https://github.com/PDWR/3vilMacro

This is a easy tool for gen VBA code, and bypass most antivirus
https://github.com/PDWR/3vilMacro

Last synced: 4 months ago
JSON representation

This is a easy tool for gen VBA code, and bypass most antivirus

• Host: GitHub
• URL: https://github.com/PDWR/3vilMacro
• Owner: PDWR
• License: gpl-3.0
• Created: 2021-05-21T06:41:57.000Z (over 4 years ago)
• Default Branch: main
• Last Pushed: 2021-09-30T05:51:17.000Z (about 4 years ago)
• Last Synced: 2024-08-05T17:41:40.695Z (over 1 year ago)
• Homepage:
• Size: 8.53 MB
• Stars: 59
• Watchers: 7
• Forks: 16
• Open Issues: 3
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

• awesome-hacking-lists - PDWR/3vilMacro - This is a easy tool for gen VBA code, and bypass most antivirus (Others)

README

          
# 3vilMacro

![Github stars](https://img.shields.io/github/stars/PDWR/3vilMacro.svg)

## If you think this project helpful,Give me a start and watch, pls!

This is a tool for generating obfuscated VBA code. You can put the code to the excel Macro code , after the victim run the excel file and push the Enable content button.THis tool can use in office suite,not just excel.

The Macro Code will be different everytime

### This tool is built by Pyinstaller, and some antivirus will detect it as a virus, just ignore it. It's clean.

### If you find any problems when you using this tool, you can let me know at [Issues](https://github.com/PDWR/3vilMacro/issues).

## This tool is only for education, pls don't using for illegal oprations.

### usage：

  >***step 1:***

   >`start a CobaltStrike listen`

   >![image](https://github.com/PDWR/3vilMacro/blob/main/images/1.png)

  >**step 2:**  

   >`Using the Attacks -- Web Drive-by -- Scritped Web Delivery(S); make a web script using powershell`

   >![image](https://github.com/PDWR/3vilMacro/blob/main/images/2.png)

  >**step 3:** 

   >`copy the powershell script address, u don't need to copy the hold powershell script,just only the link on Event logs`

   >![image](https://github.com/PDWR/3vilMacro/blob/main/images/3.png)

  >**step 4:** 

   >`download the 3vilMacro.exe file from this project release, and use the powershell script address as argument, run it ,after 3 seconds, it will create a txt file`

   >![image](https://github.com/PDWR/3vilMacro/blob/main/images/20210521_154402.gif)

  >**step 5:** 

   >`make a Excel file and click the dev tools -- Visual Basic, and then click the ThisWorkBook`

   >![image](https://github.com/PDWR/3vilMacro/blob/main/images/20210521_164627.gif)

   

  ### After that, you have built a Phishing Excel File, u can send it to the Vimit, if he run it , and click the "Enable Contant", the excel Macro will run behind, and your CS server will get one message. 

  ## By the way, This Macro File will Bypass the Qihoo360, Tencent PC Manager, HuoRong. Don't put it to any virus-Check Platform.

  ![image](https://github.com/PDWR/3vilMacro/blob/main/images/20210521_172322.gif)

  

## Stargazers over time

[![Stargazers over time](https://starchart.cc/PDWR/3vilMacro.svg)](https://starchart.cc/PDWR/3vilMacro)