MALICIOUS
200
Risk Score
Malware Insights
MITRE ATT&CK
T1059.005 Visual Basic
T1105 Ingress Tool Transfer
The OOXML document contains a VBA project with a Document_Open macro that triggers a function to download and save a file to disk using HTTP. This functionality is indicative of a downloader, likely fetching a second-stage payload. The VBA code also contains a call to CreateObject and Environ(), suggesting further interaction with the system environment.
Heuristics 8
-
VBA project inside OOXML medium 5 related findings OOXML_VBADocument contains a VBA project — VBA macros present
-
Potential Shell call in VBA critical OLE_VBA_SHELLPotential Shell call in VBAMatched line in script
Shell stAppName, 1 -
VBA downloads and writes a file to disk critical OLE_VBA_HTTP_DROP_EXECVBA reads an HTTP response body and writes it to disk (ADODB.Stream SaveToFile). Combined with the auto-exec/Shell paths this is a download-drop dropper even when the COM ProgIDs are built dynamically to evade keyword scanning.Matched line in script
myURL = WinHttpReq.responseBody -
CreateObject call high OLE_VBA_CREATEOBJCreateObject callMatched line in script
Set WinHttpReq = CreateObject("Microsoft.XMLHTTP") -
Document_Open macro low OLE_VBA_DOCOPENDocument_Open macroMatched line in script
Private Sub Document_Open() -
Environ() call (env variable access) low OLE_VBA_ENVIRONEnviron() call (env variable access)Matched line in script
strPath = Environ("USERPROFILE") & "\Downloads" -
Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGEOne or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://www.thomasmore.be Referenced by macro
- http://lerarenopleiding.thomasmore.be/sjablonen/sjabloonNamen.xmlReferenced by macro
- http://ola.thomasmore.be/ola.xmlReferenced by macro
- http://www.thomasmore.be�Referenced by macro
- http://www.w3.org/1999/02/22-rdf-syntax-ns#Referenced by macro
- http://ns.adobe.com/xap/1.0/Referenced by macro
- http://purl.org/dc/elements/1.1/Referenced by macro
- http://schemas.microsoft.com/office/2009/07/customuiReferenced by macro
- http://schemas.microsoft.com/office/2006/01/customuiReferenced by macro
- http://ns.adobe.com/xap/1.0/mm/Referenced by macro
- http://ns.adobe.com/xap/1.0/sType/ResourceRef#Referenced by macro
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
macros.bas |
vba-macro | oletools.olevba.extract_macros (decoded VBA source from OOXML) | 42260 bytes |
SHA-256: 4f388c593ceeef70ea3fd639298551415243b6dcb6a2409ce02ac14879ed22cf |
|||
Preview scriptFirst 1,000 lines of the extracted script
Attribute VB_Name = "ThisDocument"
Attribute VB_Base = "0{00020906-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True
Private Sub Document_New()
Starten
End Sub
Private Sub Document_Open()
Starten
End Sub
Attribute VB_Name = "frmInfo"
Attribute VB_Base = "0{559DD38D-FB76-4286-A4D8-A26A63A9DF62}{D541DFC1-EAD4-45F6-94E8-990BBB2EE7C7}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = False
Option Explicit
Private Sub lblNewVersion_Click()
'ActiveDocument.FollowHyperlink gstrNewVersionLink
NieuweVersieInstalleren
Unload Me
End Sub
Private Sub UserForm_Initialize()
Dim strBericht As String
Dim strEigenaar As String
Dim strInstelling As String
strEigenaar = aDocPropertyValue(cEigenaarSjabloon)
strInstelling = aDocPropertyValue(cInstelling)
strBericht = strBericht & "Dit cursussjabloon werd ontwikkeld " & vbNewLine & "voor " & strInstelling & vbNewLine & "door " & strEigenaar & "." & vbNewLine & vbNewLine
strBericht = strBericht & cResVersie & " " & cstrVersie
lblInfo.Caption = strBericht
lblNewVersion.Visible = fNewVersion
End Sub
Attribute VB_Name = "Ribbons"
Option Explicit
'Callback for btnVeldenBewerken onAction
Sub RibbonVeldenInvullen(control As IRibbonControl)
gInitialTabPage = 0 'Open tabblad 1
frmVelden.Show
End Sub
Sub RibbonAanpassenTOC(control As IRibbonControl)
gInitialTabPage = 2 'Open tabblad 3
frmVelden.Show
End Sub
Sub RibbonInsertSnelOnderdelen(control As IRibbonControl)
Dim strTag As String
strTag = Replace(control.ID, "_", " ")
ActiveDocument.AttachedTemplate.BuildingBlockEntries( _
strTag).Insert Where:=Selection.Range, RichText:=True
End Sub
Sub RibbonWerkAlleVeldenbij(control As IRibbonControl)
On Error Resume Next
Dim tofLoop As TableOfFigures
Dim myTOA As TableOfAuthorities
Dim myTOAc As TableOfAuthoritiesCategory
UpdateAllFields
If ActiveDocument.TablesOfContents.Count >= 1 Then
ActiveDocument.TablesOfContents(1).Update
End If
If ActiveDocument.TablesOfContents.Count >= 1 Then
ActiveDocument.TablesOfContents(1).UpdatePageNumbers
End If
For Each tofLoop In ActiveDocument.TablesOfFigures
tofLoop.Update
Next tofLoop
For Each tofLoop In ActiveDocument.TablesOfFigures
tofLoop.UpdatePageNumbers
Next tofLoop
For Each myTOA In ActiveDocument.TablesOfAuthorities
myTOA.Update
Next myTOA
'For Each myTOAc In ActiveDocument.TablesOfAuthoritiesCategories
' myTOAc.Update
'Next myTOAc
End Sub
Sub RibbonDocumentTemplate(control As IRibbonControl)
On Error Resume Next
With Dialogs(wdDialogToolsTemplates)
.Show
End With
End Sub
Sub HelpWebsite(control As IRibbonControl)
On Error Resume Next
ActiveDocument.FollowHyperlink gstrHelpUrl, NewWindow:=True, AddHistory:=True
End Sub
Attribute VB_Name = "frmVelden"
Attribute VB_Base = "0{6699B841-4C34-40D0-9B7B-3036F5F57AE8}{F432EB4F-9A04-4FBF-A5EF-038A71D0CDB7}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = False
Option Compare Text
Option Explicit
Private mOlaCode As String
Private mOpoCode As String
Private mOlaNaam As String
Private mOpoNaam As String
Private mOpleidingOrigineleTitel As String
Private mFase As String
Private mCluster As String
Private mVrijveld1 As String
Private mVrijveld2 As String
Private mVrijveld3 As String
Private mVrijveld4 As String
Private strOla As String
Private astrOla() As String
Private astrOpo() As String
Private astrOlaNaam() As String
Private astrOpoNaam() As String
Private astrOpleiding() As String
Private astrOpleidingOrigineel() As String
Private astrFase() As String
Private astrCluster() As String
Private astrVrijVeld1() As String
Private astrVrijVeld2() As String
Private astrVrijVeld3() As String
Private astrVrijVeld4() As String
Private abytMethod() As Byte
Private Sub btnAnnulren_Click()
tabPages.Value = 0
End Sub
Private Sub btnInhoudsopgave_Click()
If chkInhoud4.Value = True Then
aDocPropertyValue(cInhoudsopgave) = 4
Else
aDocPropertyValue(cInhoudsopgave) = 3
End If
StelAllePropertiesIn
PasTaalTOCaan
If ActiveDocument.TablesOfContents.Count >= 1 Then
ActiveDocument.TablesOfContents(1).Update
End If
If ActiveDocument.TablesOfContents.Count >= 1 Then
ActiveDocument.TablesOfContents(1).UpdatePageNumbers
End If
Unload Me
End Sub
Private Sub btnKeuzeBevestigen_Click()
If lstOLA.ListIndex = -1 Then
lblWaarschuwing.Visible = True
Else
lblWaarschuwing.Visible = False
ledigControls
labelVisibleOnError False, False
vulGevondenXMLgegevensIn lstOLA.ListIndex + 1
labelVisibleOnError True, False
tabPages.Value = 0
End If
End Sub
Private Sub Image1_Click()
ActiveDocument.FollowHyperlink Address:="http://www.thomasmore.be", NewWindow:=True, AddHistory:=True
End Sub
Private Sub lblBevestigen_Click()
Dim i As Integer
Dim strCtl As String
Dim ctl As control
For i = 1 To mintMax
strCtl = "txt" & aDocPropertyResult(i)
If ControlExists(strCtl, Me) Then
Set ctl = Me.Controls(strCtl)
If aDocPropertyValue(i) <> ctl.Value Then
aDocPropertyValue(i) = ctl.Value
If ctl.Name = "txtTitel" Then
aDocPropertyValue(cTitelKoptekst) = ctl.Value
End If
End If
End If
Next i
StelAllePropertiesIn
AlleVeldenUpdaten
Unload Me
End Sub
Sub LeesXMLVeldenIn()
Dim xmldoc As New MSXML2.DOMDocument
Dim xmlNode As MSXML2.IXMLDOMNode
Dim xmlNodeList As MSXML2.IXMLDOMNodeList
Dim myNode As MSXML2.IXMLDOMNode
Dim strFile As String
strFile = gstrStartXML
'strFile = Application.Path & "\sjabloonNamen.xml"
xmldoc.async = False
xmldoc.validateOnParse = False
If Not xmldoc.Load(strFile) Then
'MsgBox "Er kon geen internetverbinding tot stand gebracht worden ... " & vbNewLine, vbExclamation, "Internetprobleem"
mOlaCode = "OlaCode"
mOlaNaam = "OlaNaam"
mOpoCode = "OpoCode"
mOpoNaam = "OpoNaam"
mOpleidingOrigineleTitel = "OpleidingOrigineleTitel"
mFase = "Fase"
mCluster = "Cluster"
mVrijveld1 = "Vrijveld1"
mVrijveld2 = "Vrijveld2"
mVrijveld3 = "Vrijveld3"
mVrijveld4 = "Vrijveld4"
Else
For Each xmlNode In xmldoc.SelectNodes("//veldNamen")
For Each myNode In xmlNode.ChildNodes
Select Case myNode.nodeName
Case "OlaCode"
mOlaCode = myNode.Text
Case "OlaNaam"
mOlaNaam = myNode.Text
Case "OpoCode"
mOpoCode = myNode.Text
Case "OpoNaam"
mOpoNaam = myNode.Text
Case "OpleidingOrigineleTitel"
mOpleidingOrigineleTitel = myNode.Text
Case "Fase"
mFase = myNode.Text
Case "Cluster"
mCluster = myNode.Text
Case "Vrijveld1"
mVrijveld1 = myNode.Text
Case "Vrijveld2"
mVrijveld2 = myNode.Text
Case "Vrijveld3"
mVrijveld3 = myNode.Text
Case "Vrijveld4"
mVrijveld4 = myNode.Text
End Select
Next
Next
Set xmldoc = Nothing
End If
End Sub
Private Function verwijderCampus(ByVal str As String)
Dim pos As Integer
pos = InStrRev(str, "(")
If pos > 0 Then
verwijderCampus = Left(str, pos - 1)
Else
verwijderCampus = str
End If
End Function
Private Function olaNaamAlAanwezig(strOla As String, strOlaCode) As Boolean
Dim i
Dim j As Long
j = -1
For Each i In astrOlaNaam
j = j + 1
If i = strOla Then
olaNaamAlAanwezig = True
If astrOla(j) = strOlaCode Then
abytMethod(j) = 1
End If
End If
Next
End Function
Sub getAttributeNode2()
Dim xmlUrl As String
Dim xmldoc As New MSXML2.DOMDocument
Dim n As MSXML2.IXMLDOMNode
Dim i As Long, j As Long, str As String, strOpleiding As String, strOpleidingOrig As String, k As Long
Dim blnMatch As Boolean, bytMethod As Byte, strOpzoeken As String, strOlaNaam As String, strOlaNaamOrig, blnOlaNaam As Long
xmlUrl = gstrSAPXML
xmldoc.async = False
strOpleidingOrig = "@@@@"
lstOLA.Clear
lblError.Visible = False
textEnabledManualInput False
'Criteria voor zoekwaarde
If Len(txtOpzoeken.Value) < bytAantalKarakters Then
MsgBox "De zoekwaarde moet minstens " & bytAantalKarakters & " karakters bevatten", vbCritical, "Lengte zoekwaarde"
txtOpzoeken.SetFocus
Exit Sub
End If
'Stel zoekstring op
strOpzoeken = "*" & UCase(txtOpzoeken.Value) & "*"
If Not xmldoc.Load(xmlUrl) Then
MsgBox "Er kon geen internetverbinding tot stand gebracht worden. " & _
"Het is ook mogelijk dat de server offline is ... " & vbNewLine & "Zonder internetverbinding is het opzoeken van de OLA-code niet mogelijk.", vbExclamation, "Internetprobleem"
labelVisibleOnError False
Else
System.Cursor = wdCursorWait
strOpleidingOrig = "@@@@"
strOlaNaamOrig = "@@@@"
For Each n In xmldoc.SelectNodes("//vwsaCorOlaSjabloonCampinia")
'Zoek in Ola-nummer
strOla = UCase(n.Attributes.getNamedItem(mOlaCode).Text)
blnMatch = strOla Like strOpzoeken
bytMethod = 1
'indien geen match, zoek in OLA-naam
If Not blnMatch Then
strOla = UCase(n.Attributes.getNamedItem(mOlaNaam).Text)
blnMatch = strOla Like strOpzoeken
If blnMatch Then bytMethod = 2
End If
If blnMatch Then
If TypeName(n.Attributes.getNamedItem(mOpleidingOrigineleTitel)) <> "Nothing" Then
If Not IsNull(n.Attributes.getNamedItem(mOpleidingOrigineleTitel).Text) Then
strOpleiding = verwijderCampus(n.Attributes.getNamedItem(mOpleidingOrigineleTitel).Text)
strOlaNaam = n.Attributes.getNamedItem(mOlaNaam).Text
'If bytMethod = 2 Then
' strOlaNaamOrig = "@@@@"
'End If
'Zit de OLAnaam al in de array? Neen ==> toevoegen aan list
If i > 0 Then
blnOlaNaam = olaNaamAlAanwezig(strOlaNaam, n.Attributes.getNamedItem(mOlaCode).Text)
End If
If strOpleiding <> strOpleidingOrig Or blnOlaNaam = False Then
i = i + 1
ReDim Preserve astrOla(i)
ReDim Preserve astrOlaNaam(i)
ReDim Preserve astrOpo(i)
ReDim Preserve astrOpoNaam(i)
ReDim Preserve astrOpleiding(i)
ReDim Preserve astrOpleidingOrigineel(i)
ReDim Preserve astrFase(i)
ReDim Preserve astrCluster(i)
ReDim Preserve astrVrijVeld1(i)
ReDim Preserve astrVrijVeld2(i)
ReDim Preserve astrVrijVeld3(i)
ReDim Preserve astrVrijVeld4(i)
ReDim Preserve abytMethod(i)
abytMethod(i) = bytMethod
astrOla(i) = n.Attributes.getNamedItem(mOlaCode).Text
If TypeName(n.Attributes.getNamedItem(mOlaNaam)) <> "Nothing" Then astrOlaNaam(i) = n.Attributes.getNamedItem(mOlaNaam).Text
If TypeName(n.Attributes.getNamedItem(mOpoCode)) <> "Nothing" Then astrOpo(i) = n.Attributes.getNamedItem(mOpoCode).Text
If TypeName(n.Attributes.getNamedItem(mOpoNaam)) <> "Nothing" Then astrOpoNaam(i) = n.Attributes.getNamedItem(mOpoNaam).Text
If TypeName(n.Attributes.getNamedItem(mOpleidingOrigineleTitel)) <> "Nothing" Then
astrOpleiding(i) = strOpleiding 'n.Attributes.getNamedItem(mOpleidingOrigineleTitel).Text
astrOpleidingOrigineel(i) = n.Attributes.getNamedItem(mOpleidingOrigineleTitel).Text
End If
If TypeName(n.Attributes.getNamedItem(mFase)) <> "Nothing" Then
astrFase(i) = n.Attributes.getNamedItem(mFase).Text
If Len(astrFase(i)) = 1 Then
astrFase(i) = "fase " & astrFase(i)
End If
End If
If TypeName(n.Attributes.getNamedItem(mCluster)) <> "Nothing" Then astrCluster(i) = n.Attributes.getNamedItem(mCluster).Text
If TypeName(n.Attributes.getNamedItem(mVrijveld1)) <> "Nothing" Then astrVrijVeld1(i) = n.Attributes.getNamedItem(mVrijveld1).Text
If TypeName(n.Attributes.getNamedItem(mVrijveld2)) <> "Nothing" Then astrVrijVeld2(i) = n.Attributes.getNamedItem(mVrijveld2).Text
If TypeName(n.Attributes.getNamedItem(mVrijveld3)) <> "Nothing" Then astrVrijVeld3(i) = n.Attributes.getNamedItem(mVrijveld3).Text
If TypeName(n.Attributes.getNamedItem(mVrijveld4)) <> "Nothing" Then astrVrijVeld4(i) = n.Attributes.getNamedItem(mVrijveld4).Text
If strOpleidingOrig <> strOpleiding Then strOpleidingOrig = strOpleiding
End If
End If
End If
End If
Next
End If
Select Case i
Case 0
lblError.Visible = True
ledigControls
labelVisibleOnError False, False
Case 1
ledigControls
vulGevondenXMLgegevensIn 1
labelVisibleOnError True, False
Case Is > 1
'txtOLAbis.Value = astrOlaNaam(j)
lstOLA.Value = Null
'lblWaarschuwing.Visible = False
lblSelectie.Caption = ""
For j = 1 To i
Select Case abytMethod(j)
Case 1
lstOLA.AddItem astrOla(j) & " - " & astrOlaNaam(j) & " - " & astrOpleiding(j)
Case 2
lstOLA.AddItem astrOla(j) & " - " & astrOlaNaam(j) & " - " & astrOpleidingOrigineel(j)
End Select
'lstOLA.AddItem astrOla(j) & " - " & astrOlaNaam(j) & " - " & astrOpleidingOrigineel(j)
Next
tabPages.Value = 1
End Select
Select Case ""
Case txtOpleiding, txtCluster, txtFase, txtZopo, txtOpleidingsonderdeel, txtZola, txtOnderwijsleeractiviteit
lblOntbrekendeGegevens.Visible = True
End Select
textEnabledManualInput False
System.Cursor = wdCursorNormal
End Sub
Private Sub vulGevondenXMLgegevensIn(i As Long)
txtOpleiding.Value = astrOpleiding(i)
txtOpleidingsonderdeel.Value = astrOpoNaam(i)
txtOnderwijsleeractiviteit.Value = astrOlaNaam(i)
txtZola.Value = astrOla(i)
txtZopo.Value = astrOpo(i)
txtFase = astrFase(i)
txtCluster = astrCluster(i)
End Sub
Private Sub lblNewVersion_Click()
'ActiveDocument.FollowHyperlink gstrNewVersionLink
NieuweVersieInstalleren
End Sub
Private Sub lblOntbrekendeGegevens_Click()
Dim ctl As control
textEnabledManualInput True
labelVisibleOnError True, True
lblOntbrekendeGegevens.Visible = False
lblError.Visible = False
End Sub
Private Sub lblOpzoeken_Click()
lblError.Visible = False
textEnabledManualInput False
If txtOpzoeken.Value = "" Then
txtOpzoeken.Value = "(Geen)"
End If
'txtOpzoeken.Value = UCase(txtOpzoeken.Value)
lblOpzoekenVisible True
Me.Repaint
DoEvents
LeesXMLVeldenIn
getAttributeNode2
lblOpzoekenVisible False
Me.Repaint
ExitHere:
Exit Sub
HandleErr:
MsgBox "Error " & Err.Number & ": " & Err.Description
Resume ExitHere
Resume
End Sub
Private Sub lblOpzoekenVisible(blnVisible As Boolean)
lblOpzoeken.Visible = Not blnVisible
lblOpzoekenGestart.Visible = blnVisible
End Sub
Private Sub ledigControls()
Dim ctl As control
For Each ctl In Me.Controls
Select Case ctl.Name
Case "txtOpleiding", "txtCluster", "txtFase", "txtZopo", "txtZola", "txtOpleidingsonderdeel", "txtOnderwijsleeractiviteit"
ctl.Value = ""
End Select
Next
End Sub
Private Sub labelVisibleOnError(blnVisible As Boolean, Optional blnBorder As Variant)
Dim ctl As control
Dim ctlFocus As control
Dim i As Integer
On Error Resume Next
i = 1000
For Each ctl In Me.Controls
'Select Case ctl.Name
' Case "lblOpleiding", "lblCluster", "lblFase", "lblOpleidingsonderdeel", "lblOnderwijsleeractiviteit"
' ctl.Visible = blnVisible
'End Select
Select Case ctl.Name
Case "txtOpleiding", "txtCluster", "txtFase", "txtZopo", "txtZola", "txtOpleidingsonderdeel", "txtOnderwijsleeractiviteit"
ctl.Visible = blnVisible
If ctl.Value = "" Then
If blnBorder Then
ctl.BorderStyle = fmBorderStyleSingle
If ctl.TabIndex < i Then
i = ctl.TabIndex
Set ctlFocus = ctl
End If
Else
ctl.BorderStyle = fmBorderStyleNone
End If
Else
ctl.BorderStyle = fmBorderStyleNone
End If
End Select
Next
If i < 1000 Then
ctlFocus.SetFocus
End If
End Sub
Private Sub textEnabledManualInput(blnEnabled As Boolean)
Dim ctl As control
For Each ctl In Me.Controls
Select Case ctl.Name
Case "txtOpleiding", "txtCluster", "txtFase", "txtZopo", "txtZola", "txtOpleidingsonderdeel", "txtOnderwijsleeractiviteit"
If ctl.Value = "" Then
ctl.Locked = Not blnEnabled
ctl.Enabled = blnEnabled
Else
ctl.Locked = True
ctl.Enabled = False
End If
End Select
Next
End Sub
Private Sub lblVersie_Click()
frmInfo.Show vbModal
End Sub
Private Sub txtVersie_Click()
frmInfo.Show vbModal
End Sub
Private Sub lstOLA_AfterUpdate()
On Error Resume Next
lblWaarschuwing.Visible = False
lblSelectie.Caption = lstOLA.Value
End Sub
Private Sub UserForm_Initialize()
tabPages.Value = gInitialTabPage
txtFase.AddItem ("fase 1")
txtFase.AddItem ("fase 2")
txtFase.AddItem ("fase 3")
'Properties inlezen
CustomPropertiesInlezen
'properties op formulier weergeven
propsOpFormulier
'Initialisatie van andere velden
lblZola.Caption = "Deel van " & Chr(13) & "OLA-code of -naam"
lblZola.ControlTipText = "OLA-codes/namen vind je gemakkelijk terug in de bijhorende Toledo-cursus, in het K.U.Loket (Onderwijs & Studenten > Mijn onderwijstaken) " & _
Chr(10) & Chr(13) & "of via de programmagids van de opleiding (www.thomasmore.be)"
lblZolaUitleg.ControlTipText = lblZola.ControlTipText
lblVersie.Caption = cResVersie & " " & cstrVersie
lblNewVersion.Visible = fNewVersion
lblZolaUitleg.Caption = "bijv. Z51626, YV5701 of Informatica, manage"
chkInhoud1 = ActiveDocument.Styles(wdStyleHeading1).NameLocal
chkInhoud1 = ActiveDocument.Styles(wdStyleHeading1).NameLocal
chkInhoud1 = ActiveDocument.Styles(wdStyleHeading1).NameLocal
chkInhoud1 = ActiveDocument.Styles(wdStyleHeading1).NameLocal
Select Case aDocPropertyValue(cInhoudsopgave)
Case 3
chkInhoud4.Value = False
Case 4
chkInhoud4.Value = True
Case Else
chkInhoud4.Value = False
End Select
End Sub
Private Sub propsOpFormulier()
Dim i As Long
Dim strCtl As String, strValue As String
Dim ctl As control
Dim strSamenvatting As String, strLabel As String
'Vul velden die overeenkomen met props
For i = 1 To mintMax
strLabel = aDocPropertyStartValue(i)
If aDocPropertyIndex(i) = 0 Then
strValue = aDocPropertyValue(i)
strLabel = aDocPropertyResult(i)
ElseIf aDocPropertyValue(i) <> aDocPropertyStartValue(i) Then
strValue = aDocPropertyValue(i)
Else
strValue = ""
End If
'Check op textbox
strCtl = "txt" & aDocPropertyResult(i)
If ControlExists(strCtl, Me) Then
Set ctl = Me.Controls(strCtl)
ctl.Value = strValue
'ctl.Visible = True
Select Case ctl.Name
Case "lblOpleiding", "lblCluster", "lblFase", "lblOpleidingsonderdeel", "lblOnderwijsleeractiviteit"
ctl.Visible = True
End Select
End If
'check op label
strCtl = "lbl" & aDocPropertyResult(i)
If ControlExists(strCtl, Me) Then
Set ctl = Me.Controls(strCtl)
ctl.Caption = strLabel
End If
Next i
'If strValue = "" Then
Select Case ""
Case txtOpleiding, txtCluster, txtFase, txtZopo, txtOpleidingsonderdeel, txtZola, txtOnderwijsleeractiviteit
lblOntbrekendeGegevens.Visible = True
End Select
'End If
Exit Sub
End Sub
Attribute VB_Name = "basAlgemeen"
Option Explicit
Public cTitel As Byte
Public cAuteur As Byte
Public cOpleiding As Byte
Public cCluster As Byte
Public cFase As Byte
Public cOPO As Byte
Public cOLA As Byte
Public cTitelKoptekst As Byte
Public cTitelKoptekstSection As Byte
Public cAcademiejaar As Byte
Public cInstelling As Byte
Public cBladPercentage As Byte
Public cZOPO As Byte
Public cZOLA As Byte
Public cEigenaarSjabloon As Byte
Public cVersie As Byte
Public cInhoudsopgave As Byte
Public gstrStartXML As String
Public gstrSAPXML As String
Public gblnNewVersion As Boolean
Public gstrNewVersionLink As String
Public gstrHelpUrl As String
Public gInitialTabPage As Byte
'Results van DOCProperty's
Public Const cResTitel As String = "Titel"
Public Const cResAuteur As String = "Auteur"
Public Const cResOpleiding As String = "Opleiding"
Public Const cResCluster As String = "Cluster"
Public Const cResFase As String = "Fase"
Public Const cResOPO As String = "Opleidingsonderdeel"
Public Const cResOLA As String = "Onderwijsleeractiviteit"
Public Const cResAcademiejaar As String = "Academiejaar"
Public Const cResTitelkoptekst As String = "Titelkoptekst"
Public Const cResEigenaarSjabloon As String = "Eigenaar Sjabloon"
Public Const cResInstelling As String = "Instelling"
Public Const cResBladPercentage As String = "BladPercentage"
Public Const cResVersie As String = "Versie"
Public Const cResInhoudsopgave As String = "Inhoudsopgave"
'Startwaarden voor DOCPROPERTY's
Public Const cstrTitel As String = "Titel"
Public Const cstrAuteur As String = "Auteur(s)"
Public Const cstrOpleiding As String = "Opleiding"
Public Const cstrCluster As String = "Cluster"
Public Const cstrFase As String = "Fase"
Public Const cstrOPO As String = "Opleidingsonderdeel"
Public Const cstrOLA As String = "Onderwijsleeractiviteit"
Public Const cstrAcademiejaar As String = "Academiejaar"
Public Const cstrTitelkoptekst As String = "Titel"
Public Const cstrEigenaarSjabloon As String = "Jean-Pierre Pluymers"
Public Const cstrInstelling As String = "Thomas More"
Public Const cstrBladpercentage As String = "wdPageFitBestFit"
Public Const cstrVersie As String = "2014.06"
Public Const bytAantalKarakters As Byte = 3 'Minimum aantal zoekkarakters ...
Public Const cstrInhoudsopgave As String = "3"
Public mintMax As Integer
Public aDocPropertyResult() As String
Public aDocPropertyValue() As String
Public aDocPropertyIndex() As Byte
Public aDocPropertySection() As Byte
Public aDocPropertyStartValue() As String
Public Sub Starten()
On Error Resume Next
TaakvensterTonen
NavigatievensterTonen
BladAanpassenAanScherm
gstrStartXML = "http://lerarenopleiding.thomasmore.be/sjablonen/sjabloonNamen.xml"
'gstrStartXML = "G:\Dropbox\Thomas More\Sjablonen\Thomas More\Cursussjabloon/sjabloonNamen.xml"
aDocPropertyVullenStandaard
CustomVeldenMaken
VeldindexenToekennen
VeldKoptekstIndexenToekennen
CustomPropertiesInlezen
If fNewVersion Then
If MsgBox("Er is een nieuwe versie beschikbaar." & vbCrLf & "Wil je deze versie nu downloaden?", vbExclamation + vbYesNo, "Nieuwe versie") = vbYes Then
NieuweVersieInstalleren
Else
If aDocPropertyValue(cZOLA) = aDocPropertyStartValue(cZOLA) Then
gInitialTabPage = 0
frmVelden.Show
End If
End If
Else
If aDocPropertyValue(cZOLA) = aDocPropertyStartValue(cZOLA) Then
frmVelden.Show
End If
End If
'AlleVeldenUpdaten
'PrintAlles
End Sub
Public Function CheckTaalVersie()
CheckTaalVersie = Application.LanguageSettings.LanguageID(msoLanguageIDUI)
End Function
Public Sub PasTaalTOCaan()
Dim strKop1 As String
Dim strKop2 As String
Dim strKop3 As String
Dim strKop4 As String
Dim strTOC As String
Dim strTOCinstr As String
Dim oFld As Field
Dim lngAantal As Long, i As Long
Dim strBuild As String
strKop1 = ActiveDocument.Styles(wdStyleHeading1).NameLocal 'Zoek de lokale naam van de style
strKop2 = ActiveDocument.Styles(wdStyleHeading2).NameLocal
strKop3 = ActiveDocument.Styles(wdStyleHeading3).NameLocal
strKop4 = ActiveDocument.Styles(wdStyleHeading4).NameLocal
strBuild = strKop1 & ";1;" & strKop2 & ";2;" & strKop3 & ";3"
Select Case aDocPropertyValue(cInhoudsopgave)
Case 4
strBuild = strBuild & ";" & strKop4 & ";4"
End Select
'Maak de TOC-code aan
strTOC = "TOC \n " & Chr(34) & "1-1" & Chr(34) & " \h \z \t " & Chr(34) & "DEEL;1;" & strBuild & Chr(34)
'Maak de verificatiestring voor de TM TOC-code aan
strTOCinstr = "TOC \n " & Chr(34) & "1-1" & Chr(34) & " \h \z \t "
'Zoek het aantal secties in het document.
lngAantal = ActiveDocument.Sections.Count
For i = 1 To lngAantal
For Each oFld In ActiveDocument.Sections(i).Range.Fields
If oFld.Type = wdFieldTOC Then
'Debug.Print strTOC
'Debug.Print "==> " & oFld.Code.Text
If InStr(oFld.Code.Text, strTOCinstr) > 0 Then 'zoek of de verificatiestring voorkomt in de TOC
If strTOC <> oFld.Code.Text Then
oFld.Code.Text = strTOC
'Debug.Print "changed"
End If
End If
'oFld.Update
End If
Next oFld
Next i
End Sub
Public Sub TaakvensterTonen()
'
' Toont het Stijlenvenster
'
Application.TaskPanes(wdTaskPaneFormatting).Visible = True
End Sub
Public Sub NavigatievensterTonen()
'
' Toont het navigatievenster
'
ActiveWindow.DocumentMap = True
End Sub
Public Sub BladAanpassenAanScherm()
ActiveDocument.ActiveWindow.View.Zoom.PageFit = wdPageFitBestFit
End Sub
Public Sub AllesResetten()
On Error Resume Next
aDocPropertyVullenStandaard
'CustomVeldenMaken
'VeldindexenToekennen
'VeldKoptekstIndexenToekennen
'resetAlleVelden
'AlleVeldenUpdaten
'frmVelden.Show
PrintAlles
End Sub
Public Sub aDocPropertyVullenStandaard()
Dim i As Integer
cTitel = 1
cAuteur = 2
cOpleiding = 3
cCluster = 4
cFase = 5
cOPO = 6
cOLA = 7
cAcademiejaar = 8
cTitelKoptekst = 9
cEigenaarSjabloon = 10
cInstelling = 11
cBladPercentage = 12
cZOPO = 13
cZOLA = 14
cInhoudsopgave = 15
Dim xmldoc As New MSXML2.DOMDocument
Dim xmlNode As MSXML2.IXMLDOMNode
Dim index As Long
Dim xmlNodeList As MSXML2.IXMLDOMNodeList
Dim myNode As MSXML2.IXMLDOMNode
Dim strFile As String
strFile = gstrStartXML
xmldoc.async = False
xmldoc.validateOnParse = False
If Not xmldoc.Load(strFile) Then 'Indien de xml niet kon geladen worden
'MsgBox "Er kon geen internetverbinding tot stand gebracht worden ... " & vbNewLine, vbExclamation, "Internetprobleem"
mintMax = 15
gstrSAPXML = "http://ola.thomasmore.be/ola.xml"
ReDim aDocPropertyResult(mintMax)
ReDim aDocPropertyValue(mintMax)
ReDim aDocPropertyStartValue(mintMax)
ReDim aDocPropertyIndex(mintMax)
ReDim aDocPropertySection(mintMax)
aDocPropertyResult(1) = cResTitel
aDocPropertyResult(2) = cResAuteur
aDocPropertyResult(3) = cResOpleiding
aDocPropertyResult(4) = cResCluster
aDocPropertyResult(5) = cResFase
aDocPropertyResult(6) = cResOPO
aDocPropertyResult(7) = cResOLA
aDocPropertyResult(8) = cResAcademiejaar
aDocPropertyResult(9) = cResTitelkoptekst
aDocPropertyResult(10) = cResEigenaarSjabloon
aDocPropertyResult(11) = cResInstelling
aDocPropertyResult(12) = cResBladPercentage
aDocPropertyResult(13) = "ZOPO"
aDocPropertyResult(14) = "ZOLA"
aDocPropertyResult(15) = cResInhoudsopgave
aDocPropertyValue(1) = cstrTitel
aDocPropertyValue(2) = cstrAuteur
aDocPropertyValue(3) = cstrOpleiding
aDocPropertyValue(4) = cstrCluster
aDocPropertyValue(5) = cstrFase
aDocPropertyValue(6) = cstrOPO
aDocPropertyValue(7) = cstrOLA
aDocPropertyValue(8) = cstrAcademiejaar
aDocPropertyValue(9) = cstrTitelkoptekst
aDocPropertyValue(10) = cstrEigenaarSjabloon
aDocPropertyValue(11) = cstrInstelling
aDocPropertyValue(12) = cstrBladpercentage
aDocPropertyValue(13) = "OPO-code"
aDocPropertyValue(14) = "OLA-code"
aDocPropertyValue(15) = cstrInhoudsopgave
Else
For Each xmlNode In xmldoc.SelectNodes("//aantalProperties")
For Each myNode In xmlNode.ChildNodes
Select Case myNode.nodeName
Case "aantalItems"
mintMax = myNode.Text
Case "SapUrl"
gstrSAPXML = myNode.Text
Case "versie"
If cstrVersie <> myNode.Text Then
gblnNewVersion = True
End If
Case "versieLink"
gstrNewVersionLink = myNode.Text
Case "HelpUrl"
gstrHelpUrl = myNode.Text
End Select
ReDim aDocPropertyResult(mintMax)
ReDim aDocPropertyValue(mintMax)
ReDim aDocPropertyStartValue(mintMax)
ReDim aDocPropertyIndex(mintMax)
ReDim aDocPropertySection(mintMax)
Next
Next
For Each xmlNode In xmldoc.SelectNodes("//docPropertyResults")
For Each myNode In xmlNode.ChildNodes
index = CLng(myNode.Attributes.getNamedItem("index").Text)
aDocPropertyResult(index) = myNode.Text
Next
Next
For Each xmlNode In xmldoc.SelectNodes("//docPropertyValues")
For Each myNode In xmlNode.ChildNodes
index = CLng(myNode.Attributes.getNamedItem("index").Text)
aDocPropertyValue(index) = myNode.Text
Next
Next
End If
Set xmldoc = Nothing
GoTo DoRest
DoRest:
For i = 1 To mintMax
aDocPropertyStartValue(i) = aDocPropertyValue(i)
Next i
End Sub
Public Sub CustomVeldenMaken()
'Deze procedure maakt aangepaste DOCPROPERTY's aan
Dim i As Integer
With ActiveDocument.CustomDocumentProperties
On Error Resume Next
For i = 1 To mintMax
.Add Name:=aDocPropertyResult(i), _
LinkToContent:=False, _
Type:=msoPropertyTypeString, _
Value:=aDocPropertyValue(i)
Next
.Add Name:="DatumCreatie", _
LinkToContent:=False, _
Type:=msoPropertyTypeDate, _
Value:=Date
End With
End Sub
…
|
|||
vbaProject_00.bin |
vba-project | OOXML VBA project: word/vbaProject.bin | 478208 bytes |
SHA-256: 2f0b7af7082cb9c83ab2a0a71344bd862b0e985b6a869f9da1dff784570c1bac |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact contains 1 long base64-like blob(s).
|
|||
Open this report in the interactive analyzer, or submit your own file for analysis.