MALICIOUS
398
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.005 Visual Basic
T1071.001 Web Protocols
T1105 Ingress Tool Transfer
T1204.002 Malicious File
The sample is a malicious Office document containing VBA macros. The Document_Open macro is designed to execute code, likely downloading and executing a second-stage payload via WScript.Shell and CreateObject, as indicated by the 'OLE_VBA_HTTP_DROP_EXEC' and 'OLE_VBA_PCODE_AUTOEXEC_EXEC' heuristics. The document body explicitly instructs the user to enable content, a common lure for macro-based malware.
Heuristics 11
-
ClamAV: Doc.Dropper.Agent-7086161-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Doc.Dropper.Agent-7086161-0
-
VBA project inside OOXML medium 6 related findings OOXML_VBADocument contains a VBA project — VBA macros present
-
WScript.Shell usage critical OLE_VBA_WSCRIPTWScript.Shell usageMatched line in script
Set w = CreateObject("WScript.Shell") -
VBA downloads and writes a file to disk critical OLE_VBA_HTTP_DROP_EXECVBA reads an HTTP response body and writes it to disk (ADODB.Stream SaveToFile). Combined with the auto-exec/Shell paths this is a download-drop dropper even when the COM ProgIDs are built dynamically to evade keyword scanning.Matched line in script
.Write r.ResponseBody -
CreateObject call high OLE_VBA_CREATEOBJCreateObject callMatched line in script
Set w = CreateObject("WScript.Shell") -
VBA p-code auto-exec with execution tokens high OLE_VBA_PCODE_AUTOEXEC_EXECCompiled VBA/cache stream contains an auto-execution token together with shell/download/object-execution tokens. This catches p-code-only or source-extraction-failure macro documents where visible source is unavailable.
-
Document_Open macro low OLE_VBA_DOCOPENDocument_Open macroMatched line in script
Public Sub Document_Open() -
Environ() call (env variable access) low OLE_VBA_ENVIRONEnviron() call (env variable access)Matched line in script
s = Environ$(Chr(116) & Chr(101) & Chr(109) & Chr(112)) & "\" & StrReverse("exe.kj403g42") -
Macro/content-enable lure medium SE_ENABLE_LUREDocument instructs the user to enable macros or editing — a common technique used by malware droppers to bypass Office macro security settings
-
Suspicious extracted artifact medium EXTRACTED_FILE_STATIC_TRIAGEOne or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://schemas.microsoft.com/office/word/2010/wordprocessingCanvas Referenced by macro
- http://schemas.openxmlformats.org/markup-compatibility/2006Referenced by macro
- http://schemas.openxmlformats.org/officeDocument/2006/relationshipsReferenced by macro
- http://schemas.openxmlformats.org/officeDocument/2006/mathReferenced by macro
- http://schemas.microsoft.com/office/word/2010/wordprocessingDrawingReferenced by macro
- http://schemas.openxmlformats.org/drawingml/2006/wordprocessingDrawingReferenced by macro
- http://schemas.openxmlformats.org/wordprocessingml/2006/mainReferenced by macro
- http://schemas.microsoft.com/office/word/2010/wordmlReferenced by macro
- http://schemas.microsoft.com/office/word/2010/wordprocessingGroupReferenced by macro
- http://schemas.microsoft.com/office/word/2010/wordprocessingInkReferenced by macro
- http://schemas.microsoft.com/office/word/2006/wordmlReferenced by macro
- http://schemas.microsoft.com/office/word/2010/wordprocessingShapeReferenced by macro
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
macros.bas |
vba-macro | oletools.olevba.extract_macros (decoded VBA source from OOXML) | 32339 bytes |
SHA-256: be49a6922508f675e7fb00e34aefc4d60ce8a4e87f346d78dca673d3952af5b0 |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
574 of 1055 identifiers look randomly generated (e.g. 'a6wqfhp552gynsfhwndl88m8h6l8yjbipmgdsp0w') — consistent with name-mangling obfuscation.
|
|||
Preview scriptFirst 1,000 lines of the extracted script
Attribute VB_Name = "ThisDocument" Attribute VB_Base = "1Normal.ThisDocument" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = True Attribute VB_Exposed = True Attribute VB_TemplateDerived = True Attribute VB_Customizable = True Public Sub Document_Open() ajsitgxwpgx End Sub Attribute VB_Name = "zh00k1shh4n" Public Sub n3gypehwn3q() Dim orw10fqmsby As String Dim AA34onqsgn0or As String Dim n0qv2kxui0p As String Dim AA3aud25ms1n2 As String Dim fz2aeaf4axl As String Dim mpbm5nqogqv As String Dim AA2mj20xyte4b As String Dim k33igqvknoi As String Dim b0ekvxny1gz As String Dim nng5kxmi0xl As String Dim c0pgekqulei As String Dim nfufnfg2lsg As String Dim AA4suxueouoli As String Dim hj1qs2vomez As String Dim vvqyz4ukzrs As String Dim hmhbiz2fx1z As String Dim jvocub0u2ia As String Dim nyqxnuwctfq As String Dim vicu3lc243f As String Dim AA2ugg5z3hrj5 As String End Sub Public Sub l4koevaxd0i() Dim AA1l1dvhtyneb As String Dim AA31biw0gsaey As String Dim la01liyqxgq As String Dim AA2nsgpw3cfbc As String Dim g1qesxlvt1k As String Dim ko1lfcnksnz As String Dim AA2o1aik05yap As String Dim AA3kbgzovsefz As String Dim AA5bvhjup0oxw As String Dim AA5wa3mqy11y0 As String Dim wu44hgip1ts As String Dim wwg1inxixdh As String Dim fygpfq330j2 As String Dim jfd4zhbatlw As String Dim AA1kfargl0cx3 As String Dim o43skk5wdxi As String Dim AA2kyx5ito1ml As String Dim wpv20cy4lul As String Dim hwi1lka4z15 As String Dim pdrvh1cndzb As String End Sub Public Sub ufisfojfm0z() Dim n3pakiyrumf As String Dim AA5borkb3exrh As String Dim AA3qscvhxfwf5 As String Dim og0oqyybnvd As String Dim qdgse2me4vj As String Dim tid3c2wyebb As String Dim iwfmjkhxwj4 As String Dim youmhcerqf5 As String Dim hxr0ytj100r As String Dim e1k4vbdra2y As String Dim AA3liw4e2qzsr As String Dim vf13kltpbo0 As String Dim AA05x3l3avpre As String Dim qpkkgvmolma As String Dim ghmwikxlv0s As String Dim b31gtlgral2 As String Dim vqx5c2aqggg As String Dim AA5qatn12s4kc As String Dim iv1hkbvg1x0 As String Dim AA4liz20eqntm As String End Sub Public Sub AA53imhlo43yq() Dim AA4n5phnp1qb2 As String Dim z1xgtmhcfm4 As String Dim AA4vbuiu3r143 As String Dim foe3wdre54v As String Dim q3cxeqxhckn As String Dim AA05qlgnrlfss As String Dim cc2e0aplom3 As String Dim jaagdqhv334 As String Dim oooeqgpxbsd As String Dim dbby4ntncis As String Dim ycimoe0gyc2 As String Dim ioymrb0ghcf As String Dim stycxmh2a4n As String Dim i4tsrwhzojw As String Dim hvwhw4u4ul3 As String Dim qtyffgbtsi5 As String Dim pe4vere4vwh As String Dim xrdqoitno1s As String Dim fzy1kxvawtg As String Dim vqwgdk5b2ju As String End Sub Public Sub AA3c1ubnv3aik() Dim dwvkjiqxtmh As String Dim n0jhy2b50ol As String Dim ftcbkvgnluj As String Dim t02jw03onib As String Dim e54n13a334l As String Dim gl1gj0uoy42 As String Dim goyxlsfts1n As String Dim AA5n4kce0kfvl As String Dim frzcf0soad1 As String Dim a4o3i0dnngh As String Dim sehmvoynhjt As String Dim AA5n04uq5xdvn As String Dim tr1vqmw0vvc As String Dim sphzlimlyxg As String Dim zy3fmym15eh As String Dim bb53djxozs0 As String Dim AA3ftmuq1dw0i As String Dim nc2fnpov4pq As String Dim jrxi4dpzwwh As String Dim wsoceng5kmn As String End Sub Public Sub lt15otj1s0v() Dim mrulfvduue4 As String Dim opqnjwc2kst As String Dim ts2c32vlagu As String Dim de11lujqoss As String Dim AA52ghf32y40y As String Dim in1nyyih3se As String Dim sjkyti3nz1w As String Dim lp5npgtbvnh As String Dim bsti2golcay As String Dim qqifshll113 As String Dim wpaanm4flyx As String Dim ow1dfeg4trb As String Dim t32k5retija As String Dim rea3an4hume As String Dim avgt34rdvhb As String Dim zrnttddvyci As String Dim vbhtn03szye As String Dim AA0xiwqkunxz0 As String Dim cm53wjgyzto As String Dim fvbk2rdrt21 As String End Sub Public Sub abg3fe1hup5() Dim hhpolyfkpuv As String Dim hajozwquite As String Dim fwl40dbkvyw As String Dim kolcfojbgyo As String Dim AA5yvjk5owtyr As String Dim ypfl4gqssil As String Dim vcoguztfql1 As String Dim AA521rdg44bfl As String Dim q2fbez1tnvt As String Dim qsqci4xae32 As String Dim xr2de5cwt4d As String Dim l43oqnfgodh As String Dim AA1fz3rekpel3 As String Dim AA0kohlrcuotq As String Dim q2mxeqt5rz2 As String Dim nvutio1oyzm As String Dim vds05i4bbxf As String Dim xwdcnxohzmt As String Dim sg45bfjnv0e As String Dim po2we1d0efj As String End Sub Public Sub y0ii2actz0w() Dim y0ipfb2lxcc As String Dim qagoi1c1uev As String Dim calybqorkp2 As String Dim qzl2ozf2oxb As String Dim coyvnrjbumj As String Dim AA0mmai2nxf4v As String Dim kqp53i4bkta As String Dim sfgoyr4iysl As String Dim skfvoko4znk As String Dim hzdxxthn4sq As String Dim AA3taa2ibpi5d As String Dim nvoibhjwzxr As String Dim j1bj3ayg1p4 As String Dim qlaf2b5pauv As String Dim t5wgii50moa As String Dim z4n3smlbwqy As String Dim rqd31htlyoo As String Dim mvbdx3c0zmv As String Dim qyxsm4sq23j As String Dim qdtjrxy44nt As String End Sub Public Sub glay223xtiw() Dim fkvgby1iwgr As String Dim AA5rdyaj2hdve As String Dim AA5tgnridql0k As String Dim AA1220ltndk5r As String Dim er2zayrqgmj As String Dim AA0fwy0dm2iwe As String Dim dxrqa3imgab As String Dim apyym3uxxtx As String Dim v3mzuey1rr0 As String Dim rbwxiv1wtkj As String Dim x1fpjfybd5c As String Dim ob51axodinr As String Dim dgh2zcyqhob As String Dim zrmqdgjtuv1 As String Dim pvbbscmi3mx As String Dim j10sqxp1j4r As String Dim noagp5ruvd1 As String Dim xpq3tzzlvw5 As String Dim yovrksi0ckl As String Dim aktyhgzz3vr As String End Sub Public Sub yxdxtnvoaeq() Dim gtxopm1waxp As String Dim hmrkejconld As String Dim bygp25ryahu As String Dim ze4swjuaxi1 As String Dim uyjprpg2rjv As String Dim AA5305z0velvh As String Dim ajtsk54z2oz As String Dim AA5hcg4zlhxs3 As String Dim jdz4zgeykjs As String Dim vljepsebedi As String Dim gjpeay2bxwe As String Dim AA3slyi52j3nu As String Dim sd055ywuz1d As String Dim xr4k1lti43p As String Dim m4p2ocjhal1 As String Dim AA3f5liuwlrsd As String Dim xl4k1nc2wjv As String Dim cq2mxet3mnk As String Dim AA0ysw3jpgava As String Dim wimgcrsiqli As String End Sub Public Sub xcy4stybaka() Dim p3gcawqwr4d As String Dim lfijbw1sb1g As String Dim AA5nabpp0buto As String Dim hpvmctretqc As String Dim knhf5jwlrpt As String Dim AA5jly5zkttco As String Dim xprrp4cdcad As String Dim okgqrmi5hmv As String Dim jb1vgscrf3u As String Dim kgxje2lzltn As String Dim mc5cajp3zxl As String Dim eswdx0my2ab As String Dim h0hdvhmtxsp As String Dim xzlk4aqpxo3 As String Dim ngezfwztmt5 As String Dim AA5n2tbpnwany As String Dim zxlxluyco5h As String Dim jqepktl1hac As String Dim AA32f4nucmxp5 As String Dim t4dd5i13ucp As String End Sub Public Sub zsqs3stwt5f() Dim qoekagw40cc As String Dim hxvypltzrtv As String Dim mcjqpmtmwrb As String Dim dlez4izol2j As String Dim q1ke2xxist2 As String Dim jybtogymndp As String Dim luq3pbyrjsn As String Dim vvffxzfa54x As String Dim tajmhgug0sh As String Dim AA4uk412rhwky As String Dim AA5c2fun2ppw3 As String Dim gaalhf2jpmf As String Dim m3ayjbog3j4 As String Dim AA55d1vinwvmq As String Dim AA4emzx2ady03 As String Dim AA30a5ujvnvxh As String Dim sb2mnlgoi5h As String Dim mtuvsy0d52r As String Dim kfif32ri1jk As String Dim AA10z0umopyel As String End Sub Public Sub rcbxw5bfcpi() Dim evuvhhwfdbb As String Dim fdr22i4vvbx As String Dim wvqfrcebq3e As String Dim xxgzickhtdz As String Dim ps12rry0op2 As String Dim lywvcgobf14 As String Dim l0qd1jzvsid As String Dim mj2hzrnpzny As String Dim khjljfiaovs As String Dim m3ehhpickfp As String Dim mfci33dvhlg As String Dim ziu5dyluxoa As String Dim AA20efiq5t0bl As String Dim b20sqwpd0ee As String Dim urrl4yyayu0 As String Dim AA51o0b04krln As String Dim AA5c2chawbbgq As String Dim AA40gmskfnvsv As String Dim aac31yj1ua4 As String Dim AA3ijqipovm14 As String End Sub Public Sub jjp33m1ks5d() Dim flehhpphgl1 As String Dim n5fmiqec4bg As String Dim bqp3ddgsrep As String Dim glu1v33jcc5 As String Dim z2c0dexcop3 As String Dim p3zrsupaump As String Dim ejv5oylugrl As String Dim lepg4oej3uw As String Dim ttk2onu1ono As String Dim aqryyl0mrpj As String Dim AA1sm5ca2hliv As String Dim s0vq5vmzqrc As String Dim fj5ts3xjrk5 As String Dim AA03gq1ivsngx As String Dim AA1cgnvw1ks15 As String Dim gqwfwg10t4r As String Dim hoou12boskw As String Dim ddmawaryhug As String Dim AA3vwiwzyqchi As String Dim okpxqkjadzg As String End Sub Public Sub umn2zd2ze0a() Dim x5pexxqzkvc As String Dim AA23fk2rtqg0m As String Dim zrgjjabnmic As String Dim ceein3vvk2r As String Dim uvrvc2y3glj As String Dim AA5hrchwdzlny As String Dim idqb2wvml2e As String Dim luy1zqnvrv5 As String Dim AA5ojk3onty00 As String Dim AA3pezivjscd5 As String Dim zdenvypwpsm As String Dim rftyu1mqqwc As String Dim jsmjqlqsfhu As String Dim AA2hsirlb44ge As String Dim bl30z3awiy2 As String Dim AA4oozdx31oht As String Dim s54slkn2ehv As String Dim yfs4mmosawg As String Dim kxyf4xv24sn As String Dim e5ssofyvh2c As String End Sub Public Sub AA3uhmfdttmeg() Dim ch4nzezpjwe As String Dim sy2wkzp4h2k As String Dim xjv1gbmbkfw As String Dim AA1ywiuibgtgg As String Dim AA2uux4o4q2jo As String Dim nylzvxkh1hl As String Dim AA1giofzzwqe4 As String Dim yksrty3tnkd As String Dim ybsbpciscc1 As String Dim rw3baf23mwi As String Dim AA5renkpuiml4 As String Dim AA5hannx32b4q As String Dim AA3ug1s0d2ryo As String Dim mqympocdefm As String Dim xk05ijcjgrs As String Dim sujhaupsc1l As String Dim wott2zfrlc1 As String Dim ybcqwytp4qw As String Dim xklvynnbpcy As String Dim m4u5g5c0rif As String End Sub Public Sub d15lcaoglq4() Dim dkaxfsokkxn As String Dim el11jrtwc2w As String Dim ohurlklr4ug As String Dim tacovv505y5 As String Dim AA53hm2sid3sc As String Dim AA5cftyn54ege As String Dim kccphqst3cg As String Dim b4caqwllnde As String Dim AA50pzsca0uzq As String Dim kzv2chmabtb As String Dim AA25mk2oeg2jm As String Dim frsftbfzuqb As String Dim yroixp33unp As String Dim tjjg414o2ng As String Dim ef5kqbkgn5o As String Dim AA1s23l0sa023 As String Dim vcrsopprwm2 As String Dim izbbprfqv4h As String Dim cqio3bj4yxt As String Dim AA2t1py5btfyg As String End Sub Public Sub nbhwe0pewvx() Dim pog3wxfljbw As String Dim ut4a0wwucdn As String Dim jy4twz0hy3e As String Dim dnlgj2av31w As String Dim lsgmcglde4u As String Dim dquzt2t2xba As String Dim gp54ww3hmlj As String Dim i1qcx20pfu0 As String Dim h3bapak3euo As String Dim nbzpioswyoi As String Dim AA1lhpkp5hlfa As String Dim xcv0yolnp12 As String Dim cmyty3fu4uo As String Dim fgwzmgk1s2q As String Dim j0yhxjk0do2 As String Dim ov1xclvx3q0 As String Dim x2s5ohu2wnd As String Dim io1zaz1zwre As String Dim AA1wpqxxx4ugj As String Dim lb32tmhiyhl As String End Sub Public Sub xbjqtqhs02n() Dim ayjvasxiko2 As String Dim AA1mxkrrsf3pa As String Dim jd0kfbw2x5j As String Dim AA5kq44usaofi As String Dim fnol2vpm5v2 As String Dim AA3s5lxlxxnwe As String Dim AA3r5ndoanaen As String Dim mx2gaiti0dz As String Dim kjcljfaqzs0 As String Dim yywh21pz5ie As String Dim ehogn3kk3br As String Dim axyidraz0u1 As String Dim AA0fwnwmymb2x As String Dim AA3aqiiidfrbp As String Dim c0uzlij2i0b As String Dim ujterzdsnuu As String Dim AA0b52qj5gmfm As String Dim m44sygrh5pv As String Dim xgicewwkuev As String Dim AA5jd2fywhajn As String End Sub Public Sub AA2vobfdmio3r() Dim x4cdnrvtqga As String Dim o1hplg3tvyr As String Dim svg5yqztq21 As String Dim AA4owj5jwro04 As String Dim lzc3z1ury1e As String Dim AA1uizkd3xjsg As String Dim q0pebsdqd1a As String Dim jzaiw0ci3xb As String Dim grt2suziijo As String Dim AA3md0wlsiqmf As String Dim xkplpj52tvd As String Dim ih5gne5z40u As String Dim cbzxbhsitjx As String Dim kt2g2okiwf1 As String Dim cxubjgapt5t As String Dim s3d0aqlr2e3 As String Dim b1r31lj12gt As String Dim i1pkrgyohzk As String Dim apbu1l11ji3 As String Dim kvqdj5wctrx As String End Sub Public Sub cmgbkan5zsy() Dim cye0v2yrl0n As String Dim dgvrgb0jlh0 As String Dim uufct3j25jy As String Dim pakv4xpgzyh As String Dim xtwfhulw5zj As String Dim t00a0z1wiao As String Dim mgckxd5iak2 As String Dim AA2rwbrwe2nyg As String Dim l2oytkaa02h As String Dim yqjjnvn42pb As String Dim pz52s4ukajw As String Dim g3iopkybsi1 As String Dim wekaid5azbi As String Dim bhn3vpr5lvb As String Dim ukswlamccny As String Dim AA5nn4sv51oax As String Dim o454fhpvy1k As String Dim qddrrae01ye As String Dim ztbkow2msr2 As String Dim AA2yd3zrqvxd3 As String End Sub Public Sub u03mv4y2s1k() Dim viviilbsznz As String Dim sauvdxqxxoc As String Dim d0ht0na1lyo As String Dim tihqk5qmg1l As String Dim r2novx1mpyl As String Dim gcbqjce30e3 As String Dim ldff0fttpmc As String Dim jeed5y3n21v As String Dim skhafj1jhb3 As String Dim ghs0u5gvtpt As String Dim m4wetqg0hnk As String Dim fhrhxz54dne As String Dim yh0qxt40arb As String Dim wckjf3voxe1 As String Dim xovvjh42fdl As String Dim AA5ale3y01yut As String Dim rjyklo51c3l As String Dim st0v2zetuk0 As String Dim apljz3prbk3 As String Dim aqaw21jrfxu As String End Sub Public Sub wo5snnve355() Dim q2xaungoj25 As String Dim AA1vbdnjag2xd As String Dim gwfqflhcha1 As String Dim AA1zfqns1woym As String Dim bzc2hgrpofa As String Dim e0hocf3muxd As String Dim xnanyhsxyss As String Dim y0ztgvergbq As String Dim ubwukavhz4u As String Dim x0j4ikvyg2o As String Dim hrcwcgjx23d As String Dim t3corjlqwli As String Dim jviqoykauzo As String Dim bpzhjo1w3s5 As String Dim d4rvxswkvjq As String Dim udpijsvq5hw As String Dim AA32xanxlfcbp As String Dim qkfv3h12qy0 As String Dim yeamuahpmsh As String Dim AA231maq5v5qv As String End Sub Public Sub AA3ltyjnfvjze() Dim wzqpwsfmawc As String Dim mtorrukxp01 As String Dim bkkxkzr2ifa As String Dim sfjkxxbkr1h As String Dim bra0cbcabpu As String Dim adk254kduej As String Dim ylbwdrbfifh As String Dim AA2p1yofl4tgj As String Dim ecmb1l5m24j As String Dim r40y25bwtgh As String Dim taedlfgqcil As String Dim AA2gwledsil5t As String Dim AA3hvzuxioo0t As String Dim malwiogfeab As String Dim vfbi3o5eldd As String Dim vla0sp1114f As String Dim ivoiiqbvy5e As String Dim u2rweimnzmr As String Dim y53d13bspbl As String Dim uglva5loaw3 As String End Sub Public Sub pp5qrkjc45n() Dim mm2knhqd3dz As String Dim zylkwvmlb15 As String Dim qtpwt4lp3so As String Dim e0eybum4d3n As String Dim g1i5oltegls As String Dim ztcou5ouwmk As String Dim axhrecmtqmy As String Dim AA5qfrzeftfxd As String Dim b5qkw4jcuyj As String Dim dhwxutyb43x As String Dim y15kuf0q3rd As String Dim AA5ekleyzrjzg As String Dim sie03osvw0v As String Dim hric3mzgo30 As String Dim r4nygkqqtkr As String Dim vtaqrtiisrl As String Dim qsfngpg5d5v As String Dim oh4hqdemayg As String Dim bv4mncaaqqd As String Dim cubc54ddkab As String End Sub Public Sub xjrqvuwhllw() Dim eizmle1oya0 As String Dim ihmq1looqg1 As String Dim scqjrok0s3y As String Dim y4jzecsbsoq As String Dim yybnf2h0oko As String Dim wde1rzv0swe As String Dim rqalvgd4xsg As String Dim vxtthyijaxd As String Dim AA5mp2s4vohpy As String Dim oybzltkbiiw As String Dim petuzspp3ex As String Dim lynnsqqrfov As String Dim asdjnqpy4vh As String Dim lo12qkttypd As String Dim ln53uqgkfhw As String Dim ore3qrgmpv3 As String Dim psmynwwqs0p As String Dim hiesl3vzx5q As String Dim AA10go0eodwli As String Dim ycgwukddxai As String End Sub Public Sub cippjctfvmt() Dim oafrzyjvhvi As String Dim adxj1bf1vzb As String Dim tj4ral0kybd As String Dim j14gjkrbb3t As String Dim lewqftxliqi As String Dim uunkgop1wjh As String Dim o5t2odyxc2x As String Dim fst3fgp34dq As String Dim e0fytxuz41a As String Dim deha4ixjpxk As String Dim f5g1zpxr3dg As String Dim AA4wttwza0npn As String Dim mi1xcv54qvk As String Dim kdszoglqmgp As String Dim AA2xfxeijnmrs As String Dim k1boqmpm34y As String Dim unjachvqdte As String Dim afn2utpofrx As String Dim fa5gtuiy4uo As String Dim AA42qz24cl1hb As String End Sub Public Sub c23t4cvgyzj() Dim AA0ov35z33tnr As String Dim t1vxgincyfo As String Dim jsrcfvs2m2h As String Dim ddpgn04crky As String Dim lyquyr2tdpa As String Dim enwtbmjfvlo As String Dim xube4cxpkqd As String Dim c5ykfbuau5e As String Dim AA0oea3zvy01l As String Dim AA0qbov45njv2 As String Dim wlfae2kwj1p As String Dim oum3fioafpo As String Dim iuoqv2xxs4s As String Dim qbbmmvehwmb As String Dim AA0e31f5zptmk As String Dim AA4racrhgo2vo As String Dim wr2mw1tdwse As String Dim AA3oyxklnesdt As String Dim AA3araujjkery As String Dim wyawplxtqeb As String End Sub Public Sub b24odqfkyzy() Dim ej5dqaque5o As String Dim owkvikn25r4 As String Dim olmmysixc4n As String Dim gnsndcqfwsg As String Dim gabzrxb0z24 As String Dim xpczbz4ptbr As String Dim dekwhrwkrid As String Dim AA3zyrmqcqcux As String Dim vosjfoilvvh As String Dim AA5faohv0cx2y As String Dim dsuxzmej5jn As String Dim nsppx0sw422 As String Dim ptgpmwgyakd As String Dim qrkgnxgwd2d As String Dim ul1cqahand0 As String Dim od5l4lhgazk As String Dim h1hlpfl4cjk As String Dim cgppyg2mmum As String Dim cnjlbajfjjc As String Dim AA1pcciexbrvb As String End Sub Public Sub ipk0spk0zzf() Dim hwahur0yd1y As String Dim wmmm451bt0n As String Dim jgytful02wf As String Dim AA1km4pch1csn As String Dim AA0nizmxp0zwd As String Dim AA3j2zvbv42xt As String Dim bopjbtsodt0 As String Dim cvebkocmcqk As String Dim v00tkx31tts As String Dim xem0n1o33wn As String Dim chsd4ejg0ed As String Dim oz1fioxhpln As String Dim p1uzxoz1iot As String Dim h0yj2vbq1td As String Dim zfboyshjgtl As String Dim iwbpvl0n1w3 As String Dim d0qqxht3ce0 As String Dim AA3dh011xziu1 As String Dim mm0dn0nxzsy As String Dim eim4qlnhlp3 As String End Sub Public Sub of14pyc1cnp() Dim hboizmjb21l As String Dim zypysxvh2yd As String Dim AA0mjqjbgiwj0 As String Dim AA3j0yqojuloa As String Dim AA55ueeiep5y4 As String Dim AA2iojebbezcr As String Dim vrhtpuvjywf As String Dim smjegexxkfg As String Dim wd2ckk4isdo As String Dim hh3tqrfxfks As String Dim AA4cfkazn4kri As String Dim AA5aig4cyrctz As String Dim nfpxvy5n1im As String Dim n0udx3mku3b As String Dim AA2fuq5bf0ffn As String Dim ogseusllqsq As String Dim zp5yijbkd4y As String Dim AA5m53beav2ik As String Dim nq2iljyqhj2 As String Dim AA5q0lqnsqbw1 As String End Sub Public Sub srohue2unpm() Dim x5eojy5hieq As String Dim joydhxuo55z As String Dim mjgsubtebqz As String Dim AA2y5dkufnzpv As String Dim jzoqietzkzp As String Dim eumgml443ix As String Dim m4zz4t0acck As String Dim tjr3xvoclqd As String Dim AA35q5jlpdkys As String Dim vnmmqsoy42q As String Dim dikq11rqhns As String Dim janjbajcbuh As String Dim o4rlf1dssve As String Dim kc4xh5yh4el As String Dim pwl3j05mhsm As String Dim AA5a1khhqaucm As String Dim apisaxcqvau As String Dim AA5g3yhedyo4f As String Dim pmuvnvztpjc As String Dim rmegam5pzxe As String End Sub Public Sub n4f5hqfbveh() Dim AA54xzknmj0zh As String Dim dyytukpyowf As String Dim eicjme0pdyj As String Dim AA3vovtax1yno As String Dim rhferxgjd5t As String Dim zr1sizjhdav As String Dim ipvgeb5expx As String Dim qyfy3h5cnlh As String Dim ondfxt3kobz As String Dim d0eydoom43k As String Dim ng2z4njtufb As String Dim va2chiqqmco As String Dim fzvdn45p1uh As String Dim AA1svag03jx5i As String Dim AA02pd2fc1ruu As String Dim yvj3amjc1fk As String Dim gkg53axsw0g As String Dim vryyx0slian As String Dim hii0rpm3hro As String Dim pgktxmcbp3j As String End Sub Public Sub vjbjrltvtsp() Dim m5wu3kgnoce As String Dim AA34ebobuxxa0 As String Dim zfuqlfui3wy As String Dim AA3x15iq2yrem As String Dim AA5pnvks2iigr As String Dim n450uvbyhmy As String Dim ttysxzxoebq As String Dim fldcam3lzrh As String Dim hqtfgpiaqxr As String Dim htlkyukmd50 As String Dim qphj0jxnjsp As String Dim o1c4miki022 As String Dim AA4pjb2whvmm4 As String Dim menucf3p54j As String Dim AA5ny0req0qgc As String Dim jokaeygtpfp As String Dim zdewvoahquy As String Dim AA3vnohvjlmwc As String Dim AA5ec3cmtv1br As String Dim sfikhghancq As String End Sub Public Sub adtxs1towmh() Dim qkfjonywj4j As String Dim qq2asps5qef As String Dim u4xowzwv4bt As String Dim vnicim1f1od As String Dim AA2rpedlnz23p As String Dim hqzctbzgumd As String Dim bejqrypehed As String Dim qfopnrum1ca As String Dim AA34wzdg0mu5b As String Dim mon2y4cvui2 As String Dim jqip4zcuwkp As String Dim htygh31hmst As String Dim AA0eigwsel1hi As String Dim f50jlz0qtgm As String Dim AA1gxjg0zibj4 As String Dim wodjsxcbz2x As String Dim aac01o45aul As String Dim jcihaz1s4ba As String Dim h4xhcstscxd As String Dim dv4nqjg1heh As String End Sub Public Sub AA04fool0dnt3() Dim AA0ed5jq1s3ed As String Dim AA4d3wdd0r43z As String Dim betv1deoenu As String Dim wcwlt5n04nt As String Dim AA3qrwarpqqq5 As String Dim ubpgcm04kis As String Dim xcyc2ubyabv As String Dim AA4xhxajgnttr As String Dim gopzg3wdbzm As String Dim p2mf2r0av3w As String Dim v5ndhbg4snp As String Dim mbng4hmxjr3 As String Dim ouc1445irnh As String Dim AA3j4sz35xqr4 As String Dim kbzcj0kvuv4 As String Dim e5rlhrezwea As String Dim mebbmi1maec As String Dim AA2hltcgcxjhv As String Dim txvmjyjaiiw As String Dim zhhzywzv4j0 As String End Sub Public Sub wq5syf20q2z() Dim lbfnae3ny1k As String Dim etat1kgmcyg As String Dim ctubtyx0wbo As String Dim kq0vr2o2pe0 As String Dim gbvsegqxmiz As String Dim djrsc3ynfvp As String Dim tavxqgn3eym As String Dim trfwcivw2jp As String Dim oppqynponpr As String Dim bkvijah2ju4 As String Dim q5idejj3lmb As String Dim ge54km3zps5 As String Dim qzreaicehgc As String Dim AA2wgilxlz1ou As String Dim AA5mpsihkxacy As String Dim fn2fe10mq1f As String Dim ctyftxmsrgu As String Dim bavof1os3g2 As String Dim q0nqaf5ihtz As String Dim tggidrfg03k As String End Sub Public Sub t5dlkvol411() Dim xbl0nspy2kl As String Dim ekgvxvefzqc As String Dim oyndhncx2gn As String Dim s5wpc4ytswy As String Dim ln34erwkphk As String Dim ey5twzlcnxl As String Dim fwpzfnxkuvd As String Dim iukpjpowtzz As String Dim AA4pgctuedj0m As String Dim AA3q2gkk1xde5 As String Dim actckzhmrt1 As String Dim ch4lzkdtwhl As String Dim poo1tofzdub As String Dim AA3ddssfno2jc As String Dim dz0sdw3xump As String Dim o5yhatrx1cz As String Dim m1lw0eewgcu As String Dim gymzeinpand As String Dim xc20rv22ogw As String Dim zjrnutihpyy As String End Sub Public Sub dekvnrsltue() Dim b2qf3uqepxt As String Dim jbw2nrs3ixd As String Dim AA0mgwfqxsryv As String Dim m3qa5m0hacs As String Dim crqlakhsyvg As String Dim rp1erqt5ydi As String Dim AA5bpddu4y2qj As String Dim gdvtofodk5h As String Dim AA2zxskazxobg As String Dim pdigrsvj0dx As String Dim e01yuhqgryp As String Dim a0xmh4jem5g As String Dim cqnzmglfreb As String Dim a4hydlgxliu As String Dim nmfawgctvij As String Dim AA5pv3p05crfw As String Dim vgziarrlse2 As String Dim k2v3jejiy2l As String Dim qdprqjyj1yv As String Dim mdj0mksabxe As String End Sub Public Sub zpjpwobxsjy() Dim AA04owah042ky As String Dim blsefvlagnr As String Dim kon51k0pft0 As String Dim AA1l1qovhw5yz As String Dim AA5tmz05j3bll As String Dim AA0y0rz5tbdod As String Dim l34objvw0wb As String Dim ljpjbmmxvec As String Dim fqgraf5clti As String Dim ba50w0uabiz As String Dim AA2ybkijyzwp1 As String Dim bcl4d1v1gnb As String Dim fi2irjn20ee As String Dim lzqiwn32okj As String Dim arm1ip0yr1m As String Dim AA4ot5cdhpk4h As String Dim AA0wcjo0vjkvd As String Dim sh3lhkuynbg As String Dim uyja5ydovse As String Dim uegsba2zzdh As String End Sub Public Sub f3pg02lehau() Dim ylpsojplplh As String Dim alda2fmgu0w As String Dim iwfrvqp0hgf As String Dim AA02vvodvn4fp As String Dim ggesbduhs3b As String Dim AA32ywernbzzy As String Dim a45ws0oqs1x As String Dim g1hdxubpz4j As String Dim gg0nqd1yaoi As String Dim ozunb24kj2c As String Dim ivejodwdbzi As String Dim ozfqwtbquhh As String Dim lyuskz0f5mi As String Dim AA2ii5yb5njlv As String Dim msqnqrzz2na As String Dim zeh1mx1uama As String Dim AA1vnily5c2uv As String Dim tvm0g1qb2d3 As String Dim AA2kze2ot1u5t As String Dim ejabkwqvqit As String End Sub … |
|||
vbaProject_00.bin |
vba-project | OOXML VBA project: word/vbaProject.bin | 102400 bytes |
SHA-256: 3c18acd5d1b9bd90e243dde61a6169565620ffd9cbf9627617d47c82b1647314 |
|||
|
Detection
ClamAV:
Doc.Dropper.Agent-7086161-0
Obfuscation or payload:
unlikely
|
|||
Open this report in the interactive analyzer, or submit your own file for analysis.