Sample details: 4233ab7fd2a1be5d3a891d66f4667f5d --

Hashes
MD5: 4233ab7fd2a1be5d3a891d66f4667f5d
SHA1: 31d456b7e360f106f9ae3d8cd8a98f8c5c8e4ded
SHA256: 9da157c66e8febf9419e6bd1c06cee95fff395903a06485bfab2e0029b8e5eb6
SSDEEP: 384:bq0zNKnJClbUdvU3niKmdUsUFHShDj4NN1oyDJuX0PrN:bq04Cl/XiKmdUTHShfWNHJ/P
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Basic_v50v60 | YRP/Microsoft_Visual_Basic_v50 | YRP/Microsoft_Visual_Basic_v50_v60 | YRP/Microsoft_Visual_Basic_v50_additional | YRP/Microsoft_Visual_Basic_v50v60_additional | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/SEH__vba | FlorianRoth/DragonFly_APT_Sep17_3 |
Parent Files
4f78769366938332655c54f4313d1132
Source
Strings
		!This program cannot be run in DOS mode.
`.data
MSVBVM60.DLL
fsjWfs
esSugs
es|5Ws
IsavMp20
mp20Form
SAV - Impressora de Or
amento
TahomaF
Tahoma0
Tahoma
Desligada
Tahoma
Gaveta
Gaveta_Opt
Gaveta Nivel 0
Gaveta_Opt
Gaveta Nivel 1
Docto_Opt
Com Docto
Docto_Opt
Sem Docto
Papel_Opt
Sem Papel
Papel_Opt
Com Papel
Em Linha
Tahoma
Paper Feed
Tahoma
Courier New
Courier New
Courier New
Courier New
Courier New
Courier New
Courier New
Courier New
Courier New
Courier New
Courier New
Courier New
Courier New
Courier New
Courier New
Courier New
Courier New
Courier New
Courier New
Courier New
Courier New
Courier New
Courier New
Courier New
Shape1
Porta Serial:
On Line
Tahoma
Paper Out
Tahoma
Tahoma
isavMp20
isav_mp20
IsavMp20
IsavMp20
mp20Form
modMp20
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
Gaveta_Opt
Docto_Opt
Papel_Opt
Gaveta
isavMp20.dll
mp20_Comunica
VBA6.DLL
__vbaErrorOverflow
__vbaObjSetAddref
__vbaStrFixstr
__vbaLsetFixstr
__vbaGenerateBoundsError
__vbaUI1Str
__vbaFreeStr
__vbaStrI2
__vbaStrMove
__vbaFreeStrList
__vbaR8Str
__vbaFreeVar
__vbaFreeObj
__vbaFreeObjList
__vbaObjSet
__vbaUI1I2
__vbaNew2
__vbaHresultCheckObj
__vbaFreeVarList
__vbaVarForNext
__vbaI2Var
__vbaLateIdSt
__vbaI4Var
__vbaVarForInit
__vbaRecAnsiToUni
__vbaSetSystemError
__vbaRecUniToAnsi
j\h()@
j\h()@
j\h()@
j\h()@
j\h()@
jTh8)@
j\h()@
j\h()@
j\h()@
j\h()@
j\h()@
jTh8)@
j\h()@
j\h()@
j\h()@
j\h()@
MSVBVM60.DLL
__vbaStrI2
_CIcos
_adj_fptan
__vbaFreeVar
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaRecAnsiToUni
__vbaLsetFixstr
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaVarForInit
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaStrFixstr
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaGenerateBoundsError
DllFunctionCall
_adj_fpatan
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaUI1I2
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaI2Var
_CIlog
__vbaErrorOverflow
__vbaNew2
__vbaR8Str
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
__vbaI4Var
_CIatan
__vbaStrMove
__vbaUI1Str
_allmul
__vbaLateIdSt
_CItan
__vbaVarForNext
_CIexp
__vbaFreeObj
__vbaFreeStr