Browsing the interwebs, I came across the following article: Invisible Denizen: ie_unsafe_scripting metasploit module. In it I found a part which raised my curiosity:
Unfortunately, it does not allow you to directly write binary files to the file system. (You can use WScript.FileSystemObject to create a ‘text’ file that contains binary data, but this will only work if you are in an ANSI / ASCII-based version of Windows, such as us in the USA. If you’re in Japan, it apparently epicfails. No promises mine won’t do the same thing, even though I’ve tried to work around it.)
So I followed the link and was surprised to find that indeed, the naive code only works for some locales (like English or Romanian). The comments in the post also give a solution which I’ve seen in a lot of malicious scripts: using ADODB.Stream, and this clears things up.
PS. The code generated by msfpayload … V is not VBScript (which uses the old Basic syntax to open a file in binary mode), rather it is VBA (Visual Basic for Applications) which can be found in MS Office a other programs.
Image taken from hercios’ photostream with permission.