One trick I use is to copy all of the code piece by piece, and execute it (in a sandbox or VM is safest in case you miss something!). Usually, I try to let it build whatever strings it is going to stuff into something like eval(), but don't actually eval() it. In your example code, I let it run all of the functions that return strings, and then let it build the string inside the "new Function" call (but didn't let it execute as a function). It ends up trying to execute this.
/* Original code
ewabasixqi4() + qdexed3() + xetta9() + wvybjubavfe5() + ucfydogci4() + wgocemivu2() + yzwucysol6() + hezovvug8() + vtifte6() + tiwne0() + ywcubgomi4() + oxcolcir4() + enbybnape8() + epsaco3() + wcuqifhyzoqd7() + itykcocurg2() + ykbyjoqqeza5() + ihidpu6() + yftifu0() + orqohxinr5() + upxobbi2() + rakybavfitr3() + nofylyks5() + qywji2() + cuppukcezv5() + ifvermyg0() + ebisluwluhcy1() + pebpilahj0() + fikzubvy5() + amavimuqdi7() + pasrog0() + acnuthysyw0() + ocodtawos7() + fojtetihdond0() + nzymittibzam8() + myhbaf2() + oxixyvatu9() + ybforkojh8() + lojimijk9() + apnefago4() + umnobi2() + yvexgij5() + olity9()
var ilibasp = WScript.CreateObject('WScript.Shell'); var webu4 = ilibasp.CreateShortcut('\qvertyd.lnk'); return webu4.TargetPath;
Combining this function with the following logic of the switch case, it is basically checking if the shortcut "qvertyd.lnk" exists already; if so, it doesn't run again.
You can then systematically go through the rest, executing just enough to build the function name, but not actually execute it. Here's an example of the first one.
/* Original code
abyxjablu6 = ukbumwyhku3[ltobxyqqefme4() + sekulqeqez0() + apaz3() + mode3()];
// Execute just the string building
> ltobxyqqefme4() + sekulqeqez0() + apaz3() + mode3();
/* ukbumwyhku3 = this, or the window in global scope, so this call is actually
Edited by Demonslay335, 09 October 2016 - 08:40 PM.