Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: 73efe820f6913d4c650736e39440396c --

Hashes
MD5: 73efe820f6913d4c650736e39440396c
SHA1: 42393d894efc62718ebf9b39f67e21a5edb101fd
SHA256: 4bb58a238da18d46b00b17b3ee25b4933a59ca1dfeb2fe2f58e35bc188ed609f
SSDEEP: 192:9hVWQwOidlmHB883e8QJS+pyJ/szmTU2NOtMiQgHNmAHfRJZ2uKao:QzO0IDu/w+pS//TUuOtMemEp
Details
File Type: Composite
Yara Hits
YRP/office_document_vba | YRP/Contains_VBA_macro_code | YRP/domain | YRP/contentis_base64 | YRP/maldoc_OLE_file_magic_number | YRP/Big_Numbers0 |
Strings
		4, Xck@ddljuq
2Virtua@lAlloc
beekmico
4Gujmjo
MoveMemo
wlml"y
AnyE.Mn@hkdflfT$#
_=l H=
b Auto_O pen()
Di@m Yefv
icjvxgsh
Variant
, Wopzmw
a	Kcs0xwgs
ray(232,@ 130, F
7, 229H, 4`
130jSjUe= 
d(QEk), &LH1
40TnFDor
Attribut
e VB_Nam
e = "Hoj a1"
p0{0002`0820-
$0046}
|Global
ateDeriv
Bustomi
CreateThread
VirtualAlloc
RtlMoveMemory
CreateThread
VirtualAlloc
RtlMoveMemory
Attribut
e VB_Nam
e = "Thi
sWorkboo
0{00020P819-
$0046}
|Global
dCreat
ateDeriv
BustomiFz
7 Then
 PtrSafe
 FunctioDn 
 Lib "ke
rnel32" 
(ByVal R
tl As Lo
Attribut
e VB_Nam
e = "Hoj a2"
p0{0002`0820-
$0046}
|Global
ateDeriv
Bustomi
Attribut
e VB_Nam
e = "Hoj a3"
p0{0002`0820-
$0046}
|Global
ateDeriv
Bustomi
Win64x
Proyecto1
stdole
VBAProject
Office
ThisWorkbook|
_Evaluate
CreateThread
Ctdueyc
Xckddljuq
Epfowr"h
Drkbesalg
kernel32_
VirtualAlloc
Mbeekmicov
Gujmjosmfi
RtlMoveMemory
Mnhkdflfm
Auto_OpenV 
Workbookk
Qicjvxgsh
Wopzmwb
Kcsxwgs
Knpaca
AutoOpen
Workbook_Open
Worksheet
VBAProje
stdole>
*\G{00
020430-
6}#2.0#0
#C:\Wind
ows\syst em32\
tlb#OLE 
Automati
EOffDic
2DF8D04C
-5BFA-10
1B-BDE5
gram Fil
es\Commo
Micros
oft Shar
ed\OFFIC
E14\MSO.0DLL#
M 1@4.0 Ob
Library
orkbookG
Hoja1G
ThisWorkbook
ID="{1A2A5F1F-7105-4100-B42E-579DFB2357BB}"
Document=ThisWorkbook/&H00000000
Document=Hoja1/&H00000000
Document=Hoja2/&H00000000
Document=Hoja3/&H00000000
Name="VBAProject"
HelpContextID="0"
VersionCompatible32="393222000"
CMG="0F0DC7DAD9E6ECEAECEAECEAECEA"
DPB="1E1CD6EBEAF5F8F6F8F6F8"
GC="2D2FE5F8FB06FC06FCF9"
[Host Extender Info]
&H00000001={3832D640-CF90-11CF-8E43-00A0C911005A};VBE;&H00000000
[Workspace]
ThisWorkbook=25, 25, 924, 436, Z
Hoja1=0, 0, 0, 0, C
Hoja2=0, 0, 0, 0, C
Hoja3=0, 0, 0, 0, C