This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rule vba_hidden_from_editor { | |
strings: | |
$header_office = { D0 CF 11 E0 } | |
$has_macros = "\x0aDocument=" | |
$s1 = /\x0aDocument=.{3,1000}\x0d?\x0a\w{4,30}=(\{|"|[a-zA-Z])/ | |
$s2 = /\x0aDocument=This(Docume|Displa)[a-zA-Z](\x00.){10,}/ | |
condition: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2nd Stage Download URLs: | |
http://185.128.213.12/rol1 | |
http://185.231.155.59/rol2 | |
http://91.200.41.236/vsupdate | |
http://kupitorta.net/lsadat1 | |
http://kupitorta.net/lsadat2 | |
http://kupitorta.net/lsadat3 | |
http://zonaykan.com/lsadat1 | |
http://zonaykan.com/lsadat2 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2nd Stage Download URLs: | |
http://ami.diminishedvaluewashington.com/l2.php?vid=at1 | |
http://ami.diminishedvaluewashington.com/l2.php?vid=pec4 | |
http://ami.diminishedvaluewashington.com/loadercrypt_823EF8A810513A4071485C36DDAD4CC3.php?vid=pec3 | |
http://ami.regroups.net/loadercrypt_823EF8A810513A4071485C36DDAD4CC3.php?vid=pecdoc | |
http://casa.bruceliu.com/api?acgj | |
http://casa.bruceliu.com/api?bjzfz | |
http://casa.bruceliu.com/api?bzduh | |
http://casa.bruceliu.com/api?bzdz |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2nd Stage Download URLs: | |
http://64.44.133.144/?3mhZb5 | |
Maldoc Hashes: | |
0ba683568db6968cef83732e55dc107e5b303814ff6fe0d8403e6819cccff9a7 | |
7f505a73ed5d4101c866d127d4f4d78ff61177f30fafda720c63571014004f2e | |
2180bf02929ec2b35fc8cc9e2338aa693eca0830558c48041f9166e64c359cf8 | |
d2eee6d744a82fc20c563e71570c46492a3ce57c9a73c55a9f697fa2711f132c |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
3ae504334bf5d9582ee772796ab5132d7c43e625bd417917a65f321207693b6e | |
6041efb2c42971b0b238e372bc4e24e9f2fcd7115fa288dcf2ba31d9a1beb311 | |
db39e9aa376c10d4d4d69d88a0b8d12354e5881a42c797852157e265f984206d | |
67bcf22415ca18d00ce08beb5cb341d3cbcde882c33de6e21f1d06c81f25f059 | |
4e2cb3b9e9026049427bdfaff30f4db36aee459824f20c0bb33fec90d1359e7a | |
ab24623ffa559cb01949ae79e2f4e9e4d1901692c596bb27f20e245ecd3618ee | |
6357f2011fdf0148213f65936af40a2a0a543d15949f00eac242851a47dfd537 | |
002269e050dbfa9d4e1c6f16e1521c3f55f3c46e90d8e40fcf250f4901aecfd9 | |
d3735ecc385af4319c79e493f4fa0c83b0cc525356e1e7d66c6175a3a46b5c39 | |
c3cc342a0d331d252b8f99e2690b657aff8b313a2e1fa8fed4e1098c05c63377 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
http://adventure.kylespence.com/transfer_wise.png?bg=sp36&os=AAAA&av=AAAA | |
http://analytics.nhgreenscapes.com/404.html | |
http://analytics.nhgreenscapes.com/usflag.png?bg=sp35&os=AAAA&av=AAAA | |
http://angels.tastywienersonwheels.com/Svengali.png?bg=sp42&os=AAAA&av=AAAA | |
http://angels.tastywienersonwheels.com/cacophony.png?bg=sp42&os=AAAA&av=AAAA | |
http://angels.tastywienersonwheels.com/carte_blanche.png?bg=sp42&os=AAAA&av=AAAA | |
http://angels.tastywienersonwheels.com/caustic.png?bg=sp42&os=AAAA&av=AAAA | |
http://angels.tastywienersonwheels.com/dilettante.png?bg=sp42&os=AAAA&av=AAAA | |
http://angels.tastywienersonwheels.com/elan.png?bg=sp42&os=AAAA&av=AAAA | |
http://angels.tastywienersonwheels.com/epitome.png?bg=sp42&os=AAAA&av=AAAA |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
http://107.172.138.23/4296fff552695fa | |
http://66.55.64.191/b6d068dcce14f | |
http://66.55.64.191/b6d068dcce14f95 | |
http://crm.theberriesblog.com/999776df194d0 | |
http://crm.theberriesblog.com/999776df194d095 | |
http://dijilandscape.ca/job_description.exe | |
http://fobmasters.com/pics/veve.exe | |
http://onedrive.autotalk.com.ng/file/crypt_2_7000.exe | |
http://storage.alfaeducation.mk/file/crypt_2_7000.exe | |
https://crm.theberriesblog.com/1a7aea242fe48a4 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
8392a966b9d9f75bd7259c188667abebee2c91b7bdcc6e82a490b12484e08218 | |
8750ca737e58926ae0bae7daea211a04b2fad28b5fe582cd492a432eae924258 | |
f368f068a330347836df1007da00ae0706d6c791c307a599f14191adc920d49d | |
a880a6b7af4d7f26cab8d99cf06194165b0fdb6ec9198ac01f45293ce303f0d0 | |
bb3c835150b6d5c22975e63d778f4562db4dd2f65c0285b3af1e3721c44f816d | |
07d50b5f8dae9c3a9aeb2e5116480c59bc7ec3393a1e0ab60a6c57651f2b7349 | |
2df54f037c2d3da9cfe9d41f31c158fb93fb1fcebcb1468de6e1fd0f0cae4a47 | |
81c234bf5bf83e96e3e7ae938eec1ca8701cd226cfd1ea9df9c1248c182bc29a | |
d45b59e308f8cf86cb6df94bbecd229d2857843bd412a2adc31c4efe37c1ce09 | |
424b19580b268d14c2693bd2ecd3ee3e6eeb204f24770f1403d03c79808402d5 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2nd Stage URLS: | |
http://109.94.209.178/r3 | |
http://176.105.252.168/r1 | |
http://185.140.248.17/lt1 | |
http://185.140.248.17/lt2 | |
http://solsin.top/w1 | |
Maldoc Hashes: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
b9689d07172eb621a2c6c7441bad6301ee38100b2c903f7c9f63264be7217591 | |
442663ccd827f1d10cb0c2f87327241d77675cc60b9374b5d93bc4abdbeaed87 | |
a6e8282ebb8f59b97ce4a41375751a55190bd333a99368855f232d812badcaf3 | |
f33266fb7f2a7c056b50b23ba8fe2d7841b25e6aef1bc060f0fb2f404a261ba6 | |
7950dee7e6fd38627004ec6b4011fe605f7d491999b0fcdc1379b4502cd0e7ee | |
243e8a77c190d9154cc90571672019fc772edc139a21c8876adfd9b9a43ab0f9 | |
a8f1be02dd869cf52d5a1718fd304330968d2a07d13bd7afd195d790efa53830 | |
284cc165be2fe972108b84275c1c77be832d35cd65ed8693fa78f5fda6f1056b | |
6d745255975392550f5edc4f94373dcfb7d2a440db8029350e989550e5d28e1b | |
49de1aa07c860445d4e99e7c7c2595879c8f6ddc4211c893bec82ffe058a7bfb |
OlderNewer