Sample details: 277be3e1ba28127da08c0415f5f7ca1c --

Hashes
MD5: 277be3e1ba28127da08c0415f5f7ca1c
SHA1: b2490ac3c762978bafc1f3159aeeb4f14c93d1b3
SHA256: 59b77bef509a86fb919f06399ddb7dba4a481b390756f813925d56a2a2ac942a
SSDEEP: 6144:/EvlSjY4XFGb9gENuscQ11OeEuQPOUl7:/EYjJQbWEsAHOeEuQPd7
Details
File Type: Composite
Added: 2019-06-17 12:03:35
Yara Hits
CuckooSandbox/embedded_pe | YRP/domain | YRP/contentis_base64 | YRP/maldoc_OLE_file_magic_number | YRP/SEH__vba |
Source
http://lhtcom-sg.tk/love/cuck.msi
Strings
		;;B&F7B
B4FhD&B
E(?(E8B
DrDhD7H
ExE(;2D
;;B&F7B
B4FhD&B
?dA/B6H
@H??wElDj>
@H??wElDj;
Name_D7D112F049BA1A655B5D9A1D0702DEE5TypeAdminExecuteSequenceActionConditionSequenceCostFinalizeCostInitializeDIRCA_TARGETDIRTARGETDIR=""FileCostInstallAdminPackageInstallFilesInstallFinalizeInstallInitializeInstallValidateAdvtExecuteSequenceCreateShortcutsMsiPublishAssembliesMsiUnpublishAssembliesPublishComponentsRegisterClassInfoRegisterExtensionInfoRegisterMIMEInfoRegisterProgIdInfoComponentComponentIdDirectory_AttributesKeyPathC_DefaultComponent{4C231858-2B39-11D3-8E0D-00C04F6837D0}TARGETDIR0CustomActionSourceTarget[WindowsFolder]\TempDirectoryDirectory_ParentDefaultDirSourceDirFeatureFeature_ParentTitleDescriptionDisplayLevelDefaultFeatureFeatureComponentsFeature_Component_FileFileNameFileSizeVersionLanguageInstallExecuteSequenceAllocateRegistrySpaceNOT InstalledAppSearchBindImageCCPSearchCreateFoldersDIRCA_CheckFXDeleteServicesVersionNTDuplicateFilesERRCA_CANCELNEWERVERSIONNEWERPRODUCTFOUND AND NOT InstalledFindRelatedProductsInstallExecuteInstallODBCInstallServicesIsolateComponentsRedirectedDllSupportLaunchConditionsMoveFilesPatchFilesProcessComponentsRMCCPSearchRegisterComPlusRegisterFontsRegisterTypeLibrariesRemoveDuplicateFilesRemoveEnvironmentStringsRemoveExistingProductsRemoveFilesRemoveFoldersRemoveIniValuesRemoveODBCRemoveRegistryValuesRemoveShortcutsSelfRegModulesSelfUnregModulesSetODBCFoldersStartServicesStopServicesUnpublishComponentsUnpublishFeaturesUnregisterClassInfoUnregisterComPlusUnregisterExtensionInfoUnregisterFontsUnregisterMIMEInfoUnregisterProgIdInfoUnregisterTypeLibrariesVSDCA_VsdLaunchConditionsValidateProductIDWriteEnvironmentStringsWriteIniValuesWriteRegistryValuesMediaDiskIdLastSequenceDiskPromptCabinetVolumeLabelPropertyValueARPCONTACTwww.exetomsi.comManufacturerProductCode{29EF7317-DCA1-4159-97B2-C883AD400AC6}ARPNOMODIFY1LIMITUIProductVersionProductLanguage1033ProductNameExe to msi converter freeUpgradeCode{1630D902-D790-41C1-AE26-9D5E5D17566F}BinaryData2.0.0_B3D13F97_1369_417D_A477_B4C42B829328NOT REMOVE~="ALL"
Windows Installer
Exe to msi converter free
www.exetomsi.com
devuser
{C35CF0AA-9B3F-4903-9F05-EBF606D58D3E}
!This program cannot be run in DOS mode.
`.data
MSVBVM60.DLL
obj2URANBERIGELSESANLGGETS
obj2sbekassebilernes
obj2Untwind3
obj2Untwind3
obj2TOOTHPLATE
VB5!6&*
obj2ambitioners
obj2Trekking
obj2URANBERIGELSESANLGGETS
obj2URANBERIGELSESANLGGETS
obj2sbekassebilernes
obj2Sneckdrawing
obj2KETCHCRAFT
obj2Udskring
obj2gebrder
obj2Affekts6
obj2Silipan
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
KERNEL32.DLL
ReadProcessMemory
kernel32
EnumResourceTypesW
CreateCaret
ShowCaret
GetFocus
SetEnvironmentVar
GetClipboardData
CloseClipboard
OpenClipboard
lstrlenA
user32
GetWindow
SHLWAPI.DLL
SHSetValueA
SendMessageTimeoutA
SetEnvironmentVariableA
shell32.dll
SHEmptyRecycleBinA
SHUpdateRecycleBinIcon
SHQueryRecycleBinA
VBA6.DLL
__vbaStrErrVarCopy
__vbaLenVarB
__vbaVarAdd
__vbaI4ErrVar
__vbaFreeStrList
__vbaVarVargNofree
__vbaStrToAnsi
__vbaAryDestruct
__vbaFreeObjList
__vbaLateIdCallLd
__vbaI4Var
__vbaR8FixI4
__vbaI2Var
__vbaStrVarVal
__vbaEnd
__vbaObjVar
__vbaLateMemCall
__vbaObjSetAddref
__vbaFreeObj
__vbaObjSet
__vbaNew2
__vbaFileOpen
__vbaFpR8
__vbaStrMove
__vbaStrCmp
__vbaI4Str
__vbaVarTstNe
__vbaAryConstruct2
__vbaErrorOverflow
__vbaSetSystemError
__vbaFreeStr
__vbaFreeVar
__vbaHresultCheckObj
__vbaStrCopy
__vbaVarTstEq
__vbaFreeVarList
__vbaVarDup
__vbaVarMove
obj2gebrder
obj2Chronal
obj2Chronal
obj2Udskring
obj2ordmagi
obj2ordmagi
O\uj:O
obj2KETCHCRAFT
obj2FINALISE
obj2FINALISE
obj2Silipan
obj2Bovsprydenes
obj2Bovsprydenes
obj2Affekts6
obj2VOLTOMRAADET
obj2VOLTOMRAADET
obj2Sneckdrawing
obj2Renovatrens3
qF2uY7
)m`<(n
D5fF6K
.<8eJ9
>iDI$[
+:p:)i
#H>[Ul^
[9nJFS
Nx|fb<
v_T^G]8
\j`v4Z
Gbb0/q
)"l"hL
`eY>q-J
|5<W#Bk
~ae;A)Kh
VeoAr"5*b
zj,T+F
99^c6g
0bLPE*
V@N5u7
KClPq}
VN:T3K
_3&dj2
o y=	4e
P0RVx9
sIL\v:q
7h~iS(
xYcfkE%
1?QN5gg
KSIT*;8
$\!=o,$=B
Q\Z ]5
>,p2Fs
|ds\VJ
Y`Tq5B
 &8N[V
{9W	=Y
@e&|w9;
5Tnip*
Fw{6x<
f	|q<ip
vKv*F5
}L	S?J
b<BjgR
	J5\rf
!%_dh4
T_Iu#?
cy'Idq
}`[4|nj
h-K=\Lk]
v(Z@G	O
aCQ(uO
2v08H_
?<z@3q,-
5XEI:?
Zdbb) 
/G1@=i
6#|`Ma
"mM&OV
v"V2^=g
5~p@;;@O
_EtDF2
H/oC?,
y'-C{~
^5;g;)
a#|7	h
cUKR,N.
Ui,"M.
?Lx~;Np
Epd{>\;
#D	/<Q
2@DE(u@
|&\U]^
b$,PMM
C`nV M
&bN]S.
CX/Q@,c
r-VDEMM
B2R+cf)9
'~c5|J]
/Ss:9`
6) wu~
~J	wK<
+w1-?S
"d^nCG2
,S8j2k
p*	(n9
lMrAQJ
){;'J0
	Y)5`8ZU
grA*^~e
V"(TxV
C'J%Rc
VQ1/Ws
=QmSd-
9cSv\a
#_6i`pbS\2
y.EX~W
n-9J~V
_'^y:~
IfO)+$
(%f^p7BZ
|7{@Jw
VK%MnMp
mA#w$@
GPqQdp
<+f>}^
Rm]YQi
.]`+"x
Rkg|',
uflJ$e<
Jp*+W|l
fe'[1cT
O]@Db.
!z2-52
p_z@?S
F*(jt#
Kq0jPA
+"[5=^
!>o&5Y
^1wAPr
7oIfBuw
XCE(Vi4)w
d(95~WJ
64[,D-
NzVZ5t
epiEcQ0
 q&@:^@
S.*a7rsnc
i;*!`._s
M.mkuI
hGBM/`
{/Rxz8
hr:)Ml
F\`'+#
^=NkCy
5zk!\J
WT$C_d
(Zv;dC
BM|CAiB
"U1%7ED
2WC%D|
#!cgbJ
bd?pvu
,q:a}I
ZUwe&i
xYd/YZ.
9#iJkL
i* 2@v
91o]aP&
+hx*}sc
ekK8]5o
#^@|T\
jM4V|b
n\FK2{J9v
`EDuH	
VAlNidM
hj(n.i
'<OX%j
81'[t	
_\O(N4
[qI8AY
1!N((0
EwQ(bWd
BXIN\>
7'z'k=n]bXV3
eB-p-p
US5pYP
thzp33
	_P(b=
pptU0	A	
eR9D.g
.24;O/
d\3;{)
SNR.7H-}
,qn"xz
d{DwUW(
.I-e!tr$
EetC;+
>BRXQ,^
B#4@wl
!v9Ts0j]P
5pUv#e
P36x/E
D&r\>Z
LryM Kdj|
~o	l#<*
YT[!P.@x
mF4v\m(
{_"x!/
+VUw1X
&xn*k=
mdlaUr
Sr|(l$
aOofA1,
_$hbt7
%4H07GKP
xVv	E}8
Oh_vp_ 
kSv/p_
TC!*"1
\<{#!a
l=JvqLp
wg0hE7G
oo/]2_
 }kvr6
Nk[?AR; 
2!{[oR
~a>Vo2
	6@o|S
^C4c1a
`V YH.W0
Z&=!&T
AU T6S
/c$:pm@
5eH	3,Fy
Dw^;*^
~n[ ,J
)owf $M
peA}eD
:{3=T`
@8G\~#
ps7TCz
Y[VKXh
K9O|Z>e
&Srr64
lRg3k"j
:4Soz:
wW[;c[5j+R
w=@^M#C
Akw,a9
RU]snXD
_-bv7&
ps|d<q
lL~7	-
/!-+-m
s$zRim
Jf]ltm
RHFIQ5
YVxyMQ
d#a|mR
_/vX;}
6HY_]}k
2i;<1.x
Dhx LAq
RZ,L&r
xS0j*%
O @BXVQ
6/\u{oV
}T:}kS
f?dH1cV+
JFJ+X/
""T^(>
} #oX(
=FgP.4
S7wY4o
ppLs%c	
lz$WSA
,+tss?
`,;f$O
2x.cp3>
X+c$tP
=/Ey;3
[Lv{}N
&vcct}
i=O2#23
-;XXu\
['S/lE<
R%dWT5W
cTR:k=D*^2V4
IFS;Z(
tn#6mG
k!,}G3
^%p9g`
{6Ft8h
V4_eHG
P|UN]FO
yQSdvdw:
'Ag*2d
3iy	)v-
=B3n.t
/@~zSp
0=KERNu
C3_Fmd[
C3_F]d[
~[FLi[
C3_F4e[
G;cFPh[
C!s&WnS
~[&WnS
~[,0~T+|~[
~[$WnW
~[$WnW
C>W$GvS
~[$O~S
.1P7+;$
~[G!u[
~[Gqu[
A&O$WvS
A1W,	:
.%C3+F
7)C,0~T*C}[
7)C,0~T*
7+;hO~S
~3P7~[&0{
~T+X~[
gC3gX9'
uT@	/T
~.]C3W.	~@
C3W.	~@
~[&0{[
~Z/7	SP
~[,3~/
obj2Renovatrens3
EnvName
EnvValue
MSVBVM60.DLL
__vbaR8FixI4
_CIcos
_adj_fptan
__vbaVarMove
__vbaVarVargNofree
__vbaFreeVar
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaFreeObjList
__vbaStrErrVarCopy
_adj_fprem1
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaFpR8
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
__vbaVarTstEq
__vbaAryConstruct2
__vbaObjVar
DllFunctionCall
_adj_fpatan
__vbaLateIdCallLd
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaStrVarVal
__vbaI2Var
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
__vbaVarTstNe
__vbaI4Var
__vbaLateMemCall
__vbaVarAdd
__vbaVarDup
__vbaStrToAnsi
_CIatan
__vbaStrMove
_allmul
__vbaLenVarB
_CItan
_CIexp
__vbaFreeStr
__vbaFreeObj
__vbaI4ErrVar