy,
Q<^#N	
PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD