def main()

in cortado/rtas/ms_office_task_creation.py [0:0]

• 22 lines of code
• 1 McCabe index (conditional complexity)

def main():
    EXE_FILE = _common.get_resource_path("bin/renamed_posh.exe")
    PS1_FILE = _common.get_resource_path("bin/Invoke-ImageLoad.ps1")
    RENAMER = _common.get_resource_path("bin/rcedit-x64.exe")

    winword = "C:\\Users\\Public\\winword.exe"
    svchost = "C:\\Users\\Public\\svchost.exe"
    user32 = "C:\\Windows\\System32\\user32.dll"
    dll = "C:\\Users\\Public\\taskschd.dll"
    ps1 = "C:\\Users\\Public\\Invoke-ImageLoad.ps1"
    rcedit = "C:\\Users\\Public\\rcedit.exe"
    task = "C:\\Windows\\System32\\Tasks\\a.xml"
    _common.copy_file(user32, dll)
    _common.copy_file(PS1_FILE, ps1)
    _common.copy_file(RENAMER, rcedit)
    _common.copy_file(EXE_FILE, winword)
    _common.copy_file(EXE_FILE, svchost)

    log.info("Modifying the OriginalFileName")
    _ = _common.execute_command([rcedit, dll, "--set-version-string", "OriginalFilename", "taskschd.dll"])

    log.info("Loading taskschd.dll")
    _ = _common.execute_command([winword, "-c", f"Import-Module {ps1}; Invoke-ImageLoad {dll}"], timeout_secs=10)
    _ = _common.execute_command([svchost, "-c", f"New-Item -Path {task} -Type File"], timeout_secs=10)
    _common.remove_files([dll, ps1, rcedit, task, winword, svchost])