# Visual Basic Adversaries may abuse Visual basic (VB) for execution. VB is a programming language created by Microsoft with interoperability with many Windows technologies such as Component Object Model and the Native API through the Windows API. Although tagged as legacy with no planned future evolutions, VB is integrated and supported in the .NET Framework and cross-platform .NET Core. Derivative languages based on VB have also been created, such as Visual Basic for Applications (VBA) and VBScript. VBA is an event-driven programming language built into Microsoft Office, as well as several third-party applications. VBA enables documents to contain macros used to automate the execution of tasks and other functionality on the host. VBScript is a default scripting language on Windows hosts and can also be used in place of JavaScript/Jscript on HTML Application (HTA) webpages served to internet Explorer (though most modern browsers do not come with VBScript support). Adversaries may use VB payloads to execute malicious commands. Common malicious usage includes automating execution of behaviors with VBScript or embedding VBA content into Spearphishing Attachment payloads. Example: Here is an Example from a VBScript that Executes on the Machine and Outputs info about the User and the PC, here we have 2 options to execute CSCRIPT and WSCRIPT both work fine but one is a console output and the other is a window output CSCRIPT.EXE: ![](https://315180959-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MRh03Vwd4nuiUi3Oje7%2F-MRhAIvKacb-RzsncVfy%2F-MRhBZGDgyH9gcqNNwmb%2Fimage.png?alt=media\&token=c6d22e74-2efc-4200-a1be-020eb6c7ac96) WSCRIPT.EXE: ![](https://315180959-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MRh03Vwd4nuiUi3Oje7%2F-MRhAIvKacb-RzsncVfy%2F-MRhB_7zfSyCfSnNg3C-%2Fimage.png?alt=media\&token=b6b57916-7a1c-4f65-838d-8a38a3353065) ![](https://315180959-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MRh03Vwd4nuiUi3Oje7%2F-MRhAIvKacb-RzsncVfy%2F-MRhB_rW2SGmtuWvr66P%2Fimage.png?alt=media\&token=6e2ee697-ce11-44b0-ad35-0a1c855752b4) The user can also Double-Click and have the file execute, it will default to WSCRIPT. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://dmcxblue.gitbook.io/red-team-notes-2-0/red-team-techniques/execution/t1059-command-and-scripting-interpreter/visual-basic.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.