MALICIOUS
494
Risk Score
Heuristics 15
-
Equation Editor OLE object high OLE_EQUATION_EDITOREmbedded OLE object word/embeddings/oleObject1.bin contains the Equation Editor CLSID, the legacy component exploited by CVE-2017-11882, CVE-2018-0802, and CVE-2018-0798.
-
ClamAV: Doc.Malware.Valyria-10025240-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Doc.Malware.Valyria-10025240-0
-
VBA project inside OOXML medium 9 related findings OOXML_VBADocument contains a VBA project — VBA macros present
-
VBA property-stored shellcode loader critical OLE_VBA_PROPERTY_SHELLCODE_LOADERVBA auto-exec macro takes the address (VarPtr) of a byte buffer decoded from a document property, marks memory executable (VirtualProtect/VirtualAlloc), and transfers control through a callback API (e.g. SetTimer/EnumWindows). The payload is hidden in the document properties rather than the macro source — the SVCReady loader pattern, a native shellcode runner rather than a parser CVE.Matched line in script
Private Declare PtrSafe Function SetTimer Lib "user32" (ByVal hWnd As LongPtr, ByVal nIDEvent As LongPtr, ByVal uElapse As Long, ByVal lpTimerFunc As LongPtr) As LongPtr -
CreateObject call high OLE_VBA_CREATEOBJCreateObject callMatched line in script
Set fileSystemObject = VBA.CreateObject("Scripting.FileSystemObject") -
GetObject call high OLE_VBA_GETOBJGetObject callMatched line in script
Set result = VBA.GetObject("LDAP://" & adUserName) -
CallByName call high OLE_VBA_CALLBYNAMECallByName callMatched line in script
CallByName( _ -
VBA polls global keyboard state (keylogger) high OLE_VBA_KEYLOGGER_SPYWAREThe macro declares or calls a Win32 keystroke-monitoring API (GetAsyncKeyState, SetWindowsHookEx WH_KEYBOARD, or GetKeyboardState) to capture keystrokes system-wide. No legitimate document automation polls global key state; this is the core of a VBA keylogger, usually paired with active-window capture (GetForegroundWindow) and a log file. A high-confidence spyware behaviour independent of any download / Shell evidence.Matched line in script
' Konstanten für Tastaturfunktionen wie z. B. GetAsyncKeyState() / eWorksVBA.IsKeyPressed() -
VBA p-code auto-exec with execution tokens high OLE_VBA_PCODE_AUTOEXEC_EXECTriggers on the COMBINATION of two tokens co-occurring in the same compiled VBA/cache stream: an auto-execution entry point (Auto_Open / AutoOpen / Document_Open / Workbook_Open / Auto_Close / AutoClose) AND a shell/download/object-execution token (Shell, CreateObject, GetObject, PowerShell, cmd.exe, URLDownloadToFile, WinHttp, XMLHTTP, ADODB.Stream, ShellExecute, ExecuteExcel4Macro). Neither token alone fires it — it is the pairing that flags p-code-only or source-extraction-failure macro documents where the visible VBA source is unavailable. The matched tokens are named in the detail line below.
-
AutoOpen macro low OLE_VBA_AUTOOPENAutoOpen macroMatched line in script
Sub AutoOpen() -
Auto_Close macro low OLE_VBA_AUTOCLOSEAuto_Close macroMatched line in script
Sub AutoClose() -
Environ() call (env variable access) low OLE_VBA_ENVIRONEnviron() call (env variable access)Matched line in script
fallBackFolderName = Environ("UserProfile") & "\Desktop\" -
Embedded OLE object medium OOXML_OLE_OBJECTDocument contains an embedded OLE object
-
External hyperlinks (18) low OOXML_EXTERNAL_HYPERLINKSDocument contains 18 external hyperlinks — clickable URLs are stored as external relationships. First target: http://www.dict.cc/englisch-deutsch/gloss.html
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://www.holzhauer-pumpen.de Document hyperlink
- http://www.dict.cc/englisch-deutsch/gloss.htmlDocument hyperlink
- http://www.dict.cc/englisch-deutsch/resin.htmlDocument hyperlink
- http://www.dict.cc/englisch-deutsch/epoxy.htmlDocument hyperlink
- http://www.dict.cc/englisch-deutsch/primer.htmlDocument hyperlink
- http://www.dict.cc/englisch-deutsch/level.htmlDocument hyperlink
- http://www.dict.cc/englisch-deutsch/zinc.htmlDocument hyperlink
- http://de.wikipedia.org/wiki/OrdnungsrelationIn document text (OOXML body / shared strings)
- http://msdn.microsoft.com/de-de/library/system.icomparable(v=vs.80).aspxIn document text (OOXML body / shared strings)
- http://php.net/manual/de/function.usort.phpIn document text (OOXML body / shared strings)
- http://msdn.microsoft.com/en-us/library/windows/desktop/dd375731(v=vs.85).aspxIn document text (OOXML body / shared strings)
- http://de.wikipedia.org/wiki/Microsoft_OutlookIn document text (OOXML body / shared strings)
- http://schemas.openxmlformats.org/officeDocument/2006/relationships/imageIn document text (OOXML body / shared strings)
- http://schemas.openxmlformats.org/officeDocument/200rU�In document text (OOXML body / shared strings)
- http://php.net/manual/de/function.usort.php)�In document text (OOXML body / shared strings)
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
macros.bas |
vba-macro | oletools.olevba.extract_macros (decoded VBA source from OOXML) | 1303996 bytes |
SHA-256: 9cfd7f2eebf910b5cafe26706625ee2eeadd893faf23b318267a5fe072bd863d |
|||
Preview scriptFirst 1,000 lines of the extracted script
Attribute VB_Name = "ThisDocument"
Attribute VB_Base = "0{00020906-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True
Sub InsertAutotext(ByVal control As IRibbonControl)
' Inserts the specified text at the beginning of a range or selection.
Dim Count As Integer
Dim MyApplication As Application
Dim MyRange As Range
Dim MyTemplates As templates
Dim MyTemplate As Template
Dim MyBBEntries As BuildingBlockEntries
Dim MyCurrentEntry As BuildingBlock
Set MyApplication = ActiveDocument.Application
Set MyRange = MyApplication.Selection.Range
Set MyTemplates = MyApplication.templates
For Count = 1 To MyTemplates.Count
If MyTemplates.Item(Count).name = "hopu.dotm" Then
Set MyTemplate = MyTemplates(Count)
Exit For
End If
Next
If MyTemplate Is Nothing Then
Set MyTemplate = MyTemplates(1)
End If
Set MyBBEntries = MyTemplate.BuildingBlockEntries
Set MyCurrentEntry = MyBBEntries.Item(control.Tag)
MyCurrentEntry.Insert MyRange
End Sub
Sub WriteBuildingBlockList(ByVal control As IRibbonControl)
Dim Count As Integer
Dim MyApplication As Application
Dim MyRange As Range
Dim MyTemplates As templates
Dim MyBBEntries As BuildingBlockEntries
Set MyApplication = ActiveDocument.Application
Set MyRange = MyApplication.Selection.Range
Set MyTemplates = MyApplication.templates
Set MyTemplate = MyTemplates.Item(1)
Set MyBBEntries = MyTemplate.BuildingBlockEntries
For Count = 1 To MyBBEntries.Count
MyRange.InsertAfter (MyBBEntries.Item(Count).name)
MyRange.InsertAfter (vbNewLine)
Next
End Sub
Public Sub CustomAddresseEinfügen(ByVal control As IRibbonControl)
replaceAddress Word.Application.ActiveDocument, True, True
End Sub
Public Sub CustomSpeichereDokumentUndZähleHoch(ByVal control As IRibbonControl)
Dim f As File
Dim fol As Folder
Dim fso As fileSystemObject
Dim f_max As File
Dim doc_number As Integer
Dim doc_prefix As String
Dim doc_template As String
Dim doc_newname As String
On Error GoTo ErrHandle
doc_prefix = LCase(GetNTUserName)
If doc_prefix = vbNullString Then
MsgBox "Fehler beim Ermitteln des Benutzernamens!", vbExclamation, "Fehler"
Exit Sub
End If
Set fso = New fileSystemObject
If fso.FolderExists(DEFAULT_SAVEDIRECTORY) Then
Set fol = fso.GetFolder(DEFAULT_SAVEDIRECTORY)
For Each f In fol.files
If LCase(Mid(f.name, 1, Len(doc_prefix))) = doc_prefix And _
LCase(Mid(f.name, Len(f.name) - Len(DOCUMENT_SUFFIX) + 1, Len(DOCUMENT_SUFFIX))) = DOCUMENT_SUFFIX Then
If f_max Is Nothing Then
Set f_max = f
End If
If f.name > f_max.name And GetDocumentNumber(f.name, doc_number) Then
Set f_max = f
End If
End If
Next
If f_max Is Nothing Then
' Noch keine Dokumente für diesen Benutzer angelegt
doc_number = 1
Else
If GetDocumentNumber(f_max.name, doc_number) Then
' Gleichzeitiger Zugriff
Do Until Not fso.FileExists(DEFAULT_SAVEDIRECTORY & "\" & doc_prefix & doc_number & "." & DOCUMENT_SUFFIX)
' Schon vorhanden ...
doc_number = doc_number + 1
Loop
Else
' Irgendein Fehler aufgetreten
MsgBox "Ein Fehler ist beim Ermitteln der höchsten Dokumentnummer aufgetreten. " & _
"Der Dateiname " & f_max.name & " enthält keine gültige Indizierung!" & vbCrLf & vbCrLf & _
"ACHTUNG : Es wird mit dem Index 1 fortgefahren!", vbExclamation, "Fehler"
End If
End If
doc_template = ActiveDocument.name
' Speichern
doc_newname = DEFAULT_SAVEDIRECTORY & doc_prefix & doc_number & "." & DOCUMENT_SUFFIX
ActiveDocument.SaveAs doc_newname, _
FileFormat:=wdFormatDocument, _
LockComments:=False, _
Password:="", _
AddToRecentFiles:=False, _
WritePassword:="", _
ReadOnlyRecommended:=False, _
EmbedTrueTypeFonts:=False, _
SaveNativePictureFormat:=False, _
SaveFormsData:=False, _
SaveAsAOCELetter:=False
' Vorlage schliessen
On Error Resume Next
Documents(doc_template).Close wdDoNotSaveChanges
' Neues Dokument aktivieren
Documents(doc_newname).ActiveWindow.Activate
Else
MsgBox "Der Ordner " & DEFAULT_SAVEDIRECTORY & " zum Speichern des Dokumentes ist nicht vorhanden!", _
vbExclamation, "Fehler beim Zugriff auf den Dokumentenordner"
End If
ExitHandle:
Exit Sub
ErrHandle:
MsgBox "Ein Fehler ist beim Speichern des aktuellen Dokumentes '" & doc_newname & "' aufgetreten. " & _
"Die Fehlerbeschreibung lautet : " & Err.Description, vbExclamation, "Fehler beim Speichern!"
End Sub
Public Sub CustomDruckeArbeitsplatz(ByVal control As IRibbonControl)
SetPrinterByWordBasic defaultprinter
SetPrinterTray
ActiveDocument.PrintOut
End Sub
Public Sub CustomDruckeAufAnderenDrucker(ByVal control As IRibbonControl)
Load Form_SelectPrinter
Form_SelectPrinter.Show
SetPrinterByWordBasic defaultprinter
End Sub
Sub CustomDurchschlägeDruckenBriefe(ByVal control As IRibbonControl)
If checkForCompanyPrinterTray Then
DurchschlägeDrucken PAPER_GESCHAEFT, PAPER_DEFAULT, PAPER_DEFAULT, PAPER_DEFAULT
Else
MsgBox "Das Dokument kann nicht auf Firmenpapier gedruckt werden! " & vbCrLf & _
"Bitte verwenden Sie ein anderes Druck-Symbol!", vbInformation, DIALOGTITLE_ERROR
End If
End Sub
Sub CustomDurchschlägeDruckenRechnungen(ByVal control As IRibbonControl)
Dim i As Byte
Dim Papiersorte As TPrintPaper
' Standarddrucker setzen
SetPrinterByWordBasic defaultprinter
Selection.HomeKey Unit:=wdStory
Selection.Font.name = "LettrGoth12 BT"
Selection.Font.Size = 12
Selection.Font.Bold = True
For i = 1 To 3
Select Case i
' ORIGINALAUSDRUCK
Case 1:
Selection.InsertAfter " "
Papiersorte = PAPER_GESCHAEFT
'ERSTE KOPIE -GELB-
Case 2:
Selection.Cut
Selection.InsertAfter "1. Kopie -GELB-"
Papiersorte = PAPER_DEFAULT
'ZWEITE KOPIE -ROT-
Case 3:
Selection.Cut
Selection.InsertAfter "2. Kopie -ROT-"
Papiersorte = PAPER_DEFAULT
End Select
' Ausdruck mit gewählten Einstellungen
SetPrinterTray Papiersorte
ActiveDocument.PrintOut
Next i
' Eingefügten Text löschen
Selection.Cut
End Sub
Sub CustomDurchschlägeDruckenFaxeUndNormalpapier(ByVal control As IRibbonControl)
DurchschlägeDrucken PAPER_DEFAULT, PAPER_DEFAULT, PAPER_DEFAULT, PAPER_DEFAULT
End Sub
Private Function GetDocumentNumber(fileName As String, _
ByRef Document_Index As Integer) As Boolean
Dim i As Integer
Dim start_nummer As Integer
Dim stop_nummer As Integer
Dim c As String
On Error GoTo ErrHandle
start_nummer = -1
stop_nummer = -1
For i = 1 To Len(fileName)
c = Mid(fileName, i, 1)
If IsNumeric(c) Then
' Nummer beginnt hier
start_nummer = i
Exit For
End If
Next
For i = Len(fileName) To 1 Step -1
c = Mid(fileName, i, 1)
If c = "." Then
' Erster Punkt von rechts ist Ende von Nummer
stop_nummer = i
Exit For
End If
Next
If start_nummer <> -1 And stop_nummer <> -1 And stop_nummer > start_nummer Then
Document_Index = CInt(Mid(fileName, start_nummer, (stop_nummer - start_nummer)))
GetDocumentNumber = True
Else
Document_Index = 1
GetDocumentNumber = False
End If
Exit Function
ErrHandle:
GetDocumentNumber = False
End Function
Attribute VB_Name = "Form_InsertAddress"
Attribute VB_Base = "0{B1DB96BE-2D7B-4ADE-B5B2-1D554ADF4B0E}{3757519C-4A42-4C2E-9F47-7AD6529EA33A}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = False
' **************************************************
' * SCHAEFER Business Solutions
' *
' * Email : info@schaefer-bs.com
' * WWW : www.schaefer-bs.com
' **************************************************
Option Explicit
Private Const ROOT_KEY = "$$$ROOT$$$"
Private Const PREFIX_ADDRESS = "ADDRESS_"
Private Const ITEM_DELIMITER = "%%%"
Private tree As TreeView
Private ROOT As Node
'eWorks
Private Const MODULE_NAME = "Form_InsertAddress"
Private WithEvents meOutlookApplication As Outlook.Application
Attribute meOutlookApplication.VB_VarHelpID = -1
Private meOutlookSearchComp As Boolean
Private meOutlookResults As Outlook.Results
Private Sub CMD_Cancel_2_Click()
Unload Me
End Sub
' *****************************************************************************************
' * Doings : Abbruch
' *
' * Author : ANDREAS SCHÄFER
' * Written : 21.08.2003
' *****************************************************************************************
Private Sub CMD_CANCEL_Click()
Unload Me
End Sub
' *****************************************************************************************
' * Doings : Fügt ausgewählte Addresse ein
' *
' * Author : ANDREAS SCHÄFER
' * Written : 21.08.2003
' *****************************************************************************************
Private Function insertAddresses() As Boolean
Dim addressnode As Variant
Dim archpath As String
Dim arch As Variant
Dim addresspath As String
Dim addressindex As Long
Dim address As Variant
Dim help As Integer
On Error GoTo AddressError
' Prüfe auswahl
Set addressnode = tree.SelectedItem
If IsNull(addressnode) Or (addressnode Is Nothing) Then
MsgBox "Sie müssen eine Addresse auswählen, oder drücken Sie 'Abbruch'!", vbInformation, "Information"
insertAddresses = False
Exit Function
End If
If Left(addressnode.key, Len(PREFIX_ADDRESS)) <> PREFIX_ADDRESS Then
MsgBox "Sie müssen eine Addresse auswählen, oder drücken Sie 'Abbruch'!", vbInformation, "Information"
insertAddresses = False
Exit Function
End If
' Holen des Eintrags
help = InStr(1, addressnode.key, ITEM_DELIMITER, vbTextCompare)
addresspath = Mid(addressnode.key, Len(PREFIX_ADDRESS) + 1, help - Len(PREFIX_ADDRESS) - 1)
addressindex = CLng(Mid(addressnode.key, help + Len(ITEM_DELIMITER)))
'archpath = addressnode.Parent.Tag
Set arch = dv_account.GetArchive(addresspath) 'ArchiveFromID(archpath)
'If archpath = "" Then
'
'Else
'End If
Set address = arch.AddressBook.Item(addressindex + 1)
' Ersetze text
replaceAddress_old address.AddressItem, dv_account.User.VCard
insertAddresses = True
Exit Function
AddressError:
MsgBox "Ein Fehler ist beim Einfügen der Addresse aufgetreten:" & Err.Description
End Function
'eWorks: Einfügen des ausgewählten Kontakts ins Dokument
Private Sub CMD_Weiter_2_Click()
On Error GoTo Catch
Dim outlookContact As eWorksAddressItem
If lst_Result.ListIndex = -1 Then
MsgBox "Sie müssen eine Addresse auswählen, oder drücken Sie 'Abbruch'!", vbInformation, "Information"
Exit Sub
Else
Set outlookContact = New eWorksAddressItem
Set outlookContact.ContactItem = meOutlookResults.Item(lst_Result.ListIndex + 1)
replaceAddress_old outlookContact, dv_account.User.VCard
End If
Finally:
Unload Me
Exit Sub
Catch:
eWorksVBA.HandleError Err, MODULE_NAME, "CMD_Weiter_2_Click", True
GoTo Finally
End Sub
'eWorks: Suche mit Enter-Taste
Private Sub txt_SearchName_KeyDown(ByVal KeyCode As MSForms.ReturnInteger, ByVal Shift As Integer)
If KeyCode = vbKeyReturn Then
CMD_SearchName_Click
End If
End Sub
'eWorks: Event-Handler zur Festellung wann die Suche beendet ist
Private Sub meOutlookApplication_AdvancedSearchComplete(ByVal SearchObject As Search)
meOutlookSearchComp = True
End Sub
'eWorks: Namensuche in Outlook
Private Sub CMD_SearchName_Click()
On Error GoTo Catch
Dim outlookSearch As Outlook.Search
Dim outlookResult As Variant
Dim searchString As String
Dim scopeString As String
'Liste leeren
lst_Result.Clear
Set meOutlookApplication = New Outlook.Application
searchString = "urn:schemas:contacts:cn like '%" & txt_SearchName & "%' or urn:schemas:contacts:o like '%" & txt_SearchName & "%'" 'Suche im FullName und CompanyName
'searchString = "urn:schemas:mailheader:subject like '%" & txt_SearchName & "%'"
scopeString = eWorksOutlook.Application.Session.AddressLists.Item(CONTACT_FOLDER_NAME).GetContactsFolder.folderPath
meOutlookSearchComp = False
lst_Result.MousePointer = fmMousePointerHourGlass
lbl_SearchProgress.Caption = "Suche läuft..."
Set outlookSearch = meOutlookApplication.AdvancedSearch("'" & scopeString & "'", searchString, True, "Test")
'Warten bis Suche abgeschlossen ist
While meOutlookSearchComp = False And _
Not outlookSearch.IsSynchronous
DoEvents
Wend
lst_Result.MousePointer = fmMousePointerDefault
lbl_SearchProgress.Caption = "Suche beendet"
lst_Result.Clear
Set meOutlookResults = outlookSearch.Results
If meOutlookResults.Count = 0 Then
eWorksVBA.ShowInformation "Der gesuchte Name konnte nicht gefunden werden."
Else
For Each outlookResult In meOutlookResults
If TypeOf outlookResult Is Outlook.ContactItem Then
'lst_Result.AddItem eWorksString.ReduceStringToGerman(outlookResult.Subject, , " ,")
lst_Result.AddItem outlookResult.Subject & " (" & outlookResult.CompanyName & ")"
End If
Next outlookResult
'Workarroud, damit Listeneinträge nicht abgeschnitten werden
lst_Result.columnWidths = "1000pt"
lst_Result.columnWidths = ""
End If
Finally:
lst_Result.MousePointer = fmMousePointerDefault
lbl_SearchProgress.Caption = ""
Exit Sub
Catch:
eWorksVBA.HandleError Err, MODULE_NAME, "CMD_SearchName_Click", True
GoTo Finally
End Sub
' *****************************************************************************************
' * Doings : Schaltfläche Einfügen -> Einfügen Addresse
' *
' * Author : ANDREAS SCHÄFER
' * Written : 21.08.2003
' *****************************************************************************************
Private Sub CMD_Weiter_Click()
If insertAddresses Then
Unload Me
End If
End Sub
' *****************************************************************************************
' * Doings : Listet die Archive des gegebenen Archives auf
' *
' * Author : ANDREAS SCHÄFER
' * Written : 21.08.2003
' *****************************************************************************************
Private Sub readArchive(currentnode As Node, uncpath As String)
Dim parentarch As eWorksArchive 'Variant ' DvApi32.Archive
Dim subarch As eWorksArchive ' Variant ' DvApi32.Archive
Dim arch As eWorksArchive ' Variant ' DvApi32.Archive
Dim parentnode As Node
Dim newnode As Node
On Error GoTo ErrHandle
If currentnode.Children = 0 Then
Set parentarch = dv_account.GetArchive(uncpath) 'dv_account.ArchiveFromID(archid)
' Read addresses in parentarchive
readAddresses currentnode, parentarch
' List parentarch
For Each arch In parentarch.archives
'Debug.Print arch.ID & vbTab & arch.DisplayName
Set parentnode = tree.Nodes.Add( _
currentnode.key, _
tvwChild, _
arch.ID, _
GetParsedDisplayName(arch.DisplayName), _
"Folder")
parentnode.Tag = arch.ID
parentnode.Sorted = True
' Read addresses in archive
readAddresses parentnode, arch
' Read subarchives
For Each subarch In arch.archives
Set newnode = tree.Nodes.Add( _
parentnode.key, _
tvwChild, _
subarch.ID, _
GetParsedDisplayName(subarch.DisplayName), _
"Folder")
newnode.Tag = subarch.ID
newnode.Sorted = True
Next
Next
End If
Exit Sub
ErrHandle:
MsgBox "Auf das Archive mit dem Pfad '" & uncpath & "' konnte nicht zugegriffen werden : " & vbCrLf & vbCrLf & _
"Grund war : " & Err.Description, vbExclamation, DIALOGTITLE_ERROR
End Sub
' *****************************************************************************************
' * Doings : Listet die Addressen des gegebenen Archives auf
' *
' * Author : ANDREAS SCHÄFER
' * Written : 21.08.2003
' *****************************************************************************************
Private Sub readAddresses(archnode As Node, arch As Variant)
Dim addr As eWorksAddress 'Variant ' DvApi32.Address
Dim Count As Integer
Dim n As Node
Count = 0
For Each addr In arch.AddressBook
Set n = tree.Nodes.Add( _
archnode.key, _
tvwChild, _
PREFIX_ADDRESS & arch.ID & ITEM_DELIMITER & Count, _
addr.DisplayName, _
"Address")
Count = Count + 1
Next
End Sub
' *****************************************************************************************
' * Doings : Lädt Unterarchive und Addressen
' *
' * Author : ANDREAS SCHÄFER
' * Written : 21.08.2003
' *****************************************************************************************
Private Sub loadArchive()
Dim n As Node
Set n = tree.SelectedItem
If Not (n Is Nothing) Then
If n.key = ROOT_KEY Then
readArchive ROOT, DV_SELECTARCHIVE
Else
If Left(n.key, Len(PREFIX_ADDRESS)) <> PREFIX_ADDRESS Then
readArchive n, n.key
End If
End If
End If
End Sub
' *****************************************************************************************
' * Doings : Lädt Unterarchive und Addressen
' *
' * Author : ANDREAS SCHÄFER
' * Written : 21.08.2003
' *****************************************************************************************
Private Sub tree_Archiv_Click()
loadArchive
End Sub
' *****************************************************************************************
' * Doings : Fügt Addresse ein
' *
' * Author : ANDREAS SCHÄFER
' * Written : 28.10.2003
' *****************************************************************************************
Private Sub tree_Archiv_DblClick()
Dim addressnode As Variant
' Prüfe auswahl
Set addressnode = tree.SelectedItem
If IsNull(addressnode) Or (addressnode Is Nothing) Then
Exit Sub
End If
If Left(addressnode.key, Len(PREFIX_ADDRESS)) <> PREFIX_ADDRESS Then
Exit Sub
End If
If insertAddresses Then
Unload Me
End If
End Sub
' *****************************************************************************************
' * Doings : Lädt Unterarchive und Addressen
' *
' * Author : ANDREAS SCHÄFER
' * Written : 21.08.2003
' *****************************************************************************************
Private Sub tree_Archiv_Expand(ByVal Node As MSComctlLib.Node)
loadArchive
End Sub
' *****************************************************************************************
' * Doings : Lädt das Formular
' *
' * Author : ANDREAS SCHÄFER
' * Written : 31.08.2003
' *****************************************************************************************
Private Sub UserForm_Activate()
Dim uncpath As String
' Lade Addressen
Set tree = Me.Controls("tree_Archiv")
Set tree.ImageList = imagelist_Tree
' Verbinde zu DAVID
If DavidLogon Then
uncpath = dv_account.GetSpecialArchive(DV_SELECTARCHIVE).ID
Set ROOT = tree.Nodes.Add(, , ROOT_KEY, dv_account.Description, "Archive")
ROOT.Sorted = True
readArchive ROOT, uncpath
ROOT.Expanded = True
Else
MsgBox "Fehler beim Zugriff auf DAVID.", vbExclamation, DIALOGTITLE_ERROR
Unload Me
End If
End Sub
' *****************************************************************************************
' * Doings : Entlädt das Formular
' *
' * Author : ANDREAS SCHÄFER
' * Written : 31.08.2003
' *****************************************************************************************
Private Sub UserForm_Terminate()
DavidLogoff
End Sub
Attribute VB_Name = "Form_SelectPrinter"
Attribute VB_Base = "0{A50F87F2-0C14-49ED-A53F-6C958EB1CF4C}{24561428-0DCE-441A-8479-AEF72D36F571}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = False
' **************************************************
' * SCHAEFER Business Solutions
' *
' * Email : info@schaefer-bs.com
' * WWW : www.schaefer-bs.com
' **************************************************
Option Explicit
' *****************************************************************************************
' * Doings : Abbruch
' *
' * Author : ANDREAS SCHÄFER
' * Written : 18.08.2003 13:00
' *****************************************************************************************
Private Sub CMD_CANCEL_Click()
Form_SelectPrinter.Hide
Unload Form_SelectPrinter
End Sub
' *****************************************************************************************
' * Doings : Druckt das aktuelle Dokument aus
' *
' * Author : ANDREAS SCHÄFER
' * Written : 18.08.2003 13:00
' *****************************************************************************************
Private Sub CMD_PRINT_Click()
If Me.CMB_PRINTERS <> "" Then
On Error GoTo ErrHandle
SetPrinterTray
SetPrinterByWordBasic Me.CMB_PRINTERS
ActiveDocument.PrintOut
Else
MsgBox "Bitte wählen Sie einen Drucker aus!", vbExclamation, "Fehler"
End If
Unload Me
Exit Sub
ErrHandle:
MsgBox "Beim Versuch, auf den Drucker " & Me.CMB_PRINTERS & " zuzugreifen, ist der " & _
" folgende Fehler aufgetreten : " & Err.Description
End Sub
' *****************************************************************************************
' * Doings : Lädt das Druckerauswahl Formular und füllt das Kombinationsfeld
' * mit Werten
' *
' * Author : ANDREAS SCHÄFER
' * Written : 18.08.2003 13:00
' *****************************************************************************************
Private Sub UserForm_Activate()
Dim StrPrinters As Variant
Dim p As Long
StrPrinters = ListPrinters
If Not IsNull(StrPrinters) Then
' Drucker auswählen
For p = LBound(StrPrinters) To UBound(StrPrinters)
Me.CMB_PRINTERS.AddItem StrPrinters(p)
Next
Else
MsgBox "Leider keine Drucker verfügbar!", vbExclamation, "Fehler"
End If
End Sub
Attribute VB_Name = "Form_SelectAddresses"
Attribute VB_Base = "0{DD23CD78-894D-4F28-B973-71083F3583D0}{2E783375-064E-4553-AA58-AD1A5C492C8B}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = False
' **************************************************
' * SCHAEFER Business Solutions
' *
' * Email : info@schaefer-bs.com
' * WWW : www.schaefer-bs.com
' **************************************************
Option Explicit
Private tree As TreeView
Private ROOT As Node
Private selecteditems As Scripting.Dictionary
' *****************************************************************************************
' * Doings : Hinzufügen zur Liste
' *
' * Author : ANDREAS SCHÄFER
' * Written : 08.12.2003
' *****************************************************************************************
Private Sub CMD_ADD_Click()
Dim addressnode
' Prüfe auswahl
Set addressnode = tree.SelectedItem
If IsNull(addressnode) Or (addressnode Is Nothing) Then
MsgBox "Zum Einfügen müssen Sie eine Addresse auswählen!", vbInformation, "Information"
Exit Sub
End If
If Left(addressnode.key, Len(PREFIX_ADDRESS)) <> PREFIX_ADDRESS Then
MsgBox "Zum Einfügen müssen Sie eine Addresse auswählen!", vbInformation, "Information"
Exit Sub
End If
If Not selecteditems.Exists(CStr(addressnode.key)) Then
Me.LST_ADDRESSES.AddItem CStr(addressnode.Text)
selecteditems.Add Me.LST_ADDRESSES.ListCount, CStr(addressnode.key)
End If
End Sub
' *****************************************************************************************
' * Doings : Aus Liste entfernen
' *
' * Author : ANDREAS SCHÄFER
' * Written : 14.12.2003
' *****************************************************************************************
Private Sub CMD_DEL_Click()
Dim remindex As Integer
Dim Count As Integer
Dim i As Integer
Count = Me.LST_ADDRESSES.ListCount
remindex = Me.LST_ADDRESSES.ListIndex + 1
If remindex > 0 Then
Me.LST_ADDRESSES.RemoveItem (remindex - 1)
For i = remindex To Count
selecteditems.Remove i
If remindex < Count Then
selecteditems.Add i, selecteditems.Item(i + 1)
End If
Next
End If
End Sub
' *****************************************************************************************
' * Doings : Abbruch
' *
' * Author : ANDREAS SCHÄFER
' * Written : 21.08.2003
' *****************************************************************************************
Private Sub CMD_CANCEL_Click()
Unload Me
End Sub
' *****************************************************************************************
' * Doings : Listet die Archive des gegebenen Archives auf
' *
' * Author : ANDREAS SCHÄFER
' * Written : 21.08.2003
' *****************************************************************************************
Private Sub readArchive(currentnode As Node, uncpath As String)
Dim parentarch As Variant ' DvApi32.Archive
Dim subarch As Variant ' DvApi32.Archive
Dim arch As Variant ' DvApi32.Archive
Dim parentnode As Node
Dim newnode As Node
On Error GoTo ErrHandle
If currentnode.Children = 0 Then
Set parentarch = dv_account.GetArchive(uncpath) 'dv_account.ArchiveFromID(archid)
' Read addresses in parentarchive
readAddresses currentnode, parentarch
' List parentarch
For Each arch In parentarch.archives
Set parentnode = tree.Nodes.Add( _
currentnode.key, _
tvwChild, _
arch.ID, _
GetParsedDisplayName(arch.DisplayName), _
"Folder")
parentnode.Tag = arch.ID
parentnode.Sorted = True
' Read addresses in archive
readAddresses parentnode, arch
' Read subarchives
For Each subarch In arch.archives
Set newnode = tree.Nodes.Add( _
parentnode.key, _
tvwChild, _
subarch.ID, _
GetParsedDisplayName(subarch.DisplayName), _
"Folder")
newnode.Tag = subarch.ID
newnode.Sorted = True
Next
Next
End If
Exit Sub
ErrHandle:
MsgBox "Auf das Archive mit dem Pfad '" & uncpath & "' konnte nicht zugegriffen werden : " & vbCrLf & vbCrLf & _
"Grund war : " & Err.Description, vbExclamation, DIALOGTITLE_ERROR
End Sub
' *****************************************************************************************
' * Doings : Listet die Addressen des gegebenen Archives auf
' *
' * Author : ANDREAS SCHÄFER
' * Written : 21.08.2003
' *****************************************************************************************
Private Sub readAddresses(archnode As Node, arch As Variant)
Dim addr As Variant ' DvApi32.Address
Dim Count As Integer
Dim n As Node
Count = 0
For Each addr In arch.AddressBook
Set n = tree.Nodes.Add( _
archnode.key, _
tvwChild, _
PREFIX_ADDRESS & arch.ID & ITEM_DELIMITER & Count, _
addr.DisplayName, _
"Address")
Count = Count + 1
Next
End Sub
' *****************************************************************************************
' * Doings : Lädt Unterarchive und Addressen
' *
' * Author : ANDREAS SCHÄFER
' * Written : 21.08.2003
' *****************************************************************************************
Private Sub loadArchive()
Dim n As Node
Set n = tree.SelectedItem
If Not (n Is Nothing) Then
If n.key = ROOT_KEY Then
readArchive ROOT, DV_SELECTARCHIVE
Else
If Left(n.key, Len(PREFIX_ADDRESS)) <> PREFIX_ADDRESS Then
readArchive n, n.key
End If
End If
End If
End Sub
' *****************************************************************************************
' * Doings : Fertigstellen ... Etikett erzeugen
' *
' * Author : ANDREAS SCHÄFER
' * Written : 08.12.2003
' *****************************************************************************************
Private Sub CMD_DONE_Click()
printlabels Me.CMB_ETIKETT, Me.LeerEtiketten, Me.CMB_AFormat, selecteditems
Unload Me
End Sub
' *****************************************************************************************
' * Doings : Lädt Unterarchive und Addressen
' *
' * Author : ANDREAS SCHÄFER
' * Written : 21.08.2003
' *****************************************************************************************
Private Sub tree_Archiv_Click()
loadArchive
End Sub
' *****************************************************************************************
' * Doings : Fügt Addresse ein
' *
' * Author : ANDREAS SCHÄFER
' * Written : 28.10.2003
' *****************************************************************************************
Private Sub tree_Archiv_DblClick()
Dim addressnode As Variant
' Prüfe auswahl
Set addressnode = tree.SelectedItem
If IsNull(addressnode) Or (addressnode Is Nothing) Then
Exit Sub
End If
If Left(addressnode.key, Len(PREFIX_ADDRESS)) <> PREFIX_ADDRESS Then
Exit Sub
End If
CMD_ADD_Click
End Sub
' *****************************************************************************************
' * Doings : Lädt Unterarchive und Addressen
' *
' * Author : ANDREAS SCHÄFER
' * Written : 21.08.2003
' *****************************************************************************************
Private Sub tree_Archiv_Expand(ByVal Node As MSComctlLib.Node)
loadArchive
End Sub
' *****************************************************************************************
' * Doings : Lädt das Formular
' *
' * Author : ANDREAS SCHÄFER
' * Written : 31.08.2003
' *****************************************************************************************
Private Sub UserForm_Activate()
Dim uncpath As String
Dim doc As Document
Dim w As Window
' Lade Addressen
Set tree = Me.Controls("tree_Archiv")
Set tree.ImageList = imagelist_Tree
' Verbinde zu DAVID
If DavidLogon Then
uncpath = dv_account.GetSpecialArchive(DV_SELECTARCHIVE).ID
Set ROOT = tree.Nodes.Add(, , ROOT_KEY, dv_account.Description, "Archive")
ROOT.Sorted = True
readArchive ROOT, uncpath
ROOT.Expanded = True
Set selecteditems = New Scripting.Dictionary
' Etiketten einfügen
With Me.CMB_ETIKETT
.AddItem "Zweckform 3424"
.Value = "Zweckform 3424"
.AddItem "Zweckform 3422"
End With
With Me.CMB_AFormat
.AddItem "Normal"
.Value = "Normal"
.AddItem "Persönlich"
End With
Me.LeerEtiketten = 0
If Documents.Count = 0 Then
Documents.Add , , , True
Else
For Each doc In Documents
…
|
|||
ooxml_oleobject_00.bin |
ooxml-ole-object | OOXML embedded OLE part: word/embeddings/oleObject1.bin | 3072 bytes |
SHA-256: 622b621cb0a3aece33a0db0c13baac6c3870989c2e987d991a2a7512ec039e67 |
|||
vbaProject_00.bin |
vba-project | OOXML VBA project: word/vbaProject.bin | 4771840 bytes |
SHA-256: 7430cb258450006b88153135fe0621a88066a6b6eea0c2729a2dcb99f070decd |
|||
|
Detection
ClamAV:
Doc.Malware.Valyria-10025240-0
Obfuscation or payload:
unlikely
|
|||
Open this report in the interactive analyzer, or submit your own file for analysis.