Fixing 64 bit identification by User Agent

evilclippy.cs

@@ -5,7 +5,7 @@
 // Date: 20200415
 // Version: 1.3 (added GUI unhide option)
 //
-// Special thanks to Carrie Roberts (@OrOneEqualsOne) from Walmart for her contributions to this project.
+// Special thanks to Carrie Robberts (@OrOneEqualsOne) from Walmart for her contributions to this project.
 //
 // Compilation instructions
 // Mono: mcs /reference:OpenMcdf.dll,System.IO.Compression.FileSystem.dll /out:EvilClippy.exe *.cs 
@@ -445,7 +445,14 @@ static public byte[] SendFile(HttpListenerRequest request)
 		CFStream streamData = cf.RootStorage.GetStorage("Macros").GetStorage("VBA").GetStream("_VBA_PROJECT");
 		byte[] streamBytes = streamData.GetData();
 
-		string targetOfficeVersion = UserAgentToOfficeVersion(request.UserAgent);
+		string UACpu = "";
+		if (request.Headers["UA-CPU"] != null)
+        {
+			UACpu = request.Headers["UA-CPU"];
+
+		}
+
+		string targetOfficeVersion = UserAgentToOfficeVersion(request.UserAgent, UACpu);
 
 		ReplaceOfficeVersionInVBAProject(streamBytes, targetOfficeVersion);
 
@@ -459,7 +466,7 @@ static public byte[] SendFile(HttpListenerRequest request)
 		return File.ReadAllBytes(outFilename);
 	}
 
-	static string UserAgentToOfficeVersion(string userAgent)
+	static string UserAgentToOfficeVersion(string userAgent, string UACpu)
 	{
 		string officeVersion = "";
 
@@ -472,7 +479,7 @@ static string UserAgentToOfficeVersion(string userAgent)
 			officeVersion = "unknown";
 
 		// Determine architecture
-		if (userAgent.Contains("x64") || userAgent.Contains("Win64"))
+		if (userAgent.Contains("x64") || userAgent.Contains("Win64") || UACpu.Contains("64"))
 			officeVersion += "x64";
 		else
 			officeVersion += "x86";
@@ -523,10 +530,6 @@ private static byte[] ReplaceOfficeVersionInVBAProject(byte[] moduleStream, stri
 				version[0] = 0xAF;
 				version[1] = 0x00;
 				break;
-			case "2019x86":
-				version[0] = 0xAF;
-				version[1] = 0x00;
-				break;
 			case "2013x64":
 				version[0] = 0xA6;
 				version[1] = 0x00;