Analysis Report 001982_Invoice_confirmation.exe

• #100.MSVBVM60(VB5!6&*), ref: 00401605

• VB5!6&*, xrefs: 00401600

• Source File: 00000000.00000002.1426251663.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

• Associated: 00000000.00000002.1426235934.0000000000400000.00000002.00020000.sdmp Download File
• Associated: 00000000.00000002.1426298297.0000000000414000.00000004.00020000.sdmp Download File
• Associated: 00000000.00000002.1426308273.0000000000416000.00000002.00020000.sdmp Download File

• API ID: #100
• String ID: VB5!6&*
• API String ID: 1341478452-3593831657
• Opcode ID: b7d35993496275f4d602764f95d5a0f1f6b8ac3607594358e1391e5f2de0108f
• Instruction ID: 4cf55085aaa6abaf20537c19c98e9e236523d258bfb0b803a4356d04494bd7c0
• Opcode Fuzzy Hash: b7d35993496275f4d602764f95d5a0f1f6b8ac3607594358e1391e5f2de0108f
• Instruction Fuzzy Hash: 3402AB7284E3C18FC7138B709DA56957FB1AE2332571E05DBD8C08B1A3E26C8A5AD717

Uniqueness Score: -1.00%

• __vbaChkstk.MSVBVM60(?,004013C6), ref: 004111CC
• __vbaNew2.MSVBVM60(004028E4,004145F8,?,?,?,?,004013C6), ref: 00411203
• __vbaHresultCheckObj.MSVBVM60(00000000,?,004028D4,00000014), ref: 00411265
• __vbaHresultCheckObj.MSVBVM60(00000000,?,004028F4,00000100), ref: 004112C4
• __vbaFreeObj.MSVBVM60 ref: 004112F3
• __vbaStrCat.MSVBVM60(00402910,00402908), ref: 00411311
• #522.MSVBVM60(?,00000008,00402910,00402908), ref: 00411328
• __vbaVarTstEq.MSVBVM60(00008008,?,?,00000008,00402910,00402908), ref: 00411343
• __vbaFreeVarList.MSVBVM60(00000002,00000008,?,00008008,?,?,00000008,00402910,00402908), ref: 00411359
• __vbaStrCat.MSVBVM60(004026C4,004026BC,00000002,?,?,004013C6), ref: 0041137C
• __vbaStrMove.MSVBVM60(004026C4,004026BC,00000002,?,?,004013C6), ref: 00411386
• __vbaStrCat.MSVBVM60(004026CC,00000000,004026C4,004026BC,00000002,?,?,004013C6), ref: 00411391
• __vbaStrMove.MSVBVM60(004026CC,00000000,004026C4,004026BC,00000002,?,?,004013C6), ref: 0041139B
• __vbaInStr.MSVBVM60(00000000,004026CC,00000000,004026CC,00000000,004026C4,004026BC,00000002,?,?,004013C6), ref: 004113A8
• __vbaFreeStrList.MSVBVM60(00000002,00000002,004026BC,00000000,004026CC,00000000,004026CC,00000000,004026C4,004026BC,00000002,?,?,004013C6), ref: 004113C8
• __vbaFPInt.MSVBVM60(004026C4,004026BC,00000002,?,?,004013C6), ref: 004113E5
• __vbaFpR8.MSVBVM60(004026C4,004026BC,00000002,?,?,004013C6), ref: 004113EA
• __vbaChkstk.MSVBVM60 ref: 0041140F
• #689.MSVBVM60(Sgsmaalsgrunds7,stourness,oliemalinger), ref: 0041142C
• __vbaStrMove.MSVBVM60(Sgsmaalsgrunds7,stourness,oliemalinger), ref: 00411436
• __vbaStrCmp.MSVBVM60(00000000,00000000,Sgsmaalsgrunds7,stourness,oliemalinger), ref: 0041143E
• __vbaFreeStr.MSVBVM60(00000000,00000000,Sgsmaalsgrunds7,stourness,oliemalinger), ref: 00411454
• __vbaLenBstr.MSVBVM60(00402AB8,00000000,00000000,Sgsmaalsgrunds7,stourness,oliemalinger), ref: 0041146D
• #670.MSVBVM60(?,00402AB8,00000000,00000000,Sgsmaalsgrunds7,stourness,oliemalinger), ref: 0041147F
• __vbaVarTstEq.MSVBVM60(00008008,?,?,00402AB8,00000000,00000000,Sgsmaalsgrunds7,stourness,oliemalinger), ref: 0041149A
• __vbaFreeVar.MSVBVM60(00008008,?,?,00402AB8,00000000,00000000,Sgsmaalsgrunds7,stourness,oliemalinger), ref: 004114A9
• __vbaVarDup.MSVBVM60(00008008,?,?,00402AB8,00000000,00000000,Sgsmaalsgrunds7,stourness,oliemalinger), ref: 004114F7
• #595.MSVBVM60(?,00000000,0000000A,0000000A,0000000A,00008008,?,?,00402AB8,00000000,00000000,Sgsmaalsgrunds7,stourness,oliemalinger), ref: 0041150E
• __vbaFreeVarList.MSVBVM60(00000004,?,0000000A,0000000A,0000000A,?,00000000,0000000A,0000000A,0000000A,00008008,?,?,00402AB8,00000000,00000000), ref: 00411525

• prnumerant, xrefs: 00411484
• stourness, xrefs: 00411422
• Topforhandlernes, xrefs: 004114E3
• oliemalinger, xrefs: 0041141D
• Sgsmaalsgrunds7, xrefs: 00411427

• Source File: 00000000.00000002.1426251663.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

• Associated: 00000000.00000002.1426235934.0000000000400000.00000002.00020000.sdmp Download File
• Associated: 00000000.00000002.1426298297.0000000000414000.00000004.00020000.sdmp Download File
• Associated: 00000000.00000002.1426308273.0000000000416000.00000002.00020000.sdmp Download File

• API ID: __vba$Free$ListMove$CheckChkstkHresult$#522#595#670#689BstrNew2
• String ID: Sgsmaalsgrunds7$Topforhandlernes$oliemalinger$prnumerant$stourness
• API String ID: 1585906448-2475824071
• Opcode ID: 531f2af8a486367a48dce64500ca154ff6a0e465dfa6d71e140b385e6779d00e
• Instruction ID: 31284393ca8cf76a902cbbba73c49a5c0e072b0fd5f0e774116d822f8a32e783
• Opcode Fuzzy Hash: 531f2af8a486367a48dce64500ca154ff6a0e465dfa6d71e140b385e6779d00e
• Instruction Fuzzy Hash: F7914F71940218EADB10EBA1CD45FDEB7B9AF44704F1041BBE106BB1E1DB789A84CF69

Uniqueness Score: -1.00%

• __vbaChkstk.MSVBVM60(?,004013C6), ref: 0040FD72
• __vbaStrCat.MSVBVM60(00402910,00402908,?,?,?,?,004013C6), ref: 0040FDA0
• #522.MSVBVM60(?,00000008), ref: 0040FDB7
• __vbaVarTstEq.MSVBVM60(00008008,?), ref: 0040FDD2
• __vbaFreeVarList.MSVBVM60(00000002,00000008,?,00008008,?), ref: 0040FDE8
• __vbaStrCat.MSVBVM60(004026C4,004026BC,00000002,?,?,004013C6), ref: 0040FE0B
• __vbaStrMove.MSVBVM60(004026C4,004026BC,00000002,?,?,004013C6), ref: 0040FE15
• __vbaStrCat.MSVBVM60(004026CC,00000000,004026C4,004026BC,00000002,?,?,004013C6), ref: 0040FE20
• __vbaStrMove.MSVBVM60(004026CC,00000000,004026C4,004026BC,00000002,?,?,004013C6), ref: 0040FE2A
• __vbaInStr.MSVBVM60(00000000,004026CC,00000000,004026CC,00000000,004026C4,004026BC,00000002,?,?,004013C6), ref: 0040FE37
• __vbaFreeStrList.MSVBVM60(00000002,004026BC,004026C4,00000000,004026CC,00000000,004026CC,00000000,004026C4,004026BC,00000002,?,?,004013C6), ref: 0040FE57
• __vbaFPInt.MSVBVM60(004026C4,004026BC,00000002,?,?,004013C6), ref: 0040FE74
• __vbaFpR8.MSVBVM60(004026C4,004026BC,00000002,?,?,004013C6), ref: 0040FE79
• __vbaChkstk.MSVBVM60 ref: 0040FE9E
• #689.MSVBVM60(misbrugere,Stengun2,HABITABLE), ref: 0040FEBB
• __vbaStrMove.MSVBVM60(misbrugere,Stengun2,HABITABLE), ref: 0040FEC5
• __vbaStrCmp.MSVBVM60(00000000,00000000,misbrugere,Stengun2,HABITABLE), ref: 0040FECD
• __vbaFreeStr.MSVBVM60(00000000,00000000,misbrugere,Stengun2,HABITABLE), ref: 0040FEE3
• __vbaLenBstr.MSVBVM60(00402964,00000000,00000000,misbrugere,Stengun2,HABITABLE), ref: 0040FEFC
• #670.MSVBVM60(?,00402964,00000000,00000000,misbrugere,Stengun2,HABITABLE), ref: 0040FF0E
• __vbaVarTstEq.MSVBVM60(00008008,?,?,00402964,00000000,00000000,misbrugere,Stengun2,HABITABLE), ref: 0040FF29
• __vbaFreeVar.MSVBVM60(00008008,?,?,00402964,00000000,00000000,misbrugere,Stengun2,HABITABLE), ref: 0040FF38
• __vbaNew2.MSVBVM60(004030F8,00414010,00008008,?,?,00402964,00000000,00000000,misbrugere,Stengun2,HABITABLE), ref: 0040FF89
• __vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,00008008,?,?,00402964,00000000,00000000,misbrugere,Stengun2,HABITABLE), ref: 0040FFC2
• __vbaHresultCheckObj.MSVBVM60(00000000,?,0040275C,00000048,?,?,?,?,?,00008008,?,?,00402964,00000000,00000000,misbrugere), ref: 00410006
• #595.MSVBVM60(00000008,00000000,0000000A,0000000A,0000000A,?,?,?,?,?,00008008,?,?,00402964,00000000,00000000), ref: 00410049
• __vbaFreeObj.MSVBVM60(00000008,00000000,0000000A,0000000A,0000000A,?,?,?,?,?,00008008,?,?,00402964,00000000,00000000), ref: 00410051
• __vbaFreeVarList.MSVBVM60(00000004,00000008,0000000A,0000000A,0000000A,00000008,00000000,0000000A,0000000A,0000000A,?,?,?,?,?,00008008), ref: 00410068

• Dizaine, xrefs: 0040FF13
• misbrugere, xrefs: 0040FEB6
• HABITABLE, xrefs: 0040FEAC
• Stengun2, xrefs: 0040FEB1

• Source File: 00000000.00000002.1426251663.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

• Associated: 00000000.00000002.1426235934.0000000000400000.00000002.00020000.sdmp Download File
• Associated: 00000000.00000002.1426298297.0000000000414000.00000004.00020000.sdmp Download File
• Associated: 00000000.00000002.1426308273.0000000000416000.00000002.00020000.sdmp Download File

• API ID: __vba$Free$ListMove$Chkstk$#522#595#670#689BstrCheckHresultNew2
• String ID: Dizaine$HABITABLE$Stengun2$misbrugere
• API String ID: 3850225901-803909472
• Opcode ID: 278a2beeb6a1e41782d8a7672f1d290ccfd0938bfa630a5cabba2131d975c10c
• Instruction ID: 7c421ab3a05930befdff4b48723c4b6f0a37a4a9ce7ae853d4d53909da41fa0b
• Opcode Fuzzy Hash: 278a2beeb6a1e41782d8a7672f1d290ccfd0938bfa630a5cabba2131d975c10c
• Instruction Fuzzy Hash: 38813CB1950218EADB10EFA1CC45BDEBBB8BF44704F10416BF506BB1D1DBB899848F69

Uniqueness Score: -1.00%

• __vbaChkstk.MSVBVM60(?,004013C6), ref: 004101CD
• __vbaStrCopy.MSVBVM60(?,?,?,?,004013C6), ref: 004101F7
• __vbaStrCat.MSVBVM60(00402980,00402908,?,?,?,?,004013C6), ref: 00410206
• __vbaStrMove.MSVBVM60(00402980,00402908,?,?,?,?,004013C6), ref: 00410210
• __vbaStrCat.MSVBVM60(00402980,00000000,00402980,00402908,?,?,?,?,004013C6), ref: 0041021B
• #520.MSVBVM60(?,00000008), ref: 00410232
• __vbaStrCat.MSVBVM60(00402980,00402980,?,00000008), ref: 00410241
• __vbaVarTstEq.MSVBVM60(00008008,00402980), ref: 00410258
• __vbaFreeStr.MSVBVM60(00008008,00402980), ref: 00410264
• __vbaFreeVarList.MSVBVM60(00000003,00000008,00402980,00008008,00008008,00402980), ref: 00410277
• #690.MSVBVM60(unwall,Oculus,Karseklippet,prenominate,?,?,?,004013C6), ref: 0041029B
• __vbaFreeStr.MSVBVM60(004102D3,?,?,?,004013C6), ref: 004102CD

• Oculus, xrefs: 00410291
• Karseklippet, xrefs: 0041028C
• prenominate, xrefs: 00410287
• unwall, xrefs: 00410296

• Source File: 00000000.00000002.1426251663.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

• Associated: 00000000.00000002.1426235934.0000000000400000.00000002.00020000.sdmp Download File
• Associated: 00000000.00000002.1426298297.0000000000414000.00000004.00020000.sdmp Download File
• Associated: 00000000.00000002.1426308273.0000000000416000.00000002.00020000.sdmp Download File

• API ID: __vba$Free$#520#690ChkstkCopyListMove
• String ID: Karseklippet$Oculus$prenominate$unwall
• API String ID: 1353531886-1380899336
• Opcode ID: 219ed9380fe5eeb09bdfd0972244660aa20a558d0836d1a4cf29b007b43818b2
• Instruction ID: 498675eeadeb957f38c2004096b09c6973aa91027881f4790ffa6ddbada303db
• Opcode Fuzzy Hash: 219ed9380fe5eeb09bdfd0972244660aa20a558d0836d1a4cf29b007b43818b2
• Instruction Fuzzy Hash: 0B211CB1A40208BACB00EBD1CD46FDEB7B8BB44704F54403BF405BA1E1DAB899498B58

Uniqueness Score: -1.00%

• c@, xrefs: 004F24FE
• ,;, xrefs: 004F2A35
• "(, xrefs: 004F28A0

• Source File: 00000000.00000002.1426657754.00000000004F0000.00000040.00000001.sdmp, Offset: 004F0000, based on PE: false

• API ID:
• String ID: "($,;$c@
• API String ID: 0-3051425108
• Opcode ID: 8ee476f6185188078e007767d7db69d0ce261e785725fd752fe5df3bea1f44fe
• Instruction ID: 8f2dc255f00ef564dec01a63248ba606f0c896d73becc642bed7edf136d90287
• Opcode Fuzzy Hash: 8ee476f6185188078e007767d7db69d0ce261e785725fd752fe5df3bea1f44fe
• Instruction Fuzzy Hash: 4112277060474DEEEF208E14CD94BBA7691AF12314F64825BEB525B2D5C3BD8882D71F

Uniqueness Score: -1.00%

• mcK|, xrefs: 004F1C9D

• Source File: 00000000.00000002.1426657754.00000000004F0000.00000040.00000001.sdmp, Offset: 004F0000, based on PE: false

• API ID:
• String ID: mcK|
• API String ID: 0-3903270498
• Opcode ID: 95b3bef8eb4f66ef5b9c7c7268f9f4d2f2118ecd2832fdf87c0ee3a6e9cfe928
• Instruction ID: 2924b2d683e61da0dc5371a96f0bf56474fcf2414b51a41a153cdaf728a5b7cb
• Opcode Fuzzy Hash: 95b3bef8eb4f66ef5b9c7c7268f9f4d2f2118ecd2832fdf87c0ee3a6e9cfe928
• Instruction Fuzzy Hash: 61E1387070470ADFE7149E24CD90BF673A0FF54354F24422BEE9A93261C72CA842DB9A

Uniqueness Score: -1.00%

• mcK|, xrefs: 004F1C9D

• Source File: 00000000.00000002.1426657754.00000000004F0000.00000040.00000001.sdmp, Offset: 004F0000, based on PE: false

• API ID:
• String ID: mcK|
• API String ID: 0-3903270498
• Opcode ID: 9101316acf81d0a5bd394c0bb743cec377b918ab689a70c10ef40d36453db9d7
• Instruction ID: 3eb4292db9a9e603b604b9504027b198027ed2971a6a00d0fe3d401bc0c5b918
• Opcode Fuzzy Hash: 9101316acf81d0a5bd394c0bb743cec377b918ab689a70c10ef40d36453db9d7
• Instruction Fuzzy Hash: 91313931644609EFD7549E18CC51BF533A5BF00390F25422BEEA9932A1C72DA846AB8A

Uniqueness Score: -1.00%

• mcK|, xrefs: 004F1C9D

• Source File: 00000000.00000002.1426657754.00000000004F0000.00000040.00000001.sdmp, Offset: 004F0000, based on PE: false

• API ID:
• String ID: mcK|
• API String ID: 0-3903270498
• Opcode ID: 2f2144577ac849862355fa0ff604044f04d2f26dcbe1fc45125c5473414e9117
• Instruction ID: 2a811f2fedea0d8932389d10a9dc9cf45f0e51d78206044dc65b5432fa99fc9e
• Opcode Fuzzy Hash: 2f2144577ac849862355fa0ff604044f04d2f26dcbe1fc45125c5473414e9117
• Instruction Fuzzy Hash: 50313B31B4420DEFD7689A18CD41BF533B5BF00350F25422BFE65932A1D72DA8459B4A

Uniqueness Score: -1.00%

• Source File: 00000000.00000002.1426657754.00000000004F0000.00000040.00000001.sdmp, Offset: 004F0000, based on PE: false

• API ID:
• String ID:
• API String ID:
• Opcode ID: 27536a792cf4b99aea52cb5ff329a24ae3638ba34d57183e4082b76b371a6b93
• Instruction ID: 3825aa258c5fa4939219ef1ffcb2bec9bc28a3c342efce71b516035f7b53433d
• Opcode Fuzzy Hash: 27536a792cf4b99aea52cb5ff329a24ae3638ba34d57183e4082b76b371a6b93
• Instruction Fuzzy Hash: 6851D830508B8ACECB24CF248594775B6D19F62310F69C29BDB978B2D6C32C8543D71B

Uniqueness Score: -1.00%

• Source File: 00000000.00000002.1426657754.00000000004F0000.00000040.00000001.sdmp, Offset: 004F0000, based on PE: false

• API ID:
• String ID:
• API String ID:
• Opcode ID: d69f65e967758f5f9e55db55e73ed01743e2bef75fb36ac1be1936ee4795db24
• Instruction ID: 0de73251dc6680184257e5e36bb323e9e766176258316cf67b073fb30c140b53
• Opcode Fuzzy Hash: d69f65e967758f5f9e55db55e73ed01743e2bef75fb36ac1be1936ee4795db24
• Instruction Fuzzy Hash: A351C730908B8ACEDB24CF248594775B6D19F22310F69C29BDB978B2D6D32D8543D71B

Uniqueness Score: -1.00%

• Source File: 00000000.00000002.1426657754.00000000004F0000.00000040.00000001.sdmp, Offset: 004F0000, based on PE: false

• API ID:
• String ID:
• API String ID:
• Opcode ID: 1b46d947df4a07eb37d05304372e208b1ea7a4f491d34f0382ab8ae722b63313
• Instruction ID: 0bb2c5225e8a3da86693bc507806893e714a27f43978eefb4deccfd8b152d7fb
• Opcode Fuzzy Hash: 1b46d947df4a07eb37d05304372e208b1ea7a4f491d34f0382ab8ae722b63313
• Instruction Fuzzy Hash: 6051B830908B89CEDB24CF288594775B6D19F22320F69C29BCB974B2D6D32D8547D61B

Uniqueness Score: -1.00%

• Source File: 00000000.00000002.1426657754.00000000004F0000.00000040.00000001.sdmp, Offset: 004F0000, based on PE: false

• API ID:
• String ID:
• API String ID:
• Opcode ID: cb9a995d5b8141dbe85553cfd50294a1a3c546db13df85976b964090864f7392
• Instruction ID: b70b0e96abb546e993c8c2cf42630d2f4ee659ac264abb9e4e453a512376dc5e
• Opcode Fuzzy Hash: cb9a995d5b8141dbe85553cfd50294a1a3c546db13df85976b964090864f7392
• Instruction Fuzzy Hash: 7151B830908B89CECB248F188594775B6D19F22310F69C29BDB978B2D6D32C8543D71B

Uniqueness Score: -1.00%

• Source File: 00000000.00000002.1426657754.00000000004F0000.00000040.00000001.sdmp, Offset: 004F0000, based on PE: false

• API ID:
• String ID:
• API String ID:
• Opcode ID: ce4e7e88bb39ba46014dd29ff814dbbaa479ea3dc69a78ff283da4c661992e14
• Instruction ID: 3d7f92ed4e25b64e6157a9779696743094cc30cb9db810e51f0905bb83785e39
• Opcode Fuzzy Hash: ce4e7e88bb39ba46014dd29ff814dbbaa479ea3dc69a78ff283da4c661992e14
• Instruction Fuzzy Hash: A041F73020430CEFEB249E248E94BB96291EF05395F31426BEF52971E1D7AC8982D61B

Uniqueness Score: -1.00%

• Source File: 00000000.00000002.1426657754.00000000004F0000.00000040.00000001.sdmp, Offset: 004F0000, based on PE: false

• API ID:
• String ID:
• API String ID:
• Opcode ID: 4db7d7b913047c4a643317d3761836bf6d8620b343ec0e0943bf327bbd226e26
• Instruction ID: 4ae113641c10018253593ae89c75aaaaeb638fd6cd7ec5d36ed45a1aa80bb348
• Opcode Fuzzy Hash: 4db7d7b913047c4a643317d3761836bf6d8620b343ec0e0943bf327bbd226e26
• Instruction Fuzzy Hash: 8B21FB3010834CEEEB205E148E54BB56691AF01754F25416BEF436B1E1D7AD8942E61F

Uniqueness Score: -1.00%

• Source File: 00000000.00000002.1426657754.00000000004F0000.00000040.00000001.sdmp, Offset: 004F0000, based on PE: false

• API ID:
• String ID:
• API String ID:
• Opcode ID: 60317251ef9d0cde6c49ab126f66f25655670c91da8640f6d4cc7d59e310addd
• Instruction ID: 8261c33acab292768b08084e2150f050f7b06dbed918f4db4a218b3ff9898e6f
• Opcode Fuzzy Hash: 60317251ef9d0cde6c49ab126f66f25655670c91da8640f6d4cc7d59e310addd
• Instruction Fuzzy Hash: 6D21063024430CEBEB20AE118E55FB56295AF00754F21826BAF026A0E2D7ADC942E51F

Uniqueness Score: -1.00%

• Source File: 00000000.00000002.1426657754.00000000004F0000.00000040.00000001.sdmp, Offset: 004F0000, based on PE: false

• API ID:
• String ID:
• API String ID:
• Opcode ID: 49b0712b1298d96145709bd933d1dd927df37e5f71fc023e06a370498c0ddc0c
• Instruction ID: 340117b7063e1a734fff9ebcd3581e0ae5e6b5463975a7ee41055c02eb8eec39
• Opcode Fuzzy Hash: 49b0712b1298d96145709bd933d1dd927df37e5f71fc023e06a370498c0ddc0c
• Instruction Fuzzy Hash: E7014931504248EBDF3659118E40BFF3A23ABC63A0F25013ABE4523515C67B8A91FA0A

Uniqueness Score: -1.00%

• Source File: 00000000.00000002.1426657754.00000000004F0000.00000040.00000001.sdmp, Offset: 004F0000, based on PE: false

• API ID:
• String ID:
• API String ID:
• Opcode ID: 3c43530a17c7aff261b8a74967a6795b1a30be041544965e34da51041bd0051d
• Instruction ID: ac4ffc9eba21ac3bb9b318878f8bb4e66d333461a7a3def724b5feb3772f6ba0
• Opcode Fuzzy Hash: 3c43530a17c7aff261b8a74967a6795b1a30be041544965e34da51041bd0051d
• Instruction Fuzzy Hash: 43F08C30B0AA08CFD724CA08CBC8F7273A1AF14350F224597EF1287211D729FC42DA1A

Uniqueness Score: -1.00%

• Source File: 00000000.00000002.1426657754.00000000004F0000.00000040.00000001.sdmp, Offset: 004F0000, based on PE: false

• API ID:
• String ID:
• API String ID:
• Opcode ID: 8907f24da5c54f869f27ce7c9471f2530d5cc12c7813d9026715243d6c6f8e29
• Instruction ID: 71a1043189d9dfa2c30642903d05da472eeb52dd05ed8b55777255b9406cb7e2
• Opcode Fuzzy Hash: 8907f24da5c54f869f27ce7c9471f2530d5cc12c7813d9026715243d6c6f8e29
• Instruction Fuzzy Hash: 16C01236246688CFC6598E088190BA233B0BBA1340B922082ED024B655C72CD802E90A

Uniqueness Score: -1.00%

• Source File: 00000000.00000002.1426657754.00000000004F0000.00000040.00000001.sdmp, Offset: 004F0000, based on PE: false

• API ID:
• String ID:
• API String ID:
• Opcode ID: f416f750b4a15c70283d2d11e93227f6f15dfe62ed0ca799c5be7985ab7f5a23
• Instruction ID: 5890d216365aa49a06dd324f57a9248f07d31a1b92b78dfba9d34bfd956927e5
• Opcode Fuzzy Hash: f416f750b4a15c70283d2d11e93227f6f15dfe62ed0ca799c5be7985ab7f5a23
• Instruction Fuzzy Hash: 61C092B6241681DFEF86DE08C691F5073B0FB45B88F0804E0E842EB712D328FD01DA01

Uniqueness Score: -1.00%

• __vbaChkstk.MSVBVM60(?,004013C6), ref: 00413177
• __vbaStrCat.MSVBVM60(00402C58,00402A08,?,?,?,?,004013C6), ref: 00413193
• __vbaStrMove.MSVBVM60(00402C58,00402A08,?,?,?,?,004013C6), ref: 0041319D
• __vbaStrCat.MSVBVM60(00402A08,00000000,00402C58,00402A08,?,?,?,?,004013C6), ref: 004131A8
• __vbaStrMove.MSVBVM60(00402A08,00000000,00402C58,00402A08,?,?,?,?,004013C6), ref: 004131B2
• __vbaStrCat.MSVBVM60(00402C58,00000000,00402A08,00000000,00402C58,00402A08,?,?,?,?,004013C6), ref: 004131BD
• __vbaStrMove.MSVBVM60(00402C58,00000000,00402A08,00000000,00402C58,00402A08,?,?,?,?,004013C6), ref: 004131C7
• __vbaStrCat.MSVBVM60(00402A08,00000000,00402C58,00000000,00402A08,00000000,00402C58,00402A08,?,?,?,?,004013C6), ref: 004131D2
• __vbaStrMove.MSVBVM60(00402A08,00000000,00402C58,00000000,00402A08,00000000,00402C58,00402A08,?,?,?,?,004013C6), ref: 004131DC
• __vbaStrCat.MSVBVM60(004026D4,00000000,00402A08,00000000,00402C58,00000000,00402A08,00000000,00402C58,00402A08,?,?,?,?,004013C6), ref: 004131E7
• #544.MSVBVM60(?,00000008), ref: 00413201
• __vbaVarTstEq.MSVBVM60(00008002,?,?,?,?,?,?,?,?,?,?,?,?,00000008), ref: 00413228
• __vbaFreeStrList.MSVBVM60(00000004,?,?,?,?,00008002,?), ref: 00413246
• __vbaFreeVarList.MSVBVM60(00000002,?,?), ref: 0041325B
• __vbaStrCat.MSVBVM60(004026C4,00402B0C), ref: 0041327C
• __vbaStrMove.MSVBVM60(004026C4,00402B0C), ref: 00413286
• __vbaStrCat.MSVBVM60(00402B14,00000000,004026C4,00402B0C), ref: 00413291
• __vbaStrMove.MSVBVM60(00402B14,00000000,004026C4,00402B0C), ref: 0041329B
• __vbaStrCat.MSVBVM60(00402B1C,00000000,00402B14,00000000,004026C4,00402B0C), ref: 004132A6
• __vbaStrMove.MSVBVM60(00402B1C,00000000,00402B14,00000000,004026C4,00402B0C), ref: 004132B0
• __vbaStrCat.MSVBVM60(00402B24,00000000,00402B1C,00000000,00402B14,00000000,004026C4,00402B0C), ref: 004132BB
• __vbaStrMove.MSVBVM60(00402B24,00000000,00402B1C,00000000,00402B14,00000000,004026C4,00402B0C), ref: 004132C5
• __vbaStrCat.MSVBVM60(00402B2C,00000000,00402B24,00000000,00402B1C,00000000,00402B14,00000000,004026C4,00402B0C), ref: 004132D0
• __vbaStrMove.MSVBVM60(00402B2C,00000000,00402B24,00000000,00402B1C,00000000,00402B14,00000000,004026C4,00402B0C), ref: 004132DA
• __vbaStrCat.MSVBVM60(00402A30,00000000,00402B2C,00000000,00402B24,00000000,00402B1C,00000000,00402B14,00000000,004026C4,00402B0C), ref: 004132E5
• __vbaHresultCheckObj.MSVBVM60(00000000,?,00402434,00000218), ref: 0041333E
• __vbaChkstk.MSVBVM60 ref: 00413355
• __vbaChkstk.MSVBVM60 ref: 00413366
• __vbaLateMemCallLd.MSVBVM60(?,?,Add,00000002), ref: 00413388
• __vbaObjVar.MSVBVM60(00000000,00402A30,00000000,00402B2C,00000000,00402B24,00000000,00402B1C,00000000,00402B14,00000000,004026C4,00402B0C), ref: 00413391
• __vbaObjSetAddref.MSVBVM60(?,00000000,00000000,00402A30,00000000,00402B2C,00000000,00402B24,00000000,00402B1C,00000000,00402B14,00000000,004026C4,00402B0C), ref: 0041339B
• __vbaFreeStrList.MSVBVM60(00000005,?,00402B0C,004026C4,00000000,00402B14,?,00000000,00000000,00402A30,00000000,00402B2C,00000000,00402B24,00000000,00402B1C), ref: 004133B6
• __vbaFreeObj.MSVBVM60(?,?,?,?,00000000,00000000,00402A30,00000000,00402B2C,00000000,00402B24,00000000,00402B1C,00000000,00402B14,00000000), ref: 004133C1
• __vbaFreeVarList.MSVBVM60(00000002,?,?,?,?,?,?,00000000,00000000,00402A30,00000000,00402B2C,00000000,00402B24,00000000,00402B1C), ref: 004133D3
• __vbaChkstk.MSVBVM60 ref: 004133F2
• __vbaLateMemSt.MSVBVM60(?,00402B54), ref: 0041340B
• __vbaChkstk.MSVBVM60(?,00402B54), ref: 00413427
• __vbaLateMemSt.MSVBVM60(?,00402B5C,?,00402B54), ref: 00413440
• __vbaChkstk.MSVBVM60(?,00402B5C,?,00402B54), ref: 0041345C
• __vbaLateMemSt.MSVBVM60(?,00402B64,?,00402B5C,?,00402B54), ref: 00413475
• __vbaNew2.MSVBVM60(004030F8,00414010,?,00402B64,?,00402B5C,?,00402B54), ref: 0041348D
• __vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,?,00402B64,?,00402B5C,?,00402B54), ref: 004134C6
• __vbaHresultCheckObj.MSVBVM60(00000000,?,0040275C,00000108,?,?,?,?,?,?,?,?,?,00402B64,?,00402B5C), ref: 00413513
• __vbaChkstk.MSVBVM60(?,?,?,?,?,?,?,?,?,00402B64,?,00402B5C,?,00402B54), ref: 00413542
• __vbaLateMemSt.MSVBVM60(?,00402B6C,?,?,?,?,?,?,?,?,?,00402B64,?,00402B5C,?,00402B54), ref: 0041355B
• __vbaFreeObj.MSVBVM60(?,00402B6C,?,?,?,?,?,?,?,?,?,00402B64,?,00402B5C,?,00402B54), ref: 00413563
• __vbaChkstk.MSVBVM60(?,00402B6C,?,?,?,?,?,?,?,?,?,00402B64,?,00402B5C,?,00402B54), ref: 0041357C
• __vbaLateMemSt.MSVBVM60(?,Visible,?,00402B6C,?,?,?,?,?,?,?,?,?,00402B64,?,00402B5C), ref: 00413595
• __vbaLateMemCallLd.MSVBVM60(?,?,BorderStyle,00000000,?,Visible,?,00402B6C), ref: 004135BC
• __vbaVarTstEq.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00402A30), ref: 004135CC
• __vbaFreeVar.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00402A30), ref: 004135DB
• #651.MSVBVM60(00000002,?,00000000), ref: 00413601
• __vbaStrMove.MSVBVM60(00000002,?,00000000), ref: 0041360B
• __vbaStrCat.MSVBVM60(00402B94,00402728,00000000,00000002,?,00000000), ref: 0041361B
• __vbaStrMove.MSVBVM60(00402B94,00402728,00000000,00000002,?,00000000), ref: 00413625
• __vbaStrCat.MSVBVM60(00402980,00000000,00402B94,00402728,00000000,00000002,?,00000000), ref: 00413630
• __vbaStrMove.MSVBVM60(00402980,00000000,00402B94,00402728,00000000,00000002,?,00000000), ref: 0041363A
• __vbaStrCat.MSVBVM60(00402908,00000000,00402980,00000000,00402B94,00402728,00000000,00000002,?,00000000), ref: 00413645
• __vbaStrMove.MSVBVM60(00402908,00000000,00402980,00000000,00402B94,00402728,00000000,00000002,?,00000000), ref: 0041364F
• __vbaStrCat.MSVBVM60(00402B9C,00000000,00402908,00000000,00402980,00000000,00402B94,00402728,00000000,00000002,?,00000000), ref: 0041365A
• __vbaStrMove.MSVBVM60(00402B9C,00000000,00402908,00000000,00402980,00000000,00402B94,00402728,00000000,00000002,?,00000000), ref: 00413664
• __vbaStrCat.MSVBVM60(00402BA4,00000000,00402B9C,00000000,00402908,00000000,00402980,00000000,00402B94,00402728,00000000,00000002,?,00000000), ref: 0041366F
• __vbaStrMove.MSVBVM60(00402BA4,00000000,00402B9C,00000000,00402908,00000000,00402980,00000000,00402B94,00402728,00000000,00000002,?,00000000), ref: 00413679
• __vbaStrCat.MSVBVM60(00402908,00000000,00402BA4,00000000,00402B9C,00000000,00402908,00000000,00402980,00000000,00402B94,00402728,00000000,00000002,?,00000000), ref: 00413684
• __vbaStrMove.MSVBVM60(00402908,00000000,00402BA4,00000000,00402B9C,00000000,00402908,00000000,00402980,00000000,00402B94,00402728,00000000,00000002,?,00000000), ref: 0041368E
• __vbaStrCat.MSVBVM60(00402BAC,00000000,00402908,00000000,00402BA4,00000000,00402B9C,00000000,00402908,00000000,00402980,00000000,00402B94,00402728,00000000,00000002), ref: 00413699
• __vbaStrMove.MSVBVM60(00402BAC,00000000,00402908,00000000,00402BA4,00000000,00402B9C,00000000,00402908,00000000,00402980,00000000,00402B94,00402728,00000000,00000002), ref: 004136A3
• __vbaStrCat.MSVBVM60(00402980,00000000,00402BAC,00000000,00402908,00000000,00402BA4,00000000,00402B9C,00000000,00402908,00000000,00402980,00000000,00402B94,00402728), ref: 004136AE
• __vbaStrMove.MSVBVM60(00402980,00000000,00402BAC,00000000,00402908,00000000,00402BA4,00000000,00402B9C,00000000,00402908,00000000,00402980,00000000,00402B94,00402728), ref: 004136B8
• __vbaStrCat.MSVBVM60(00402A38,00000000,00402980,00000000,00402BAC,00000000,00402908,00000000,00402BA4,00000000,00402B9C,00000000,00402908,00000000,00402980,00000000), ref: 004136C3
• __vbaStrMove.MSVBVM60(00402A38,00000000,00402980,00000000,00402BAC,00000000,00402908,00000000,00402BA4,00000000,00402B9C,00000000,00402908,00000000,00402980,00000000), ref: 004136CD
• __vbaStrCat.MSVBVM60(00402B24,00000000,00402A38,00000000,00402980,00000000,00402BAC,00000000,00402908,00000000,00402BA4,00000000,00402B9C,00000000,00402908,00000000), ref: 004136D8
• __vbaStrMove.MSVBVM60(00402B24,00000000,00402A38,00000000,00402980,00000000,00402BAC,00000000,00402908,00000000,00402BA4,00000000,00402B9C,00000000,00402908,00000000), ref: 004136E2
• __vbaStrCat.MSVBVM60(00402B2C,00000000,00402B24,00000000,00402A38,00000000,00402980,00000000,00402BAC,00000000,00402908,00000000,00402BA4,00000000,00402B9C,00000000), ref: 004136ED
• __vbaStrMove.MSVBVM60(00402B2C,00000000,00402B24,00000000,00402A38,00000000,00402980,00000000,00402BAC,00000000,00402908,00000000,00402BA4,00000000,00402B9C,00000000), ref: 004136F7
• __vbaStrCat.MSVBVM60(00402BB4,00000000,00402B2C,00000000,00402B24,00000000,00402A38,00000000,00402980,00000000,00402BAC,00000000,00402908,00000000,00402BA4,00000000), ref: 00413702
• __vbaStrMove.MSVBVM60(00402BB4,00000000,00402B2C,00000000,00402B24,00000000,00402A38,00000000,00402980,00000000,00402BAC,00000000,00402908,00000000,00402BA4,00000000), ref: 0041370C
• __vbaStrCat.MSVBVM60(00402908,00000000,00402BB4,00000000,00402B2C,00000000,00402B24,00000000,00402A38,00000000,00402980,00000000,00402BAC,00000000,00402908,00000000), ref: 00413717
• __vbaStrMove.MSVBVM60(00402908,00000000,00402BB4,00000000,00402B2C,00000000,00402B24,00000000,00402A38,00000000,00402980,00000000,00402BAC,00000000,00402908,00000000), ref: 00413721
• __vbaStrCat.MSVBVM60(00402BAC,00000000,00402908,00000000,00402BB4,00000000,00402B2C,00000000,00402B24,00000000,00402A38,00000000,00402980,00000000,00402BAC,00000000), ref: 0041372C
• __vbaStrMove.MSVBVM60(00402BAC,00000000,00402908,00000000,00402BB4,00000000,00402B2C,00000000,00402B24,00000000,00402A38,00000000,00402980,00000000,00402BAC,00000000), ref: 00413736
• __vbaStrCat.MSVBVM60(00402BBC,00000000,00402BAC,00000000,00402908,00000000,00402BB4,00000000,00402B2C,00000000,00402B24,00000000,00402A38,00000000,00402980,00000000), ref: 00413741
• __vbaStrMove.MSVBVM60(00402BBC,00000000,00402BAC,00000000,00402908,00000000,00402BB4,00000000,00402B2C,00000000,00402B24,00000000,00402A38,00000000,00402980,00000000), ref: 0041374B
• __vbaStrCat.MSVBVM60(00402A00,00000000,00402BBC,00000000,00402BAC,00000000,00402908,00000000,00402BB4,00000000,00402B2C,00000000,00402B24,00000000,00402A38,00000000), ref: 00413756
• __vbaStrMove.MSVBVM60(00402A00,00000000,00402BBC,00000000,00402BAC,00000000,00402908,00000000,00402BB4,00000000,00402B2C,00000000,00402B24,00000000,00402A38,00000000), ref: 00413760
• __vbaStrCat.MSVBVM60(00402A28,00000000,00402A00,00000000,00402BBC,00000000,00402BAC,00000000,00402908,00000000,00402BB4,00000000,00402B2C,00000000,00402B24,00000000), ref: 0041376B
• __vbaStrMove.MSVBVM60(00402A28,00000000,00402A00,00000000,00402BBC,00000000,00402BAC,00000000,00402908,00000000,00402BB4,00000000,00402B2C,00000000,00402B24,00000000), ref: 00413775
• __vbaStrCat.MSVBVM60(00402A30,00000000,00402A28,00000000,00402A00,00000000,00402BBC,00000000,00402BAC,00000000,00402908,00000000,00402BB4,00000000,00402B2C,00000000), ref: 00413780
• __vbaStrMove.MSVBVM60(00402A30,00000000,00402A28,00000000,00402A00,00000000,00402BBC,00000000,00402BAC,00000000,00402908,00000000,00402BB4,00000000,00402B2C,00000000), ref: 0041378A
• __vbaStrCmp.MSVBVM60(00000000,00402A30,00000000,00402A28,00000000,00402A00,00000000,00402BBC,00000000,00402BAC,00000000,00402908,00000000,00402BB4,00000000,00402B2C), ref: 00413790
• __vbaFreeStrList.MSVBVM60(00000013,?,00402B0C,004026C4,00000000,00402B14,00000000,00402B1C,00000000,$+@,00000000,,+@,00000000,0*@,00000000,00000000), ref: 004137F1
• __vbaFreeVar.MSVBVM60(00402980,00000000,00402BAC,00000000,00402908,00000000,00402BA4,00000000,00402B9C,00000000,00402908,00000000,00402980,00000000,00402B94,00402728), ref: 004137FC
• #554.MSVBVM60(00402980,00000000,00402BAC,00000000,00402908,00000000,00402BA4,00000000,00402B9C,00000000,00402908,00000000,00402980,00000000,00402B94,00402728), ref: 0041380C
• __vbaFreeObj.MSVBVM60(0041389D), ref: 00413897

• 0*@, xrefs: 0041371E, 004137BB, 004137BE
• G, xrefs: 004133DB
• Add, xrefs: 00413379
• BERUFSVERBOT, xrefs: 004132F4
• BorderStyle, xrefs: 004135B0
• $+@, xrefs: 004136CA, 004137CB, 004137CE
• Visible, xrefs: 0041358D
• ,+@, xrefs: 004136F4, 004137C3, 004137C6

• Source File: 00000000.00000002.1426251663.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

• Associated: 00000000.00000002.1426235934.0000000000400000.00000002.00020000.sdmp Download File
• Associated: 00000000.00000002.1426298297.0000000000414000.00000004.00020000.sdmp Download File
• Associated: 00000000.00000002.1426308273.0000000000416000.00000002.00020000.sdmp Download File

• API ID: __vba$Move$Free$Chkstk$Late$List$CallCheckHresult$#544#554#651AddrefNew2
• String ID: G$$+@$,+@$0*@$Add$BERUFSVERBOT$BorderStyle$Visible
• API String ID: 2720917139-36511939
• Opcode ID: ad1415acbff7fd1880173b69e7534d7d4c3498f55b1e661f53abb2d2b7858af6
• Instruction ID: d24d276756a7d1c2e0788f2fb7465a9605d2ae7289fedfd37fb82f57316672f7
• Opcode Fuzzy Hash: ad1415acbff7fd1880173b69e7534d7d4c3498f55b1e661f53abb2d2b7858af6
• Instruction Fuzzy Hash: C9023071E40208AADB11EFA1CC46FDE7778AF44704F50817BB506BB1E1DAB89A448F69

Uniqueness Score: -1.00%

• __vbaChkstk.MSVBVM60(?,004013C6), ref: 00410F20
• __vbaStrCopy.MSVBVM60(?,?,?,?,004013C6), ref: 00410F38
• __vbaAryConstruct2.MSVBVM60(?,00402A40,00000005,?,?,?,?,004013C6), ref: 00410F48
• __vbaStrCat.MSVBVM60(00402A30,00402A28,?,00402A40,00000005,?,?,?,?,004013C6), ref: 00410F57
• __vbaStrMove.MSVBVM60(00402A30,00402A28,?,00402A40,00000005,?,?,?,?,004013C6), ref: 00410F61
• __vbaStrCat.MSVBVM60(00402A38,00000000,00402A30,00402A28,?,00402A40,00000005,?,?,?,?,004013C6), ref: 00410F6C
• __vbaStrMove.MSVBVM60(00402A38,00000000,00402A30,00402A28,?,00402A40,00000005,?,?,?,?,004013C6), ref: 00410F76
• __vbaFreeStr.MSVBVM60(00402A38,00000000,00402A30,00402A28,?,00402A40,00000005,?,?,?,?,004013C6), ref: 00410F7E
• #712.MSVBVM60(?,00402A30,00000000,00000001,000000FF,00000000,00402A38,00000000,00402A30,00402A28,?,00402A40,00000005), ref: 00410F93
• __vbaStrMove.MSVBVM60(?,00402A30,00000000,00000001,000000FF,00000000,00402A38,00000000,00402A30,00402A28,?,00402A40,00000005), ref: 00410F9D
• __vbaStrCat.MSVBVM60(00402A38,00402A28,?,?,00402A30,00000000,00000001,000000FF,00000000,00402A38,00000000,00402A30,00402A28,?,00402A40,00000005), ref: 00410FAF
• __vbaStrMove.MSVBVM60(00402A38,00402A28,?,?,00402A30,00000000,00000001,000000FF,00000000,00402A38,00000000,00402A30,00402A28,?,00402A40,00000005), ref: 00410FB9
• __vbaStrCmp.MSVBVM60(00000000,00402A38,00402A28,?,?,00402A30,00000000,00000001,000000FF,00000000,00402A38,00000000,00402A30,00402A28,?,00402A40), ref: 00410FBF
• __vbaFreeStr.MSVBVM60(00000000,00402A38,00402A28,?,?,00402A30,00000000,00000001,000000FF,00000000,00402A38,00000000,00402A30,00402A28,?,00402A40), ref: 00410FD2
• _CIlog.MSVBVM60(00000000,00402A38,00402A28,?,?,00402A30,00000000,00000001,000000FF,00000000,00402A38,00000000,00402A30,00402A28,?,00402A40), ref: 00410FE5
• __vbaFpR8.MSVBVM60(00000000,00402A38,00402A28,?,?,00402A30,00000000,00000001,000000FF,00000000,00402A38,00000000,00402A30,00402A28,?,00402A40), ref: 00410FEA
• #516.MSVBVM60(00402A00,00000000,00402A38,00402A28,?,?,00402A30,00000000,00000001,000000FF,00000000,00402A38,00000000,00402A30,00402A28,?), ref: 00411003
• #684.MSVBVM60(?,?,?,00402A00,00000000,00402A38,00402A28,?,?,00402A30,00000000,00000001,000000FF,00000000,00402A38,00000000), ref: 00411036
• __vbaFpR8.MSVBVM60(?,?,?,00402A00,00000000,00402A38,00402A28,?,?,00402A30,00000000,00000001,000000FF,00000000,00402A38,00000000), ref: 0041103B
• __vbaR4Str.MSVBVM60(00402A08,?,?,?,00402A00,00000000,00402A38,00402A28,?,?,00402A30,00000000,00000001,000000FF,00000000,00402A38), ref: 00411054
• __vbaHresultCheckObj.MSVBVM60(00000000,?,00402434,000000B0,?,?,?,00402A00,00000000,00402A38,00402A28,?,?,00402A30,00000000,00000001), ref: 00411095
• __vbaNew2.MSVBVM60(004030F8,00414010,?,?,?,00402A00,00000000,00402A38,00402A28,?,?,00402A30,00000000,00000001,000000FF,00000000), ref: 004110C8
• __vbaObjSet.MSVBVM60(?,00000000,?,?,?,00402A00,00000000,00402A38,00402A28,?,?,00402A30,00000000,00000001,000000FF,00000000), ref: 004110F5
• __vbaHresultCheckObj.MSVBVM60(00000000,00000000,0040275C,000000B8,?,?,?,00402A00,00000000,00402A38,00402A28,?,?,00402A30,00000000,00000001), ref: 0041112A
• __vbaFileOpen.MSVBVM60(00000020,000000FF,00000060,?,?,?,?,00402A00,00000000,00402A38,00402A28,?,?,00402A30,00000000,00000001), ref: 00411141
• __vbaFreeStr.MSVBVM60(00000020,000000FF,00000060,?,?,?,?,00402A00,00000000,00402A38,00402A28,?,?,00402A30,00000000,00000001), ref: 00411149
• __vbaFreeObj.MSVBVM60(00000020,000000FF,00000060,?,?,?,?,00402A00,00000000,00402A38,00402A28,?,?,00402A30,00000000,00000001), ref: 00411151
• __vbaAryDestruct.MSVBVM60(00000000,?,00411191,00000000,00402A38,00402A28,?,?,00402A30,00000000,00000001,000000FF,00000000,00402A38,00000000,00402A30), ref: 0041117B
• __vbaFreeStr.MSVBVM60(00000000,?,00411191,00000000,00402A38,00402A28,?,?,00402A30,00000000,00000001,000000FF,00000000,00402A38,00000000,00402A30), ref: 00411183
• __vbaFreeStr.MSVBVM60(00000000,?,00411191,00000000,00402A38,00402A28,?,?,00402A30,00000000,00000001,000000FF,00000000,00402A38,00000000,00402A30), ref: 0041118B

• Source File: 00000000.00000002.1426251663.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

• Associated: 00000000.00000002.1426235934.0000000000400000.00000002.00020000.sdmp Download File
• Associated: 00000000.00000002.1426298297.0000000000414000.00000004.00020000.sdmp Download File
• Associated: 00000000.00000002.1426308273.0000000000416000.00000002.00020000.sdmp Download File

• API ID: __vba$Free$Move$CheckHresult$#516#684#712ChkstkConstruct2CopyDestructFileIlogNew2Open
• String ID:
• API String ID: 2720509884-0
• Opcode ID: 89a8b8c03987db323ca65b4be2cffbec01b23c2a676d08c49234ce7623bd20d7
• Instruction ID: c543f47f5a097055ac7e50f90e3833e32438bfd983de0689a2d5ab2b72709a21
• Opcode Fuzzy Hash: 89a8b8c03987db323ca65b4be2cffbec01b23c2a676d08c49234ce7623bd20d7
• Instruction Fuzzy Hash: 4B610770A50248BECB10EBE1DD86BDEBBB4AF44704F50413AF116BA1F5DB785985CB18

Uniqueness Score: -1.00%

• __vbaChkstk.MSVBVM60(?,004013C6), ref: 0041211E
• __vbaVarDup.MSVBVM60(?,?,?,?,004013C6), ref: 00412136
• __vbaStrCopy.MSVBVM60(?,?,?,?,004013C6), ref: 00412141
• __vbaStrCat.MSVBVM60(12-12,12-,?,?,?,?,004013C6), ref: 00412150
• #557.MSVBVM60(00000008,?,?,?,?,?,12-12,12-,?,?,?,?,004013C6), ref: 00412163
• __vbaFreeVar.MSVBVM60(00000008,?,?,?,?,?,12-12,12-,?,?,?,?,004013C6), ref: 0041217B
• #705.MSVBVM60(00000002,00000000,00000008,?,?,?,?,?,12-12,12-,?,?,?,?,004013C6), ref: 0041219C
• __vbaStrMove.MSVBVM60(00000002,00000000,00000008,?,?,?,?,?,12-12,12-,?,?,?,?,004013C6), ref: 004121A6
• __vbaFreeVar.MSVBVM60(00000002,00000000,00000008,?,?,?,?,?,12-12,12-,?,?,?,?,004013C6), ref: 004121AE
• __vbaFreeVar.MSVBVM60(004121DC,00000008,?,?,?,?,?,12-12,12-,?,?,?,?,004013C6), ref: 004121C6
• __vbaFreeStr.MSVBVM60(004121DC,00000008,?,?,?,?,?,12-12,12-,?,?,?,?,004013C6), ref: 004121CE
• __vbaFreeStr.MSVBVM60(004121DC,00000008,?,?,?,?,?,12-12,12-,?,?,?,?,004013C6), ref: 004121D6

• 12-12, xrefs: 0041214B
• 12-, xrefs: 00412146

• Source File: 00000000.00000002.1426251663.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

• Associated: 00000000.00000002.1426235934.0000000000400000.00000002.00020000.sdmp Download File
• Associated: 00000000.00000002.1426298297.0000000000414000.00000004.00020000.sdmp Download File
• Associated: 00000000.00000002.1426308273.0000000000416000.00000002.00020000.sdmp Download File

• API ID: __vba$Free$#557#705ChkstkCopyMove
• String ID: 12-$12-12
• API String ID: 1093160486-3531647454
• Opcode ID: 831d301e61f6806214e3bebf9ebaadffc4dbc5f39d10bdc48ae79f4d0f739302
• Instruction ID: 19d9fa852ef73bf2366a2bf146d1713e1c21e88f144a7c43272c69329a1fada1
• Opcode Fuzzy Hash: 831d301e61f6806214e3bebf9ebaadffc4dbc5f39d10bdc48ae79f4d0f739302
• Instruction Fuzzy Hash: 5D111D71910248BADB04EFA1CD96FEDBBB8AF44708F50453AB402B71E1EB7C6945CB58

Uniqueness Score: -1.00%

• __vbaChkstk.MSVBVM60(?,004013C6), ref: 00410318
• __vbaVarDup.MSVBVM60(?,?,?,?,004013C6), ref: 00410342
• __vbaStrCopy.MSVBVM60(?,?,?,?,004013C6), ref: 0041034D
• __vbaVarDup.MSVBVM60 ref: 00410366
• #518.MSVBVM60(?,?), ref: 00410373
• __vbaVarTstEq.MSVBVM60(00008008,?,?,?,?,?), ref: 00410394
• __vbaFreeVarList.MSVBVM60(00000002,?,?,00008008,?,?,?,?,?), ref: 004103AA
• __vbaNew2.MSVBVM60(004028E4,004145F8,?,?,004013C6), ref: 004103D4
• __vbaHresultCheckObj.MSVBVM60(00000000,?,004028D4,00000014), ref: 00410436
• __vbaHresultCheckObj.MSVBVM60(00000000,?,004028F4,00000110), ref: 00410492
• __vbaStrMove.MSVBVM60(00000000,?,004028F4,00000110), ref: 004104BC
• __vbaFreeObj.MSVBVM60(00000000,?,004028F4,00000110), ref: 004104C4
• __vbaFreeStr.MSVBVM60(00410510,?,?,004013C6), ref: 004104FA
• __vbaFreeStr.MSVBVM60(00410510,?,?,004013C6), ref: 00410502
• __vbaFreeVar.MSVBVM60(00410510,?,?,004013C6), ref: 0041050A

• Source File: 00000000.00000002.1426251663.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

• Associated: 00000000.00000002.1426235934.0000000000400000.00000002.00020000.sdmp Download File
• Associated: 00000000.00000002.1426298297.0000000000414000.00000004.00020000.sdmp Download File
• Associated: 00000000.00000002.1426308273.0000000000416000.00000002.00020000.sdmp Download File

• API ID: __vba$Free$CheckHresult$#518ChkstkCopyListMoveNew2
• String ID:
• API String ID: 1459133440-0
• Opcode ID: 77b1114697cf1f390cf1521999d1b235816f586f4e1bc89b4dae7a1ca4d10851
• Instruction ID: 7b071d0170398bdb0f52a6c3bdfab82a663c86185e70b471678afd905e5abfd0
• Opcode Fuzzy Hash: 77b1114697cf1f390cf1521999d1b235816f586f4e1bc89b4dae7a1ca4d10851
• Instruction Fuzzy Hash: DD51C971900218EFDB10EFA5CD85FDDB7B5BF44304F1081AAE10ABB1A1DB785A898F55

Uniqueness Score: -1.00%

• __vbaChkstk.MSVBVM60(?,004013C6), ref: 0041220B
• __vbaVarDup.MSVBVM60(?,?,?,?,004013C6), ref: 00412235
• __vbaUI1Str.MSVBVM60(004026D4,?,?,?,?,004013C6), ref: 0041223F
• __vbaStrCat.MSVBVM60(00402BE8,00402BE0,004026D4,?,?,?,?,004013C6), ref: 0041225C
• __vbaStrMove.MSVBVM60(00402BE8,00402BE0,004026D4,?,?,?,?,004013C6), ref: 00412266
• __vbaStrCat.MSVBVM60(00402BF0,00000000,00402BE8,00402BE0,004026D4,?,?,?,?,004013C6), ref: 00412271
• __vbaStrMove.MSVBVM60(00402BF0,00000000,00402BE8,00402BE0,004026D4,?,?,?,?,004013C6), ref: 0041227B
• __vbaStrCat.MSVBVM60(00402BE0,00000000,00402BF0,00000000,00402BE8,00402BE0,004026D4,?,?,?,?,004013C6), ref: 00412286
• #687.MSVBVM60(?,00000008), ref: 0041229D
• __vbaDateVar.MSVBVM60(?,?,00000008), ref: 004122A6
• __vbaFreeStrList.MSVBVM60(00000002,00000000,00402BF0,?,?,00000008), ref: 004122B8
• __vbaFreeVarList.MSVBVM60(00000002,?,?,?,?,004013C6), ref: 004122CA
• __vbaFreeVar.MSVBVM60(00412308,004026D4,?,?,?,?,004013C6), ref: 00412302

• Source File: 00000000.00000002.1426251663.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

• Associated: 00000000.00000002.1426235934.0000000000400000.00000002.00020000.sdmp Download File
• Associated: 00000000.00000002.1426298297.0000000000414000.00000004.00020000.sdmp Download File
• Associated: 00000000.00000002.1426308273.0000000000416000.00000002.00020000.sdmp Download File

• API ID: __vba$Free$ListMove$#687ChkstkDate
• String ID:
• API String ID: 2912548229-0
• Opcode ID: d7f98349592ca8207d14ef9a5fd6ad4c3423a6dea65181098cadaaf74a426dd5
• Instruction ID: 71f63a4a29832dbfea1c6166c16b8544dfa7b926ef6b2e8f6ace07993221d26e
• Opcode Fuzzy Hash: d7f98349592ca8207d14ef9a5fd6ad4c3423a6dea65181098cadaaf74a426dd5
• Instruction Fuzzy Hash: 3F21ED71940208BBDB00EFA1CD46EDE7778AB44704F50853BB506BA1E1DABC6A498B69

Uniqueness Score: -1.00%

• __vbaChkstk.MSVBVM60(?,004013C6), ref: 004138D4
• __vbaStrCopy.MSVBVM60(?,?,?,?,004013C6), ref: 004138FE
• __vbaVarDup.MSVBVM60(?,?,?,?,004013C6), ref: 00413909
• __vbaR4Str.MSVBVM60(00402A08,?,?,?,?,004013C6), ref: 00413913
• __vbaHresultCheckObj.MSVBVM60(00000000,004013A8,00402434,000000B0), ref: 00413950
• __vbaFileOpen.MSVBVM60(00000020,000000FF,000000B4,GEOSIDE), ref: 0041397A
• __vbaFreeStr.MSVBVM60(00413996,00402A08,?,?,?,?,004013C6), ref: 00413988
• __vbaFreeVar.MSVBVM60(00413996,00402A08,?,?,?,?,004013C6), ref: 00413990

• GEOSIDE, xrefs: 0041396C

• Source File: 00000000.00000002.1426251663.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

• Associated: 00000000.00000002.1426235934.0000000000400000.00000002.00020000.sdmp Download File
• Associated: 00000000.00000002.1426298297.0000000000414000.00000004.00020000.sdmp Download File
• Associated: 00000000.00000002.1426308273.0000000000416000.00000002.00020000.sdmp Download File

• API ID: __vba$Free$CheckChkstkCopyFileHresultOpen
• String ID: GEOSIDE
• API String ID: 311016274-2913397203
• Opcode ID: d91c5edbe6cdfc2c9134a2def390319fb7a2f5e844100da4869c7c9fc395a074
• Instruction ID: 4f1123677368e2c5971f3ce6a628f8902e8d13376f9256586bafcd62c55b588a
• Opcode Fuzzy Hash: d91c5edbe6cdfc2c9134a2def390319fb7a2f5e844100da4869c7c9fc395a074
• Instruction Fuzzy Hash: 95213870910209FFDB10EF95CA4ABCD7BB4BF44749F50416AF4067A1E1C7B85A858B48

Uniqueness Score: -1.00%

• __vbaChkstk.MSVBVM60(?,004013C6), ref: 004100F7
• __vbaVarDup.MSVBVM60(?,?,?,?,004013C6), ref: 00410121
• __vbaStrCopy.MSVBVM60(?,?,?,?,004013C6), ref: 0041012C
• __vbaVarDup.MSVBVM60(?,?,?,?,004013C6), ref: 00410137
• #706.MSVBVM60(00000001,00000000,00000000,?,?,?,?,004013C6), ref: 00410148
• __vbaStrMove.MSVBVM60(00000001,00000000,00000000,?,?,?,?,004013C6), ref: 00410152
• __vbaFreeVar.MSVBVM60(00410188,00000001,00000000,00000000,?,?,?,?,004013C6), ref: 0041016A
• __vbaFreeStr.MSVBVM60(00410188,00000001,00000000,00000000,?,?,?,?,004013C6), ref: 00410172
• __vbaFreeStr.MSVBVM60(00410188,00000001,00000000,00000000,?,?,?,?,004013C6), ref: 0041017A
• __vbaFreeVar.MSVBVM60(00410188,00000001,00000000,00000000,?,?,?,?,004013C6), ref: 00410182