Sample details: 18f1bed85cab1c0db814ce5c32ea0998 --

Hashes
MD5: 18f1bed85cab1c0db814ce5c32ea0998
SHA1: 2286cebe15fdb3ce3189de77a06227185028d918
SHA256: 55adb04268ba1ba84d146cca2f76b6e967f1cf0314a760e07273debeedfcad70
SSDEEP: 3072:YDKetSzNQNvrmatMYQOF77wouvWBFqDKetSzNQNvrmatMYQOF77wouWOOzBaiPS2:qy7VMrK
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Basic_v50v60 | YRP/Microsoft_Visual_Basic_v50 | YRP/Microsoft_Visual_Basic_v50_v60 | YRP/Microsoft_Visual_Basic_v50_additional | YRP/Microsoft_Visual_Basic_v50v60_additional | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasOverlay | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/SEH__vba |
Parent Files
06a9d953097c32911fdcf08ddebc6353
Strings
		!This program cannot be run in DOS mode.
`.data
diffuseGravit
Sample AddIn Project
Besepoler
Besepoler
TTTTnUoUTTTTTTTTTTTTTTTTTTaa
zTU]^j
Tcb`fg
zza]b^`
777777
xTVXYd
777777
777777
ypUX[`_
777777
A77777
zxvyyyyy
yyyyyy
yyyyyyyy
AUD6\]
{tsT2~
Z:j`wW!z{|
=pqkRr
FVd^T6
FMEghip8
\&!_0J`
&<$X0?
333m222
KKKZIII
UUUh\\\
___}ggg
jjjliii
nnnYnnn
kkkkooo
eee|hhh
___j]]]
RRRYSSS
CCClGGG
^^_Cnnn
AUD6\]
{tsT2~
Z:j`wW!z{|
=pqkRr
FVd^T6
FMEghip8
\&!_0J`
&<$X0?
333m222
KKKZIII
UUUh\\\
___}ggg
jjjliii
nnnYnnn
kkkkooo
eee|hhh
___j]]]
RRRYSSS
CCClGGG
Besepoler
volecaXerost
diffuseGravit
Module7
Module1
Module3
Module4
Module5
Besepoler
diffuseGravit
USER32
CallWindowProcA
VBA6.DLL
__vbaErrorOverflow
__vbaAryDestruct
__vbaSetSystemError
__vbaUI1I2
__vbaGenerateBoundsError
__vbaAryConstruct2
__vbaFreeStr
__vbaFreeVarList
__vbaExitProc
__vbaFreeObj
__vbaHresultCheckObj
__vbaObjSet
__vbaVarSetObjAddref
__vbaVarAdd
__vbaVarMove
__vbaVarNot
__vbaBoolVarNull
__vbaVarLateMemCallLd
__vbaVarTstGt
__vbaFreeVar
__vbaObjVar
__vbaVarLateMemSt
__vbaVargVar
__vbaLateMemCall
__vbaFreeStrList
__vbaStrCat
__vbaStrMove
__vbaStrCmp
__vbaOnError
__vbaStrCopy
`bV/rO
MDIForm
C:\Program Files\Microsoft Visual Studio\VB98\VB6.OLB
GetEnhMetaFileA
GetUpdateRgn
tbgxs8o
wynEQvv
HsZnYrM1
GetFileName15
__vbaObjSetAddref
__vbaNew2
__vbaStrVarCopy
__vbaRedim
__vbaAryVar
__vbaAryCopy
__vbaFileClose
__vbaGet3
__vbaFileOpen
__vbaAryUnlock
__vbaAryLock
__vbaVarCopy
__vbaUI1I4
__vbaI4Str
__vbaUbound
__vbaLbound
__vbaVar2Vec
__vbaAryMove
__vbaLenBstr
Sample AddIn Project
mctCEPibKNqx
nwKwtmI
H02dFiR
MSVBVM60.DLL
__vbaVarTstGt
_CIcos
_adj_fptan
__vbaVarMove
__vbaAryMove
__vbaFreeVar
__vbaLenBstr
__vbaFreeVarList
_adj_fdiv_m64
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryVar
__vbaAryDestruct
__vbaExitProc
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVargVar
__vbaBoolVarNull
_CIsin
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaGet3
__vbaStrCmp
__vbaAryConstruct2
__vbaObjVar
DllFunctionCall
__vbaVarLateMemSt
__vbaLbound
_adj_fpatan
__vbaRedim
EVENT_SINK_Release
__vbaUI1I2
_CIsqrt
EVENT_SINK_QueryInterface
__vbaUI1I4
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaUbound
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaVar2Vec
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaI4Str
__vbaFreeStrList
__vbaVarNot
_adj_fdivr_m32
_adj_fdiv_r
__vbaAryLock
__vbaLateMemCall
__vbaVarAdd
__vbaVarCopy
__vbaVarLateMemCallLd
__vbaVarSetObjAddref
_CIatan
__vbaAryCopy
__vbaStrMove
__vbaStrVarCopy
_allmul
_CItan
__vbaAryUnlock
_CIexp
__vbaFreeObj
__vbaFreeStr
333m222
KKKZIII
UUUh\\\
___}ggg
jjjliii
nnnYnnn
kkkkooo
eee|hhh
___j]]]
RRRYSSS
CCClGGG
AUD6\]
{tsT2~
Z:j`wW!z{|
=pqkRr
FVd^T6
FMEghip8
\&!_0J`
&<$X0?
^^_Cnnn
333m222
KKKZIII
UUUh\\\
___}ggg
jjjliii
nnnYnnn
kkkkooo
eee|hhh
___j]]]
RRRYSSS
CCClGGG
AUD6\]
{tsT2~
Z:j`wW!z{|
=pqkRr
FVd^T6
FMEghip8
\&!_0J`
&<$X0?
TTTTnUoUTTTTTTTTTTTTTTTTTTaa
zTU]^j
Tcb`fg
zza]b^`
777777
xTVXYd
777777
777777
ypUX[`_
777777
A77777
zxvyyyyy
yyyyyy
yyyyyyyy
987699568509745856
oacljgfey{uy}~q
!;|q8vtu
,!%&i'9&49<=?=:330;578
HKKICOOLOACLJGFEY[UY]^Q_Q^\QTWWUgkkhcmo`ncbaegie,*-K}rp}p
sq{gwt
-#%.(%8;;93??<?13<z76
GKKHCMO@NCBAEGIEYZU[]RP]PSSQ[WWTgikdbonmacmaefigyvty|
ssp{uwx
)+%)-.!/!.,!$''%7;;83=?0>3215795
GIKDBONMACMAEFIGYVTY\__]_SSP[UWXfkjimoamabmcejhex{{ys
qs|zwvu	
yL ]&Q&X 
Dkn%_t
a> NX"
_K;YQU[U
kxzf`FA[
Y@L6yp
56C,"|s
7l=Qw<
l>1^AXa1
6mVAb"
RcQ3r N7
<S877;
IGVZNy
$[E|XWkl^
]UFW]BjveKmFFs
O@"Mb*:`pu
_ZGDD}
LMNJ2y
!fE''$$&
wO{vsp
sC23r)s
<VPh.O
FYY'c.
##Z(i`
^ZQ@BF
_!?x5J
H<tZDStsLi5
~p+qHRK
x04;zH
$sF`_,
=Fqpu}
=&'Zi!n
x-%^m^2N
[o?@G^QF
z=ytO2_Ar
dRI4]k
2F)s~ 
nLw\?P
<7`^9"
o;/,]u
DE$ym_V
3e@tq.
q5C>@b-A
Wj{?1A
qSlW{5
5E+KjW/
 N0t)I'
$%#"g##o
4#|4hdJ
9o~snV
Z	rfOZE
2REjI_
(]<QTe
-Oy&u-Ht
oiduGC`Je^`5
;!cFoIVk'
AAx[u}5
SSBUZk
.\l[aeepCSeO{
! 1$`/F
bn!a&/.#
7NBQI0O'
7L?G@LC
$Q-^Mq
|GyMv^CqS|eleo
k	h9e?
GvDcB\u<10K8D5Xm6q
Qob[d[lX
;/*,&XS#B!p.z|)
rsyyGv
W{[UHEK9L)
iPV;T8
<40L1c
m8n#^i
qiAUHP7J"I+
(	 V,j
dlGUFabb
ABU=^~
QbD:c'
0;AmO)x
0|0HdP
}9O1a-
4}R;",
~vbj[|
MWBoX(`4
$zH#E~3@J
#\jQG5
m{`6"t,
"v+x[KMx
y(dmt>
T}_6A=
,4|V8)
l.(t@yu
nyP0/%
k~nE26+
A]Wmjp
ydI,3{
{~{$&C
(F7&>U
&&}6BI
nCTLLp]
-n~m1'
s\j<2c
)!#<"=<9)
]87+h5
@;Ih)f
me._slkG
l.|gSnbJ
L"o#oa
@;*g8QkNq
b8ehig,-
] ~sB{W'y
M([{uT}
l)(1)lr!V
	.0jW	
Yf*{vOD<\
*Xky/S
hykHYtcjf[
1|wWr=;UhsgeN
*<(=)3
W`mkH3Z
GIKDBONMACMAEFIGYVTY\__]_SSP[UWXfkjimoamabmcejhex{{ys
qs|zwvu	
)*%+-" - ##!+''$79;42?>=13=15697
FKJIMOAMABMCEJHEX[[YS__\_QS\ZWVUikeimnaoanladggew{{xs}
p~srquwyu	
)&$),//-/## +%'(6;:9=?1=12=35:85
"7=8/-
-"#"DG
,%/.9?
-5;SRQ
m`ccakwfd{y{tpN~}qs}quvyw	
(++)#//,/!#,*'&%9;59=>1?1><14775
IJEKMB@M@CCAKGGDWY[TR_^]QS]QUVYWifdiloomocc`keghv{zy}
q}qr}suzxu
'++(#-/ .#"!%')%9:5;=20=0331;774987699568509745856