Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- // #MalwareMustDie - A Guidance to crack JS/Code -
- // encoded w/ /*Encrypt By ooo.transs.net's JSXX 0.44 VIP*/
- // I saw some malicious JS used this so this is a knowledge -
- // to share...
- //
- // @unixfreaxjp#FreeBSD 9.1 /usr/../malware]$ date
- // Sat Dec 22 02:03:58 JST 2012
- // found this script in the korean site:
- www.axia.co.kr/pdf/index.html"
- // in the end nothing malicious in it but the method used in this file itself.
- // Allow me to share as guidance how to crack an obfuscated encrypted JS/Code
- /*-------------start----------------*/
- // download PoC:
- --2012-12-22 01:36:12-- h00p://www.axia.co.kr/pdf/index.html
- Resolving www.axia.co.kr (www.axia.co.kr)... 14.63.214.119
- Caching www.axia.co.kr => 14.63.214.119
- Connecting to www.axia.co.kr (www.axia.co.kr)|14.63.214.119|:80... connected.
- GET /pdf/index.html HTTP/1.1
- Referer: http://www.google.com/search?youtube
- User-Agent: Mozilla/4.0 (compatible; MSIE 6.1; Windows XP)
- Accept: */*
- Host: www.axia.co.kr
- Connection: Keep-Alive
- HTTP request sent, awaiting response...
- ---response begin---
- HTTP/1.1 200 OK
- Content-Length: 11910
- Content-Type: text/html
- Last-Modified: Thu, 20 Dec 2012 04:35:31 GMT
- Accept-Ranges: bytes
- ETag: "52b5e0716bdecd1:1ba4"
- Server: Microsoft-IIS/6.0
- X-Powered-By: ASP.NET
- Date: Fri, 21 Dec 2012 16:36:03 GMT
- 200 OK
- Length: 11910 (12K) [text/html]
- Saving to: `index.html'
- 2012-12-22 01:36:12 (124 KB/s) - `index.html' saved [11910/11910]
- // found the very suspicious JS in the script below....
- <script type="text/javascript">
- var DxMpMnC5="1"+"1"+"1";
- var NHrLn1="";
- var expires=new Date();
- expires.setTime(expires.getTime()+24*60*60*1000);
- DxMpMnC5="0";
- document.cookie="EmIyqVO6=Yes;path=/;expires="+expires.toGMTString();
- lbBWGl6="1";delete lbBWGl6;try{lbBWGl6+="0"+"0"+"0"+"0"+"0"+"0"+"0"+"0";}catch(e){var SlcV0="1";VzxUwHC2 = eval}xItECj8=unescape;Afxsg7="E3F19BCCF4F3829DFFDB96C1909DD9F6BBFB9184F3C68CE0BDD1ADDFE394C0F0EBF0C6F0EFFCD3F395A097A083E45AB984B45EA3C0B759B781BD5DF58DA1598F99952C8190906B9F5F81768919CE3A9247CE28DD02F9048E5C8A329B2E92724A2152274B6D4C6B5E635D56196945435A7A5E6F5377524B2D626B156275644F23373F370246675D794B692C6404722970573A6268427D69787574624C5E08684B5040724C3B012C214C5A7A422357705A63554740365C424C6353520A72364E6A7021474B4944442D362E192B1804357B467F637059637828487A6A7D527D7033446D60484F0932091D0C2F24494E7743644C7849394141477B506D577811494F62457771496F422068295561792A175A0E7A60550B6D6C290F276D2921186779423E6C2705216022596C7F5A124E744827527D112D0132070C24663F0F464C46344644487E5F605065164C30673A6A2F446847666D6F5864442F12570B771D50066869340A3A2B2C3C1D6F7D15336D70577B6F47451F664A310E364C2A457E4E665723476B43193A004A2B31675D0A173A58412D72225678263D07332E340D28042E1E6B496226714E6878291F233328023127604A3C2347554E6B455A5C2F15731E271F740C3D162357705A635547403505160A3F0C1B69333C53643F235C6F7F60537D23380A3C133A0C2D012B6376447F64744B6D3A24022C382D0734252C315A1D2F494466092446764961493C0C24554F567D58415778174B4F755C5824512D55287D2B402A3B6348764C63482D0D314D044F612A764D762F61597271720938383C03130745534C754724087D4F2D4D715A3C0C2C103E3F2B5F6F1E0D5D62544D5F7546117F247401742E6613253D645669456659731B367039193F753A0D6F7E3719706975517A6E6707223F160D1322076701364C2A457E4E6657220E370612043B1E0F36044027357550402777271C6168635E6D6861072A667256557767723E406021361519097F5D76637D5232684F5E453206794B7D4C234C504328487A5446486F1A6458424B781A1C31055B442E77214B6A642147406F75456C7D704F6C0B2B5B62536C613D097974615F2F2B365C766733436F6D4F48523E4B5A513B506D4C60482204273C0E554F567D58415778174A52744402206431552B7C065C6B706610614F68586B40237B0322734918497E7273107F633A1C326E71567A6C46441E2C1777162518640C3F0E66417356645659083407120A3D0A001E6D420D6A722D5F2278224D3F20320F3712371D2D032B2660476B2477552D3F260727362B1C3B76631937694C53477343391B2B1A701B291C22093813615C4C536B535E05330A1F0F220F076A1B49490D1067596A7A655E26437A5D644F7A272D087C0C4D4D756F5107366D6C513E302D3047604A5A457706214773497B0E5C5F6D547E50424C5B1644504953215F472160330D7F1A4E546E7565566131765E7D627D4B7F4E6F36654E39226D46746B745276646B15312E494F55601F100A7B462C076C5F61436F422A5F4541274C0A5C745C0A142B3026267B2F54247C6B476768434C72526F5E7F506F682C4A60663E0E656E6F5F637C734E726066517F624F5D4D7D50620F2E274E4D7640654F791C765755777D4257536F4F5D5B391C5E2B376E13257628526F7C6A406243724C6207227A0223682A7D497266394272725A416F78765B6A7A4615017054630B341C71133806392214576950575A6F5952156C544E463C5E5E33732D564372695A603663556646695A251D01486D271A23785D71237154382F34517365445B44771803152418721B370A600C7C5F6D547E507F0A1E093C08170C261C573C3368482B79205265633D0A342935083B032F192D40622D754A75782B122432290329213D4B612C095C4E7E415E416C157E182D1D331F3C172211475A6651455D7407150C250D1C713D683D4F63483E65736C5C6744285D78476229784D3366686A7B55211E7C757D162104145F7163465D463F452F427017664D7640651F2A00361C66596752444E795B4A553F5D41236631137D144C526C736758630F74587F647F357D406D3067483B206F58766976547466691B332C4B4957621D6E0879442A056E5D63416D40285D4743254E085E765E081629322424792D56617E2E45616A454E7C50615C7952696A32487E64380C636C615D6D7E754C746258534160495F4B7F5E60012C214C4B745E67517B1A745157797F4C55556D495F253B625C2D35681162746F50697E6C426C417C4E640524781C21766F7B4B746037407C7C5C43697E48595464401707765A61053A1A34153E183F3C2A516756515469575C13725248383A2040357D2B5041746B546208615364406B242713034E6F2118647A43732573523A217957706943585A2D1B7111251A720A3F082149725C6153454E370B140D3D0A19171C34564F1F345034390E644E7C4F0A271C274A624B6F2E7807612465447463635E65286E467E785E5E7A605713577D6B2E507359064A694A2A06253E0C5A4417227F77766F7719117B514A266E0C54283D6D456D7B240C2F0B28002C0B3D6B1D206B4B1E4A7B606D5F7D6968186B79494E452706026B5162076B430C25407A4370597B0920574F4B625C1D044E7812032B741F6927700744363006412E28793A6630123D173573246D25392C6B2C373E136E617943753106091120021F4D714024416C10271F2C01230F1C45694745542C57495075005428752E5D24772942226A635473453B1C2D4C7E347E12216B7D437D2F6242776B694734677B4C31740C595A74017E1A654B364B740E6F4F705738504F167F57494F680709196651542D603B583C712F4D6A7C6C54664E6B4B2C1B37316E5B6E283343726F720C646F3B437A666A5C222E045E4C7C402D467F5220496F5E6B08200F765250566717485A635E175D611F58227A36573D3A2701302623043452694C6D4B2C2C7147757B576150463844796B6953212B0759566A160E1521503A506F0201437554754631576B55504B2C061B4C6E4E4A2D332E4E297279527378695E737A254D684F7C5A30072A14624260333B4565633E0D252752755749626F1F320C04281E544E237D417348113B7F3C2A52675B40586817494F73554537717C12126B2C453132684861023D310043652E6A496A6A714376642B1275737F062A382C4066755A12657E48245063042746785D720C263F0F554E586D5741147E5F5D7F654A5F2B7737452331644D6A7C6C54664E6B4B290929297B5D7F7F3C027C6D781F63747A5B687931577A7A0C440D775F24053F1048217D406C4B7F57284047434B43524967595F4B77170C2178611E226D6F4F6B6B7D53724A61466547632F71457C3036072F0E1255776978577825535F544E504A567A4A375C7204645F72122F127C5B69534F596241425E7A4D42623A7B224E702B5D657A6519767A717A7D577B566F52792639097373370337332D0B3B21263A17684E58547D4051513A4B2C4D6103615D6C546A55635D615940116B5646597159057A194B4D4812383908796E4B63006F5A2A0C6D2F604C6F206A102F30210026323A123C297957706943585A2F1B7111251A740314247A2317446440017E587B44763E1A141E665743267A351F2878305C647C7756750F724E6E574A266A477B6B67425F6D605465457A467E22360212044A5B033A6F106A776776057341664A667C601B055A795E431B381C031F2C1F03723F4E387B170A526B7D71576D4C7C107B5465367502327A5B6C5E465B66386470576F78495E1D284752577A4C781056687F6F2304331D2F0033710E093A7C16114D0F6E793E701F7C277175352238733C2C221B7E4A6D4B651A2A71211B36207D4A7C637147242F2F072D2B1F075171575E48344722447D1078447D5E69504F597E155258604C4D00301A443560310A6A372A5B6D32764A674E754F244A6F34215120216A49353F2A4077777B593A677F557B3040520267472C537017640D6E417841684B6C48495F715F4455605B46526719137E6523432774665B627066047448274B6A497E24320928267C43746E76586E6379406A633807237E424F427F072F467B4E7849690F744E7246630E02103D031E1C30075A5E605E436378225F65274379405B244C694E7D5B31062B257F447474241F263628052E295B59726F514B0E6C485F57600F7C14674D344D76106D5172513A55515B635151592F4A4A2C662512643034664B4A6A5530316F4B6E04370322684F095468453E37062E09134E1402785B6E692C315A1D2F584A7A4D224D364C724E745872541D1778606E68675B1D137A4D4B632F4C3A22772B5063782C5B694463012843652E6A1A3E7520192236201E516A74506B78305B726C514F002A2B4A417A44204B7D00724B69737146535F6B43515F25185157705140237A2E476435645D77697303280E6852640B7F336E477C363D4376763848396363503923243415694C534773436F54735F045F6E5D6B4D6B47631B005564150A1979545350674647397E2A4A697B6F5B6571684C2A0B33330641632C744B7468674B60426C466A6E7E43686E0818536606120670472C4F7B4D2F557E52764176162E0F2E326C5749586E58053376346E3063365A636E75522D3D67482B0F2B08391F2F6A2A261B647A4C60697C5D6D267F5879750F5A516040514157412A457C05674272556555090E053F5934064425376D30262478325565634C3908152D120B2A0F556C0C44087C646075490B7F607C5F6422470927382F18382B02726A636A2E174E0D294377417309400E380101102F166B727F76470F4A195F2763656C7A247505333D251F276F4F4F474B3A1A284E602B774C77254A0D2A2629022B2364341507475240674A244962053259735B6743701B240F4B5A6D1755496D064B555C4F1D6D6534543E265C196D7363042A0B3333062F7F27647E792B7141617730107C687F43716E4E4E0E7856575076442C004B0E7A49765266543F436E5057503609170C2F544E2974285B7927644073783C566F51750827507E59331B511F3E4E7C62704B2B583B1A222A31052D3C11121A1D2F365819234A4C745E6556113B0D1B0F38023C52587E19606C5D5C6072347C1032712B506D6B2C5667566F5B6B506532205D7D21606D7564784438717578757E7B4A5D6C51590A381D4D2C1C43220A3106497F505349010F5F67524042425C01197C4D44273574166F3978152E2C2A457B094F6C464447722140612176555C643F167A7572503B3D38103F300310123B0E615C1B214C4F754C77427B5D721D554563434357601308037B595C227B26127368630B575D4C5D795830106452612E2E164C697D48666275572625350D110129472D052D5B48604D624171046E644A7D627C2C1A6E5A475D7377411428515829766017633E640D2136301E2539231B214D684964406C377E593F75664A67457E56777C335E736844436E760D18727D4727466F5E20634811311F111221151A192108011D361B0C697A20462C7F24406D6E2C5A744F714F6F564621604F7B2575493C687854737D5552322E755739240202023C17690F6E274E237D41625B70576B460F417B5F515F6154011C2D574B30742F54666A34563E5979515E706C0D254D7F2C631733193C447570765C7238391C20071530620329340C3D5A4C2D6B264F101725664A7256725602615C42656B38002735765A4226622612744D475C6B51720F332F025A694A6936750A5107706F62534100230A16527967454E452F6D494E616C061A2C214C487E5C66447A146E7776404A60110702364F257F255B2137154B515E4461612F3E3603476C5368536863604043764C1E2E0913577C647843782C497A6C52705E152F24494D7D416559791177574F7C5170160201334C587C5858243414402A59314D612939350C4463506F506F60574146354456233A1B3A726076516E6C3E4A54676C04191C2C2443794F304F396F67566E5532092C3C6D53495F795F094D59537B732E4F3B227C2A507778236F7D59524A4366397A02236B207F4867673775404C787159792D02120447584F775324076E62316E59453A14133962564E527E52067A7E5D5D5A5008154E1C27576C7F7453244847785C543A05012C68277C4F6423345C725B775B5B64290D1101445F4C6A505B045559095F27174B267F556F556B5127796C405F731F0702364F257F255B21372976695A7661302408316D46655A79422D1A4066794A4277203F14397D6D715269690150476670091E1923274C744874483C737C7F450433382E5D69554D49751D4023561677292E7E39087867546354631C594869163E13034E76497E64625536766D706D7F6B5028362F3646744A2552700A266752633715103861574D537D53056D64694E4647791E7918485523752341663D6B7A6F4A3606062F6F24634C7B2033757A526F022C0B11517E667A4D7A2E4D7A47464D0C152D264F4F7F43675B7B13756B415A780F1D36045F4F53774B4B635902444179330D0914605F64477C5B2C527506496B227D1924706674576C623C435E6C4C7313342934407644275C720C37474F694D5272043C39295C6E5442486A1C4D0F600947024F72080C1175457C644654654F6C5C79606C31734A76653D062E797A526D6B751F78255A462C1A";VVuCP6="function tWGjoOv5(){AAdAvPY2=Math.PI;YQMhJWX5=Math.tan;IwjrDD2=parseInt;iCUxAX6='length';MOxTK8='test';VCBTv2='replace';QxPEEVd0=IwjrDD2(~((AAdAvPY2&AAdAvPY2)|(~AAdAvPY2&AAdAvPY2)&(AAdAvPY2&~AAdAvPY2)|(~AAdAvPY2&~AAdAvPY2)));qkRvY1=IwjrDD2(((QxPEEVd0&QxPEEVd0)|(~QxPEEVd0&QxPEEVd0)&(QxPEEVd0&~QxPEEVd0)|(~QxPEEVd0&~QxPEEVd0))&1);/*Encrypt By ooo.transs.net's JSXX 0.44 VIP*/hAMBUa0=qkRvY1<<qkRvY1;new function(){sHmV1=VzxUwHC2('1Qe4dG*]6zY^k8vb]#&,m8$[x_GD3a]Nj5dsn7[F[8cu[S34Rlc]4r;idpDt='[VCBTv2](/[^v@0el9a]/g,''));};try{if(!\/^\\d*$\/g[MOxTK8](sfoIYE2));}catch(e){sfoIYE2=QxPEEVd0;}UpoAtyc5='';YiHqVz1=String[xItECj8('%6'+'6%72%'+'6F%6D%4'+'3%68%61'+'%72%4'+'3%6F%64'+'%65')];for(rJjN8=QxPEEVd0;rJjN8<VVuCP6[iCUxAX6];rJjN8-=-qkRvY1)sfoIYE2=((sfoIYE2&127)<<25)|((sfoIYE2&4294967168)>>>7)+VVuCP6.charCodeAt(rJjN8);mEhAwV5+=qkRvY1;sfoIYE2>>>=0;for(rJjN8=QxPEEVd0,ApfweB7=qkRvY1;rJjN8<Afxsg7[iCUxAX6];rJjN8+=hAMBUa0,ApfweB7++){if(rJjN8>=(1<<3)){BxNe1=rJjN8%(1<<3);}else {BxNe1=rJjN8;}kfvU6=IwjrDD2('0x'+sfoIYE2.toString(qkRvY1<<4).substr(BxNe1,2))+ApfweB7;if(\/^(\\d{4})\/g[MOxTK8](kfvU6+744))kfvU6%=71;UpoAtyc5+=YiHqVz1(IwjrDD2(QxPEEVd0+xItECj8('x')+Afxsg7.charAt(rJjN8)+Afxsg7.charAt(rJjN8+IwjrDD2(qkRvY1)))^kfvU6);}try{new function(){sHmV1(UpoAtyc5);}}catch(e){try{new function(){rfXoiCc5=parseInt;YQMhJWX5(UpoAtyc5);}}catch(e) {window.location='.';}}}try{VzxUwHC2('tWGjoOv5();')}catch(e) {try{mEhAwV5=QxPEEVd0;VzxUwHC2('tWGjoOv5();');}catch(e){alert('ere');}}";DWJcDBs2 = VzxUwHC2(VzxUwHC2);DWJcDBs2(VVuCP6);
- </script>
- // too noisy.. cant read well..made it better formatted :
- var DxMpMnC5="1"+"1"+"1";
- var NHrLn1="";
- var expires=new Date();
- expires.setTime(expires.getTime()+24*60*60*1000);
- DxMpMnC5="0";
- document.cookie="EmIyqVO6=Yes;path=/;expires="+expires.toGMTString();
- lbBWGl6="1";
- delete lbBWGl6;
- try
- {
- lbBWGl6+="0"+"0"+"0"+"0"+"0"+"0"+"0"+"0";
- }
- catch(e)
- {
- var SlcV0="1";
- VzxUwHC2 = eval
- }
- xItECj8=unescape;
- Afxsg7="E3F19BCCF4F3829DFFDB96C1909DD9F6BBFB9184F3C68CE0BDD1ADDFE394C0F0EBF0C6F0EFFCD3F395A097A083E45AB984B45EA3C0B759B781BD5DF58DA1598F99952C8190906B9F5F81768919CE3A9247CE28DD02F9048E5C8A329B2E92724A2152274B6D4C6B5E635D56196945435A7A5E6F5377524B2D626B156275644F23373F370246675D794B692C6404722970573A6268427D69787574624C5E08684B5040724C3B012C214C5A7A422357705A63554740365C424C6353520A72364E6A7021474B4944442D362E192B1804357B467F637059637828487A6A7D527D7033446D60484F0932091D0C2F24494E7743644C7849394141477B506D577811494F62457771496F422068295561792A175A0E7A60550B6D6C290F276D2921186779423E6C2705216022596C7F5A124E744827527D112D0132070C24663F0F464C46344644487E5F605065164C30673A6A2F446847666D6F5864442F12570B771D50066869340A3A2B2C3C1D6F7D15336D70577B6F47451F664A310E364C2A457E4E665723476B43193A004A2B31675D0A173A58412D72225678263D07332E340D28042E1E6B496226714E6878291F233328023127604A3C2347554E6B455A5C2F15731E271F740C3D162357705A635547403505160A3F0C1B69333C53643F235C6F7F60537D23380A3C133A0C2D012B6376447F64744B6D3A24022C382D0734252C315A1D2F494466092446764961493C0C24554F567D58415778174B4F755C5824512D55287D2B402A3B6348764C63482D0D314D044F612A764D762F61597271720938383C03130745534C754724087D4F2D4D715A3C0C2C103E3F2B5F6F1E0D5D62544D5F7546117F247401742E6613253D645669456659731B367039193F753A0D6F7E3719706975517A6E6707223F160D1322076701364C2A457E4E6657220E370612043B1E0F36044027357550402777271C6168635E6D6861072A667256557767723E406021361519097F5D76637D5232684F5E453206794B7D4C234C504328487A5446486F1A6458424B781A1C31055B442E77214B6A642147406F75456C7D704F6C0B2B5B62536C613D097974615F2F2B365C766733436F6D4F48523E4B5A513B506D4C60482204273C0E554F567D58415778174A52744402206431552B7C065C6B706610614F68586B40237B0322734918497E7273107F633A1C326E71567A6C46441E2C1777162518640C3F0E66417356645659083407120A3D0A001E6D420D6A722D5F2278224D3F20320F3712371D2D032B2660476B2477552D3F260727362B1C3B76631937694C53477343391B2B1A701B291C22093813615C4C536B535E05330A1F0F220F076A1B49490D1067596A7A655E26437A5D644F7A272D087C0C4D4D756F5107366D6C513E302D3047604A5A457706214773497B0E5C5F6D547E50424C5B1644504953215F472160330D7F1A4E546E7565566131765E7D627D4B7F4E6F36654E39226D46746B745276646B15312E494F55601F100A7B462C076C5F61436F422A5F4541274C0A5C745C0A142B3026267B2F54247C6B476768434C72526F5E7F506F682C4A60663E0E656E6F5F637C734E726066517F624F5D4D7D50620F2E274E4D7640654F791C765755777D4257536F4F5D5B391C5E2B376E13257628526F7C6A406243724C6207227A0223682A7D497266394272725A416F78765B6A7A4615017054630B341C71133806392214576950575A6F5952156C544E463C5E5E33732D564372695A603663556646695A251D01486D271A23785D71237154382F34517365445B44771803152418721B370A600C7C5F6D547E507F0A1E093C08170C261C573C3368482B79205265633D0A342935083B032F192D40622D754A75782B122432290329213D4B612C095C4E7E415E416C157E182D1D331F3C172211475A6651455D7407150C250D1C713D683D4F63483E65736C5C6744285D78476229784D3366686A7B55211E7C757D162104145F7163465D463F452F427017664D7640651F2A00361C66596752444E795B4A553F5D41236631137D144C526C736758630F74587F647F357D406D3067483B206F58766976547466691B332C4B4957621D6E0879442A056E5D63416D40285D4743254E085E765E081629322424792D56617E2E45616A454E7C50615C7952696A32487E64380C636C615D6D7E754C746258534160495F4B7F5E60012C214C4B745E67517B1A745157797F4C55556D495F253B625C2D35681162746F50697E6C426C417C4E640524781C21766F7B4B746037407C7C5C43697E48595464401707765A61053A1A34153E183F3C2A516756515469575C13725248383A2040357D2B5041746B546208615364406B242713034E6F2118647A43732573523A217957706943585A2D1B7111251A720A3F082149725C6153454E370B140D3D0A19171C34564F1F345034390E644E7C4F0A271C274A624B6F2E7807612465447463635E65286E467E785E5E7A605713577D6B2E507359064A694A2A06253E0C5A4417227F77766F7719117B514A266E0C54283D6D456D7B240C2F0B28002C0B3D6B1D206B4B1E4A7B606D5F7D6968186B79494E452706026B5162076B430C25407A4370597B0920574F4B625C1D044E7812032B741F6927700744363006412E28793A6630123D173573246D25392C6B2C373E136E617943753106091120021F4D714024416C10271F2C01230F1C45694745542C57495075005428752E5D24772942226A635473453B1C2D4C7E347E12216B7D437D2F6242776B694734677B4C31740C595A74017E1A654B364B740E6F4F705738504F167F57494F680709196651542D603B583C712F4D6A7C6C54664E6B4B2C1B37316E5B6E283343726F720C646F3B437A666A5C222E045E4C7C402D467F5220496F5E6B08200F765250566717485A635E175D611F58227A36573D3A2701302623043452694C6D4B2C2C7147757B576150463844796B6953212B0759566A160E1521503A506F0201437554754631576B55504B2C061B4C6E4E4A2D332E4E297279527378695E737A254D684F7C5A30072A14624260333B4565633E0D252752755749626F1F320C04281E544E237D417348113B7F3C2A52675B40586817494F73554537717C12126B2C453132684861023D310043652E6A496A6A714376642B1275737F062A382C4066755A12657E48245063042746785D720C263F0F554E586D5741147E5F5D7F654A5F2B7737452331644D6A7C6C54664E6B4B290929297B5D7F7F3C027C6D781F63747A5B687931577A7A0C440D775F24053F1048217D406C4B7F57284047434B43524967595F4B77170C2178611E226D6F4F6B6B7D53724A61466547632F71457C3036072F0E1255776978577825535F544E504A567A4A375C7204645F72122F127C5B69534F596241425E7A4D42623A7B224E702B5D657A6519767A717A7D577B566F52792639097373370337332D0B3B21263A17684E58547D4051513A4B2C4D6103615D6C546A55635D615940116B5646597159057A194B4D4812383908796E4B63006F5A2A0C6D2F604C6F206A102F30210026323A123C297957706943585A2F1B7111251A740314247A2317446440017E587B44763E1A141E665743267A351F2878305C647C7756750F724E6E574A266A477B6B67425F6D605465457A467E22360212044A5B033A6F106A776776057341664A667C601B055A795E431B381C031F2C1F03723F4E387B170A526B7D71576D4C7C107B5465367502327A5B6C5E465B66386470576F78495E1D284752577A4C781056687F6F2304331D2F0033710E093A7C16114D0F6E793E701F7C277175352238733C2C221B7E4A6D4B651A2A71211B36207D4A7C637147242F2F072D2B1F075171575E48344722447D1078447D5E69504F597E155258604C4D00301A443560310A6A372A5B6D32764A674E754F244A6F34215120216A49353F2A4077777B593A677F557B3040520267472C537017640D6E417841684B6C48495F715F4455605B46526719137E6523432774665B627066047448274B6A497E24320928267C43746E76586E6379406A633807237E424F427F072F467B4E7849690F744E7246630E02103D031E1C30075A5E605E436378225F65274379405B244C694E7D5B31062B257F447474241F263628052E295B59726F514B0E6C485F57600F7C14674D344D76106D5172513A55515B635151592F4A4A2C662512643034664B4A6A5530316F4B6E04370322684F095468453E37062E09134E1402785B6E692C315A1D2F584A7A4D224D364C724E745872541D1778606E68675B1D137A4D4B632F4C3A22772B5063782C5B694463012843652E6A1A3E7520192236201E516A74506B78305B726C514F002A2B4A417A44204B7D00724B69737146535F6B43515F25185157705140237A2E476435645D77697303280E6852640B7F336E477C363D4376763848396363503923243415694C534773436F54735F045F6E5D6B4D6B47631B005564150A1979545350674647397E2A4A697B6F5B6571684C2A0B33330641632C744B7468674B60426C466A6E7E43686E0818536606120670472C4F7B4D2F557E52764176162E0F2E326C5749586E58053376346E3063365A636E75522D3D67482B0F2B08391F2F6A2A261B647A4C60697C5D6D267F5879750F5A516040514157412A457C05674272556555090E053F5934064425376D30262478325565634C3908152D120B2A0F556C0C44087C646075490B7F607C5F6422470927382F18382B02726A636A2E174E0D294377417309400E380101102F166B727F76470F4A195F2763656C7A247505333D251F276F4F4F474B3A1A284E602B774C77254A0D2A2629022B2364341507475240674A244962053259735B6743701B240F4B5A6D1755496D064B555C4F1D6D6534543E265C196D7363042A0B3333062F7F27647E792B7141617730107C687F43716E4E4E0E7856575076442C004B0E7A49765266543F436E5057503609170C2F544E2974285B7927644073783C566F51750827507E59331B511F3E4E7C62704B2B583B1A222A31052D3C11121A1D2F365819234A4C745E6556113B0D1B0F38023C52587E19606C5D5C6072347C1032712B506D6B2C5667566F5B6B506532205D7D21606D7564784438717578757E7B4A5D6C51590A381D4D2C1C43220A3106497F505349010F5F67524042425C01197C4D44273574166F3978152E2C2A457B094F6C464447722140612176555C643F167A7572503B3D38103F300310123B0E615C1B214C4F754C77427B5D721D554563434357601308037B595C227B26127368630B575D4C5D795830106452612E2E164C697D48666275572625350D110129472D052D5B48604D624171046E644A7D627C2C1A6E5A475D7377411428515829766017633E640D2136301E2539231B214D684964406C377E593F75664A67457E56777C335E736844436E760D18727D4727466F5E20634811311F111221151A192108011D361B0C697A20462C7F24406D6E2C5A744F714F6F564621604F7B2575493C687854737D5552322E755739240202023C17690F6E274E237D41625B70576B460F417B5F515F6154011C2D574B30742F54666A34563E5979515E706C0D254D7F2C631733193C447570765C7238391C20071530620329340C3D5A4C2D6B264F101725664A7256725602615C42656B38002735765A4226622612744D475C6B51720F332F025A694A6936750A5107706F62534100230A16527967454E452F6D494E616C061A2C214C487E5C66447A146E7776404A60110702364F257F255B2137154B515E4461612F3E3603476C5368536863604043764C1E2E0913577C647843782C497A6C52705E152F24494D7D416559791177574F7C5170160201334C587C5858243414402A59314D612939350C4463506F506F60574146354456233A1B3A726076516E6C3E4A54676C04191C2C2443794F304F396F67566E5532092C3C6D53495F795F094D59537B732E4F3B227C2A507778236F7D59524A4366397A02236B207F4867673775404C787159792D02120447584F775324076E62316E59453A14133962564E527E52067A7E5D5D5A5008154E1C27576C7F7453244847785C543A05012C68277C4F6423345C725B775B5B64290D1101445F4C6A505B045559095F27174B267F556F556B5127796C405F731F0702364F257F255B21372976695A7661302408316D46655A79422D1A4066794A4277203F14397D6D715269690150476670091E1923274C744874483C737C7F450433382E5D69554D49751D4023561677292E7E39087867546354631C594869163E13034E76497E64625536766D706D7F6B5028362F3646744A2552700A266752633715103861574D537D53056D64694E4647791E7918485523752341663D6B7A6F4A3606062F6F24634C7B2033757A526F022C0B11517E667A4D7A2E4D7A47464D0C152D264F4F7F43675B7B13756B415A780F1D36045F4F53774B4B635902444179330D0914605F64477C5B2C527506496B227D1924706674576C623C435E6C4C7313342934407644275C720C37474F694D5272043C39295C6E5442486A1C4D0F600947024F72080C1175457C644654654F6C5C79606C31734A76653D062E797A526D6B751F78255A462C1A";
- VVuCP6="function tWGjoOv5(){AAdAvPY2=Math.PI;YQMhJWX5=Math.tan;IwjrDD2=parseInt;iCUxAX6='length';MOxTK8='test';VCBTv2='replace';QxPEEVd0=IwjrDD2(~((AAdAvPY2&AAdAvPY2)|(~AAdAvPY2&AAdAvPY2)&(AAdAvPY2&~AAdAvPY2)|(~AAdAvPY2&~AAdAvPY2)));qkRvY1=IwjrDD2(((QxPEEVd0&QxPEEVd0)|(~QxPEEVd0&QxPEEVd0)&(QxPEEVd0&~QxPEEVd0)|(~QxPEEVd0&~QxPEEVd0))&1);/*Encrypt By ooo.transs.net's JSXX 0.44 VIP*/hAMBUa0=qkRvY1<<qkRvY1;new function(){sHmV1=VzxUwHC2('1Qe4dG*]6zY^k8vb]#&,m8$[x_GD3a]Nj5dsn7[F[8cu[S34Rlc]4r;idpDt='[VCBTv2](/[^v@0el9a]/g,''));};try{if(!\/^\\d*$\/g[MOxTK8](sfoIYE2));}catch(e){sfoIYE2=QxPEEVd0;}UpoAtyc5='';YiHqVz1=String[xItECj8('%6'+'6%72%'+'6F%6D%4'+'3%68%61'+'%72%4'+'3%6F%64'+'%65')];for(rJjN8=QxPEEVd0;rJjN8<VVuCP6[iCUxAX6];rJjN8-=-qkRvY1)sfoIYE2=((sfoIYE2&127)<<25)|((sfoIYE2&4294967168)>>>7)+VVuCP6.charCodeAt(rJjN8);mEhAwV5+=qkRvY1;sfoIYE2>>>=0;for(rJjN8=QxPEEVd0,ApfweB7=qkRvY1;rJjN8<Afxsg7[iCUxAX6];rJjN8+=hAMBUa0,ApfweB7++){if(rJjN8>=(1<<3)){BxNe1=rJjN8%(1<<3);}else {BxNe1=rJjN8;}kfvU6=IwjrDD2('0x'+sfoIYE2.toString(qkRvY1<<4).substr(BxNe1,2))+ApfweB7;if(\/^(\\d{4})\/g[MOxTK8](kfvU6+744))kfvU6%=71;UpoAtyc5+=YiHqVz1(IwjrDD2(QxPEEVd0+xItECj8('x')+Afxsg7.charAt(rJjN8)+Afxsg7.charAt(rJjN8+IwjrDD2(qkRvY1)))^kfvU6);}try{new function(){sHmV1(UpoAtyc5);}}catch(e){try{new function(){rfXoiCc5=parseInt;YQMhJWX5(UpoAtyc5);}}catch(e) {window.location='.';}}}try{VzxUwHC2('tWGjoOv5();')}catch(e) {try{mEhAwV5=QxPEEVd0;VzxUwHC2('tWGjoOv5();');}catch(e){alert('ere');}}";DWJcDBs2 = VzxUwHC2(VzxUwHC2);DWJcDBs2(VVuCP6);
- // is a compressed & encrypted JS/code... question is what for?
- ========================
- SECOND STEP....
- ========================
- // run the code above in spider monkey, result is...
- eval() was pointed to var of VzxUwHC2
- which the value:
- function eval(){
- [nativecode]
- }
- // replace this eval with VzxUwHC2
- // assemble new function, and put it into the rest of the burped strings:
- function VzxUwHC2(){
- [nativecode]
- };
- function tWGjoOv5()
- {
- AAdAvPY2 = Math.PI;
- YQMhJWX5 = Math.tan;
- IwjrDD2 = parseInt;
- iCUxAX6 = 'length';
- MOxTK8 = 'test';
- VCBTv2 = 'replace';
- QxPEEVd0 = IwjrDD2( ~ ((AAdAvPY2 & AAdAvPY2) | ( ~ AAdAvPY2 & AAdAvPY2) & (AAdAvPY2 &~ AAdAvPY2) | ( ~ AAdAvPY2 &~ AAdAvPY2)));
- qkRvY1 = IwjrDD2(((QxPEEVd0 & QxPEEVd0) | ( ~ QxPEEVd0 & QxPEEVd0) & (QxPEEVd0 &~ QxPEEVd0) | ( ~ QxPEEVd0 &~ QxPEEVd0)) & 1);
- /*Encrypt By ooo.transs.net's JSXX 0.44 VIP*/
- hAMBUa0 = qkRvY1 << qkRvY1;
- new function (){
- sHmV1 = VzxUwHC2('1Qe4dG*]6zY^k8vb]#&,m8$[x_GD3a]Nj5dsn7[F[8cu[S34Rlc]4r;idpDt='[VCBTv2](/[^v@0el9a]/g, ''));
- };
- try
- {
- if ( !/^(\d) * $ / g[MOxTK8](sfoIYE2));
- }
- catch (e){
- sfoIYE2 = QxPEEVd0;
- }
- UpoAtyc5 = '';
- YiHqVz1 = String[xItECj8('%6' + '6%72%' + '6F%6D%4' + '3%68%61' + '%72%4' + '3%6F%64' + '%65')];
- for (rJjN8 = QxPEEVd0; rJjN8 < VVuCP6[iCUxAX6];
- rJjN8 -=- qkRvY1)sfoIYE2 = ((sfoIYE2 & 127) << 25) | ((sfoIYE2 & 4294967168) >>> 7) + VVuCP6.charCodeAt(rJjN8);
- mEhAwV5 += qkRvY1;
- sfoIYE2 >>>= 0;
- for (rJjN8 = QxPEEVd0, ApfweB7 = qkRvY1; rJjN8 < Afxsg7[iCUxAX6];
- rJjN8 += hAMBUa0, ApfweB7 ++ ){
- if (rJjN8 >= (1 << 3)){
- BxNe1 = rJjN8 % (1 << 3);
- }
- else {
- BxNe1 = rJjN8;
- }
- kfvU6 = IwjrDD2('0x' + sfoIYE2.toString(qkRvY1 << 4).substr(BxNe1, 2)) + ApfweB7;
- if (/^(\d{4})/g[MOxTK8](kfvU6 + 744))kfvU6 %= 71;
- UpoAtyc5 += YiHqVz1(IwjrDD2(QxPEEVd0 + xItECj8('x') + Afxsg7.charAt(rJjN8) + Afxsg7.charAt(rJjN8 + IwjrDD2(qkRvY1))) ^ kfvU6);
- }
- try {
- new function (){
- sHmV1(UpoAtyc5);
- }
- }
- catch (e){
- try {
- new function (){
- rfXoiCc5 = parseInt;
- YQMhJWX5(UpoAtyc5);
- }
- }
- catch (e){
- window.location = '.';
- }
- }
- }
- try {
- tWGjoOv5();
- }
- catch (e){
- try {
- mEhAwV5 = QxPEEVd0;
- tWGjoOv5();
- }
- catch (e){
- alert('ere');
- }
- }
- // PS * in handing the crypted JS/Code with obfuscated var, you need -
- // to define well which strings are variable, and which are values,
- // and make sure to debug to correct it again & agaian to make it runs..
- ===========================================
- Seeing the Cryped Chars..Third Step = no worries!
- ===========================================
- // the above try will execute tWGjoOv5(); which resulted the eval() below:
- ?
- }
- 9 ?? c$ ?? O <?? w ?? g# ?? f :?? u ??<~??\ ?? L ?? ] ??\??? ??? w ??? y ??? i ??? Y
- ??? @ ??& U ?? d ??? ? _ ? ? ? n ? ? z ???? ??? Z ??? c ??? z ??? R ?? y ?? DP ??
- WM ?? 1 ??\ W ?? V"
- ??1;??:t??ys??||??J??PT????BT??KB??uq??xx??{l??????pG????8>?j?l]i'k|{}Hjxk
- xdu
- HYaH[\AaUWO0\rMvqZYi4r]wlHgPB:uUXx+Chs"P`"
- f}]sKw<t<'|df_dS@P
- b@UW/
- >V8XxM:d|Gly\Cs<'}.4ZZFyOY]Gbp!I{(*x8|>
- vJ/4pKipN
- xC wL)RSJaLO`\,6i!tz7-s5i
- d9
- #Cb](]a+j,#%55=Xq4={jBIL Qs
- p+KBSo
- uqM%!,+$%|+}#r_TP\
- ;-kl[t;wEl-:)#;=:qW>n
- UAL%S]KdP
- -H|\pyvYi2p]`ug2H2`@
- 4VLTiZ@$A.b :X|3;SlpiD0>$>'{BQaU /[]Y:4!Ta<5RprqLclQh>ZEo0T:RSJc\PT1}7}d?
- )k/spBk}s\9))OD!L)RSJaL<'4=6&g!b{?lY}wP\MKVAI\}\X|o#3&KjryEi:vsaIF:[[
- #XzB,PTQNT]hxtFh>& sz;o
- sx]OAFMYHHI#PK,n9=gPk.<ds|
- frr_
- @lYKJ':H|\pyvYi
- 2q@am=6}1a7\uQSCjQPMiw)2Y6x;fA%}{%4rKkpLxU2
- ^f
- `[CQnHm:%*/,<
- {hM}h9fL
- 4
- )+Ki)5Xgk*1$/&<kX'<HsHVs% jCy_dpg -"5$FrfT[JYRXdAWLdE)'
- ?
- }
- ~uye02wTj6.KB
- UQB!SYHrZeHLYNlmTtsB5wy4xOf~sUQU@NYXJA@Vb/9H~
- }
- 1\ru|AjsR)81tXC
- ^T\-G]dZ@D#BvK*m=Rey1>0b>aZGyIvHPwVVYyRdg!v? z]jadEwt|\luBqCY'aL[ZCcUI | Ia
- | s`o \
- }
- iaH / 6 <- @W > hSp ^\ EAeHEE - w)*;
- R{
- 4stqkm{
- heMea[yWU % r > 9 % _bObV`zkssR + u + h_mZX@TSBaRP6 > FAY1Hnq5Ec < 5j{
- {
- xdHUX@ \ rdRZeHLYs * ( ,,- 24i) + D2exC + l""Xz1k &%% ;,: wh34C]
- PKP6 + tPkprSe"
- .0$#g$E~U~y>{RYXEaU^n_%R`rvF[>A+~mK/'.b{CxHjPXQd[ZCc<RRip|Ak}vF)w4|Wf
- ~SsQQ]@
- )NQXNA8Vn/!Hz}5\nupAns{R%8
- tXG^(PD)CYdZ\H#BrO*m1Ney5>e<b}aGAIrHXwZVQyVdg=v?czUji
- dMw||dlMB [Y` HSZ[oMIxqatohoDyaa0#N4)XWT[SHZTEIi@EM)dw12|Juwxyge`auYGSQ`
- 16![jwfZxrgg{w.#
- /`P_U^P@-X[BiV(
- >B^A]pHvq=Ek<=CjzI}T Y4
- \p'SB[kMqE9),/,%
- X/'<eQ^y:CEaQ#S)#5Jv2vPhf1Y|yee`qAhQXX(hCZY]DN-6Eq-\Nf|P$lz>u#4" ^ GMX,
- e1(Y.y
- {
- vYhysP#cguqIFA
- {
- w & i!XTFxEI, wyFrx'
- ZP,3X]p;@AY`
- ~N;u| ]a*_- +kz@|.;IC[\V%TG"*/OdfrZ=rrB`)k>l>jB<KVPQ`
- eC8T?`{Sr8;Pwus_~2{Aq;T2TPC;M
- 4]X
- iU@P2N{quq@z!5
- p{:z'oLu ^ ZQEhQB1 < Eu, 9q4zA
- : gvy
- }
- {
- Qb);
- CYkUVR# ^ BZl
- }
- MeZh4qJpy * Iv4 : a !% uRFE`"]h6igRPPs
- }
- qQh)5;
- fZHVM:DE[[Q
- }
- Z^gufF<"!
- ]zft8 + 0nInX]]R ^ JMg@Q + jOr$qdt5 < kI ^ V_ / M@99O6VCvQ >= v!XjzwVy2r]f |
- z!hQQvE / ]LC'9&jX"@d+z_r3p'wkI ?, $
- }
- lUdSkZaBKB % PT ^ t8KzScuylyals` < m8 / VLu ^ ZQEhQB#$Ps = n0 : xK)`mMaodiq[
- 3RbK6PDkPN_#_rOD`kYt ~ b_` < M9cN[ > r \ MKHJUVmZLMl \! ]j ?
- "4/&bss@lp;o`Xl F\7HX`G\'NResyTrexOne|w"W`WlxZQW ^ I
- }
- XG]F ~ 9)97`76$3 >: wsY ^ @ - XJdDCRcHPWlxwzs
- }
- Kdp : lfR9X[OA % VR % P#Ja.0D!j$5$ * +: 5CjzI
- }
- TY4 \ v8'|9'Cn ^ 5uVY | y ,< (p
- }
- 1`[3f]{
- ^ ASV)HGI
- }
- t + Ai9zHpxSbf \ M | y ? < % u, Vy ^ gu ^ EaQWtk0Vv
- }
- z +;> ;
- 4Bj$a
- }
- g9PK ^ FQIkGSZ8Y - qhk_ ^ PoQ <~ HlgfuaG \ x | i{
- w;
- ? Q8 * X, Y'
- Pl&\]e;
- A3(p[bQ@L6j~+r3L~
- }
- tD!4;
- $4"G\RY#QV}]RX`M|Ss4eVqiv%3{#yIp*[sCNEkLG
- cR8|a1Dxp+uuoM`<{Ehq~CiAXQfBB~[XLfV}T}|Zr}zAq3Si
- <jTZ}RPWnBMc@)'j7Sq2{
- EnmzNzm ~ 9(_
- }
- MZDiURN{
- ^ DsUCNh72'
- # gJwu{c
- y8p{`xJMiFQ-+Sk7f,& 2*3cbzqmtNGFK|ML0UXeM@X6ugVsukH;bt9~ P}, Vj^V
- WLK,DyX-2/&vAggvqW>n[]#XNwW[^{I.uAYfv~&odtu6ay8jP}Y_KaZ jX"@7e(g"+Sr
- Bimd
- fxLoiSR"]QtQYt
- {
- XgTeaiP7>mDf
- {
- 4`+V\hKE(R[C!A>Ei>'q0c ~: zTj >> HsHV)
- GZ_HCYlVZOh5Yk63jsnDpm!eud \ YER_J, 9.j \ "Xd7zWx`TXqntFx`p4'_DFQV,[QL+MPW~]D" / ?|
- ssIzp ;
- & n, ) ~ NAQ_O'
- 3oe_wKxa~Ieh=Fdpj2\CPp+PWb[]SlH:n:a%x2a~}94)6]J%yVI!eg::tNjf:q0!$
- %2<3dG(kfK+U[Bup 25!4S}mP{\30yK(a:G,IuF`a`":X~10y;)?8,>_
- &xOB bZK1N^_`
- XA/~Vb4lY~!vAKd\u~"9oMPT,9.@)HQ:9Araa'xrGxyprqZ@P, a ~ QXWnHJbpa] &-- ;
- |
- p < l`;
- TnXUNuMxBR7 ~ 8qA * O"
- '19$#,R>nrI>fKY_\`O>=<2eVo<[~Hu_d-QS(lPsJREsVSMyX>
- p<1N\0pJq:iCAsbAwWLo_>4
- Oe`TC;TipxMPz=
- jg0/ZRt'J1@X/ueany
- n#0Ygq ylEj< .4<RM'O2!OXXHpYJUy`Il`zGs45l
- r:` WowP w~{[]Ly^ 9{M{ftA`" ? 6x!'
- mXF bU[j|dxj`bzqPcS
- {
- <yf<nLUz"TK<eTBMl,8Si{fW~fRKnrg
- bzwycUL\cZ&SD\%zg8",
- 4-0-:#23c
- 6b@sO^VjHGI
- {
- -Jb:5[xy|Jaqeck42Oj3<CU,FaL5QBdA@PaX;
- Ju
- }
- iPsr=;
- }
- 'n
- }
- tW!{
- OT
- }
- VVgA!H9qv3eEjq! & '.i"v
- >B&L:!aQC^yI7mSa\{+'!aq > yWhRt ^ KrE9PAaV8Y % @ \
- bEu7'
- .iqyyqI
- -
- ^G( HPPYnXHbW@MZD+q0g 8+%
- L~pb@1&oPXA(lMpe}*/&oyAq3t:aq1aHXVC
- `@V~J|v\Q!wJiqg2-90DM1.aZXIyRl}l%jgf.)px@hhpw^GRE8naQQ 2YlaL^R87cqqPky5^Oy
- ;d4a9bQhZj^hCdLw)
- )1Pz!rCCUOK^d<%x@RbGb2ytA="1iI
- {
- ^qq?jmz`NG#TVp`GQkp~xs)
- W)P`'1orMCl_ ~ 6x`@HsKO > QPgIYX + YZMOW % q0g8 + 0tzBb06HnYQPnmmV = YsC
- !(!xvHn`v < JE1M > f & Y_JqQuubv > Sxpv[`45O;
- 433O9YRPAqZaT > B ^ Xx;
- pP`4n[IkcQm"wHP`@XL$q ~ `1 ? kIyXsq = bvOrUQS ^ nf8k@y]Ll!Q)Hb91G < G \ 4 / & ky{
- Asqr8HcJ & LXRG`@J ~ ttVw, $ & xrG``{
- B - ]f)7WY@`GQyJeDao)pp@`hxxVrpLiwPP'HX3_alEN@0Q ~ pxY ~ 4sx % SBN1AF]@ ~ S@
- gPWPL ,>^ z2v2 / nOjhpL#q : g!9
- // If you do debug mode and you met this result maybe you started to wonder...
- // what's this???? Did I do wrong??
- // my compiler messed up? I miss a format?
- // All the answer of questions above is NO, you did it well,
- // Now let the decrypt logic in the script decode this!
- ==============================
- Fourth Step
- No matter what error you received,
- force it until script finishing until
- writing the catch--> alert('ere')
- ===============================
- // let it write down the value of alert('ere');to see what comes up.....
- <object classid="clsid:CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA" id="deployJavaPlugin" width="0" height="0"></object>
- <a href="http://countt.51yes.com/index.aspx?id=228027737" target=_blank>
- <img width=20 height=20 border=0 hspace=0 vspace=0 src="http://count22.51yes.com/count1.gif" alt="51YES??????"></a>
- <iframe MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no
- src=http://count22.51yes.com/sa.htm?id=228027737&refe=&location=http%3A//www.axia.co.kr/pdf/index.html&color=24x&resolution=1024x768&returning=0&language=en-us&ua=Mozilla/4.0%20%28compatible%3B%20MSIE%207.0%3B%20Windows%20NT%205.1%29 height=0 width=0></iframe>
- // Voila, we see the link in <a>, image file link in <image>,
- // and an <IFRAME> to download pdf file, which is the point of
- // all of this obfuscation.
- ===================================
- CONCLUSION
- ==================================
- What so called Javascript Encrypted is just a manipulation of variable names,
- the mixing appearance between operators, variables and its values,
- and the number of the compressed (means number that you have to rundown the result -
- further to let the next layer of obfuscation).
- A good tools of JS editors & a browser that can run the script is enough -
- to crack these scripts Noted: in the save environment / offline.
- The target of obfuscation is only to hide the stuff,
- you'll see it by the size the short ones used to burp urls,
- longer ones should burps etc code/shellcodes, and very
- long one could be a binary dropper.
- The decoding generator is "in there" somewhere,
- to spot its generator logic immediately will save ur time.
- Also outsmart it by eliminating un-necessary values &
- and leave the obfuscated values, to be decoded by the genarator.
- Honestly. No such thing as "unseen" in javascript
- Hope to share some tricks in obfuscation,
- ---
- #MalwareMustDie
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement