Sample details: 7707be7a31573794601176c590a1a22c --

Hashes
MD5: 7707be7a31573794601176c590a1a22c
SHA1: 84c35e5f01390789cc7e5e61f2050eee49a6b20b
SHA256: da78e536d1395126f13b1dec8586be8b6759c77aff626de07223c32c4ebec3fe
SSDEEP: 6144:/6mg8T5D7ualGFKhyzatU19+hsWEASCovf/wa:/6mg8T5D7IkOT19+hsWEhxIa
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Basic_v50 | YRP/Microsoft_Visual_Basic_v50_v60 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasRichSignature | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/SEH__vba |
Source
http://85.204.116.123/tin.png
http://85.204.116.123/tin.exe
Strings
		!This program cannot be run in DOS mode.
`.data
shell32.DLL
oleaut32.DLL
kernel32.DLL
NTDLL.DLL
MSVBVM60.DLL
PicSid
AutoSizer
Ci^GoN
Auto Resize form :D
wwwwwwwwwwwwxw
wwwwwwwwwwww
wwwwwwwwww
wwwwwwwwww
MLwxywwwwxwP;
_qr.st6455B5(6j
=ijhkl'
m-@n7op_VG'HR`aWbcWdeQfgWh
=VWW+XYZE[1;\]S)^WU
&I)JKLMN
=>?/@#A BC65
DE@FGH
345(5556789:;<%&
'())*+)++)))(,-%
Command24
Command1
Command23
Command1
Command22
Command1
Command21
Command1
Command20
Command1
Command19
Command1
Command18
Command1
Command17
Command1
Command16
Command1
Command15
Command1
Command14
Command1
Command13
Command1
Command12
Command1
Command11
Command1
Command10
Command1
Command9
Command1
Command8
Command1
Command7
Command1
Command6
Command1
Command5
Command1
Command4
Command1
Command3
Command1
Command2
Command1
Command1
Command1
UserControl11
PicSid.AutoSizer
Label1
See the code for yourself
AVIN API Control
PicSid
Ci^GoN
PicSid.AutoSizer
AutoSizer
AutoSizer
mDoceSid
frmReleaseOrder
modBrowseForFolder
modCheck
PicSid
Command20
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
Command23
Command24
Command21
Command22
Command10
Command11
Command14
Command15
Command12
Command13
Command18
Command19
Command16
Command17
Command7
Command8
Command9
Label1
Command1
Command2
Command3
Command4
Command5
Command6
G?/UserControl11
UserControl
tmrint
EncodeArrayB
InitShellCode
LoadShellCode
GetProps
CopyLZFile
lz32.dll
GetExpandedNameA
kernel32
GetSystemDefaultLCID
LZClose
VirtualAlloc
user32
LoadStringW
winspool.drv
DocumentPropertiesA
netapi32.dll
Netbios
GetProcAddress
GetStdHandle
GetStringTypeA
GetStringTypeExA
oleaut32.dll
SysAllocStringLen
VBA6.DLL
__vbaAryUnlock
__vbaAryLock
__vbaStrCopy
__vbaVar2Vec
__vbaAryMove
kernel32
VirtualAlloc
__vbaVarDiv
__vbaVarTstEq
__vbaVarTstNe
__vbaVarMove
__vbaCastObj
__vbaSetSystemError
GetModuleHandleW
RtlMoveMemory
VirtualProtect
__vbaErrorOverflow
__vbaAryCopy
__vbaUI1I2
__vbaUI1I4
__vbaGenerateBoundsError
__vbaLbound
__vbaUbound
__vbaI4ErrVar
__vbaLenBstr
__vbaObjSet
__vbaAryDestruct
__vbaFreeObjList
__vbaNextEachCollObj
__vbaFreeStr
__vbaStrCat
__vbaNew2
__vbaStrVarVal
__vbaInStrVar
__vbaVarMul
__vbaLateMemSt
__vbaFreeVarList
__vbaVarCat
__vbaStrVarMove
__vbaStrMove
__vbaI2Var
__vbaFreeVar
__vbaFreeObj
__vbaHresultCheckObj
__vbaLateMemCallLd
__vbaObjVar
SysAllocStringByteLen
__vbaInStr
__vbaObjSetAddref
__vbaForEachCollObj
__vbaOnError
WideCharToMultiByte
oleaut32
SysStringLen
__vbaI4Var
txtdatefrom
lbldate
cmdcancel
txtdateto
cmdprint
Label11
__vbaExitProc
__vbaVarLateMemSt
__vbaVarLateMemCallLdRf
__vbaLateMemCall
__vbaFreeStrList
__vbaVarDup
__vbaVarIndexLoad
__vbaDateVar
shfolder
SHGetFolderPathA
shell32
SHBrowseForFolder
lstrcatA
LocalFree
shell32.dll
ShellExecuteA
Ci^GoN
__vbaI2I4
shell32
SHGetPathFromIDList
__vbaStrToUnicode
__vbaStrToAnsi
__vbaVarSub
__vbaVarTstGt
__vbaStrI4
__vbaStrCmp
AutoSizer
Autoresize by Ali!
tmrint
frmReleaseOrder
Select Date
cmdcancel
&Cancel
MS Sans Serif%
Cancel Current RO
cmdprint
&Print
MS Sans Serif%
Print this RO
txtdatefrom
txtdateto
Label1
Report
Label11
Date From
MS Sans Serif
Label11
Date To
MS Sans Serif
lbldate
(Ex. 26-03-1978)
ByteArray
Password
NewAddr
pShellCode
oleaut32.DLL
shell32.DLL
MSVBVM60.DLL
kernel32.DLL
SHGetPathFromIDList
SysAllocStringByteLen
SysStringLen
VirtualAlloc
VirtualProtect
RtlMoveMemory
WideCharToMultiByte
GetModuleHandleW
__vbaVarTstGt
__vbaVarSub
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaFreeVar
__vbaAryMove
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
__vbaLateMemSt
__vbaExitProc
__vbaForEachCollObj
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarIndexLoad
_CIsin
__vbaNextEachCollObj
__vbaChkstk
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
__vbaVarTstEq
__vbaI2I4
__vbaObjVar
DllFunctionCall
__vbaVarLateMemSt
__vbaLbound
_adj_fpatan
EVENT_SINK_Release
__vbaUI1I2
_CIsqrt
EVENT_SINK_QueryInterface
__vbaVarMul
__vbaUI1I4
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaVarDiv
__vbaFPException
__vbaInStrVar
__vbaStrVarVal
__vbaUbound
__vbaVarCat
__vbaDateVar
__vbaI2Var
_CIlog
__vbaErrorOverflow
__vbaInStr
__vbaVarLateMemCallLdRf
__vbaNew2
__vbaVar2Vec
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
__vbaVarTstNe
__vbaI4Var
__vbaLateMemCall
__vbaAryLock
__vbaStrToAnsi
__vbaVarDup
__vbaLateMemCallLd
_CIatan
__vbaStrMove
__vbaAryCopy
__vbaCastObj
_allmul
_CItan
__vbaAryUnlock
_CIexp
__vbaFreeObj
__vbaFreeStr
__vbaI4ErrVar
b.S^'O2
Z4eG6~~p
zInz80
Wy"ii?`
nCHwwp
AH.nTb2-
[CBkq6$
bMDi/H
D~luAL.'
sny"-&
*Y 	x9
{)-)_Ss5p
4IY7O`
~8F1.o
zKvhkD
*nGOr8
Fpy[\T0d
I>` Wkg
U?._\d
t=4*&I
YgM~p!
4Qx%vD
+g7e_<
D,D5ZX
1IZ9bpd
VgV5:W
-xX_"O
L.rD99
q[	<Ls
\Xlav(
>U=#yq
Z$+=';s/
`XA'zd
3Woa/7
\/{:Mr5
k:$|'|?r
*@y3p\
P*[P/9
,yba$[
AJ_s0"f1
DeWMFI=I
ye+u=<
XA8s3+^
6l2yu5
leocn{|
Y?vWQ'+K
gUTa"k
x-n;h%2>0+2
;U7XDJE
c']sFn
,Qi-}t
 %#nZ!)"
{6NixS
cDHzrZ
dIj+GOE
 .+@S~
w/bt'o
`/rf[he
k@u)L0R
Teu	MXE
1;jaun
;nJSAt $
dHDHilX
	W,v/R
E9Leq:
;c<V,D
Y#sN#+
n+8	Y0
D}E:"E
8ed]M7
#42bcE4U)+
B45HUE
3=:,1?r&
V;l$r-3
>?bKH@
N(n4h*
r/W&E4
Z.jCi?
)2E{Kw
WstTB+
3p(#0p_
d\0N`~
RY!GG3
J~u\e;N
|-cj	Qw*&UgG
1APYXR
0wf9`A
Y9*(wO
[ WGxom
sAT/*d
{3ye5J
~.JjqF
V82"Zd
	9nnyD'
-nZGjQj
 )PUi%
nwIb@r
&8C:W	&
Ms2a14
y\=$][
6b=*{xU
0Hw*]!
;ZHu6hG.
}e)PI.
q>mH##
a2%^\:
A~m6lZ
,z}HHzm`X
,%=' 'd
q?l}L)S
,@YW)#/2S
I*hV4%@
:wKk+!
}wPjAudzA
"2$O5g`%B
D;D_7o
lK:\"V
&yl__f
31Y+Eb
=ISs2xV
/%kEZj
:D2|nB
5hBzNj
+"Fj@ 
%0&P.fF
h.KdFT
{1j&k{
A^{zb2
$t^\4Zz
G$YG|o
uLj0Vx~
NHN.z[
r^11Ok
6Nl?Q|
|%8z4?t>
r[W{5X~
J"N<@7
h~C)5P
.Gq|eK
MH:Dc=
/1Ppvn
1*Yjnl
NVjPOh
/%EocO6d:
[|>^O#
>rLEPEz
`OBgGO
GQS~n&
Uy}	|hz
8*(IeM
,oq-gGa
$`YgA.
N=rNBM
_zS^lC
=F"L907`
:>}B	&D
NaJr[Y
N.BSBi#Fh^f
P=.^h.+
4LjE)+
:5SpYE
yaMBY,
~[Z3{@P
J@|*[0
R@'TfQe-R,B
73uLQv
j5w^{ed8-
$N\l5&N
d\wFFP
`$g6~D~
\dN@a%
l=_x$^
T":dx-Qq
h'?)ps
9(haOl2
f!h[<k
z2[.V9
+Bj!LA
MON(}q
(D=t!'
9		lM>
b(#[.\
P@Q X2
G|-9_C
R%4)gI
U[o:R5
>#D*kG6
w2m4Y8i
xfa#8|@$X.
Ux>kgR5
]pg^cD
Uv|ey{
d)dtMA1
,P_<Fb
y{=ra)w
Dh@fTu
e)`tOA
fBwib"
Iu5vRey{"re)adMA1AwNsT
$qZ]:gC
%6A>,2
Eu 	s5-.
B"u &b%Z^7
>'Z]:2
w:G;6?B
>'Z]:2
K*	D~S
w>'> fA;"V""
>[`";  \
=3~	A~"
m7<M1K"C
 E$+)N
$}]	{K;
XeT:\&h4
CjO 6?\w56
[;?lHg
=%%2+>
XI$7*x5D?7'+""1"
:-M2</XD<Vo
D:74x=N
$_$Xv@
$w!K%K 7
`ys@'4{1D
!F8/5[
X !+2)M9X2P!
v4-PVW
B&Gs 8
2p:S=6-L:
(<q+H9:&
>'79/R! 
W0Z^-H
C'3=2/L7#$
Ji7mcv,u
?RrW}P
33>W3?0
+#.cv,e
t(1y8d<
nW#C%K
#"	|>8
E w|'e
f%.7P1
r"$K;/ 
8k[VFl
e	P~T!@>P
)M;X[Z-{
.IV3~^5/jE
V4n$xQ
o@g3$R
b24[;/0
+A/\FZ-\
="7Af!
~+V(Ba'
_6Hj%"
P3+K0gl
;1 WcE(J
 (y8O>s
i39XD<
0-QQ+	f
m&G'y}
v#gZs 
v0g5\::;</^
 **-K!
j2t~#:	
DKZW4'@6!
ne"0NA$
{&-.;<)N
8|(D:D::k
=*-_4B/)K/
+PrWY3
f(*0&=Lg
wNcDxTvRey{"r9)Kd]A1Aw
21.X 1N-<.=k"G&sThDfBuik2bu)ad]Q!Qg^cDxTvReik2bu9qtMA1AwNsTxTvRey{"re)ad]Q!AwNsThDfBuik2bu9ad]Q!Qg^cDxTvReyk2bu9qtMA1AwNsThTvRey{"re)ad]Q!QwNsThDfBuik2bu9qd]Q!Qg^cDxTvRey{2bu9qtMA1AwNsThDvRey{"re)ad]Q!QgNsThDfBuik2bu9qt]Q!Qg^cDxTvRey{"bu9qtMA1AwNsThDfRey{"re)ad]Q!Qg^sThDfBuik2bu9qtMQ!Qg^cDxTvRey{"ru9qtMA1AwNsThDfBey{"re)ad]Q!Qg^cThDfBuik2bu9qtMA!Qg^c
vx{"r%9=uMA1QwN7ThD
\HdLTHDf
aBoRu4u
IUlQxJ*D
jh$fBEik"
%H)}F}
htoey{Rse%adM
UhlfBugY
mqp1`-ve_>
Lc`xTv
!QgqQ}J
rZ}Iw8g'a
Uu)ad]Q!Qg^cDxTvReik2bu9qtMA1AwNsTxTvRey{"re)ad]Q!AwNsThDfBuik2bu9ad]Q!Qg^cDxTvReyk2bu9qtMA1AwNsThTvRey{"re)ad]Q!QwNsThDfBuik2bu9qd]Q!Qg^cDxTvRey{2bu9qtMA1AwNsThDvRey{"re)ad]Q!QgNsThDfBuik2bu9qt]Q!Qg^cDxTvRey{"bu9qtMA1AwNsThDfRey{"re)ad]Q!Qg^sThDfBuik2bu9qtMQ!Qg^cDxTvRey{"ru9qtMA1AwNsThDfBey{"
=^<d]Q!Qg_cLhDfZui
!Qg^cDyTwReyK"r
i6*NsThDfCup
"r-)ad
_cDhDfBuik2^JA
*EsG|U^[G
5yPcF1
y\zuNZ#
 -_2Zy
Z\F83_{
p2N<]?
)V"E`Kda
zu^VrEY[
oo	AD}q
2:T3Pn
ojTCdXtVrYF
RE	]K.4B4
-VIlbUUDF
-37NojT_k
K\x3qtMA1AwNsThTvRey{"re)ad]Q!QwNsThDfBuik2bu9q
PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING